From 33a73b2fb5d56e6ddd2a29be3b5adc90edad0878 Mon Sep 17 00:00:00 2001
From: ljm42 <larry_meaney@iname.com>
Date: Fri, 2 Aug 2024 10:33:34 -0700
Subject: [PATCH 001/174] Forcibly kill samba if needed

---
 etc/rc.d/rc.samba | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.samba b/etc/rc.d/rc.samba
index 32c9bd18a..884fa6f69 100755
--- a/etc/rc.d/rc.samba
+++ b/etc/rc.d/rc.samba
@@ -37,6 +37,13 @@ samba_running(){
   [[ $(pgrep -cf $SMBD) -gt 0 ]]
 }
 
+samba_waitfor_shutdown(){
+  for i in {1..5}; do
+    if ! samba_running; then break; fi
+    sleep 1
+  done
+}
+
 samba_settings(){
   [[ -z $COMMENT ]] && COMMENT=""
   [[ -z $SECURITY ]] && SECURITY="user"
@@ -145,9 +152,17 @@ samba_stop(){
   if ! samba_running; then
     REPLY="Already stopped"
   else
+    REPLY="Stopped"
+    # stop gracefully with SIGTERM
     run killall smbd nmbd wsdd2 winbindd
+    samba_waitfor_shutdown
+    if samba_running; then
+      REPLY="Killed"
+      # stop forcibly with SIGKILL
+      run killall -SIGKILL smbd nmbd wsdd2 winbindd
+      samba_waitfor_shutdown
+    fi
     if ! samba_running; then
-      REPLY="Stopped"
       # save samba 'secrets' file if changed
       if [[ -e $PRIVATE/secrets.tdb ]]; then
         rm -f /tmp/emhttp/secrets.tdb

From 6a15afa2a8f6bd77c5cabc6836589824f2480e2e Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Sun, 1 Sep 2024 15:57:02 -0400
Subject: [PATCH 002/174] Update Apps.page

---
 emhttp/plugins/dynamix/Apps.page | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/Apps.page b/emhttp/plugins/dynamix/Apps.page
index 50826bfad..7e4d064cc 100644
--- a/emhttp/plugins/dynamix/Apps.page
+++ b/emhttp/plugins/dynamix/Apps.page
@@ -23,7 +23,7 @@ function installPlugin(file) {
 <div class="notice">_(Click **Install** to download and install the **Community Applications** plugin)_</div>
 
 <form markdown="1" name="ca_install" method="POST" target="progressFrame">
-<input type="hidden" name="file" value="https://raw.githubusercontent.com/Squidly271/community.applications/master/plugins/community.applications.plg">
+<input type="hidden" name="file" value="https://ca.unraid.net/dl/https://raw.githubusercontent.com/Squidly271/community.applications/master/plugins/community.applications.plg">
 
 &nbsp;
 : <input type="button" value="_(Install)_" onclick="installPlugin(this.form.file.value)">

From ceb97ab39288f2d536128492f76349d3ba5516a6 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sun, 1 Sep 2024 21:17:05 +0100
Subject: [PATCH 003/174] Disable dataset processing.

---
 emhttp/plugins/dynamix/include/Helpers.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/Helpers.php b/emhttp/plugins/dynamix/include/Helpers.php
index d91e48566..8c9033bb6 100644
--- a/emhttp/plugins/dynamix/include/Helpers.php
+++ b/emhttp/plugins/dynamix/include/Helpers.php
@@ -358,7 +358,7 @@ function my_rmdir($dirname) {
     case "zfs":
       $zfsoutput = array();
       $zfsdataset = trim(shell_exec("zfs list -H -o name  \"$dirname\"")) ;
-      exec("zfs destroy \"$zfsdataset\"",$zfsoutput,$rtncode);
+      #exec("zfs destroy \"$zfsdataset\"",$zfsoutput,$rtncode);
       break;
     case "btrfs":
     default:

From 07d02f579f427b02337e5a78e157c01aec559b47 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 2 Sep 2024 17:48:25 +0200
Subject: [PATCH 004/174] Add files via upload

---
 .../include/DockerClient.php                  |  3 +
 .../include/DockerContainers.php              | 60 ++++++++++++++-----
 2 files changed, 47 insertions(+), 16 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
index f380d6121..b985c1be5 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
@@ -929,6 +929,9 @@ class DockerClient {
 			$c['Created']     = $this->humanTiming($ct['Created']);
 			$c['NetworkMode'] = $ct['HostConfig']['NetworkMode'];
 			$c['Manager'] 	  = $info['Config']['Labels']['net.unraid.docker.managed'] ?? false;
+			if ($c['Manager'] == 'composeman') {
+				$c['ComposeProject'] = $info['Config']['Labels']['com.docker.compose.project'];
+			}
 			[$net, $id]       = array_pad(explode(':',$c['NetworkMode']),2,'');
 			$c['CPUset']      = $info['HostConfig']['CpusetCpus'];
 			$c['BaseImage']   = $ct['Labels']['BASEIMAGE'] ?? false;
diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index 55a326dd6..172bc8f1c 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -69,7 +69,8 @@ foreach ($containers as $ct) {
   $running = $info['running'] ? 1 : 0;
   $paused = $info['paused'] ? 1 : 0;
   $is_autostart = $info['autostart'] ? 'true':'false';
-  $updateStatus = substr($ct['NetworkMode'],-4)==':???' ? 2 : ($info['updated']=='true' ? 0 : ($info['updated']=='false' ? 1 : 3));
+  $composestack = isset($ct['ComposeProject']) ? $ct['ComposeProject'] : '';
+  $updateStatus = substr($ct['NetworkMode'], -4) == ':???' ? 2 : ($info['updated'] == 'true' ? 0 : ($info['updated'] == 'false' ? 1 : 3));
   $template = $info['template']??'';
   $shell = $info['shell']??'';
   $webGui = html_entity_decode($info['url']??'');
@@ -83,7 +84,7 @@ foreach ($containers as $ct) {
   $shape = $running ? ($paused ? 'pause' : 'play') : 'square';
   $status = $running ? ($paused ? 'paused' : 'started') : 'stopped';
   $color = $status=='started' ? 'green-text' : ($status=='paused' ? 'orange-text' : 'red-text');
-  $update = $updateStatus==1 ? 'blue-text' : '';
+  $update = $updateStatus==1 && !empty($compose) ? 'blue-text' : '';
   $icon = $info['icon'] ?: '/plugins/dynamix.docker.manager/images/question.png';
   $image = substr($icon,-4)=='.png' ? "<img src='$icon?".filemtime("$docroot{$info['icon']}")."' class='img' onerror=this.src='/plugins/dynamix.docker.manager/images/question.png';>" : (substr($icon,0,5)=='icon-' ? "<i class='$icon img'></i>" : "<i class='fa fa-$icon img'></i>");
   $wait = var_split($autostart[array_search($name,$names)]??'',1);
@@ -119,12 +120,12 @@ foreach ($containers as $ct) {
     $paths[] = sprintf('%s<i class="fa fa-%s" style="margin:0 6px"></i>%s', htmlspecialchars($container_path), $access_mode=='ro'?'long-arrow-left':'arrows-h', htmlspecialchars($host_path));
   }
   echo "<tr class='sortable'><td class='ct-name' style='width:220px;padding:8px'><i class='fa fa-arrows-v mover orange-text'></i>";
-  if ($template) {
+  if ($template && empty($composestack)) {
     $appname = "<a class='exec' onclick=\"editContainer('".addslashes(htmlspecialchars($name))."','".addslashes(htmlspecialchars($template))."')\">".htmlspecialchars($name)."</a>";
   } else {
     $appname = htmlspecialchars($name);
   }
-  echo "<span class='outer'><span id='$id' $menu class='hand'>$image</span><span class='inner'><span class='appname $update'>$appname</span><br><i id='load-$id' class='fa fa-$shape $status $color'></i><span class='state'>"._($status)."</span></span></span>";
+  echo "<span class='outer'><span id='$id' $menu class='hand'>$image</span><span class='inner'><span class='appname $update'>$appname</span><br><i id='load-$id' class='fa fa-$shape $status $color'></i><span class='state'>"._($status).(!empty($composestack) ? '<br/>Compose Stack: ' . $composestack : '')."</span></span></span>";
   echo "<div class='advanced' style='margin-top:8px'>"._('Container ID').": $id<br>";
   if ($ct['BaseImage']) echo "<i class='fa fa-cubes' style='margin-right:5px'></i>".htmlspecialchars($ct['BaseImage'])."<br>";
   echo _('By').": ";
@@ -137,28 +138,47 @@ foreach ($containers as $ct) {
   }
   echo "</div></td><td class='updatecolumn'>";
   switch ($updateStatus) {
-  case 0:
-    echo "<span class='green-text' style='white-space:nowrap;'><i class='fa fa-check fa-fw'></i> "._('up-to-date')."</span>";
-    if ($ct['Manager'] == "dockerman")
-      echo "<div class='advanced'><a class='exec' onclick=\"updateContainer('".addslashes(htmlspecialchars($name))."');\"><span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('force update')."</span></a></div>";
-    break;
+    case 0:
+      if ($ct['Manager'] == "dockerman") {
+        echo "<span class='green-text' style='white-space:nowrap;'><i class='fa fa-check fa-fw'></i> "._('up-to-date')."</span>";
+        echo "<div class='advanced'><a class='exec' onclick=\"updateContainer('".addslashes(htmlspecialchars($name))."');\"><span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('force update')."</span></a></div>";
+      } elseif (!empty($composestack)) {
+        echo "<div><span><i class='fa fa-docker fa-fw'/></i> Compose</span></div>";
+        echo "<span tyle='white-space:nowrap;'><i class='fa fa-check fa-fw'></i> "._('up-to-date')."</span>";
+      } else {
+        echo "<div><span><i class='fa fa-docker fa-fw'/></i> 3rd Party</span></div>";
+        echo "<span tyle='white-space:nowrap;'><i class='fa fa-check fa-fw'></i> "._('up-to-date')."</span>";
+      }
+      break;
     case 1:
       echo "<div class='advanced'><span class='orange-text' style='white-space:nowrap;'><i class='fa fa-flash fa-fw'></i> "._('update ready')."</span></div>";
-      if ($ct['Manager'] == "dockerman")
-        echo "<a class='exec' onclick=\"updateContainer('".addslashes(htmlspecialchars($name))."');\"><span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('apply update')."</span></a>";
-      else
+      if ($ct['Manager'] == "dockerman") {
+        echo "<a class='exec' onclick=\"updateContainer('".addslashes(htmlspecialchars($name))."');\"><span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('apply update')."</span></a>";      
+      } elseif (!empty($composestack)) {
+        echo "<div><span><i class='fa fa-docker fa-fw'/></i> Compose</span></a></div>";
         echo "<span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('update available')."</span>";
+      } else {
+        echo "<div><span><i class='fa fa-docker fa-fw'/></i> 3rd Party</span></div>";
+        echo "<span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('update available')."</span>";
+      }
       break;
     case 2:
       echo "<div class='advanced'><span class='orange-text' style='white-space:nowrap;'><i class='fa fa-flash fa-fw'></i> "._('rebuild ready')."</span></div>";
       echo "<a class='exec'><span style='white-space:nowrap;'><i class='fa fa-recycle fa-fw'></i> "._('rebuilding')."</span></a>";
       break;
     default:
-      echo "<span class='orange-text' style='white-space:nowrap;'><i class='fa fa-unlink'></i> "._('not available')."</span>";
-      if ($ct['Manager'] == "dockerman")
+      if ($ct['Manager'] == "dockerman") {
+        echo "<span class='orange-text' style='white-space:nowrap;'><i class='fa fa-unlink'></i> "._('not available')."</span>";
         echo "<div class='advanced'><a class='exec' onclick=\"updateContainer('".addslashes(htmlspecialchars($name))."');\"><span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('force update')."</span></a></div>";
+      } elseif (!empty($composestack)) {
+        echo "<div><span><i class='fa fa-docker fa-fw'/></i> Compose</span></div>";
+        echo "<span style='white-space:nowrap;'><i class='fa fa-unlink'></i> "._('not available')."</span>";
+      } else {
+        echo "<div><span><i class='fa fa-docker fa-fw'/></i> 3rd Party</span></div>";
+        echo "<span class='orange-text' style='white-space:nowrap;'><i class='fa fa-unlink'></i> "._('not available')."</span>";
+      }
       break;
-  }
+    }
   echo "<div class='advanced'><i class='fa fa-info-circle fa-fw'></i> ".compress(_($version),12,0)."</div></td>";
   echo "<td style='white-space:nowrap'><span class='docker_readmore'> ".implode('<br>',$networks)."</span></td>";
   echo "<td style='white-space:nowrap'><span class='docker_readmore'> ".implode('<br>',$network_ips)."</span></td>";
@@ -167,7 +187,15 @@ foreach ($containers as $ct) {
   echo "<td style='word-break:break-all'><span class='docker_readmore'>".implode('<br>',$paths)."</span></td>";
   echo "<td class='advanced'><span class='cpu-$id'>0%</span><div class='usage-disk mm'><span id='cpu-$id' style='width:0'></span><span></span></div>";
   echo "<br><span class='mem-$id'>0 / 0</span></td>";
-  echo "<td><input type='checkbox' id='$id-auto' class='autostart' container='".htmlspecialchars($name)."'".($info['autostart'] ? ' checked':'').">";
+  if (empty($composestack)) {
+    if ($ct['Manager'] == "dockerman") {
+      echo "<td><input type='checkbox' id='$id-auto' class='autostart' container='".htmlspecialchars($name)."'".($info['autostart'] ? ' checked':'').">";
+    } else {
+      echo "<td><i class='fa fa-docker fa-fw'/></i> 3rd Party";
+    }
+  } else {
+    echo "<td><i class='fa fa-docker'/></i> Compose";
+  }
   echo "<span id='$id-wait' style='float:right;display:none'>"._('wait')."<input class='wait' container='".htmlspecialchars($name)."' type='number' value='$wait' placeholder='0' title=\""._('seconds')."\"></span></td>";
   echo "<td><div style='white-space:nowrap'>".htmlspecialchars(str_replace('Up',_('Uptime').':',my_lang_log($ct['Status'])))."<div style='margin-top:4px'>"._('Created').": ".htmlspecialchars(my_lang_time($ct['Created']))."</div></div></td></tr>";
 }

From 753d87c6903d6ef94a60038ce5760c5a06acf09f Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Mon, 2 Sep 2024 18:03:10 +0100
Subject: [PATCH 005/174] Additional VM ZFS delete fixes

---
 .../dynamix.vm.manager/include/libvirt.php    | 13 ++++++--
 emhttp/plugins/dynamix/include/Helpers.php    | 31 +++++++++++++++----
 2 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
index 33e224e98..824d110b2 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
@@ -2004,8 +2004,17 @@
 				if (is_file($cfg)) unlink($cfg);
 				if (is_file($xml)) unlink($xml);
 				if (is_dir($dir) && $this->is_dir_empty($dir)) {
-					$error = my_rmdir($dir);
-					qemu_log("$domain","delete empty $dir $error");
+					$result= my_rmdir($dir);
+					if ($result['type'] == "zfs") {
+						qemu_log("$domain","delete empty zfs $dir {$result['rtncode']}");
+						if (isset($result['dataset'])) qemu_log("$domain","dataset {$result['dataset']} ");
+						if (isset($result['cmd'])) qemu_log("$domain","Command {$result['cmd']} ");
+						if (isset($result['output'])) {
+							$outputlogs = implode(" ",$result['output']);
+							qemu_log("$domain","Output $outputlogs end");
+						}
+					}
+					else qemu_log("$domain","delete empty $dir {$result['rtncode']}");				
 				} 
 			}
 
diff --git a/emhttp/plugins/dynamix/include/Helpers.php b/emhttp/plugins/dynamix/include/Helpers.php
index 8c9033bb6..f64ba2f2d 100644
--- a/emhttp/plugins/dynamix/include/Helpers.php
+++ b/emhttp/plugins/dynamix/include/Helpers.php
@@ -345,27 +345,46 @@ function my_mkdir($dirname,$permissions = 0777,$recursive = false,$own = "nobody
   return($rtncode);
 }
 function my_rmdir($dirname) {
-  if (!is_dir($dirname)) return(false);
+  if (!is_dir("$dirname")) {
+    $return = [
+      'rtncode' => "false",
+      'type' => "NoDir",
+    ];
+    return($return);
+  }
   if (strpos($dirname,'/mnt/user/')===0) {
     $realdisk = trim(shell_exec("getfattr --absolute-names --only-values -n system.LOCATION ".escapeshellarg($dirname)." 2>/dev/null"));
     if (!empty($realdisk)) {
-      $dirname = str_replace('/mnt/user/', "/mnt/$realdisk/", $dirname);
+      $dirname = str_replace('/mnt/user/', "/mnt/$realdisk/", "$dirname");
     }
   }
-  $fstype = trim(shell_exec(" stat -f -c '%T' $dirname"));
+  $fstype = trim(shell_exec(" stat -f -c '%T' ".escapeshellarg($dirname)));
   $rtncode = false;
   switch ($fstype) {
     case "zfs":
       $zfsoutput = array();
-      $zfsdataset = trim(shell_exec("zfs list -H -o name  \"$dirname\"")) ;
-      #exec("zfs destroy \"$zfsdataset\"",$zfsoutput,$rtncode);
+      $zfsdataset = trim(shell_exec("zfs list -H -o name  ".escapeshellarg($dirname))) ;
+      $cmdstr = "zfs destroy \"$zfsdataset\"  2>&1 ";
+      $error = exec($cmdstr,$zfsoutput,$rtncode);
+      $return = [
+        'rtncode' => $rtncode,
+        'output' => $zfsoutput,
+        'dataset' => $zfsdataset,
+        'type' => $fstype,
+        'cmd' => $cmdstr,
+        'error' => $error,
+      ];
       break;
     case "btrfs":
     default:
       $rtncode = rmdir($dirname);
+      $return = [
+        'rtncode' => $rtncode,
+        'type' => $fstype,
+      ];
       break;
   }
-  return($rtncode);
+  return($return);
 }
 function get_realvolume($path) {
   if (strpos($path,"/mnt/user/",0) === 0) 

From 24bdc5169d737a961a0d9cb53dd4ea0f69b0981c Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Tue, 3 Sep 2024 15:36:12 -0500
Subject: [PATCH 006/174] Parity check wrong again.

---
 emhttp/plugins/dynamix/nchan/parity_list | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/emhttp/plugins/dynamix/nchan/parity_list b/emhttp/plugins/dynamix/nchan/parity_list
index e6d2210d6..9e8727efe 100755
--- a/emhttp/plugins/dynamix/nchan/parity_list
+++ b/emhttp/plugins/dynamix/nchan/parity_list
@@ -18,6 +18,7 @@ $log      = '/boot/config/parity-checks.log';
 $stamps   = '/var/tmp/stamps.ini';
 $resync   = '/var/tmp/resync.ini';
 $md5_old  = $spot_old = $fs_old = $proc_old = -1;
+$remove_resync_files = false;
 
 require_once "$docroot/webGui/include/Helpers.php";
 require_once "$docroot/webGui/include/publish.php";
@@ -50,13 +51,13 @@ function update_translation($locale) {
     $text = "$docroot/languages/$locale/translations.txt";
     if (file_exists($text)) {
       $store = "$docroot/languages/$locale/translations.dot";
-      if (!file_exists($store)) file_put_contents($store,serialize(parse_lang_file($text)));
+      if (!file_exists($store)) file_put_contents_atomic($store,serialize(parse_lang_file($text)));
       $language = unserialize(file_get_contents($store));
     }
     $text = "$docroot/languages/$locale/main.txt";
     if (file_exists($text)) {
       $store = "$docroot/languages/$locale/main.dot";
-      if (!file_exists($store)) file_put_contents($store,serialize(parse_lang_file($text)));
+      if (!file_exists($store)) file_put_contents_atomic($store,serialize(parse_lang_file($text)));
       $language = array_merge($language,unserialize(file_get_contents($store)));
     }
   }
@@ -65,7 +66,7 @@ function create_sync($file) {
   return file_exists($file) ? explode(',',file_get_contents($file)) : [];
 }
 function create_file($file,...$data) {
-  if (!file_exists($file)) file_put_contents($file,implode(',',$data));
+  if (!file_exists($file)) file_put_contents_atomic($file,implode(',',$data));
 }
 
 while (true) {
@@ -106,10 +107,15 @@ while (true) {
 			/* Save the result in the parity history log. */
 			file_put_contents($log, "$timestamp|$duration|$speed|$status|$error|$action|$size\n", FILE_APPEND);
 
-			delete_file($stamps, $resync);
+			/* Remove the resync files after the history file has been updated. */
+			$remove_resync_files = true;
 
 			/* Parity check is completed. */
 			$echo = "";
+		} elseif ($remove_resync_files) {
+			delete_file($stamps, $resync);
+
+			$remove_resync_files = false;
 		}
 	}
 
@@ -155,6 +161,6 @@ while (true) {
 		$proc_old = publish('mymonitor', $process) !== false ? $process : -1;
 	}
 
-	sleep(1);
+	sleep(3);
 }
 ?>

From 4ea425411ad3212883ef7f42f27d605703b664d3 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Tue, 3 Sep 2024 21:45:50 +0100
Subject: [PATCH 007/174] Add disable rename if snapshots found.

---
 .../templates/Custom.form.php                  | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
index 58452f19e..54c0e3c15 100644
--- a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
+++ b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
@@ -317,6 +317,18 @@
 	}
 	if ($usertemplate == 1) unset($arrConfig['domain']['uuid']);
 	$xml2 = build_xml_templates($strXML);
+	#disable rename  if snapshots exist
+	$snapshots = getvmsnapshots($arrConfig['domain']['name']) ;
+	if ($snapshots != null && count($snapshots) && !$boolNew)  
+	{
+		$snaprenamehidden = "";
+		$namedisable = "disabled";
+		$snapcount = count($snapshots);
+	} else {
+		$snaprenamehidden = "hidden";
+		$namedisable = "";
+		$snapcount = "0";
+	};
 ?>
 
 <link rel="stylesheet" href="<?autov('/plugins/dynamix.vm.manager/scripts/codemirror/lib/codemirror.css')?>">
@@ -336,10 +348,12 @@
 <input type="hidden" name="domain[memoryBacking]" id="domain_memorybacking" value="<?=htmlspecialchars($arrConfig['domain']['memoryBacking'])?>">
 
 	<table>
-	<tr><td></td><td><span hidden id="zfs-name" class="orange-text"><i class="fa fa-warning"></i> _(Name contains invalid characters or does not start with an alphanumberic for a ZFS storage location<br>Only these special characters are valid Underscore (_) Hyphen (-) Colon (:) Period (.))_</span></td></tr>
+	<tr><td></td><td>
+		<span <?=$snaprenamehidden?> id="snap-rename" class="orange-text"><i class="fa fa-warning"></i> _(Rename disabled, <?=$snapcount?> snapshot(s) exists.)_</span>
+		<span hidden id="zfs-name" class="orange-text"><i class="fa fa-warning"></i> _(Name contains invalid characters or does not start with an alphanumberic for a ZFS storage location<br>Only these special characters are valid Underscore (_) Hyphen (-) Colon (:) Period (.))_</span></td></tr>
 		<tr>
 			<td>_(Name)_:</td>
-			<td><input type="text" name="domain[name]" id="domain_name" oninput="checkName(this.value)" class="textTemplate" title="_(Name of virtual machine)_" placeholder="_(e.g.)_ _(My Workstation)_" value="<?=htmlspecialchars($arrConfig['domain']['name'])?>" required /></td>
+			<td><input <?=$namedisable?> type="text" name="domain[name]" id="domain_name" oninput="checkName(this.value)" class="textTemplate" title="_(Name of virtual machine)_" placeholder="_(e.g.)_ _(My Workstation)_" value="<?=htmlspecialchars($arrConfig['domain']['name'])?>" required /></td>
 			<td><textarea class="xml" id="xmlname" rows=1 disabled ><?=htmlspecialchars($xml2['name'])."\n".htmlspecialchars($xml2['uuid'])."\n".htmlspecialchars($xml2['metadata'])?></textarea></td>
 		</tr>
 	</table>

From ef5067584b4bf7275a2877c227c5d07f3224b1b9 Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Wed, 4 Sep 2024 12:34:23 -0500
Subject: [PATCH 008/174] Change file_put_contents_atomic() back to
 file_put_contents() since it is liable to change.

---
 emhttp/plugins/dynamix/nchan/parity_list | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix/nchan/parity_list b/emhttp/plugins/dynamix/nchan/parity_list
index 9e8727efe..f51db87e6 100755
--- a/emhttp/plugins/dynamix/nchan/parity_list
+++ b/emhttp/plugins/dynamix/nchan/parity_list
@@ -51,13 +51,13 @@ function update_translation($locale) {
     $text = "$docroot/languages/$locale/translations.txt";
     if (file_exists($text)) {
       $store = "$docroot/languages/$locale/translations.dot";
-      if (!file_exists($store)) file_put_contents_atomic($store,serialize(parse_lang_file($text)));
+      if (!file_exists($store)) file_put_contents($store,serialize(parse_lang_file($text)));
       $language = unserialize(file_get_contents($store));
     }
     $text = "$docroot/languages/$locale/main.txt";
     if (file_exists($text)) {
       $store = "$docroot/languages/$locale/main.dot";
-      if (!file_exists($store)) file_put_contents_atomic($store,serialize(parse_lang_file($text)));
+      if (!file_exists($store)) file_put_contents($store,serialize(parse_lang_file($text)));
       $language = array_merge($language,unserialize(file_get_contents($store)));
     }
   }
@@ -66,7 +66,7 @@ function create_sync($file) {
   return file_exists($file) ? explode(',',file_get_contents($file)) : [];
 }
 function create_file($file,...$data) {
-  if (!file_exists($file)) file_put_contents_atomic($file,implode(',',$data));
+  if (!file_exists($file)) file_put_contents($file,implode(',',$data));
 }
 
 while (true) {

From c27e018fdbd5a32d5881adfdb4dcc620e7cbdf35 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Wed, 4 Sep 2024 21:11:44 +0100
Subject: [PATCH 009/174] Reduce Multifunction starting bus.

---
 emhttp/plugins/dynamix.vm.manager/include/libvirt.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
index 824d110b2..042a17ae0 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt.php
@@ -910,9 +910,9 @@
 					}
 
 					if ($gpu['multi'] == "on"){
-						$newgpu_bus= 0x10;
+						$newgpu_bus= 0x07;
 						if (!isset($multibus[$newgpu_bus])) {
-							$multibus[$newgpu_bus] = 0x10;
+							$multibus[$newgpu_bus] = 0x07;
 						} else {
 							#Get next bus
 							$newgpu_bus = end($multibus) + 0x01;

From 9b1081d2e1ab6980c1d9f06e60e07bc3e65f6da9 Mon Sep 17 00:00:00 2001
From: ljm42 <larry_meaney@iname.com>
Date: Wed, 4 Sep 2024 21:37:08 -0700
Subject: [PATCH 010/174] Add support for Tailscale certs in the webgui

---
 emhttp/languages/en_US/helptext.txt          |   8 +
 emhttp/plugins/dynamix/ManagementAccess.page | 197 ++++++++++++++-----
 etc/rc.d/rc.nginx                            |  40 ++++
 3 files changed, 201 insertions(+), 44 deletions(-)

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index 33d9f9b77..0d6fc26a9 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -1283,6 +1283,14 @@ The Local Access URLs shown above are based on your current settings.
 To adjust URLs or redirects, see the help text for "Use SSL/TLS".
 :end
 
+:mgmt_wg_access_urls_help:
+These URLs will only work when connected via the appropriate WireGuard tunnel as configured on ***Settings > VPN Manager***
+:end
+
+:mgmt_tailscale_access_urls_help:
+These URLs will only work when connected to the appropriate Tailscale Tailnet.
+:end
+
 :mgmt_certificate_expiration_help:
 **Provision** may be used to install a *free* myunraid.net SSL Certificate from
 [Let's Encrypt](https://letsencrypt.org/).
diff --git a/emhttp/plugins/dynamix/ManagementAccess.page b/emhttp/plugins/dynamix/ManagementAccess.page
index 00387791f..de094a7fc 100644
--- a/emhttp/plugins/dynamix/ManagementAccess.page
+++ b/emhttp/plugins/dynamix/ManagementAccess.page
@@ -117,51 +117,122 @@ if ($cert2Present) {
   }
 }
 
+// Tailscale LE cert
+$cert3File    = "/boot/config/ssl/certs/ts_bundle.pem";
+$cert3Present = file_exists("$cert3File");
+if ($cert3Present) {
+  $cert3Subject = exec("/usr/bin/openssl x509 -in $cert3File -noout -subject -nameopt multiline 2>/dev/null|sed -n 's/ *commonName *= //p'");
+  $cert3Issuer  = exec("/usr/bin/openssl x509 -in $cert3File -noout -text | sed -n -e 's/^.*Issuer: //p'");
+  $cert3Expires = exec("/usr/bin/openssl x509 -in $cert3File -noout -text | sed -n -e 's/^.*Not After : //p'");
+}
+
+// Note: this disables FQDN6 urls since they are not supported by myunraid.net DNS currently
+if (!empty($nginx['NGINX_LANFQDN6'])) unset($nginx['NGINX_LANFQDN6']);
+
 $http_port       = _var($var,'PORT','80') != '80' ? ":{$var['PORT']}" : '';
 $https_port      = _var($var,'PORTSSL','443') != '443' ? ":{$var['PORTSSL']}" : '';
-$http_ip_url     = "http://"._var($nginx,'NGINX_LANIP')."{$http_port}/";
-$https_ip_url    = "https://"._var($nginx,'NGINX_LANIP')."{$https_port}/";
-$http_ip6_url    = "http://["._var($nginx,'NGINX_LANIP6')."]{$http_port}/";
-$https_ip6_url   = "https://["._var($nginx,'NGINX_LANIP6')."]{$https_port}/";
-$http_mdns_url   = "http://"._var($nginx,'NGINX_LANMDNS')."{$http_port}/";
-$https_mdns_url  = "https://"._var($nginx,'NGINX_LANMDNS')."{$https_port}/";
-$https_fqdn_url  = "https://"._var($nginx,'NGINX_LANFQDN')."{$https_port}/";
-$https_fqdn6_url = "https://"._var($nginx,'NGINX_LANFQDN6')."{$https_port}/";
+$http_ip_url     = 'http://'._var($nginx,'NGINX_LANIP').$http_port.'/';
+$https_ip_url    = 'https://'._var($nginx,'NGINX_LANIP').$https_port.'/';
+// bare IPv6 addresses need to be surrounded in brackets
+$http_ip6_url    = 'http://'.'['._var($nginx,'NGINX_LANIP6').']'.$http_port.'/';
+$https_ip6_url   = 'https://'.'['._var($nginx,'NGINX_LANIP6').']'.$https_port.'/';
+$http_mdns_url   = 'http://'._var($nginx,'NGINX_LANMDNS').$http_port.'/';
+$https_mdns_url  = 'https://'._var($nginx,'NGINX_LANMDNS').$https_port.'/';
+$https_fqdn_url  = 'https://'._var($nginx,'NGINX_LANFQDN').$https_port.'/';
+$https_fqdn6_url = 'https://'._var($nginx,'NGINX_LANFQDN6').$https_port.'/';
 
 $urls = [];
-// push an array of four values into the $urls array:
-//   0 - the url
-//   1 - the url it redirects to, or null
-//   2 - the certificate file used, or null
-//   3 - self-signed certificate, or false
+// push an array of five values into the $urls array:
+//   0 - type of url ['LAN','WAN','WG','TAILSCALE']
+//   1 - the url
+//   3 - the url it redirects to, or null
+//   4 - the certificate file used, or null
+//   5 - self-signed certificate, or false
 
+// define LAN access urls and redirects that change based on USE_SSL setting
 switch(_var($var,'USE_SSL','no')) {
 case 'no':
-  if (!empty($nginx['NGINX_LANIP']))    $urls[] = [$http_ip_url, null, null, false];
-  if (!empty($nginx['NGINX_LANIP6']))   $urls[] = [$http_ip6_url, null, null, false];
-  if (!empty($nginx['NGINX_LANMDNS']))  $urls[] = [$http_mdns_url, null, null, false];
-  if (!empty($nginx['NGINX_LANFQDN']))  $urls[] = [$https_fqdn_url, null, "certificate_bundle.pem", false];
-  if (!empty($nginx['NGINX_LANFQDN6'])) $urls[] = [$https_fqdn6_url, null, "certificate_bundle.pem", false];
+  if (!empty($nginx['NGINX_LANIP']))    $urls[] = ['LAN', $http_ip_url, null, null, false];
+  if (!empty($nginx['NGINX_LANIP6']))   $urls[] = ['LAN', $http_ip6_url, null, null, false];
+  if (!empty($nginx['NGINX_LANMDNS']))  $urls[] = ['LAN', $http_mdns_url, null, null, false];
   break;
 case 'yes':
-  if (!empty($nginx['NGINX_LANIP']))    $urls[] = [$http_ip_url, $https_ip_url, null, false];
-  if (!empty($nginx['NGINX_LANIP']))    $urls[] = [$https_ip_url, null, "{$var['NAME']}_unraid_bundle.pem", $cert1SelfSigned];
-  if (!empty($nginx['NGINX_LANIP6']))   $urls[] = [$http_ip6_url, $https_ip6_url, null, false];
-  if (!empty($nginx['NGINX_LANIP6']))   $urls[] = [$https_ip6_url, null, "{$var['NAME']}_unraid_bundle.pem", $cert1SelfSigned];
-  if (!empty($nginx['NGINX_LANMDNS']))  $urls[] = [$http_mdns_url, $https_mdns_url, null, false];
-  if (!empty($nginx['NGINX_LANMDNS']))  $urls[] = [$https_mdns_url, null, "{$var['NAME']}_unraid_bundle.pem", $cert1SelfSigned];
-  if (!empty($nginx['NGINX_LANFQDN']))  $urls[] = [$https_fqdn_url, null, "certificate_bundle.pem", false];
-  if (!empty($nginx['NGINX_LANFQDN6'])) $urls[] = [$https_fqdn6_url, null, "certificate_bundle.pem", false];
+  if (!empty($nginx['NGINX_LANIP']))    $urls[] = ['LAN', $http_ip_url, $https_ip_url, null, false];
+  if (!empty($nginx['NGINX_LANIP']))    $urls[] = ['LAN', $https_ip_url, null, "{$var['NAME']}_unraid_bundle.pem", $cert1SelfSigned];
+  if (!empty($nginx['NGINX_LANIP6']))   $urls[] = ['LAN', $http_ip6_url, $https_ip6_url, null, false];
+  if (!empty($nginx['NGINX_LANIP6']))   $urls[] = ['LAN', $https_ip6_url, null, "{$var['NAME']}_unraid_bundle.pem", $cert1SelfSigned];
+  if (!empty($nginx['NGINX_LANMDNS']))  $urls[] = ['LAN', $http_mdns_url, $https_mdns_url, null, false];
+  if (!empty($nginx['NGINX_LANMDNS']))  $urls[] = ['LAN', $https_mdns_url, null, "{$var['NAME']}_unraid_bundle.pem", $cert1SelfSigned];
   break;
 case 'auto': // aka strict
-  if (!empty($nginx['NGINX_LANIP']))    $urls[] = [$http_ip_url, $https_fqdn_url, null, false];
-  if (!empty($nginx['NGINX_LANIP6']))   $urls[] = [$http_ip6_url, $https_fqdn6_url, null, false];
-  if (!empty($nginx['NGINX_LANMDNS']))  $urls[] = [$http_mdns_url, $https_fqdn_url, null, false];
-  if (!empty($nginx['NGINX_LANFQDN']))  $urls[] = [$https_fqdn_url, null, "certificate_bundle.pem", false];
-  if (!empty($nginx['NGINX_LANFQDN6'])) $urls[] = [$https_fqdn6_url, null, "certificate_bundle.pem", false];
+  if (!empty($nginx['NGINX_LANIP'])   && !empty($nginx['NGINX_LANFQDN']))  $urls[] = ['LAN', $http_ip_url, $https_fqdn_url, null, false];
+  if (!empty($nginx['NGINX_LANIP6'])  && !empty($nginx['NGINX_LANFQDN6'])) $urls[] = ['LAN', $http_ip6_url, $https_fqdn6_url, null, false];
+  if (!empty($nginx['NGINX_LANMDNS']) && !empty($nginx['NGINX_LANFQDN']))  $urls[] = ['LAN', $http_mdns_url, $https_fqdn_url, null, false];
   break;
 }
 
+// define FQDN urls for each interface
+// when multiple FQDN urls are available for a given interface, make sure they are sorted
+asort($nginx);
+foreach ($nginx as $key => $host) {
+  if (!$host) continue;
+  // Only process keys that include 'FQDN'
+  if (strpos($key, 'FQDN') === false) continue;
+  // Extract the interface from the key, e.g., 'NGINX_LANFQDN' -> 'LAN', 'NGINX_WANFQDN' -> 'WAN', NGINX_WG0FQDN -> WG, NGINX_TAILSCALE1FQDN -> TAILSCALE
+  // Note: this specifically excludes FQDN6 urls since they are not supported by myunraid.net DNS currently
+  if (preg_match('/^NGINX_([A-Z]+)(\d*)FQDN$/', $key, $matches)) {
+    $interface = $matches[1]; // Interface type (LAN, WAN, WG, TAILSCALE, etc.)
+    // ignore the WAN interface because we don't have access to the WANPORT here
+    if ($interface == "WAN") continue;
+    $pem = null;
+    if (str_ends_with($host, '.myunraid.net')) $pem = 'certificate_bundle.pem';
+    elseif (str_ends_with($host, '.ts.net')) $pem = 'ts_bundle.pem';
+    $url = 'https://'.$host.$https_port."/";
+    $urls[] = [$interface, $url, null, $pem, false];
+  }
+}
+
+// determine whether there are urls for a given interface
+function has_urls($interface) {
+  global $urls;
+  foreach($urls as $url) {
+    if ($url[0] == $interface) return true;
+  }
+  return false;
+}
+
+// show all urls for a given interface
+function show_urls($interface) {
+  global $urls;
+  //   0 - type of url ['LAN','WAN','WG','TAILSCALE']
+  //   1 - the url
+  //   3 - the url it redirects to, or null
+  //   4 - the certificate file used, or null
+  //   5 - self-signed certificate, or false
+  $output = "";
+  $linestart = "<dt>&nbsp;</dt><dd>";
+  $lineend = "</dd>\n";
+  $first = true;
+  foreach($urls as $url) {
+    if ($url[0] == $interface) {
+      $msg  = "<a href='$url[1]'>$url[1]</a>";
+      if ($url[2]) $msg .= " "._("redirects to")." <a href='$url[2]'>$url[2]</a>";
+      if ($url[3]) $msg .= " "._("uses")." ".$url[3];
+      if ($url[4]) $msg .= "<span class='warning'> <i class='fa fa-warning fa-fw'></i> "._("is a self-signed certificate, ignore the browser's warning and proceed to the GUI")."</span>";
+      // 2nd+ urls need leading $linestart
+      $output .= ($first ? "" : $linestart).$msg.$lineend;
+      $first = false;
+    }
+  }
+  if ($first) {
+    $output = "none";
+  } else {
+    // strip final trailing $lineend as it will be added by markdown
+    $output = substr($output, 0, strlen($lineend)*-1);
+  }
+  echo $output;
+}
+
 $cert_time_format   = $display['date'].($display['date']!='%c' ? ', '.str_replace(['%M','%R'],['%M:%S','%R:%S'],$display['time']):'');
 $provisionlabel     = $isWildcardCert ? _('Renew') : _('Provision');
 $disabled_provision = $keyfile===false || ($isWildcardCert && $retval_expired===0) || !$addr ? 'disabled' : '';
@@ -334,24 +405,34 @@ _(Local TLD)_:
 
 </form>
 
+<hr>
+
 _(Local access URLs)_:
-: <?
-// url[0] = url
-// url[1] = redirect url or null
-// url[2] = certificate used or null
-// url[3] = is certificate self-signed T/F
-$n = 0;
-foreach($urls as $url) {
-  $msg  = "";
-  if ($url[1]) $msg .= " "._("redirects to")." <a href='$url[1]'>$url[1]</a>";
-  if ($url[2]) $msg .= " "._("uses")." ".$url[2];
-  if ($url[3]) $msg .= "<span class='warning'> <i class='fa fa-warning fa-fw'></i> "._("is a self-signed certificate, ignore the browser's warning and proceed to the GUI")."</span>";
-  echo ($n ? "<dt>&nbsp;</dt><dd>" : ""),"<a href='$url[0]'>$url[0]</a>$msg",($n++ ? "</dd>" : "");
-}?>
+: <? show_urls('LAN'); ?>
 
 :mgmt_local_access_urls_help:
 
+<?if (has_urls('WG')): ?>
+
+_(WireGuard URLs)_:
+: <? show_urls('WG'); ?>
+
+:mgmt_wg_access_urls_help:
+
+<?endif;?>
+
+<?if (has_urls('TAILSCALE')): ?>
+
+_(Tailscale URLs)_:
+: <? show_urls('TAILSCALE'); ?>
+
+:mgmt_tailscale_access_urls_help:
+
+<?endif;?>
+
 <?if ($cert1Present):?>
+<hr>
+
 _(Self-signed or user-provided certificate)_:
 : <?=$cert1File?>
 
@@ -386,6 +467,9 @@ _(Self-signed certificate file)_:
 <input type="hidden" name="server_name" value="<?=strtok(_var($_SERVER,'HTTP_HOST'),":")?>">
 <input type="hidden" name="server_addr" value="<?=_var($_SERVER,'SERVER_ADDR')?>">
 <?if ($cert2Present):?>
+
+<hr>
+
 _(Unraid Let's Encrypt certificate)_:
 : <?=$cert2File?>
 
@@ -415,6 +499,31 @@ _(CA-signed certificate file)_:
 &nbsp;
 : <button type="submit" name="changePorts" value="Provision" <?=$disabled_provision?>><?=$provisionlabel?></button><button type="submit" name="changePorts" value="Delete" <?=$disabled_delete?> >_(Delete)_</button><?=$disabled_provision_msg?>
 
+
+<?if ($cert3Present):?>
+
+<hr>
+
+_(Tailscale Let's Encrypt certificate)_:
+: <?=$cert3File?>
+
+_(Certificate URL)_:
+: <?="<a href='https://$cert3Subject$https_port'>$cert3Subject</a>"?>
+
+_(Certificate issuer)_:
+: <?=$cert3Issuer?>
+
+_(Certificate expiration)_:
+: <?=_(my_date($cert_time_format, strtotime($cert3Expires)),0)?>
+
+<?endif;?>
+
 :mgmt_certificate_expiration_help:
 
 </form>
+
+<?if (has_urls('WG')): ?>
+
+<small>"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld</small>
+
+<?endif;?>
diff --git a/etc/rc.d/rc.nginx b/etc/rc.d/rc.nginx
index be1d7fc03..8a527cd07 100755
--- a/etc/rc.d/rc.nginx
+++ b/etc/rc.d/rc.nginx
@@ -18,6 +18,7 @@
 DAEMON="Nginx server daemon"
 CALLER="nginx"
 NGINX="/usr/sbin/nginx"
+TS="/usr/local/sbin/tailscale"
 PID="/var/run/nginx.pid"
 SSL="/boot/config/ssl"
 CONF="/etc/nginx/nginx.conf"
@@ -26,6 +27,7 @@ SERVERS="/etc/nginx/conf.d/servers.conf"
 LOCATIONS="/etc/nginx/conf.d/locations.conf"
 INI="/var/local/emhttp/nginx.ini.new"
 CERTPATH="$SSL/certs/certificate_bundle.pem"
+TSCERTPATH="$SSL/certs/ts_bundle.pem"
 MYSERVERS="/boot/config/plugins/dynamix.my.servers/myservers.cfg"
 
 # hold server names
@@ -285,6 +287,29 @@ build_servers(){
 	EOF
     fi
   fi
+  if [[ -n $TSFQDN ]]; then
+    cat <<- EOF >>$SERVERS
+	#
+	# Port settings for https using Tailscale cert
+	# ex: https://tower.magicDNS.ts.net
+	#
+	server {
+	$(listen $PORTSSL ssl http2)
+	    server_name $TSFQDN;
+	    # Ok to use concatenated pem files; nginx will do the right thing.
+	    ssl_certificate         $TSCERTPATH;
+	    ssl_certificate_key     $TSCERTPATH;
+	    ssl_trusted_certificate $TSCERTPATH;
+	    #
+	    # OCSP stapling
+	    ssl_stapling on;
+	    ssl_stapling_verify on;
+	    #
+	    location ~ /wsproxy/$PORTSSL/ { return 403; }
+	    include /etc/nginx/conf.d/locations.conf;
+	}
+	EOF
+  fi
 }
 
 # build our locations
@@ -534,6 +559,19 @@ build_ssl(){
     [[ -n $(openssl x509 -noout -ocsp_uri -in "$CERTPATH") ]] && CERTSTAPLE=on || CERTSTAPLE=off
   fi
 
+  # handle TS cert if present
+  if [[ -f "$TSCERTPATH" ]]; then
+    # confirm TS is intalled and running
+    if [[ -x $TS ]] && $TS status &>/dev/null; then
+      # extract common name from cert
+      TSFQDN1=$(openssl x509 -noout -subject -nameopt multiline -in "$TSCERTPATH" | sed -n 's/ *commonName *= //p')
+      # get tailscale domain
+      TSFQDN2=$($TS status -json | jq ' .Self.DNSName' | tr -d '"' | sed 's/.$//')
+      # if they are equal and not empty, the cert is valid, use it
+      [[ -n "$TSFQDN1" ]] && [[ "$TSFQDN1" == "$TSFQDN2" ]] && TSFQDN=$TSFQDN1
+    fi
+  fi
+
   # build servers configuration file
   build_servers
   # build locations configuration file
@@ -570,6 +608,8 @@ build_ssl(){
   echo "NGINX_WANIP6=\"$WANIP6\"" >>$INI
   echo "NGINX_WANFQDN=\"$WANFQDN\"" >>$INI
   echo "NGINX_WANFQDN6=\"$WANFQDN6\"" >>$INI
+  # defined if ts_bundle.pem present:
+  echo "NGINX_TAILSCALEFQDN=\"$TSFQDN\"" >>$INI
   # add included interfaces
   for NET in ${!NET_FQDN[@]}; do
     echo "NGINX_${NET^^}FQDN=\"${NET_FQDN[$NET]}\"" >>$INI

From 1e43abc785fb1b6cbadbea362c7d836aee90d3a8 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Thu, 5 Sep 2024 10:16:51 +0200
Subject: [PATCH 011/174] Fix issue with plugin icons

- make sure the maximum icon size for a plugin is 18x18px
---
 emhttp/plugins/dynamix/include/PageBuilder.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/PageBuilder.php b/emhttp/plugins/dynamix/include/PageBuilder.php
index 19bdc1fbc..40f56778c 100644
--- a/emhttp/plugins/dynamix/include/PageBuilder.php
+++ b/emhttp/plugins/dynamix/include/PageBuilder.php
@@ -78,7 +78,7 @@ function tab_title($title,$path,$tag) {
   if (!$tag || substr($tag,-4)=='.png') {
     $file = "$path/icons/".($tag ?: strtolower(str_replace(' ','',$title)).".png");
     if (file_exists("$docroot/$file")) {
-      return "<img src='/$file' class='icon'>$title";
+      return "<img src='/$file' class='icon' style='max-width: 18px; max-height: 18px; width: auto; height: auto; object-fit: contain;'>$title";
     } else {
       return "<i class='fa fa-th title'></i>$title";
     }

From 039c798b43207d2465d0c189da23846ad593d727 Mon Sep 17 00:00:00 2001
From: Derek Kaser <11674153+dkaser@users.noreply.github.com>
Date: Thu, 5 Sep 2024 22:00:20 +0000
Subject: [PATCH 012/174] Add fastcgi_path_info to default nginx configuration

---
 etc/rc.d/rc.nginx | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.nginx b/etc/rc.d/rc.nginx
index be1d7fc03..7a86d0a22 100755
--- a/etc/rc.d/rc.nginx
+++ b/etc/rc.d/rc.nginx
@@ -386,7 +386,9 @@ build_locations(){
 	#
 	# pass PHP scripts to FastCGI server listening on unix:/var/run/php-fpm.sock
 	#
-	location ~ \.php$ {
+	location ~ ^(.+\.php)(.*)$ {
+	    fastcgi_split_path_info  ^(.+\.php)(.*)$;
+	    fastcgi_param PATH_INFO  $fastcgi_path_info;
 	    include fastcgi_params;
 	}
 	#

From 6b31532688c6288760d687217587829b1e8b7af3 Mon Sep 17 00:00:00 2001
From: Robin Kluth <kontakt@kluthr.de>
Date: Fri, 6 Sep 2024 15:46:06 +0200
Subject: [PATCH 013/174] Add a log line noting how long we wait currently for
 a VM action.

---
 etc/rc.d/rc.libvirt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/rc.d/rc.libvirt b/etc/rc.d/rc.libvirt
index 6299cd411..cd4ce5cef 100755
--- a/etc/rc.d/rc.libvirt
+++ b/etc/rc.d/rc.libvirt
@@ -60,6 +60,9 @@ vmlist(){
 waitfor(){
   local C=0
   while [[ $C -lt $TIMEOUT && $(virsh list --state-$1 | awk "NR>2 && /${2:-^.+$}/" | wc -l) -gt 0 ]]; do
+    if [ $C -eq 0 ]; then # echo Timeout info just one time and only if virsh returned something
+      log "Waiting $TIMEOUT seconds for VMs with state: $1"
+    fi
     ((C++))
     sleep 1
   done

From 73705b71fab865020acbd8a480868cf39239731b Mon Sep 17 00:00:00 2001
From: desertwitch <24509509+desertwitch@users.noreply.github.com>
Date: Sun, 8 Sep 2024 20:21:18 +0200
Subject: [PATCH 014/174] dynamix/include/SysDevs.php: fix PHP warnings

test for exec-returned variable existence before usage
---
 emhttp/plugins/dynamix/include/SysDevs.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/SysDevs.php b/emhttp/plugins/dynamix/include/SysDevs.php
index cf5d90905..32fbddb22 100644
--- a/emhttp/plugins/dynamix/include/SysDevs.php
+++ b/emhttp/plugins/dynamix/include/SysDevs.php
@@ -75,9 +75,11 @@ case 't1':
     foreach ($devicelist as $line) {
       if (!empty($line)) {
         exec('udevadm info --path=$(udevadm info -q path /dev/'.$line.' | cut -d / -f 1-7) --query=path',$linereturn);
-        preg_match_all($DBDF_PARTIAL_REGEX, $linereturn[0], $inuse);
-        foreach ($inuse[0] as $line) {
-          $lines[] = $line;
+        if(isset($linereturn[0])) {
+          preg_match_all($DBDF_PARTIAL_REGEX, $linereturn[0], $inuse);
+          foreach ($inuse[0] as $line) {
+            $lines[] = $line;
+          }
         }
         unset($inuse);
         unset($linereturn);
@@ -92,9 +94,11 @@ case 't1':
           foreach ($nics as $line) {
             if (!empty($line)) {
               exec('readlink /sys/class/net/'.$line,$linereturn);
-              preg_match_all($DBDF_PARTIAL_REGEX, $linereturn[0], $inuse);
-              foreach ($inuse[0] as $line) {
-                $lines[] = $line;
+              if(isset($linereturn[0])) {
+                preg_match_all($DBDF_PARTIAL_REGEX, $linereturn[0], $inuse);
+                foreach ($inuse[0] as $line) {
+                  $lines[] = $line;
+                }
               }
               unset($inuse);
               unset($linereturn);

From 16823d07b117f0284b45101f6339357a908298a8 Mon Sep 17 00:00:00 2001
From: Rysz <24509509+desertwitch@users.noreply.github.com>
Date: Mon, 9 Sep 2024 06:56:35 +0200
Subject: [PATCH 015/174] en_US/helptext.txt: Fix broken link

---
 emhttp/languages/en_US/helptext.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index 33d9f9b77..016d9d9ae 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -256,7 +256,7 @@ Unraid OS uses these default options when creating a multiple-device pool:
 
 `-dconvert=raid1 -mconvert=raid1`
 
-For more complete documentation, please refer to the btrfs-balance [Manpage](https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs-balance)
+For more complete documentation, please refer to the btrfs-balance [Manpage](https://man7.org/linux/man-pages/man8/btrfs-balance.8.html)
 
 *Note: raid5 and raid6 are generally still considered **experimental** by the Linux community*
 :end

From e9faee0d27f93ca0cd9fb35fe58137b75686afc4 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 9 Sep 2024 17:07:43 +0200
Subject: [PATCH 016/174] Update CreateDocker.php

---
 .../include/CreateDocker.php                  | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index 11e4eac2a..568ae97af 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -213,6 +213,9 @@ if (isset($_GET['xmlTemplate'])) {
   if (is_file($xmlTemplate)) {
     $xml = xmlToVar($xmlTemplate);
     $templateName = $xml['Name'];
+    if (preg_match('/^container:(.*)/', $xml['Network'])) {
+      $xml['Network'] = explode(':', $xml['Network'], 2);
+    }
     if ($xmlType == 'default') {
       if (!empty($dockercfg['DOCKER_APP_CONFIG_PATH']) && file_exists($dockercfg['DOCKER_APP_CONFIG_PATH'])) {
         // override /config
@@ -858,6 +861,7 @@ _(Network Type)_:
 : <select name="contNetwork" onchange="showSubnet(this.value)">
   <?=mk_option(1,'bridge',_('Bridge'))?>
   <?=mk_option(1,'host',_('Host'))?>
+  <?=mk_option(1,'container',_('Container'))?>
   <?=mk_option(1,'none',_('None'))?>
   <?foreach ($custom as $network):?>
   <?$name = $network;
@@ -880,6 +884,21 @@ _(Fixed IP address)_ (_(optional)_):
 
 :docker_fixed_ip_help:
 
+</div>
+
+<div markdown="1" class="netCONT noshow">
+_(Container Network)_:
+: <select name="netCONT" id="netCONT">
+  <?php
+  foreach ($DockerClient->getDockerContainers() as $ct) {
+    if ($ct['Name'] !== $xml['Name']) {
+      $list[] = $ct['Name'];
+      echo mk_option($ct['Name'], $ct['Name'], $ct['Name']);
+    }
+  }
+  ?>
+:docker_container_network_help:
+</select>
 </div>
 _(Console shell command)_:
 : <select name="contShell">
@@ -1013,9 +1032,18 @@ function showSubnet(bridge) {
   if (bridge.match(/^(bridge|host|none)$/i) !== null) {
     $('.myIP').hide();
     $('input[name="contMyIP"]').val('');
+    $('.netCONT').hide();
+    $('#netCONT').val('');
+  } else if (bridge.match(/^(container)$/i) !== null) {
+    $('.netCONT').show();
+    $('#netCONT').val('<?php echo $xml['Network'][1]; ?>');
+    $('.myIP').hide();
+    $('input[name="contMyIP"]').val('');
   } else {
     $('.myIP').show();
     $('#myIP').html('Subnet: '+subnet[bridge]);
+    $('.netCONT').hide();
+    $('#netCONT').val('');
   }
 }
 

From b62c8f5a12b4afbf618185accb9836d726ca361a Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 9 Sep 2024 17:09:15 +0200
Subject: [PATCH 017/174] Update Helpers.php

---
 .../dynamix.docker.manager/include/Helpers.php | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
index 8ae436666..71f59bd75 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
@@ -40,7 +40,11 @@ function postToXML($post, $setOwnership=false) {
   $xml->Name               = xml_encode(preg_replace('/\s+/', '', $post['contName']));
   $xml->Repository         = xml_encode(trim($post['contRepository']));
   $xml->Registry           = xml_encode(trim($post['contRegistry']));
-  $xml->Network            = xml_encode($post['contNetwork']);
+  if (!empty(trim($post['netCONT']))) {
+    $xml->Network          = xml_encode($post['contNetwork'].':'.$post['netCONT']);
+  } else {
+    $xml->Network          = xml_encode($post['contNetwork']);
+  }
   $xml->MyIP               = xml_encode($post['contMyIP']);
   $xml->Shell              = xml_encode($post['contShell']);
   $xml->Privileged         = strtolower($post['contPrivileged']??'')=='on' ? 'true' : 'false';
@@ -132,7 +136,11 @@ function xmlToVar($xml) {
     $out['Network'] = xml_decode($xml->Networking->Mode);
   }
   // check if network exists
-  if (!key_exists($out['Network'],$subnet)) $out['Network'] = 'none';
+  if (preg_match('/^container:(.*)/', $out['Network'])) {
+    $out['Network'] = $out['Network'];
+  } elseif (!key_exists($out['Network'],$subnet)) {
+    $out['Network'] = 'none';
+  }
   // V1 compatibility
   if ($xml['version'] != '2') {
     if (isset($xml->Description)) {
@@ -241,7 +249,11 @@ function xmlToCommand($xml, $create_paths=false) {
   $xml           = xmlToVar($xml);
   $cmdName       = strlen($xml['Name']) ? '--name='.escapeshellarg($xml['Name']) : '';
   $cmdPrivileged = strtolower($xml['Privileged'])=='true' ? '--privileged=true' : '';
-  $cmdNetwork    = preg_match('/\-\-net(work)?=/',$xml['ExtraParams']) ? "" : '--net='.escapeshellarg(strtolower($xml['Network']));
+  if (preg_match('/^container:(.*)/', $xml['Network'])) {
+    $cmdNetwork  = preg_match('/\-\-net(work)?=/',$xml['ExtraParams']) ? "" : '--net='.escapeshellarg($xml['Network']);
+  } else {
+    $cmdNetwork  = preg_match('/\-\-net(work)?=/',$xml['ExtraParams']) ? "" : '--net='.escapeshellarg(strtolower($xml['Network']));
+  }
   $cmdMyIP       = '';
   foreach (explode(' ',str_replace(',',' ',$xml['MyIP'])) as $myIP) if ($myIP) $cmdMyIP .= (strpos($myIP,':')?'--ip6=':'--ip=').escapeshellarg($myIP).' ';
   $cmdCPUset     = strlen($xml['CPUset']) ? '--cpuset-cpus='.escapeshellarg($xml['CPUset']) : '';

From 3e29f0b8b8d73ed4de6952e122c69cdd90587eb1 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 10 Sep 2024 22:32:07 +0200
Subject: [PATCH 018/174] Only kill sshd from host

---
 etc/rc.d/rc.sshd | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/etc/rc.d/rc.sshd b/etc/rc.d/rc.sshd
index 36961c19c..1c6abd44a 100755
--- a/etc/rc.d/rc.sshd
+++ b/etc/rc.d/rc.sshd
@@ -23,7 +23,14 @@ SSH_ETC="/etc/ssh"
 
 sshd_running(){
   sleep 0.1
-  [[ $(pgrep -cf $SSHD) -gt 0 ]]
+  # get all pids from sshd
+  for pid in $(pgrep -f $SSHD); do
+    # check if a sshd is running on host system
+    if ! grep -qE '/docker/|/lxc/' /proc/$pid/cgroup; then
+      return 1
+    fi
+  done
+  return 0
 }
 
 sshd_build(){
@@ -41,7 +48,7 @@ sshd_build(){
 sshd_start(){
   log "Starting $DAEMON..."
   local REPLY
-  if sshd_running; then
+  if ! sshd_running; then
     REPLY="Already started"
   else
     # make sure ssh dir exists on flash
@@ -56,19 +63,29 @@ sshd_start(){
     sshd_build
     # start daemon
     run $SSHD
-    if sshd_running; then REPLY="Started"; else REPLY="Failed"; fi
+    if ! sshd_running; then REPLY="Started"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."
 }
 
 sshd_stop(){
   local REPLY
-  if ! sshd_running; then
+  if sshd_running; then
     REPLY="Already stopped"
   else
     log "Stopping $DAEMON..."
-    killall sshd
-    if ! sshd_running; then REPLY="Stopped"; else REPLY="Failed"; fi
+    # get all pids from sshd
+    for pid in $(pgrep -f $SSHD); do
+      # make sure to kill only sshd from host system
+      if ! grep -qE '/docker/|/lxc/' /proc/$pid/cgroup; then
+        kill $pid
+      fi
+    done
+    if sshd_running; then
+      REPLY="Stopped"
+    else
+      REPLY="Failed"
+    fi
   fi
   log "$DAEMON...  $REPLY."
 }
@@ -103,12 +120,12 @@ sshd_reload(){
 
 sshd_update(){
   # 0 = update needed, 1 = no action
-  if ! sshd_running; then exit 1; fi
+  if sshd_running; then exit 1; fi
   if check && [[ "$(this ListenAddress)" == "${BIND[@]}" ]]; then exit 1; else exit 0; fi
 }
 
 sshd_status(){
-  if sshd_running; then
+  if ! sshd_running; then
     echo "$DAEMON is currently running."
   else
     echo "$DAEMON is not running."

From 171a77feec75fd7b184eb9575f3d21e4422dfe34 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 11 Sep 2024 07:38:15 +0200
Subject: [PATCH 019/174] Change function

- return `1` if daemon is running and return `0` if it is not running
---
 etc/rc.d/rc.sshd | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/etc/rc.d/rc.sshd b/etc/rc.d/rc.sshd
index 1c6abd44a..f128b0026 100755
--- a/etc/rc.d/rc.sshd
+++ b/etc/rc.d/rc.sshd
@@ -27,10 +27,10 @@ sshd_running(){
   for pid in $(pgrep -f $SSHD); do
     # check if a sshd is running on host system
     if ! grep -qE '/docker/|/lxc/' /proc/$pid/cgroup; then
-      return 1
+      return 0
     fi
   done
-  return 0
+  return 1
 }
 
 sshd_build(){
@@ -48,7 +48,7 @@ sshd_build(){
 sshd_start(){
   log "Starting $DAEMON..."
   local REPLY
-  if ! sshd_running; then
+  if sshd_running; then
     REPLY="Already started"
   else
     # make sure ssh dir exists on flash
@@ -63,14 +63,14 @@ sshd_start(){
     sshd_build
     # start daemon
     run $SSHD
-    if ! sshd_running; then REPLY="Started"; else REPLY="Failed"; fi
+    if sshd_running; then REPLY="Started"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."
 }
 
 sshd_stop(){
   local REPLY
-  if sshd_running; then
+  if ! sshd_running; then
     REPLY="Already stopped"
   else
     log "Stopping $DAEMON..."
@@ -81,7 +81,7 @@ sshd_stop(){
         kill $pid
       fi
     done
-    if sshd_running; then
+    if ! sshd_running; then
       REPLY="Stopped"
     else
       REPLY="Failed"
@@ -125,7 +125,7 @@ sshd_update(){
 }
 
 sshd_status(){
-  if ! sshd_running; then
+  if sshd_running; then
     echo "$DAEMON is currently running."
   else
     echo "$DAEMON is not running."

From 5ec695921a409252d300d3f6b42176a81bc5ec3e Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 11 Sep 2024 07:39:34 +0200
Subject: [PATCH 020/174] Fix sshd_update logic

---
 etc/rc.d/rc.sshd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.sshd b/etc/rc.d/rc.sshd
index f128b0026..f6a8395bc 100755
--- a/etc/rc.d/rc.sshd
+++ b/etc/rc.d/rc.sshd
@@ -120,7 +120,7 @@ sshd_reload(){
 
 sshd_update(){
   # 0 = update needed, 1 = no action
-  if sshd_running; then exit 1; fi
+  if ! sshd_running; then exit 1; fi
   if check && [[ "$(this ListenAddress)" == "${BIND[@]}" ]]; then exit 1; else exit 0; fi
 }
 

From 19de7c197985ffbb77d4ae037580eecaeab7f495 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Thu, 12 Sep 2024 23:12:03 +0200
Subject: [PATCH 021/174] Fix for rc.docker for interfaces with higher index
 than 0

- Fix error in first if condition which always returned `false`
- Change name from variables so that it a bit easier to read
- Make sure that custom interfaces with a higher index then 0 are properly rebuilt
---
 etc/rc.d/rc.docker | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/etc/rc.d/rc.docker b/etc/rc.d/rc.docker
index a77ed94f9..4d0e2d6d0 100755
--- a/etc/rc.d/rc.docker
+++ b/etc/rc.d/rc.docker
@@ -264,15 +264,19 @@ docker_network_start(){
     USER_NETWORKS=$(docker inspect --format='{{range $key,$value:=.NetworkSettings.Networks}}{{$key}};{{if $value.IPAMConfig}}{{if $value.IPAMConfig.IPv4Address}}{{$value.IPAMConfig.IPv4Address}}{{end}}{{if $value.IPAMConfig.IPv6Address}},{{$value.IPAMConfig.IPv6Address}}{{end}}{{end}} {{end}}' $CONTAINER)
     for ROW in $USER_NETWORKS; do
       ROW=(${ROW/;/ })
-      MY_NETWORK=${ROW[0]}
-      MY_IP=${ROW[1]/,/;}
+      USER_NETWORK=${ROW[0]}
+      USER_IP=${ROW[1]/,/;}
       if [[ -n $MY_NETWORK && $MY_NETWORK != $MY_NETWORK ]]; then
-        LABEL=${MY_NETWORK//[0-9.]/}
-        if [[ $STOCK =~ $LABEL && $LABEL != ${PORT:0:-1} ]]; then
-          MY_NETWORK=${MY_NETWORK/$LABEL/${PORT:0:-1}}
+        LABEL=${USER_NETWORK//[0-9.]/}
+        IF_NO_PARTS=${USER_NETWORK#"$LABEL"}
+        IF_NO=${IF_NO_PARTS%%.*}
+        if [[ $STOCK =~ $LABEL && $IF_NO -gt 0 ]]; then
+          USER_NETWORK=$USER_NETWORK
+        elif [[ $STOCK =~ $LABEL && $LABEL != ${PORT:0:-1} ]]; then
+          USER_NETWORK=${USER_NETWORK/$LABEL/${PORT:0:-1}}
         fi
-        log "container $CONTAINER has an additional network that will be restored: $MY_NETWORK"
-        NETRESTORE[$MY_NETWORK]="$CONTAINER,$MY_IP ${NETRESTORE[$MY_NETWORK]}"
+        log "container $CONTAINER has an additional network that will be restored: $USER_NETWORK"
+        NETRESTORE[$USER_NETWORK]="$CONTAINER,$USER_IP ${NETRESTORE[$USER_NETWORK]}"
       fi
     done
   done

From e3c4ff280d60073d2671248cc955a37f71b1265c Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Thu, 12 Sep 2024 23:33:27 +0200
Subject: [PATCH 022/174] Small fix

---
 etc/rc.d/rc.docker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.docker b/etc/rc.d/rc.docker
index 4d0e2d6d0..ec5740e13 100755
--- a/etc/rc.d/rc.docker
+++ b/etc/rc.d/rc.docker
@@ -266,7 +266,7 @@ docker_network_start(){
       ROW=(${ROW/;/ })
       USER_NETWORK=${ROW[0]}
       USER_IP=${ROW[1]/,/;}
-      if [[ -n $MY_NETWORK && $MY_NETWORK != $MY_NETWORK ]]; then
+      if [[ -n $USER_NETWORK && $USER_NETWORK != $MY_NETWORK ]]; then
         LABEL=${USER_NETWORK//[0-9.]/}
         IF_NO_PARTS=${USER_NETWORK#"$LABEL"}
         IF_NO=${IF_NO_PARTS%%.*}

From 8d628aad4f6fe887cf0f2ea4293276d3a33c5e6c Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Fri, 13 Sep 2024 11:47:57 -0500
Subject: [PATCH 023/174] Change default file system text.

---
 emhttp/plugins/dynamix/DiskSettings.page | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/DiskSettings.page b/emhttp/plugins/dynamix/DiskSettings.page
index f54cc2a7f..8c6ad60d3 100644
--- a/emhttp/plugins/dynamix/DiskSettings.page
+++ b/emhttp/plugins/dynamix/DiskSettings.page
@@ -154,7 +154,7 @@ _(Enable spinup groups)_:
 
 :disk_spinup_groups_help:
 
-_(Default file system)_:
+_(Default file system for Array disks)_:
 : <select name="defaultFsType">
   <?=mk_option($var['defaultFsType'], "xfs", _('xfs'));?>
   <?=mk_option($var['defaultFsType'], "zfs", _('zfs'));?>

From e52813b6262f5c4235de4e97c214608d2a96f62b Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Thu, 19 Sep 2024 22:16:00 +0100
Subject: [PATCH 024/174] Divide  net and disk values by timer

---
 emhttp/plugins/dynamix.vm.manager/nchan/vm_usage | 4 ++--
 emhttp/plugins/dynamix/nchan/vm_dashusage        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/nchan/vm_usage b/emhttp/plugins/dynamix.vm.manager/nchan/vm_usage
index ce62b8a93..887ec80c3 100755
--- a/emhttp/plugins/dynamix.vm.manager/nchan/vm_usage
+++ b/emhttp/plugins/dynamix.vm.manager/nchan/vm_usage
@@ -80,8 +80,8 @@ while (true) {
       $echodata .= my_scale($vmdata['mem']*1024,$unit)."$unit / ".my_scale($vmdata['curmem']*1024,$unit)."$unit";
       if ($vmdata['curmem'] === $vmdata['maxmem']) $echodata .= " </td><td>";
       else $echodata .= " / " .my_scale($vmdata['maxmem']*1024,$unit)."$unit </td><td>";
-      $echodata .=  _("Read").": ".my_scale($vmdata['rdrate'],$unit)."$unit/s<br>"._("Write").": ".my_scale($vmdata['wrrate'],$unit)."$unit/s</td><td>";
-      $echodata .=  _("RX").": ".my_scale($vmdata['rxrate'],$unit)."$unit/s<br>"._("TX").": ".my_scale($vmdata['txrate'],$unit)."$unit/s</td></tr>";
+      $echodata .=  _("Read").": ".my_scale($vmdata['rdrate']/$timer,$unit)."$unit/s<br>"._("Write").": ".my_scale($vmdata['wrrate']/$timer,$unit)."$unit/s</td><td>";
+      $echodata .=  _("RX").": ".my_scale($vmdata['rxrate']/$timer,$unit)."$unit/s<br>"._("TX").": ".my_scale($vmdata['txrate']/$timer,$unit)."$unit/s</td></tr>";
     }
     $echo = $echodata ;
   }
diff --git a/emhttp/plugins/dynamix/nchan/vm_dashusage b/emhttp/plugins/dynamix/nchan/vm_dashusage
index 3cdffef28..be0415b81 100755
--- a/emhttp/plugins/dynamix/nchan/vm_dashusage
+++ b/emhttp/plugins/dynamix/nchan/vm_dashusage
@@ -78,8 +78,8 @@ while (true) {
       $echo[$vmencode ]['mem'] = "<span>Mem: ".my_scale($vmdata['mem']*1024,$unit)."$unit / ".my_scale($vmdata['curmem']*1024,$unit)."$unit";
       if ($vmdata['maxmem'] == $vmdata['curmem']) $echo[$vmencode ]['mem'] .="&nbsp&nbsp</span>";
       else $echo[$vmencode ]['mem'] .= " / ".my_scale($vmdata['maxmem']*1024,$unit)."$unit&nbsp&nbsp</span>";
-      $echo[$vmencode ]['disk'] = "<span>Disk: "._("Rd").": ".my_scale($vmdata['rdrate'],$unit)."$unit/s "._("Wr").": ".my_scale($vmdata['wrrate'],$unit)."$unit/s&nbsp&nbsp</span>";
-      $echo[$vmencode ]['net'] =  "<span>Net: "._("RX").": ".my_scale($vmdata['rxrate'],$unit)."$unit/s "._("TX").": ".my_scale($vmdata['txrate'],$unit)."$unit/s&nbsp&nbsp</span>";
+      $echo[$vmencode ]['disk'] = "<span>Disk: "._("Rd").": ".my_scale($vmdata['rdrate']/$timer,$unit)."$unit/s "._("Wr").": ".my_scale($vmdata['wrrate']/$timer,$unit)."$unit/s&nbsp&nbsp</span>";
+      $echo[$vmencode ]['net'] =  "<span>Net: "._("RX").": ".my_scale($vmdata['rxrate']/$timer,$unit)."$unit/s "._("TX").": ".my_scale($vmdata['txrate']/$timer,$unit)."$unit/s&nbsp&nbsp</span>";
     }
   }
 

From 4a4983f7c58880a9b87d081b640edc1e7c1fa90e Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Mon, 16 Sep 2024 15:02:15 -0700
Subject: [PATCH 025/174] rc.S: reboot should not invoke shutdown

---
 etc/rc.d/rc.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.S b/etc/rc.d/rc.S
index 2d3387abb..082e84926 100755
--- a/etc/rc.d/rc.S
+++ b/etc/rc.d/rc.S
@@ -79,7 +79,7 @@ abort() {
   /bin/umount -a
   read -p "$1 - press ENTER key to reboot..."
   /bin/echo
-  /sbin/reboot
+  /sbin/reboot -fd
 }
 
 find_device() {

From 4c6be23467f0b220f4d735f8e724bbb428f9a5b2 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Fri, 20 Sep 2024 09:18:39 -0700
Subject: [PATCH 026/174] Clean up empty cgroups

---
 etc/rc.d/rc.S.cont        |  6 ++++
 etc/rc.d/rc.cgroup2unraid | 75 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 etc/rc.d/rc.cgroup2unraid

diff --git a/etc/rc.d/rc.S.cont b/etc/rc.d/rc.S.cont
index d98f3e407..6930cf426 100755
--- a/etc/rc.d/rc.S.cont
+++ b/etc/rc.d/rc.S.cont
@@ -69,6 +69,7 @@ if /bin/grep -wq cgroup /proc/filesystems; then
       # See https://docs.kernel.org/admin-guide/cgroup-v2.html (section Mounting)
       # Mount cgroup2 filesystem
       /sbin/mount -t cgroup2 -o rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot cgroup2 /sys/fs/cgroup
+      chmod +x /etc/rc.d/rc.cgroup2unraid
     else
       # Display message if /sys/fs/cgroup does not exist
       echo "/sys/fs/cgroup does not exist. cgroup2 cannot be mounted."
@@ -159,6 +160,11 @@ if [[ -x /etc/rc.d/rc.cgconfig && -x /etc/rc.d/rc.cgred && -d /sys/fs/cgroup ]];
   /etc/rc.d/rc.cgred start
 fi
 
+# Start cgroup2 cleanup daemon
+if [[ -x /etc/rc.d/rc.cgroup2unraid && -d /sys/fs/cgroup ]]; then
+  /etc/rc.d/rc.cgroup2unraid start
+fi
+
 # Create /tmp/{.ICE-unix,.X11-unix} if they are not present:
 if [[ ! -e /tmp/.ICE-unix ]]; then
   /bin/mkdir -p /tmp/.ICE-unix
diff --git a/etc/rc.d/rc.cgroup2unraid b/etc/rc.d/rc.cgroup2unraid
new file mode 100644
index 000000000..75087556a
--- /dev/null
+++ b/etc/rc.d/rc.cgroup2unraid
@@ -0,0 +1,75 @@
+#!/bin/bash
+#
+# script: rc.cgroup2unraid
+#
+# start/stop/status/restart/run Unraid cgroup2 cleanup:
+#
+# LimeTech - created for Unraid OS
+# /etc/rc.d/rc.cgroup2unraid
+
+DAEMON="Unraid cgroup2 cleanup daemon"
+CGROUP2="/usr/libexec/unraid/cgroup2-unraid"
+PID="/var/run/cgroup2-unraid.pid"
+
+# run & log functions
+. /etc/rc.d/rc.runlog
+
+
+cgroup2daemon_running(){
+  sleep 0.1
+  [[ $(pgrep -cf $CGROUP2) -gt 0 ]]
+}
+
+case "$1" in
+  start)
+    if cgroup2daemon_running ; then
+      REPLY="Already started"
+    else
+      $CGROUP2 --daemon
+      echo $(pgrep -f $CGROUP2) > $PID
+      if cgroup2daemon_running; then
+        REPLY="Started"
+      else
+        REPLY="Failed"
+      fi
+    fi
+    log "$DAEMON...  $REPLY."
+    ;;
+  stop)
+    if ! cgroup2daemon_running ; then
+      REPLY="Already stopped"
+    else
+      log "Stopping $DAEMON..."
+      kill $(cat $PID)
+      if cgroup2daemon_running; then
+        REPLY="Failed"
+      else
+        REPLY="Stopped"
+      fi
+    fi
+    log "$DAEMON...  $REPLY."
+    ;;
+  status)
+    if cgroup2daemon_running ; then
+      echo "$DAEMON running"
+    else
+      echo "$DAEMON not running"
+      if [ -f $PID ]; then
+        rm -f $PID
+      fi
+    fi
+    ;;
+  run)
+    echo "Cleaning up cgroups..."
+    $CGROUP2
+    echo "Done!"
+    ;;
+  restart)
+    $0 stop
+    $0 start
+    ;;
+  *)
+  echo "Usage: $BASENAME start|stop|status|restart|run"
+  exit 1
+esac
+exit 0
\ No newline at end of file

From 54b1e81b3806d89c9e4ffbcc0aa22c736dec24cd Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Mon, 23 Sep 2024 10:54:57 -0700
Subject: [PATCH 027/174] unconditinally set directories to mode 0777

---
 emhttp/plugins/dynamix/scripts/newperms | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/emhttp/plugins/dynamix/scripts/newperms b/emhttp/plugins/dynamix/scripts/newperms
index 7f36b231d..34188a375 100755
--- a/emhttp/plugins/dynamix/scripts/newperms
+++ b/emhttp/plugins/dynamix/scripts/newperms
@@ -12,11 +12,10 @@
 
 # With corrections suggested by forum member Stokkes
 
-# Here's a breakdown of chmod "u-x,go-rwx,go+u,ugo+X"
-#  u-x     Clear the 'x' bit in the user permissions (leaves rw as-is)
+# Here's a breakdown of chmod "go-rwx,u-x,go+u"
 #  go-rwx  Clear the 'rwx' bits in both the group and other permissions
+#  u-x     Clear the 'x' bit in the user permissions (leaves rw as-is)
 #  go+u    Copy the user permissions to group and other
-#  ugo+X   Set the 'x' bit for directories in user, group, and other
 
 $nchan = $argv[$argc-1] == 'nchan'; // console or nchan output
 if ($nchan) unset($argv[$argc-1]);  // remove nchan parameter
@@ -45,10 +44,13 @@ function process($path) {
   $owner = $argv[2] ?? 'nobody';
   $group = $argv[3] ?? 'users';
   if (is_dir($path) && preg_match('/^\/mnt\/.+/',$path)) {
-    write("Processing: $path\n", "... chmod -R u-x,go-rwx,go+u,ugo+X $path\n");
-    exec("chmod -R u-x,go-rwx,go+u,ugo+X ".escapeshellarg($path));
-    write("... chown -R $owner:$group $path\n");
+    write("Processing: $path\n");
+    write("... chown -R $owner:$group\n");
     exec("chown -R $owner:$group ".escapeshellarg($path));
+    write("... chmod -R go-rwx,u-x,go+u\n");
+    exec("chmod -R go-rwx,u-x,go+u ".escapeshellarg($path));
+    write("... find -type d -exec chmod 777 {} \\;\n");
+    exec("find ".escapeshellarg($path)." -type d -exec chmod 777 {} \\;");
     write("... sync\n");
     exec("sync");
     write("\n");

From 8f656e87b1c19f2adcbf10ca530721873e8745f6 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Mon, 23 Sep 2024 10:57:13 -0700
Subject: [PATCH 028/174] establish sensible zfs pool defaults

---
 emhttp/plugins/dynamix/DeviceInfo.page   | 124 +++++++++++++----------
 emhttp/plugins/dynamix/nchan/device_list |   9 +-
 2 files changed, 73 insertions(+), 60 deletions(-)

diff --git a/emhttp/plugins/dynamix/DeviceInfo.page b/emhttp/plugins/dynamix/DeviceInfo.page
index 92cd59bd0..b91674e5e 100755
--- a/emhttp/plugins/dynamix/DeviceInfo.page
+++ b/emhttp/plugins/dynamix/DeviceInfo.page
@@ -17,7 +17,6 @@ Tag="hdd-o"
 <?
 require_once "$docroot/webGui/include/Preselect.php";
 
-$subpool_name = isSubpool($name) ? isSubpool($name) : '';
 $unassigned = array_key_exists($name,$devs);
 $disk       = $disks[$name] ?? $devs[$name] ?? [];
 $dev        = _var($disk,'device');
@@ -27,6 +26,22 @@ $days       = ['Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Satu
 $sheets     = [];
 $i = $n     = 0;
 
+function hasSubpools($name) {
+  global $disks, $subpools;
+  foreach ($subpools as $subpool) {
+    $index = "$name~$subpool";
+    if (isset($disks[$index])) return true;
+  }
+  return false;
+}
+if (!isSubpool($name)) {
+  $fsTypeImmutable = !(_var($var,'fsState')=='Stopped' && !hasSubpools($name) && (empty(_var($disk,'uuid')) || _var($disk,'slots',1)==1));
+  $fsProfileImmutable = $fsTypeImmutable;
+} else {
+  $fsTypeImmutable = true;
+  $fsProfileImmutable = !(_var($var,'fsState')=='Stopped' && empty(_var($disk,'fsGroups','1')));
+}
+
 foreach ($disks as $sheet) {
   if (_var($sheet,'type')=="Flash" || _var($sheet,'color')=="grey-off" || empty($sheet['name'])) continue;
   $sheets[] = $sheet['name'];
@@ -45,7 +60,6 @@ $prev = $i>0 ? $sheets[$i-1] : $sheets[$end];
 $next = $i<$end ? $sheets[$i+1] : $sheets[0];
 $textErase = isPool($name) ? _('This will ERASE content of ALL devices in the pool') : _('This will ERASE ALL device content');
 $textDelete = _('This will unassign all devices from the pool but will NOT modify any device contents');
-$fsTypeImmutable = !(_var($var,'fsState')=='Stopped' && (empty(_var($disk,'uuid')) || _var($disk,'slots',1)==1));
 
 function disabled_if($condition) {
   if ($condition !== false) echo ' disabled';
@@ -200,7 +214,7 @@ function prepareZFS(form) {
 }
 <?endif;?>
 
-function selectDiskFsWidth(slots) {
+function setDiskFsWidth(slots) {
   $('#diskFsWidth').empty();
   $('#diskFsWidth').append($('<option>', {value: slots, text:''}));
   $('#diskFsWidth').val(slots);
@@ -210,9 +224,15 @@ function selectDiskFsProfileAuto() {
   $('#diskFsProfile').empty();
   $('#diskFsProfile').append($('<option>', {value: '', text:''}));
   $('#diskFsProfile').val('');
-  selectDiskFsWidth('');
+  setDiskFsWidth('');
 }
-function selectDiskFsProfileBTRFS(slots,set_default) {
+function selectDiskFsProfileXFS() {
+  $('#diskFsProfile').empty();
+  $('#diskFsProfile').append($('<option>', {value: '', text:''}));
+  $('#diskFsProfile').val('');
+  setDiskFsWidth(1);
+}
+function selectDiskFsProfileBTRFS(slots,init) {
   $('#diskFsProfile').empty();
   $('#diskFsProfile').append($('<option>', {value: 'single', text:_('single')}));
   if (slots >= 2) $('#diskFsProfile').append($('<option>', {value: 'raid0', text:_('raid0')}));
@@ -222,15 +242,16 @@ function selectDiskFsProfileBTRFS(slots,set_default) {
   if (slots >= 4) $('#diskFsProfile').append($('<option>', {value: 'raid10', text:_('raid10')}));
   if (slots >= 3) $('#diskFsProfile').append($('<option>', {value: 'raid5', text:_('raid5')}));
   if (slots >= 4) $('#diskFsProfile').append($('<option>', {value: 'raid6', text:_('raid6')}));
-  if (set_default) {
-    if (slots == 1) $('#diskFsProfile').val('');
-    if (slots > 1) $('#diskFsProfile').val('raid1');
-  } else {
+  if (init) {
     $('#diskFsProfile').val("<?=_var($disk,'fsProfile')?>");
+  } else {
+    if (slots == 1) $('#diskFsProfile').val('');
+    if (slots >= 2) $('#diskFsProfile').val('raid1');
   }
-  selectDiskFsWidth(slots);
+  setDiskFsWidth(slots);
 }
-function selectDiskFsWidthZFS(slots) {
+function selectDiskFsWidthZFS(slots,init) {
+  var selected_width = init ? Number("<?=_var($disk,'fsWidth')?>") : 0;
   $('#diskFsWidth').empty();
   if ($('#diskFsProfile').val() == '') {
     var label = (slots == 1) ? "device" : "devices";
@@ -238,16 +259,18 @@ function selectDiskFsWidthZFS(slots) {
       value: 1,
       text: _(sprintf('%s '+label,slots))
     }));
+    if (selected_width == 0) selected_width = 1;
   } else if ($('#diskFsProfile').val() == 'mirror') {
     var width;
     for (width=2; width<=Math.min(slots,4); width++) {
       if ((slots % width) == 0) {
         var groups = slots / width;
-        var label = (groups == 1) ? "group" : "groups";
+        var label = (groups == 1) ? "vdev" : "vdevs";
         $('#diskFsWidth').append($('<option>', {
           value: width,
           text: _(sprintf('%s '+label+' of %s devices',groups,width)),
         }));
+        if (selected_width == 0) selected_width = width;
       }
     }
   } else {
@@ -258,20 +281,22 @@ function selectDiskFsWidthZFS(slots) {
     for (width=min_width; width<=slots; width++) {
       if ((slots % width) == 0) {
         var groups = slots / width;
-        var label = (groups == 1) ? "group" : "groups";
+        var label = (groups == 1) ? "vdev" : "vdevs";
         $('#diskFsWidth').append($('<option>', {
           value: width,
           text: _(sprintf('%s '+label+' of %s devices',groups,width)),
         }));
+        if (selected_width == 0) selected_width = width;
       }
     }
   }
+  $('#diskFsWidth').val(selected_width);
 }
-function selectDiskFsProfileZFS(slots,set_default,subpool) {
+function selectDiskFsProfileZFS(slots,init,subpool) {
   $('#diskFsProfile').empty();
   if (slots == 1) $('#diskFsProfile').append($('<option>', {value: '', text: _('single')}));
   if (slots >= 2) $('#diskFsProfile').append($('<option>', {value: '', text: _('stripe')}));
-  if (subpool != 'cache' && subpool != 'spare') {
+  if (subpool != 'cache' && subpool != 'spares') {
     if (slots%2 == 0 || slots%3 == 0 || slots%4 == 0) $('#diskFsProfile').append($('<option>', {value: 'mirror', text: _('mirror')}));
     if (subpool == '') {
       if (slots >= 3 && subpool == '') $('#diskFsProfile').append($('<option>', {value: 'raidz1', text: _('raidz1')}));
@@ -279,47 +304,33 @@ function selectDiskFsProfileZFS(slots,set_default,subpool) {
       if (slots >= 4 && subpool == '') $('#diskFsProfile').append($('<option>', {value: 'raidz3', text: _('raidz3')}));
     }
   }
-  if (set_default) {
+  if (init) {
+    $('#diskFsProfile').val("<?=_var($disk,'fsProfile')?>");
+  } else {
     if (slots == 1) $('#diskFsProfile').val('');
     if (slots == 2) $('#diskFsProfile').val('mirror');
-    if (slots > 2) $('#diskFsProfile').val('raidz1');
-    selectDiskFsWidthZFS(slots);
-    $('#diskFsWidth').val(slots);
-  } else {
-    $('#diskFsProfile').val("<?=_var($disk,'fsProfile')?>");
-    selectDiskFsWidthZFS(slots);
-    $('#diskFsWidth').val(<?=_var($disk,'fsWidth')?>);
+    if (slots >= 3) $('#diskFsProfile').val('raidz1');
   }
+  selectDiskFsWidthZFS(slots,init);
   $('#diskFsProfile').on('change', function() {
-    selectDiskFsWidthZFS(slots);
+    selectDiskFsWidthZFS(slots,false);
   });
 }
-function selectDiskFsProfileXFS() {
-  $('#diskFsProfile').empty();
-  $('#diskFsProfile').append($('<option>', {value: '', text:''}));
-  $('#diskFsProfile').val('');
-  selectDiskFsWidth(1);
-}
+/* called upon page load (init==true) and when user changes file system type (init==false) */
 function selectDiskFsProfile(init) {
   var t = init ? null : 'slow';
 
-/* for array disks, 'slots', 'fsWidth', and 'fsGroups' is not defined so assume value 1 for all three */
-<?if ($fsTypeImmutable):?>
-  var slots = <?=_var($disk,'fsWidth',1) * _var($disk,'fsGroups',1)?>;
-<?else:?>
-  var slots = <?=_var($disk,'slots',1)?>;
-<?endif;?>
+  /* for array disks, 'slots', 'fsWidth', and 'fsGroups' is not defined */
+  var slots = Number("<?=_var($disk,'fsWidth',1)?>") * Number("<?=_var($disk,'fsGroups',1)?>");
+  if (slots == 0) slots = <?=_var($disk,'slots',1)?>;
 
-  var subpool = "<?=$subpool_name?>";
+  var subpool = "<?=isSubpool($name) ?: ''?>";
   var fsType;
-  var set_default;
 
   if (subpool == '') {
     fsType = init ? "<?=_var($disk,'fsType','')?>" : $('#diskFsType').val();
-    set_default = fsType != "<?=_var($disk,'fsType','')?>";
   } else {
     fsType = 'zfs';
-    set_default = false;
   }
 
   if (slots == 1 || fsType == 'auto') {
@@ -327,8 +338,14 @@ function selectDiskFsProfile(init) {
   } else {
     $('#profile').show(t);
     if (fsType.indexOf('zfs') != -1) {
+      if (subpool != 'cache' && subpool != 'spares') {
+        $('#diskFsProfile').show();
+      } else {
+        $('#diskFsProfile').hide();
+      }
       $('#diskFsWidth').show();
     } else {
+      $('#diskFsProfile').show();
       $('#diskFsWidth').hide()
     }
   }
@@ -336,9 +353,9 @@ function selectDiskFsProfile(init) {
   if (fsType == 'auto') {
     selectDiskFsProfileAuto();
   } else if (fsType.indexOf('btrfs') != -1) {
-    selectDiskFsProfileBTRFS(slots,set_default);
+    selectDiskFsProfileBTRFS(slots,init);
   } else if (fsType.indexOf('zfs') != -1) {
-    selectDiskFsProfileZFS(slots,set_default,subpool);
+    selectDiskFsProfileZFS(slots,init,subpool);
   } else if (fsType.indexOf('xfs') != -1) {
     selectDiskFsProfileXFS();
   }
@@ -614,7 +631,7 @@ function eraseDisk(name) {
       swal.close();
       $('#doneButton').prop('disabled',true);
       $('#eraseButton').prop('disabled',true);
-      $('#deleteButton').prop('disabled',true);
+      $('#removeButton').prop('disabled',true);
       $('div.spinner.fixed').show();
       $.post("/update.htm",{cmdWipefs:name},function(){
         $('div.spinner.fixed').hide();
@@ -625,9 +642,9 @@ function eraseDisk(name) {
     }
   });
 }
-function deletePool(name) {
+function removePool(name) {
   swal({
-    title:"_(Delete pool)_?",
+    title:"_(Remove pool)_?",
     text:"<?=$textDelete?>",
     html:true,
     type:'input',
@@ -642,7 +659,7 @@ function deletePool(name) {
       swal.close();
       $('#doneButton').prop('disabled',true);
       $('#eraseButton').prop('disabled',true);
-      $('#deleteButton').prop('disabled',true);
+      $('#removeButton').prop('disabled',true);
       $('div.spinner.fixed').show();
       $.post("/update.htm",{changeSlots:"apply",poolName:name,poolSlots:0},function(){
         $('div.spinner.fixed').hide();
@@ -735,9 +752,9 @@ _(File system type)_:
 <?if (diskType('Data') || isPool($tag)):?>
 <div markdown="1" id="profile">
 _(Allocation profile)_:
-: <select id="diskFsProfile" name="diskFsProfile.<?=_var($disk,'idx')?>" <?=disabled_if($fsTypeImmutable)?>>
+: <select id="diskFsProfile" name="diskFsProfile.<?=_var($disk,'idx')?>" <?=disabled_if($fsProfileImmutable)?>>
   </select>
-  <select id="diskFsWidth" name="diskFsWidth.<?=_var($disk,'idx')?>" <?=disabled_if($fsTypeImmutable)?>>
+  <select id="diskFsWidth" name="diskFsWidth.<?=_var($disk,'idx')?>" <?=disabled_if($fsProfileImmutable)?>>
   </select>
 
 :info_profile_help:
@@ -792,18 +809,17 @@ _(Critical disk utilization threshold)_ (%):
 &nbsp;
 : <input type="submit" name="changeDisk" value="_(Apply)_" disabled><input type="button" id="doneButton" value="_(Done)_" onclick="done()">
   <?$erasable=false?>
+  <?$removeable=false?>
   <?if (diskType('Parity','Data')):?>
     <?if (_var($var,'fsState')=="Stopped" && diskStatus('_NEW')): $erasable=true; endif;?>
     <?if (_var($var,'fsState')=="Started" && _var($var,'startMode')!="Normal" && diskType('Data')): $erasable=true; endif;?>
     <input type="button" id="eraseButton" value="_(Erase)_" onclick="eraseDisk('<?=$name?>')"<?=$erasable?'':' disabled'?>>
   <?endif;?>
-  <?if (isPool($name) && strpos($name,$_tilde_)===false):?>
+  <?if (isPool($name) && isSubpool($name)===false):?>
     <?if (_var($var,'fsState')=="Stopped" || (_var($var,'fsState')=="Started" && _var($var,'startMode')!="Normal")): $erasable=true; endif;?>
     <input type="button" id="eraseButton" value="_(Erase Pool)_" onclick="eraseDisk('<?=$name?>')"<?=$erasable?'':' disabled'?>>
-  <?endif;?>
-  <?if (isPool($name)):?>
-    <?$deleteable=_var($var,'fsState')=="Stopped" && !isSubpool($name)?>
-    <input type="button" id="deleteButton" value="_(Delete Pool)_" onclick="deletePool('<?=$name?>')"<?=$deleteable?'':' disabled'?>>
+    <?if (_var($var,'fsState')=="Stopped"): $removeable=true; endif;?>
+    <input type="button" id="removeButton" value="_(Remove Pool)_" onclick="removePool('<?=$name?>')"<?=$removeable?'':' disabled'?>>
   <?endif;?>
 </form>
 
@@ -1401,9 +1417,9 @@ _(SMART attribute notifications)_:
 <form markdown="1" method="POST" action="/update.htm" target="progressFrame" onsubmit="return validate(this.poolName.value)">
 <input type="hidden" name="poolNameOrig" value="<?=$name?>">
 <input type="hidden" name="changeSlots" value="apply">
+<p>_(Caution)_: _(Renaming the pool will change the share storage allocations)_.  _(After renaming the pool, check that your shares are assigned to the proper primary and secondary storage locations)_.</p>
 _(Name)_:
 : <input type="text" name="poolName" maxlength="40" value="<?=$name?>">
-<p>_(Caution)_: _(Renaming the pool will change the share storage allocations)_.  _(After renaming the pool, check that your shares are assigned to the proper primary and secondary storage locations)_.</p>
 
 </form>
 </div>
diff --git a/emhttp/plugins/dynamix/nchan/device_list b/emhttp/plugins/dynamix/nchan/device_list
index 2c0acc8d2..a513a3e24 100755
--- a/emhttp/plugins/dynamix/nchan/device_list
+++ b/emhttp/plugins/dynamix/nchan/device_list
@@ -184,7 +184,8 @@ function array_offline(&$disk, $pool='') {
   $text = "<span class='red-text'><em>"._('All existing data on this device will be OVERWRITTEN when array is Started')."</em></span>";
   if (_var($disk,'type')=='Cache') {
     if (!str_contains(_var($disks[$pool],'state'),'ERROR:')) {
-      if (!empty(_var($disks[$pool],'uuid'))) {
+      $_pool = (strpos($pool, '~') !== false) ? substr($pool, 0, strpos($pool, '~')) : $pool;
+      if (!empty(_var($disks[$_pool],'uuid'))) {
         if (in_array(_var($disk,'status'),$status) || _var($disk['status'])=='DISK_NEW') $warning = $text;
       }
     }
@@ -507,11 +508,7 @@ while (true) {
       if ($zfsPool) {
         $current_subpools = array_filter($pools, function($element) use ($pool,$_tilde_) {return str_contains($element,"{$pool}{$_tilde_}");});
         $current_subpools_list = str_replace("{$pool}{$_tilde_}","", implode(',', $current_subpools));
-        if (!empty(_var($Cache[$pool],'uuid'))) {
-          $echo[$a][] = "<input type='button' value='"._('Add Subpool')."' class='subpool' onclick='addSubpoolPopup(\"$pool\",\"$current_subpools_list\")'".(count($current_subpools)<count($subpools)?'':' disabled').">";
-        } else {
-          $echo[$a][] = "<input type='button' value='"._('Add Subpool')."' class='subpool' disabled>";
-        }
+        $echo[$a][] = "<input type='button' value='"._('Add Subpool')."' class='subpool' onclick='addSubpoolPopup(\"$pool\",\"$current_subpools_list\")'".(count($current_subpools)<count($subpools)?'':' disabled').">";
       }
       $echo[$a][] = "</span></td><td></td></tr>";
     } else {

From 020ed9a07fd9255d71c284530acd125769830e23 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 23 Sep 2024 21:19:04 +0200
Subject: [PATCH 029/174] Small fix for 3rd party containers

- Fix orange text "not available" to use the default text colour.
---
 .../plugins/dynamix.docker.manager/include/DockerContainers.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index 172bc8f1c..0883c451d 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -175,7 +175,7 @@ foreach ($containers as $ct) {
         echo "<span style='white-space:nowrap;'><i class='fa fa-unlink'></i> "._('not available')."</span>";
       } else {
         echo "<div><span><i class='fa fa-docker fa-fw'/></i> 3rd Party</span></div>";
-        echo "<span class='orange-text' style='white-space:nowrap;'><i class='fa fa-unlink'></i> "._('not available')."</span>";
+        echo "<span style='white-space:nowrap;'><i class='fa fa-unlink'></i> "._('not available')."</span>";
       }
       break;
     }

From e8e5ccdf18dce88a5e33a9b12f2f2cdbd11d36fb Mon Sep 17 00:00:00 2001
From: ljm42 <larry_meaney@iname.com>
Date: Mon, 23 Sep 2024 12:59:05 -0700
Subject: [PATCH 030/174] redirect http TS url to https TS url

---
 etc/rc.d/rc.nginx | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/etc/rc.d/rc.nginx b/etc/rc.d/rc.nginx
index ab245da56..f6a5b27a5 100755
--- a/etc/rc.d/rc.nginx
+++ b/etc/rc.d/rc.nginx
@@ -289,6 +289,15 @@ build_servers(){
   fi
   if [[ -n $TSFQDN ]]; then
     cat <<- EOF >>$SERVERS
+	#
+	# Redirect Tailscale http requests to https
+	# ex: http://tower.magicDNS.ts.net -> https://tower.magicDNS.ts.net
+	#
+	server {
+	$(listen $PORT)
+	    server_name $TSFQDN;
+	    return 302 https://$TSFQDN$PORTSSL_URL$request_uri;
+	}
 	#
 	# Port settings for https using Tailscale cert
 	# ex: https://tower.magicDNS.ts.net

From a75bc3d4d75a1e8d2122f5d650ae17e56acba7d0 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 23 Sep 2024 22:16:02 +0200
Subject: [PATCH 031/174] Fix for rc.sshd

- Remove trailing slash to be sure to grab the correct PIDs
---
 etc/rc.d/rc.sshd | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/rc.d/rc.sshd b/etc/rc.d/rc.sshd
index f6a8395bc..f211f6dff 100755
--- a/etc/rc.d/rc.sshd
+++ b/etc/rc.d/rc.sshd
@@ -26,7 +26,7 @@ sshd_running(){
   # get all pids from sshd
   for pid in $(pgrep -f $SSHD); do
     # check if a sshd is running on host system
-    if ! grep -qE '/docker/|/lxc/' /proc/$pid/cgroup; then
+    if ! grep -qE '/docker|/lxc' /proc/$pid/cgroup; then
       return 0
     fi
   done
@@ -77,7 +77,7 @@ sshd_stop(){
     # get all pids from sshd
     for pid in $(pgrep -f $SSHD); do
       # make sure to kill only sshd from host system
-      if ! grep -qE '/docker/|/lxc/' /proc/$pid/cgroup; then
+      if ! grep -qE '/docker|/lxc' /proc/$pid/cgroup; then
         kill $pid
       fi
     done

From 20e29ab5af103bc2c7509a1432b99e7979b0e387 Mon Sep 17 00:00:00 2001
From: Derek Kaser <11674153+dkaser@users.noreply.github.com>
Date: Mon, 23 Sep 2024 21:32:13 +0000
Subject: [PATCH 032/174] feat: show routes from all routing tables, not just
 default

---
 emhttp/plugins/dynamix/include/RoutingTable.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/RoutingTable.php b/emhttp/plugins/dynamix/include/RoutingTable.php
index 863925bd4..e889769e4 100644
--- a/emhttp/plugins/dynamix/include/RoutingTable.php
+++ b/emhttp/plugins/dynamix/include/RoutingTable.php
@@ -26,8 +26,8 @@ case 'Add Route':
   if ($gateway && $route) exec("/etc/rc.d/rc.inet1 ".escapeshellarg("{$gateway}_{$route}_{$metric}_add"));
   break;
 default:
-  exec("ip -4 route show|grep -v '^127.0.0.0'",$ipv4);
-  exec("ip -6 route show|grep -Pv '^([am:]|(f[ef][0-9][0-9])::)|expires'",$ipv6);
+  exec("ip -4 route show table all|grep -Pv '^(127\\.0\\.0\\.0)|table local'",$ipv4);
+  exec("ip -6 route show table all|grep -Pv '^([am:]|(f[ef][0-9][0-9])::)|expires|table local'",$ipv6);
   foreach ($ipv4 as $info) {
     $cell = explode(' ',$info);
     $route = $cell[0];

From 69b95ae27d6c44f1c01b28e3e6dcb1e8686e5fd6 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 24 Sep 2024 15:51:46 +0200
Subject: [PATCH 033/174] Update rc.docker

- Only stop Unraid managed containers
- Don't kill containers since Docker will kill them if they won't stop after the set timeout when the daemon is stopping
- Increase timeout for daemon to die to 30 seconds (seems a bit short if 3rd party containers are installed)
- Rephrase message for daemon to die and display it only once
---
 etc/rc.d/rc.docker | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/etc/rc.d/rc.docker b/etc/rc.d/rc.docker
index ec5740e13..201ca6a1b 100755
--- a/etc/rc.d/rc.docker
+++ b/etc/rc.d/rc.docker
@@ -127,7 +127,7 @@ all_containers(){
 
 # Running containers
 running_containers(){
-  docker ps --format='{{.Names}}' 2>/dev/null
+  docker ps --filter "label=net.unraid.docker.managed=dockerman" --format='{{.Names}}' 2>/dev/null
 }
 
 # Network driver
@@ -531,9 +531,7 @@ docker_container_stop(){
   log "Stopping containers..."
   if ! docker_running; then return 1; fi
   [[ -n $(running_containers) ]] && docker stop --time=${DOCKER_TIMEOUT:-10} $(running_containers) >/dev/null
-  # Kill containers if still running
-  docker kill $(docker ps -q) 2>/dev/null
-  log "Containers stopped."
+  log "Unraid managed containers stopped."
 }
 
 docker_service_start(){
@@ -568,7 +566,9 @@ docker_service_stop(){
   if [[ -r $DOCKER_PIDFILE ]]; then
     # Try to stop dockerd gracefully
     kill $(docker_pid) 2>/dev/null
-    TIMER=15
+    # show waiting message
+    echo "Waiting 30 seconds for $DAEMON daemon to die."
+    TIMER=30
     # must ensure daemon has exited
     while [[ $TIMER -gt 0 ]]; do
       sleep 1
@@ -583,8 +583,6 @@ docker_service_stop(){
         # signal successful stop
         TIMER=-1
       else
-        # show waiting message
-        echo "$DAEMON... Waiting to die."
         ((TIMER--))
       fi
     done

From 6d749a8b1af14dbab00d5f8070d98930d598e34b Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 24 Sep 2024 16:46:02 +0200
Subject: [PATCH 034/174] Update rc.docker

- Further improvement to stop containers only managed by Unraid or the Compose plugin
- Small fix for the notification
---
 etc/rc.d/rc.docker | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/rc.d/rc.docker b/etc/rc.d/rc.docker
index 201ca6a1b..6f2df5c7f 100755
--- a/etc/rc.d/rc.docker
+++ b/etc/rc.d/rc.docker
@@ -127,7 +127,7 @@ all_containers(){
 
 # Running containers
 running_containers(){
-  docker ps --filter "label=net.unraid.docker.managed=dockerman" --format='{{.Names}}' 2>/dev/null
+  docker ps --format '{{.ID}} {{.Names}} {{.Labels}}' 2>/dev/null | grep 'net.unraid.docker.managed=' | awk '{print $2}'
 }
 
 # Network driver
@@ -567,7 +567,7 @@ docker_service_stop(){
     # Try to stop dockerd gracefully
     kill $(docker_pid) 2>/dev/null
     # show waiting message
-    echo "Waiting 30 seconds for $DAEMON daemon to die."
+    echo "Waiting 30 seconds for $DAEMON to die."
     TIMER=30
     # must ensure daemon has exited
     while [[ $TIMER -gt 0 ]]; do

From b7169208008c8283ff3aae1975eb79d547058e9a Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 24 Sep 2024 16:55:21 +0200
Subject: [PATCH 035/174] Update rc.docker

- Remove ID since not necessary
---
 etc/rc.d/rc.docker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.docker b/etc/rc.d/rc.docker
index 6f2df5c7f..80ac333f4 100755
--- a/etc/rc.d/rc.docker
+++ b/etc/rc.d/rc.docker
@@ -127,7 +127,7 @@ all_containers(){
 
 # Running containers
 running_containers(){
-  docker ps --format '{{.ID}} {{.Names}} {{.Labels}}' 2>/dev/null | grep 'net.unraid.docker.managed=' | awk '{print $2}'
+  docker ps --format='{{.Names}} {{.Labels}}' 2>/dev/null | grep 'net.unraid.docker.managed=' | awk '{print $1}'
 }
 
 # Network driver

From 0ce3960de694c99627ebc9005e7c8b7626755ed3 Mon Sep 17 00:00:00 2001
From: ljm42 <larry_meaney@iname.com>
Date: Wed, 25 Sep 2024 23:16:52 -0700
Subject: [PATCH 036/174] Improved "Content-Security-Policy frame-ancestors"
 support

---
 etc/rc.d/rc.nginx | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/etc/rc.d/rc.nginx b/etc/rc.d/rc.nginx
index ab245da56..6a2acde3b 100755
--- a/etc/rc.d/rc.nginx
+++ b/etc/rc.d/rc.nginx
@@ -30,6 +30,11 @@ CERTPATH="$SSL/certs/certificate_bundle.pem"
 TSCERTPATH="$SSL/certs/ts_bundle.pem"
 MYSERVERS="/boot/config/plugins/dynamix.my.servers/myservers.cfg"
 
+# If you need a custom Content-Security-Policy frame-ancestors url, specify it here.  Include the port if applicable.
+# Only modify this you know what you are doing, support is limited
+# ex: https://organizr.mycustomdomain.com:8084/
+CUSTOMFA=""
+
 # hold server names
 SERVER_NAMES=()
 
@@ -107,6 +112,7 @@ redirect(){
         [[ $(ipv $ADDR) == 6 ]] && HOST="[$ADDR]"
         [[ -n $HOST ]] && echo "${T}listen $HOST:$*; # $(show $ADDR)"
       done
+      echo "${T}add_header Content-Security-Policy \"frame-ancestors 'self' $CUSTOMFA\";"
       echo "${T}return 302 https://\$host:$PORTSSL\$request_uri;"
       echo "}"
       ;;
@@ -118,6 +124,7 @@ redirect(){
         if [[ -n $HOST ]]; then
           echo "server {"
           echo "${T}listen $HOST:$*; # $(show $ADDR)"
+          echo "${T}add_header Content-Security-Policy \"frame-ancestors 'self' $CUSTOMFA\";"
           echo "${T}return 302 https://$(fqdn $ADDR)$PORTSSL_URL\$request_uri;"
           echo "}"
         fi
@@ -156,6 +163,7 @@ build_servers(){
 	server {
 	$(listen lo)
 	    #
+	    add_header Content-Security-Policy "frame-ancestors 'self' $CUSTOMFA";
 	    include /etc/nginx/conf.d/locations.conf;
 	}
 	EOF
@@ -171,6 +179,7 @@ build_servers(){
 	server {
 	$(listen $PORT default_server)
 	    #
+	    add_header Content-Security-Policy "frame-ancestors 'self' $CUSTOMFA";
 	    location ~ /wsproxy/$PORT/ { return 403; }
 	    include /etc/nginx/conf.d/locations.conf;
 	}
@@ -184,6 +193,7 @@ build_servers(){
 	server {
 	$(listen $PORTSSL ssl default_server)
 	    http2 on;
+	    add_header Content-Security-Policy "frame-ancestors 'self' $SELFCERTFA $CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $SELFCERTPATH;
 	    ssl_certificate_key     $SELFCERTPATH;
@@ -229,6 +239,7 @@ build_servers(){
 	server {
 	$(listen $PORTSSL ssl default_server)
 	    http2 on;
+	    add_header Content-Security-Policy "frame-ancestors 'self' $SELFCERTFA $CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $SELFCERTPATH;
 	    ssl_certificate_key     $SELFCERTPATH;
@@ -250,6 +261,7 @@ build_servers(){
 	server {
 	$(listen $PORTSSL ssl default_server)
 	    http2 on;
+	    add_header Content-Security-Policy "frame-ancestors 'self' $SELFCERTFA $CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $SELFCERTPATH;
 	    ssl_certificate_key     $SELFCERTPATH;
@@ -272,6 +284,7 @@ build_servers(){
 	$(listen $PORTSSL ssl)
 	    http2 on;
 	    server_name ${SERVER_NAMES[@]};
+	    add_header Content-Security-Policy "frame-ancestors 'self' $CERTFA $CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $CERTPATH;
 	    ssl_certificate_key     $CERTPATH;
@@ -296,6 +309,7 @@ build_servers(){
 	server {
 	$(listen $PORTSSL ssl http2)
 	    server_name $TSFQDN;
+	    add_header Content-Security-Policy "frame-ancestors 'self' $TSFA $CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $TSCERTPATH;
 	    ssl_certificate_key     $TSCERTPATH;
@@ -520,11 +534,15 @@ build_ssl(){
   fi
   # determine if OCSP stapling should be enabled for this cert
   [[ -n $(openssl x509 -noout -ocsp_uri -in "$SELFCERTPATH") ]] && SELFCERTSTAPLE=on || SELFCERTSTAPLE=off
+  # define CSP frame-ancestors for the self-signed cert
+  [[ -n $LOCAL_TLD ]] && [[ "$LOCAL_TLD" != "local" ]] && SELFCERTFA="https://*.$LOCAL_TLD/"
 
   # handle Certificate Authority signed cert if present
   if [[ -f $CERTPATH ]]; then
     # extract common name from cert
     CERTNAME=$(openssl x509 -noout -subject -nameopt multiline -in $CERTPATH | sed -n 's/ *commonName *= //p')
+    # define CSP frame-ancestors for cert
+    CERTFA="https://*.${CERTNAME#*.}/"
     # check if Remote Access is enabled and fetch WANIP
     if [[ -L /usr/local/sbin/unraid-api ]] && grep -qs 'wanaccess="yes"' $MYSERVERS && ! grep -qs 'username=""' $MYSERVERS; then
       WANACCESS=yes
@@ -533,6 +551,8 @@ build_ssl(){
     fi
     if [[ $CERTNAME == *\.myunraid\.net ]]; then
       # wildcard LE certificate
+      # add Unraid Connect to CSP frame-ancestors for a myunraid.net cert
+      CERTFA+=" https://connect.myunraid.net/"
       [[ -n $LANIP ]] && LANFQDN=$(fqdn $LANIP) SERVER_NAMES+=($LANFQDN)
       [[ -n $LANIP6 ]] && LANFQDN6=$(fqdn $LANIP6) SERVER_NAMES+=($LANFQDN6)
       # check if remote access enabled
@@ -553,7 +573,7 @@ build_ssl(){
         done
       fi
     else
-      # custom certificate
+      # custom certificate, this would be better as SELFCERTPATH
       LANFQDN=${CERTNAME/\*/$LANNAME} # support wildcard custom certs
       SERVER_NAMES+=($LANFQDN)
     fi
@@ -569,8 +589,12 @@ build_ssl(){
       TSFQDN1=$(openssl x509 -noout -subject -nameopt multiline -in "$TSCERTPATH" | sed -n 's/ *commonName *= //p')
       # get tailscale domain
       TSFQDN2=$($TS status -json | jq ' .Self.DNSName' | tr -d '"' | sed 's/.$//')
-      # if they are equal and not empty, the cert is valid, use it
-      [[ -n "$TSFQDN1" ]] && [[ "$TSFQDN1" == "$TSFQDN2" ]] && TSFQDN=$TSFQDN1
+      if [[ -n "$TSFQDN1" ]] && [[ "$TSFQDN1" == "$TSFQDN2" ]]; then
+        # common name and tailscale domain are equal and not empty, the cert is valid, use it
+        TSFQDN=$TSFQDN1
+        # define CSP frame-ancestors for TS cert
+        TSFA="https://*.${TSFQDN#*.}/"
+      fi
     fi
   fi
 

From 828cd7b7478a3f4795021641e28ff1d77cc13422 Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Thu, 26 Sep 2024 09:13:42 -0500
Subject: [PATCH 037/174] Container device not showing in Dockerman.

---
 .../dynamix.docker.manager/include/CreateDocker.php      | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index 11e4eac2a..38c323e61 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -423,6 +423,9 @@ function addConfigPopup() {
           Opts.Buttons += "<button type='button' onclick='removeConfig("+confNum+")'>_(Remove)_</button>";
         }
         Opts.Number = confNum;
+        if (Opts.Type == "Device") {
+          Opts.Target = Opts.Value;
+        }
         newConf = makeConfig(Opts);
         $("#configLocation").append(newConf);
         reloadTriggers();
@@ -491,6 +494,9 @@ function editConfigPopup(num,disabled) {
         }
 
         Opts.Number = num;
+        if (Opts.Type == "Device") {
+          Opts.Target = Opts.Value;
+        }
         newConf = makeConfig(Opts);
         if (config.hasClass("config_"+Opts.Display)) {
           config.html(newConf);
@@ -1111,6 +1117,9 @@ $(function() {
         Opts.Buttons += "<button type='button' onclick='removeConfig("+confNum+")'>_(Remove)_</button>";
       }
       Opts.Number = confNum;
+      if (Opts.Type == "Device") {
+        Opts.Target = Opts.Value;
+      }
       newConf = makeConfig(Opts);
       if (Opts.Display == 'advanced' || Opts.Display == 'advanced-hide') {
         $("#configLocationAdvanced").append(newConf);

From fe2e2ff8974c4c4c7fd09c8397fef3639564a7d1 Mon Sep 17 00:00:00 2001
From: ljm42 <larry_meaney@iname.com>
Date: Thu, 26 Sep 2024 16:03:36 -0700
Subject: [PATCH 038/174] define CUSTOMFA in /etc/defaults/nginx

---
 etc/rc.d/rc.nginx | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/etc/rc.d/rc.nginx b/etc/rc.d/rc.nginx
index b61e6555a..0a626beae 100755
--- a/etc/rc.d/rc.nginx
+++ b/etc/rc.d/rc.nginx
@@ -29,11 +29,11 @@ INI="/var/local/emhttp/nginx.ini.new"
 CERTPATH="$SSL/certs/certificate_bundle.pem"
 TSCERTPATH="$SSL/certs/ts_bundle.pem"
 MYSERVERS="/boot/config/plugins/dynamix.my.servers/myservers.cfg"
+DEFAULTS="/etc/default/nginx"
 
-# If you need a custom Content-Security-Policy frame-ancestors url, specify it here.  Include the port if applicable.
-# Only modify this you know what you are doing, support is limited
-# ex: https://organizr.mycustomdomain.com:8084/
-CUSTOMFA=""
+# Load defaults
+# Defines CUSTOMFA for custom Content-Security-Policy frame-ancestors url
+[[ -r $DEFAULTS ]] && . $DEFAULTS
 
 # hold server names
 SERVER_NAMES=()

From ee7f1f4a5b1da07db5a218b0f12039610aa89d11 Mon Sep 17 00:00:00 2001
From: Derek Kaser <11674153+dkaser@users.noreply.github.com>
Date: Mon, 30 Sep 2024 02:29:37 +0000
Subject: [PATCH 039/174] feat: sanitize ts.net domain names from nginx config

---
 emhttp/plugins/dynamix/scripts/diagnostics | 1 +
 1 file changed, 1 insertion(+)

diff --git a/emhttp/plugins/dynamix/scripts/diagnostics b/emhttp/plugins/dynamix/scripts/diagnostics
index bda45e9f2..87da47d8a 100755
--- a/emhttp/plugins/dynamix/scripts/diagnostics
+++ b/emhttp/plugins/dynamix/scripts/diagnostics
@@ -723,6 +723,7 @@ newline("/$diag/system/sshd.txt");
 copy("/etc/nginx/conf.d/servers.conf", "/$diag/system/servers.conf.txt");
 maskIP("/$diag/system/servers.conf.txt");
 run("sed -Ei 's/[01234567890abcdef]+\.((my)?unraid\.net)/hash.\\1/gm;t' ".escapeshellarg("/$diag/system/servers.conf.txt")." 2>/dev/null");
+run("sed -Ei 's/\.[^\.]*\.ts\.net/\.magicdns\.ts\.net/gm' ".escapeshellarg("/$diag/system/servers.conf.txt")." 2>/dev/null");
 newline("/$diag/system/servers.conf.txt");
 
 // BEGIN - third party plugins diagnostics

From 6fd88575b278bda45578a22d5717e890c4ec45e0 Mon Sep 17 00:00:00 2001
From: Derek Kaser <11674153+dkaser@users.noreply.github.com>
Date: Tue, 1 Oct 2024 04:21:51 +0000
Subject: [PATCH 040/174] fix: prevent deleting containers that are assigned as
 a network

---
 .../dynamix.docker.manager/include/DockerClient.php        | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
index b985c1be5..dc60818a2 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
@@ -824,6 +824,13 @@ class DockerClient {
 		global $docroot, $dockerManPaths;
 		$id = $id ?: $name;
 		$info = DockerUtil::loadJSON($dockerManPaths['webui-info']);
+
+		// Check to see if the container is linked to other containers
+		$networks = array_map(function ($n) { return $n['NetworkMode']; }, $this->getDockerContainers());
+		if (in_array("container:{$name}", $networks)) {
+				return "Container currently assigned as network for another container.";
+		}
+
 		// Attempt to remove container
 		$this->getDockerJSON("/containers/$id?force=1", 'DELETE', $code);
 		if (isset($info[$name])) {

From 3db6fa9a1d7518100bb3e6031bae2391f8c80635 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Sat, 28 Sep 2024 10:02:45 -0700
Subject: [PATCH 041/174] update rc.bind (but not used)

---
 etc/rc.d/rc.bind | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/etc/rc.d/rc.bind b/etc/rc.d/rc.bind
index 169db8126..1b0b4d6fb 100644
--- a/etc/rc.d/rc.bind
+++ b/etc/rc.d/rc.bind
@@ -42,11 +42,13 @@ bind_start() {
   mkdir -p /var/run/named
   # Make sure that /var/run/named has correct ownership:
   chown -R ${NAMED_USER}:${NAMED_GROUP} /var/run/named
-  # Make sure that /var/named has correct ownership:
-  chown -R ${NAMED_USER}:${NAMED_GROUP} /var/named
-  if [ -r /etc/rndc.key ]; then
-    # Make sure that /etc/rndc.key has correct ownership:
-    chown ${NAMED_USER}:${NAMED_GROUP} /etc/rndc.key
+  if [ "$NAMED_CHOWN" = "YES" ]; then
+    # Make sure that /var/named has correct ownership:
+    chown -R ${NAMED_USER}:${NAMED_GROUP} /var/named
+    if [ -r /etc/rndc.key ]; then
+      # Make sure that /etc/rndc.key has correct ownership:
+      chown ${NAMED_USER}:${NAMED_GROUP} /etc/rndc.key
+    fi
   fi
   # Start named:
   if [ -x /usr/sbin/named ]; then

From 3fb6c2147b155b5dd493fe2e38129143ea73554f Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Mon, 30 Sep 2024 15:48:50 -0700
Subject: [PATCH 042/174] Small change of var name CUSTOMFA to NGINX_CUSTOMFA.

---
 etc/rc.d/rc.nginx | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/etc/rc.d/rc.nginx b/etc/rc.d/rc.nginx
index 0a626beae..f3932ab7e 100755
--- a/etc/rc.d/rc.nginx
+++ b/etc/rc.d/rc.nginx
@@ -32,7 +32,7 @@ MYSERVERS="/boot/config/plugins/dynamix.my.servers/myservers.cfg"
 DEFAULTS="/etc/default/nginx"
 
 # Load defaults
-# Defines CUSTOMFA for custom Content-Security-Policy frame-ancestors url
+# Defines NGINX_CUSTOMFA for custom Content-Security-Policy frame-ancestors url
 [[ -r $DEFAULTS ]] && . $DEFAULTS
 
 # hold server names
@@ -112,7 +112,7 @@ redirect(){
         [[ $(ipv $ADDR) == 6 ]] && HOST="[$ADDR]"
         [[ -n $HOST ]] && echo "${T}listen $HOST:$*; # $(show $ADDR)"
       done
-      echo "${T}add_header Content-Security-Policy \"frame-ancestors 'self' $CUSTOMFA\";"
+      echo "${T}add_header Content-Security-Policy \"frame-ancestors 'self' $NGINX_CUSTOMFA\";"
       echo "${T}return 302 https://\$host:$PORTSSL\$request_uri;"
       echo "}"
       ;;
@@ -124,7 +124,7 @@ redirect(){
         if [[ -n $HOST ]]; then
           echo "server {"
           echo "${T}listen $HOST:$*; # $(show $ADDR)"
-          echo "${T}add_header Content-Security-Policy \"frame-ancestors 'self' $CUSTOMFA\";"
+          echo "${T}add_header Content-Security-Policy \"frame-ancestors 'self' $NGINX_CUSTOMFA\";"
           echo "${T}return 302 https://$(fqdn $ADDR)$PORTSSL_URL\$request_uri;"
           echo "}"
         fi
@@ -163,7 +163,7 @@ build_servers(){
 	server {
 	$(listen lo)
 	    #
-	    add_header Content-Security-Policy "frame-ancestors 'self' $CUSTOMFA";
+	    add_header Content-Security-Policy "frame-ancestors 'self' $NGINX_CUSTOMFA";
 	    include /etc/nginx/conf.d/locations.conf;
 	}
 	EOF
@@ -179,7 +179,7 @@ build_servers(){
 	server {
 	$(listen $PORT default_server)
 	    #
-	    add_header Content-Security-Policy "frame-ancestors 'self' $CUSTOMFA";
+	    add_header Content-Security-Policy "frame-ancestors 'self' $NGINX_CUSTOMFA";
 	    location ~ /wsproxy/$PORT/ { return 403; }
 	    include /etc/nginx/conf.d/locations.conf;
 	}
@@ -193,7 +193,7 @@ build_servers(){
 	server {
 	$(listen $PORTSSL ssl default_server)
 	    http2 on;
-	    add_header Content-Security-Policy "frame-ancestors 'self' $SELFCERTFA $CUSTOMFA";
+	    add_header Content-Security-Policy "frame-ancestors 'self' $SELFCERTFA $NGINX_CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $SELFCERTPATH;
 	    ssl_certificate_key     $SELFCERTPATH;
@@ -239,7 +239,7 @@ build_servers(){
 	server {
 	$(listen $PORTSSL ssl default_server)
 	    http2 on;
-	    add_header Content-Security-Policy "frame-ancestors 'self' $SELFCERTFA $CUSTOMFA";
+	    add_header Content-Security-Policy "frame-ancestors 'self' $SELFCERTFA $NGINX_CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $SELFCERTPATH;
 	    ssl_certificate_key     $SELFCERTPATH;
@@ -261,7 +261,7 @@ build_servers(){
 	server {
 	$(listen $PORTSSL ssl default_server)
 	    http2 on;
-	    add_header Content-Security-Policy "frame-ancestors 'self' $SELFCERTFA $CUSTOMFA";
+	    add_header Content-Security-Policy "frame-ancestors 'self' $SELFCERTFA $NGINX_CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $SELFCERTPATH;
 	    ssl_certificate_key     $SELFCERTPATH;
@@ -284,7 +284,7 @@ build_servers(){
 	$(listen $PORTSSL ssl)
 	    http2 on;
 	    server_name ${SERVER_NAMES[@]};
-	    add_header Content-Security-Policy "frame-ancestors 'self' $CERTFA $CUSTOMFA";
+	    add_header Content-Security-Policy "frame-ancestors 'self' $CERTFA $NGINX_CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $CERTPATH;
 	    ssl_certificate_key     $CERTPATH;
@@ -318,7 +318,7 @@ build_servers(){
 	server {
 	$(listen $PORTSSL ssl http2)
 	    server_name $TSFQDN;
-	    add_header Content-Security-Policy "frame-ancestors 'self' $TSFA $CUSTOMFA";
+	    add_header Content-Security-Policy "frame-ancestors 'self' $TSFA $NGINX_CUSTOMFA";
 	    # Ok to use concatenated pem files; nginx will do the right thing.
 	    ssl_certificate         $TSCERTPATH;
 	    ssl_certificate_key     $TSCERTPATH;

From 959df7e46cb872ab10e53aa8b175c3a8628333ce Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Wed, 2 Oct 2024 09:54:36 -0700
Subject: [PATCH 043/174] fx: Agent notifications don't work if there's a
 problem with email notifications

---
 emhttp/plugins/dynamix/scripts/notify | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/scripts/notify b/emhttp/plugins/dynamix/scripts/notify
index ffcd01880..cbf0c0fb8 100755
--- a/emhttp/plugins/dynamix/scripts/notify
+++ b/emhttp/plugins/dynamix/scripts/notify
@@ -224,7 +224,7 @@ case 'add':
   $entity = $overrule===false ? $notify[$importance] : $overrule;
   if (!$mailtest) file_put_contents($archive,"timestamp=$timestamp\nevent=$event\nsubject=$subject\ndescription=$description\nimportance=$importance\n".($message ? "message=".str_replace('\n','<br>',$message)."\n" : ""));
   if (($entity & 1)==1 && !$mailtest && !$noBrowser) file_put_contents($unread,"timestamp=$timestamp\nevent=$event\nsubject=$subject\ndescription=$description\nimportance=$importance\nlink=$link\n");
-  if (($entity & 2)==2 || $mailtest)  if (!generate_email($event, clean_subject($subject), str_replace('<br>','. ',$description), $importance, $message, $recipients, $fqdnlink)) exit(1);
+  if (($entity & 2)==2 || $mailtest) generate_email($event, clean_subject($subject), str_replace('<br>','. ',$description), $importance, $message, $recipients, $fqdnlink);
   if (($entity & 4)==4 && !$mailtest) { if (is_array($agents)) {foreach ($agents as $agent) {exec("TIMESTAMP='$timestamp' EVENT=".escapeshellarg($event)." SUBJECT=".escapeshellarg(clean_subject($subject))." DESCRIPTION=".escapeshellarg($description)." IMPORTANCE=".escapeshellarg($importance)." CONTENT=".escapeshellarg($message)." LINK=".escapeshellarg($fqdnlink)." bash ".$agent);};}};
   break;
 

From 1cc84832eeb4b6b5f8e47a33e761463649343364 Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Thu, 3 Oct 2024 13:57:21 -0500
Subject: [PATCH 044/174] Fix a situation where secondary pool device is
 missing and the Array is chosen for the primary device..

---
 emhttp/plugins/dynamix/ShareEdit.page | 1 +
 1 file changed, 1 insertion(+)

diff --git a/emhttp/plugins/dynamix/ShareEdit.page b/emhttp/plugins/dynamix/ShareEdit.page
index 093ad9ff6..371792e08 100644
--- a/emhttp/plugins/dynamix/ShareEdit.page
+++ b/emhttp/plugins/dynamix/ShareEdit.page
@@ -644,6 +644,7 @@ function updateScreen(cache, slow) {
 				secondaryDropdown.options[i].disabled = true;
 			}
 			secondaryDropdown.selectedIndex = 0;
+			checkRequiredSecondary = false;
 
 			if (poolsOnly) {
 				$('#moverDirection2').hide();

From 03346f4709d5c82766c825e4d13b98913d178a94 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sat, 5 Oct 2024 07:57:19 +0100
Subject: [PATCH 045/174] Update virtiofsd.php

---
 emhttp/plugins/dynamix.vm.manager/scripts/virtiofsd.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/scripts/virtiofsd.php b/emhttp/plugins/dynamix.vm.manager/scripts/virtiofsd.php
index 9d4945ab6..b19348cf8 100755
--- a/emhttp/plugins/dynamix.vm.manager/scripts/virtiofsd.php
+++ b/emhttp/plugins/dynamix.vm.manager/scripts/virtiofsd.php
@@ -27,7 +27,9 @@
  }
  # Check if options file exists. Each option should be on a new line.
  if (is_file($file)) $options = explode("\n",file_get_contents($file)) ; else $options =  ['--syslog','--inode-file-handles=mandatory','--announce-submounts'];
- $options[] = "--fd=".$argoptions['fd'];
+ if (isset($argoptions['fd'])) {
+    $options[] = "--fd=".$argoptions['fd'];
+}
  
  if (isset($argoptions['o'])) {
      $virtiofsoptions = explode(',',$argoptions["o"]);

From 9a502776a1c323b4fc8b994c26292d1f6eb24da3 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sun, 6 Oct 2024 11:17:19 +0100
Subject: [PATCH 046/174] Add virtio gu(2d) as an option of template.

---
 emhttp/plugins/dynamix.vm.manager/include/VMMachines.php   | 3 ++-
 .../plugins/dynamix.vm.manager/include/libvirt_helpers.php | 3 ++-
 emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css    | 7 +++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
index 846cbe874..6a3ad0e9c 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
@@ -273,7 +273,8 @@ foreach ($vms as $vm) {
       if ($snap['parent'] == "" || $snap['parent'] == "Base") $j++;
       $steps[$j] .= $snap['name'].';';
     }
-    echo "<thead class='child' child-id='$i'><tr><th><i class='fa fa-clone'></i> <b>",_('Snapshots'),"</b></th><th></th><th>",_('Date/Time'),"</th><th>",_('Type (Method)'),"</th><th>",_('Parent'),"</th><th>",_('Memory'),"</th></tr></thead>";
+    echo "<table class='tablesorter snap'>";
+    echo "<thead class='child' child-id='$i'><tr><th><i class='fa fa-clone'></i> <b>",_('Snapshots'),"</b></th><th>",_('Description'),"</th><th>",_('Date/Time'),"</th><th>",_('Type (Method)'),"</th><th>",_('Parent'),"</th><th>",_('Memory'),"</th></tr></thead>";
     echo "<tbody class='child'child-id='$i'>";
     foreach ($steps as $stepsline) {
       $snapshotlist = explode(";",$stepsline);
diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
index 59c77cbd2..b095cb8b1 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
@@ -1115,7 +1115,8 @@ private static $encoding = 'UTF-8';
 		$arrValidVNCModels = [
 			'cirrus' => 'Cirrus',
 			'qxl' => 'QXL (best)',
-			'vmvga' => 'vmvga'
+			'vmvga' => 'vmvga',
+			'virtio' => 'Virtio(2d)'
 		];
 
 		return $arrValidVNCModels;
diff --git a/emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css b/emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css
index 60eee293c..3d929863a 100644
--- a/emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css
+++ b/emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css
@@ -13,6 +13,13 @@ table.domdisk thead tr th:nth-child(1){padding-left:72px}
 table.domdisk tbody tr td:nth-child(1){padding-left:72px}
 table.domdisk tbody tr:nth-child(even){background-color:transparent!important}
 table.domdisk tbody tr:nth-child(4n-1){background-color:transparent!important}
+table.snap thead tr th:nth-child(1){width:56%!important}
+table.snap thead tr th:nth-child(1){width:20%!important}
+table.snap thead tr th:nth-child(n+2){width:8%!important}
+table.snap thead tr th:nth-child(1){padding-left:72px}
+table.snap tbody tr td:nth-child(1){padding-left:72px}
+table.snap tbody tr:nth-child(even){background-color:transparent!important}
+table.snap tbody tr:nth-child(4n-1){background-color:transparent!important}
 table.snapshot{margin-top:0}
 table tbody td{line-height:normal}
 i.mover{margin-right:8px;display:none}

From 082d7d842bc94259e0a7b0e592d21f901abeea2c Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sun, 6 Oct 2024 11:26:34 +0100
Subject: [PATCH 047/174] Revert "Add virtio gu(2d) as an option of template."

This reverts commit 9a502776a1c323b4fc8b994c26292d1f6eb24da3.
---
 emhttp/plugins/dynamix.vm.manager/include/VMMachines.php   | 3 +--
 .../plugins/dynamix.vm.manager/include/libvirt_helpers.php | 3 +--
 emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css    | 7 -------
 3 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
index 6a3ad0e9c..846cbe874 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
@@ -273,8 +273,7 @@ foreach ($vms as $vm) {
       if ($snap['parent'] == "" || $snap['parent'] == "Base") $j++;
       $steps[$j] .= $snap['name'].';';
     }
-    echo "<table class='tablesorter snap'>";
-    echo "<thead class='child' child-id='$i'><tr><th><i class='fa fa-clone'></i> <b>",_('Snapshots'),"</b></th><th>",_('Description'),"</th><th>",_('Date/Time'),"</th><th>",_('Type (Method)'),"</th><th>",_('Parent'),"</th><th>",_('Memory'),"</th></tr></thead>";
+    echo "<thead class='child' child-id='$i'><tr><th><i class='fa fa-clone'></i> <b>",_('Snapshots'),"</b></th><th></th><th>",_('Date/Time'),"</th><th>",_('Type (Method)'),"</th><th>",_('Parent'),"</th><th>",_('Memory'),"</th></tr></thead>";
     echo "<tbody class='child'child-id='$i'>";
     foreach ($steps as $stepsline) {
       $snapshotlist = explode(";",$stepsline);
diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
index b095cb8b1..59c77cbd2 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
@@ -1115,8 +1115,7 @@ private static $encoding = 'UTF-8';
 		$arrValidVNCModels = [
 			'cirrus' => 'Cirrus',
 			'qxl' => 'QXL (best)',
-			'vmvga' => 'vmvga',
-			'virtio' => 'Virtio(2d)'
+			'vmvga' => 'vmvga'
 		];
 
 		return $arrValidVNCModels;
diff --git a/emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css b/emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css
index 3d929863a..60eee293c 100644
--- a/emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css
+++ b/emhttp/plugins/dynamix.vm.manager/sheets/VMMachines.css
@@ -13,13 +13,6 @@ table.domdisk thead tr th:nth-child(1){padding-left:72px}
 table.domdisk tbody tr td:nth-child(1){padding-left:72px}
 table.domdisk tbody tr:nth-child(even){background-color:transparent!important}
 table.domdisk tbody tr:nth-child(4n-1){background-color:transparent!important}
-table.snap thead tr th:nth-child(1){width:56%!important}
-table.snap thead tr th:nth-child(1){width:20%!important}
-table.snap thead tr th:nth-child(n+2){width:8%!important}
-table.snap thead tr th:nth-child(1){padding-left:72px}
-table.snap tbody tr td:nth-child(1){padding-left:72px}
-table.snap tbody tr:nth-child(even){background-color:transparent!important}
-table.snap tbody tr:nth-child(4n-1){background-color:transparent!important}
 table.snapshot{margin-top:0}
 table tbody td{line-height:normal}
 i.mover{margin-right:8px;display:none}

From ed7219d9c7683787386ceb697a032cd0f06e102a Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sun, 6 Oct 2024 11:29:57 +0100
Subject: [PATCH 048/174] Add virtio gpu option.

---
 emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
index 59c77cbd2..afaa9c5d3 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
@@ -1115,6 +1115,7 @@ private static $encoding = 'UTF-8';
 		$arrValidVNCModels = [
 			'cirrus' => 'Cirrus',
 			'qxl' => 'QXL (best)',
+			'virtio' => 'Virtio(2d)',
 			'vmvga' => 'vmvga'
 		];
 

From 6f7b97e37ad32f06d5f932a6b11312cc17a1a070 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 7 Oct 2024 14:54:08 +0200
Subject: [PATCH 049/174] Fix for docker directory

- store path outside from function to not shorten path if users switches multiple times between `image` and `folder`
- make sure overlay2 is selected by default
---
 .../plugins/dynamix.docker.manager/DockerSettings.page   | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/DockerSettings.page b/emhttp/plugins/dynamix.docker.manager/DockerSettings.page
index 21d392048..cc93e1be9 100644
--- a/emhttp/plugins/dynamix.docker.manager/DockerSettings.page
+++ b/emhttp/plugins/dynamix.docker.manager/DockerSettings.page
@@ -195,8 +195,8 @@ _(Docker directory)_:
 <div markdown="1" id="backingfs_type" style="display:none">
 _(Docker storage driver)_:
 : <select id="DOCKER_BACKINGFS" name="DOCKER_BACKINGFS" onchange="updateBackingFS(this.value)">
-  <?=mk_option(_var($dockercfg,'DOCKER_BACKINGFS'), 'native', _('native'))?>
   <?=mk_option(_var($dockercfg,'DOCKER_BACKINGFS'), 'overlay2', _('overlay2'))?>
+  <?=mk_option(_var($dockercfg,'DOCKER_BACKINGFS'), 'native', _('native'))?>
   </select>
   <?if ($var['fsState'] != "Started"):?>
   <span id="WARNING_BACKINGFS" style="display:none;"><i class="fa fa-warning icon warning"></i>_(Only modify if this is a new installation since this can lead to unwanted behaviour!)_</span>
@@ -886,13 +886,14 @@ function btrfsScrub(path) {
     }
   });
 }
+var originalPath = $("#DOCKER_IMAGE_FILE2").val();
 function updateLocation(val) {
   var content1 = $("#DOCKER_IMAGE_FILE1");
   var content2 = $("#DOCKER_IMAGE_FILE2");
   var dropdown = $("#DOCKER_BACKINGFS");
+  var path = originalPath.split('/');
   switch (val) {
   case 'xfs':
-    var path = content2.val().split('/');
     path.splice(-1,1);
     content1.val((path.join('/') + '/docker-xfs.img'));
     $('#vdisk_file').show('slow');
@@ -903,9 +904,8 @@ function updateLocation(val) {
     dropdown.val('native');
     break;
   case 'folder':
-    var path = content2.val().split('/');
     if (path[path.length-1]=='') path.splice(-2,2); else path.splice(-1,1);
-    content2.val(path.join('/'));
+    content2.val(path.join('/') + '/');
     $('#vdisk_file').hide('slow');
     $('#vdisk_dir').show('slow');
     $('#backingfs_type').show('slow');
@@ -913,7 +913,6 @@ function updateLocation(val) {
     content2.prop('disabled',false).trigger('change');
     break;
   default:
-    var path = content2.val().split('/');
     path.splice(-1,1);
     content1.val((path.join('/') + '/docker.img'));
     $('#vdisk_file').show('slow');

From 91caf869f5a44469339832ec0c17f2fa922eae1f Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Tue, 8 Oct 2024 21:57:48 +0100
Subject: [PATCH 050/174] Set NTP to use inferfaces.

---
 etc/rc.d/rc.ntpd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.ntpd b/etc/rc.d/rc.ntpd
index 0adf9b528..b22fff338 100755
--- a/etc/rc.d/rc.ntpd
+++ b/etc/rc.d/rc.ntpd
@@ -35,7 +35,7 @@ ntpd_build(){
     [[ $IPV6 == no ]] && echo "interface ignore ipv6" >>$CONF
     # add listen interfaces
     for NET in $BIND; do
-      echo "interface listen $NET # $(show $NET)" >>$CONF
+      echo "interface listen $(show $NET) # $NET" >>$CONF
     done
   fi
   # add configured NTP servers

From 0061c66dfecc9b514cc432b9d9b7635b35e8505b Mon Sep 17 00:00:00 2001
From: desertwitch <24509509+desertwitch@users.noreply.github.com>
Date: Wed, 9 Oct 2024 11:35:45 +0200
Subject: [PATCH 051/174] /etc/rc.d/rc.rsyslogd: OS-native PID for decisions

bugfix: multiple running rsyslogd processes (e.g. spawned by Docker containers) caused the rc.d script to think that the OS-native process was already running, resulting in startup failure of the OSes daemon.
---
 etc/rc.d/rc.rsyslogd | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/etc/rc.d/rc.rsyslogd b/etc/rc.d/rc.rsyslogd
index 7fc994948..985a118d4 100755
--- a/etc/rc.d/rc.rsyslogd
+++ b/etc/rc.d/rc.rsyslogd
@@ -13,7 +13,7 @@
 # Bergware - modified for Unraid OS, October 2023
 
 DAEMON="Syslog server daemon"
-PIDFILE=/var/run/rsyslogd.pid  # native rsyslogd pid file
+PIDFILE="/var/run/rsyslogd.pid"  # native rsyslogd pid file
 
 # run & log functions
 . /etc/rc.d/rc.runlog
@@ -29,7 +29,17 @@ create_xconsole(){
 
 rsyslogd_running(){
   sleep 0.1
-  ps axc | grep -q ' rsyslogd'
+  [[ ! -f $PIDFILE ]] && return 1
+  local RSPID
+  RSPID=$(cat "$PIDFILE")
+  if kill -0 "$RSPID" &>/dev/null; then
+    # PID is alive
+    return 0
+  else
+    # PID is dead (remove stale PID file)
+    rm -f "$PIDFILE"
+    return 1
+  fi
 }
 
 rsyslogd_start(){
@@ -38,7 +48,7 @@ rsyslogd_start(){
   if rsyslogd_running; then
     REPLY="Already started"
   else
-    run /usr/sbin/rsyslogd -i $PIDFILE
+    run /usr/sbin/rsyslogd -i "$PIDFILE"
     if rsyslogd_running; then REPLY="Started"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."
@@ -50,8 +60,8 @@ rsyslogd_stop(){
   if ! rsyslogd_running; then
     REPLY="Already stopped"
   else
-    run killall rsyslogd
-    rm -f $PIDFILE
+    run kill "$(cat "$PIDFILE")"
+    sleep 2
     if ! rsyslogd_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."
@@ -68,7 +78,7 @@ rsyslogd_reload(){
   log "Reloading $DAEMON..."
   local REPLY
   REPLY="Reloaded"
-  [[ -f $PIDFILE ]] && run kill -HUP $(cat $PIDFILE) || REPLY="Failed"
+  [[ -f $PIDFILE ]] && run kill -HUP "$(cat "$PIDFILE")" || REPLY="Failed"
   log "$DAEMON...  $REPLY."
 }
 

From bc7c66fec98d987b09a1a39ac8c640535ab32309 Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Wed, 9 Oct 2024 12:06:48 -0500
Subject: [PATCH 052/174] Delete share is always visible and enabled only when
 it is safe to delete the share.

---
 emhttp/plugins/dynamix/ShareEdit.page | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/emhttp/plugins/dynamix/ShareEdit.page b/emhttp/plugins/dynamix/ShareEdit.page
index 093ad9ff6..8cb0a51f2 100644
--- a/emhttp/plugins/dynamix/ShareEdit.page
+++ b/emhttp/plugins/dynamix/ShareEdit.page
@@ -541,14 +541,10 @@ _(Mover action)_:
 &nbsp;
 : <input type="submit" name="cmdEditShare" value="_(Add Share)_" onclick="this.value='Add Share'"><input type="button" value="_(Done)_" onclick="done()">
 <?else:?>
-<div markdown="1" class="empty">
-_(Delete)_<input type="checkbox" name="confirmDelete" onchange="chkDelete(this.form, document.getElementById('cmdEditShare'));">
+<div markdown="1">
+<label id="deleteLabel" title="">_(Delete)_</label><input type="checkbox" name="confirmDelete" onchange="chkDelete(this.form, document.getElementById('cmdEditShare'));" title="" disabled>
 : <input type="submit" id="cmdEditShare" name="cmdEditShare" value="_(Apply)_" onclick="if (this.value=='_(Delete)_') this.value='Delete'; else this.value='Apply'; return handleDeleteClick(this)" disabled><input type="button" value="_(Done)_" onclick="done()">
 </div>
-<div markdown="1" class="full">
-&nbsp;
-: <input type="submit" name="cmdEditShare" value="_(Apply)_" onclick="this.value='Apply'" disabled><input type="button" value="_(Done)_" onclick="done()">
-</div>
 <?endif;?>
 </form>
 
@@ -1297,13 +1293,24 @@ function handleDeleteClick(button) {
 
 $(function() {
 	<?if ($name):?>
+		<?
+			$tooltip_enabled	= _('Share is empty and is safe to delete');
+			$tooltip_disabled	= _('Share must be empty to be deleted');
+		?>
+
 		$.post('/webGui/include/ShareList.php', { scan: "<?=$name?>" }, function(e) {
 			if (e == 1) {
 				$('.empty').show();
 				$('.full').hide();
+				/* Enable delete checkbox and update tooltip. */
+				$('input[name="confirmDelete"]').prop('disabled', false).attr('title', '<?= $tooltip_enabled ?>');
+				$('#deleteLabel').attr('title', '<?= $tooltip_enabled ?>');
 			} else {
 				$('.full1').hide();
 				$('.full2').show();
+				/* Disable delete checkbox and update tooltip. */
+				$('input[name="confirmDelete"]').prop('disabled', true).attr('title', '<?= $tooltip_disabled ?>');
+				$('#deleteLabel').attr('title', '<?= $tooltip_disabled ?>');
 			}
 		});
 	<?endif;?>

From d9bd5b56c84803e1aec6a530a4fe66bed390c15f Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Wed, 9 Oct 2024 13:08:55 -0500
Subject: [PATCH 053/174] Remove ps.txt from diagnostics.

---
 emhttp/plugins/dynamix/scripts/diagnostics | 1 -
 1 file changed, 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/scripts/diagnostics b/emhttp/plugins/dynamix/scripts/diagnostics
index bda45e9f2..27b79ab43 100755
--- a/emhttp/plugins/dynamix/scripts/diagnostics
+++ b/emhttp/plugins/dynamix/scripts/diagnostics
@@ -440,7 +440,6 @@ run("lsscsi -vgl 2>/dev/null|todos >".escapeshellarg("/$diag/system/lsscsi.txt")
 run("lspci -knn 2>/dev/null|todos >".escapeshellarg("/$diag/system/lspci.txt"));
 run("lsusb 2>/dev/null|todos >".escapeshellarg("/$diag/system/lsusb.txt"));
 run("free -mth 2>/dev/null|todos >".escapeshellarg("/$diag/system/memory.txt"));
-run("ps -auxf --sort=-pcpu 2>/dev/null|todos >".escapeshellarg("/$diag/system/ps.txt"));
 run("lsof -Pni 2>/dev/null|todos >".escapeshellarg("/$diag/system/lsof.txt"));
 run("lsmod|sort 2>/dev/null|todos >".escapeshellarg("/$diag/system/lsmod.txt"));
 run("df -h 2>/dev/null|todos >".escapeshellarg("/$diag/system/df.txt"));

From bf6d5982be002140957a5b74da502c91acb1d90b Mon Sep 17 00:00:00 2001
From: desertwitch <24509509+desertwitch@users.noreply.github.com>
Date: Thu, 10 Oct 2024 06:49:58 +0200
Subject: [PATCH 054/174] /etc/rc.d/rc.rsyslogd: use pgrep, killall with PID
 namespace

---
 etc/rc.d/rc.rsyslogd | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/etc/rc.d/rc.rsyslogd b/etc/rc.d/rc.rsyslogd
index 985a118d4..03315c715 100755
--- a/etc/rc.d/rc.rsyslogd
+++ b/etc/rc.d/rc.rsyslogd
@@ -29,15 +29,12 @@ create_xconsole(){
 
 rsyslogd_running(){
   sleep 0.1
-  [[ ! -f $PIDFILE ]] && return 1
-  local RSPID
-  RSPID=$(cat "$PIDFILE")
-  if kill -0 "$RSPID" &>/dev/null; then
-    # PID is alive
+  if pgrep --ns $$ -x rsyslogd &>/dev/null; then
+    # Daemon is alive
     return 0
   else
-    # PID is dead (remove stale PID file)
-    rm -f "$PIDFILE"
+    # Daemon is dead (remove stale PID file)
+    [[ -f $PIDFILE ]] && rm -f "$PIDFILE"
     return 1
   fi
 }
@@ -60,7 +57,7 @@ rsyslogd_stop(){
   if ! rsyslogd_running; then
     REPLY="Already stopped"
   else
-    run kill "$(cat "$PIDFILE")"
+    run killall --ns $$ rsyslogd
     sleep 2
     if ! rsyslogd_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
@@ -78,7 +75,7 @@ rsyslogd_reload(){
   log "Reloading $DAEMON..."
   local REPLY
   REPLY="Reloaded"
-  [[ -f $PIDFILE ]] && run kill -HUP "$(cat "$PIDFILE")" || REPLY="Failed"
+  run killall -HUP --ns $$ rsyslogd || REPLY="Failed"
   log "$DAEMON...  $REPLY."
 }
 

From 06b1c9a20f8c01629e1ac91be6be115bed9ff074 Mon Sep 17 00:00:00 2001
From: desertwitch <24509509+desertwitch@users.noreply.github.com>
Date: Thu, 10 Oct 2024 07:03:48 +0200
Subject: [PATCH 055/174] /etc/rc.d/rc.rsyslogd: check status before reload

---
 etc/rc.d/rc.rsyslogd | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/etc/rc.d/rc.rsyslogd b/etc/rc.d/rc.rsyslogd
index 03315c715..e8eeea515 100755
--- a/etc/rc.d/rc.rsyslogd
+++ b/etc/rc.d/rc.rsyslogd
@@ -74,8 +74,12 @@ rsyslogd_restart(){
 rsyslogd_reload(){
   log "Reloading $DAEMON..."
   local REPLY
-  REPLY="Reloaded"
-  run killall -HUP --ns $$ rsyslogd || REPLY="Failed"
+  if ! rsyslogd_running; then
+    REPLY="Not running"
+  else
+    REPLY="Reloaded"
+    run killall -HUP --ns $$ rsyslogd || REPLY="Failed"
+  fi
   log "$DAEMON...  $REPLY."
 }
 

From c062e4dd9c51f0e25fdd96274083a76c4399ea41 Mon Sep 17 00:00:00 2001
From: ljm42 <larry_meaney@iname.com>
Date: Thu, 10 Oct 2024 09:09:39 -0700
Subject: [PATCH 056/174] Fix PHP error in device_list

Was preventing the main page from populating with data in some cases
---
 emhttp/plugins/dynamix/nchan/device_list | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/nchan/device_list b/emhttp/plugins/dynamix/nchan/device_list
index a513a3e24..3aea52977 100755
--- a/emhttp/plugins/dynamix/nchan/device_list
+++ b/emhttp/plugins/dynamix/nchan/device_list
@@ -268,7 +268,7 @@ function array_online(&$disk, $fstype='') {
     $sum['count']++;
     $sum['temp'] += $disk['temp'];
   }
-  $sum['power'] += _var($disk,'power',0);
+  $sum['power'] += intval(_var($disk,'power',0));
   $sum['numReads'] += _var($disk,'numReads',0);
   $sum['numWrites'] += _var($disk,'numWrites',0);
   $sum['numErrors'] += _var($disk,'numErrors',0);

From 3c007fa1d0ed8fb08c70b304702123942430b0fd Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Thu, 10 Oct 2024 17:17:17 +0100
Subject: [PATCH 057/174] Samba update and to use smbcontrol for reload

---
 etc/rc.d/rc.samba | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/etc/rc.d/rc.samba b/etc/rc.d/rc.samba
index 69572974e..089c4cda1 100755
--- a/etc/rc.d/rc.samba
+++ b/etc/rc.d/rc.samba
@@ -155,12 +155,12 @@ samba_stop(){
   else
     REPLY="Stopped"
     # stop gracefully with SIGTERM
-    run killall smbd nmbd wsdd2 winbindd
+    run killall --ns $$ smbd nmbd wsdd2 winbindd
     samba_waitfor_shutdown
     if samba_running; then
       REPLY="Killed"
       # stop forcibly with SIGKILL
-      run killall -SIGKILL smbd nmbd wsdd2 winbindd
+      run killall --ns $$ -SIGKILL smbd nmbd wsdd2 winbindd
       samba_waitfor_shutdown
     fi
     if ! samba_running; then
@@ -186,14 +186,12 @@ samba_restart(){
 }
 
 samba_reload(){
-  killall smbd nmbd wsdd2 winbindd 2>/dev/null
+  killall --ns $$ wsdd2 2>/dev/null
   # update settings
   samba_settings
-  # restart services
-  $SMBD -D 2>/dev/null
-  [[ $USE_NETBIOS == yes ]] && $NMBD -D 2>/dev/null
+  # reload services with smbcontrol
+  smbcontrol all reload-config 2>/dev/null
   [[ $USE_WSD == yes ]] && $WSDD2 -d ${WSD2_OPT## } 2>/dev/null
-  $WINBINDD -D 2>/dev/null
 }
 
 samba_update(){

From 80d567dfdeb86b1de9daf1c34c60b2b52e0e234a Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Thu, 10 Oct 2024 19:18:54 +0100
Subject: [PATCH 058/174] killall and pgrep updates.

Set --ns $$ on commands.
---
 .../plugins/dynamix.docker.manager/scripts/dockerupdate   | 2 +-
 emhttp/plugins/dynamix.plugin.manager/Plugins.page        | 2 +-
 emhttp/plugins/dynamix/DashStats.page                     | 2 +-
 emhttp/plugins/dynamix/Eth0.page                          | 4 ++--
 emhttp/plugins/dynamix/include/FileSystemStatus.php       | 6 +++---
 emhttp/plugins/dynamix/include/Helpers.php                | 4 ++--
 emhttp/plugins/dynamix/include/OpenTerminal.php           | 4 ++--
 emhttp/plugins/dynamix/include/StartCommand.php           | 2 +-
 emhttp/plugins/dynamix/scripts/reiserfs_check             | 2 +-
 etc/rc.d/rc.K                                             | 2 +-
 etc/rc.d/rc.acpid                                         | 2 +-
 etc/rc.d/rc.bind                                          | 2 +-
 etc/rc.d/rc.dnsmasq                                       | 2 +-
 etc/rc.d/rc.elogind                                       | 2 +-
 etc/rc.d/rc.inetd                                         | 2 +-
 etc/rc.d/rc.mcelog                                        | 2 +-
 etc/rc.d/rc.messagebus                                    | 4 ++--
 etc/rc.d/rc.nfsd                                          | 8 ++++----
 etc/rc.d/rc.ntpd                                          | 4 ++--
 etc/rc.d/rc.rpc                                           | 8 ++++----
 etc/rc.d/rc.samba                                         | 2 +-
 etc/rc.d/rc.smartd                                        | 2 +-
 etc/rc.d/rc.udev                                          | 2 +-
 etc/rc.d/rc.wsdd2                                         | 2 +-
 sbin/mover                                                | 2 +-
 25 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/scripts/dockerupdate b/emhttp/plugins/dynamix.docker.manager/scripts/dockerupdate
index 592e3fc00..33002a6e4 100755
--- a/emhttp/plugins/dynamix.docker.manager/scripts/dockerupdate
+++ b/emhttp/plugins/dynamix.docker.manager/scripts/dockerupdate
@@ -24,7 +24,7 @@ $_SERVER['REQUEST_URI'] = "scripts";
 $login_locale = _var($display,'locale');
 require_once "$docroot/webGui/include/Translations.php";
 
-exec("pgrep docker", $pid);
+exec('pgrep --ns $$ docker', $pid);
 if (count($pid) == 1) exit(0);
 
 $DockerClient = new DockerClient();
diff --git a/emhttp/plugins/dynamix.plugin.manager/Plugins.page b/emhttp/plugins/dynamix.plugin.manager/Plugins.page
index 99c85d2c5..66ccdb768 100644
--- a/emhttp/plugins/dynamix.plugin.manager/Plugins.page
+++ b/emhttp/plugins/dynamix.plugin.manager/Plugins.page
@@ -19,7 +19,7 @@ Code="e944"
 ?>
 <?
 // Remove stale /tmp/plugin/*.plg entries (check that script 'plugin' is not running to avoid clashes)
-if (!exec("pgrep -f $docroot/plugins/dynamix.plugin.manager/scripts/plugin")) {
+if (!exec('pgrep --ns $$ -f '."$docroot/plugins/dynamix.plugin.manager/scripts/plugin")) {
   foreach (glob("/tmp/plugins/*.{plg,txt}", GLOB_NOSORT+GLOB_BRACE) as $entry) if (!file_exists("/var/log/plugins/".basename($entry))) @unlink($entry);
 }
 $check = $notify['version'] ? 0 : 1;
diff --git a/emhttp/plugins/dynamix/DashStats.page b/emhttp/plugins/dynamix/DashStats.page
index 7ed28b7fa..917e4cbbc 100644
--- a/emhttp/plugins/dynamix/DashStats.page
+++ b/emhttp/plugins/dynamix/DashStats.page
@@ -69,7 +69,7 @@ $cache_type = $cache_rate = [];
 
 $parity = _var($var,'mdResync');
 $mover = file_exists('/var/run/mover.pid');
-$btrfs = exec('pgrep -cf /sbin/btrfs');
+$btrfs = exec('pgrep --ns $$ -cf /sbin/btrfs');
 $vdisk = exec("grep -Pom1 '^DOCKER_IMAGE_TYPE=\"\\K[^\"]+' /boot/config/docker.cfg 2>/dev/null")!='folder' ? _('Docker vdisk') : _('Docker folder');
 $dot = _var($display,'number','.,')[0];
 $zfs = count(array_filter(array_column($disks,'fsType'),function($fs){return str_replace('luks:','',$fs??'')=='zfs';}));
diff --git a/emhttp/plugins/dynamix/Eth0.page b/emhttp/plugins/dynamix/Eth0.page
index 1d614fec2..c7f1de5f9 100644
--- a/emhttp/plugins/dynamix/Eth0.page
+++ b/emhttp/plugins/dynamix/Eth0.page
@@ -60,8 +60,8 @@ foreach ($ports as $ethX) {
   }
 }
 // enable interface only when VMs and Docker are stopped
-$service = exec("pgrep libvirt") ? _('VM manager') : '';
-$service .= exec("pgrep docker") ? ($service ? ' '._('and').' ' : '')._('Docker service') : '';
+$service = exec('pgrep --ns $$ libvirt') ? _('VM manager') : '';
+$service .= exec('pgrep --ns $$ docker') ? ($service ? ' '._('and').' ' : '')._('Docker service') : '';
 
 // eth0 port status
 $no_eth0 = exec("ip link show eth0|grep -Pom1 '(NO-CARRIER|state DOWN)'");
diff --git a/emhttp/plugins/dynamix/include/FileSystemStatus.php b/emhttp/plugins/dynamix/include/FileSystemStatus.php
index 0342a4f4e..2901f3524 100644
--- a/emhttp/plugins/dynamix/include/FileSystemStatus.php
+++ b/emhttp/plugins/dynamix/include/FileSystemStatus.php
@@ -40,9 +40,9 @@ default:
   $file = "/var/lib/$dir/check.status.$id";
   if (file_exists($file)) {
     switch ($cmd) {
-      case 'btrfs-check': $pgrep = "pgrep -f '/sbin/btrfs check .*$dev'"; break;
-      case 'rfs-check': $pgrep = "pgrep -f '/sbin/reiserfsck $dev'"; break;
-      case 'xfs-check': $pgrep = "pgrep -f '/sbin/xfs_repair.*$dev'"; break;
+      case 'btrfs-check': $pgrep = 'pgrep --ns \$\$ -f '."'/sbin/btrfs check .*$dev'"; break;
+      case 'rfs-check': $pgrep = 'pgrep --ns $$  -f '."'/sbin/reiserfsck $dev'"; break;
+      case 'xfs-check': $pgrep = 'pgrep --ns $$ -f '."'/sbin/xfs_repair.*$dev'"; break;
     }
     echo file_get_contents($file);
     if (!exec($pgrep)) echo "\0";
diff --git a/emhttp/plugins/dynamix/include/Helpers.php b/emhttp/plugins/dynamix/include/Helpers.php
index f64ba2f2d..6908d526b 100644
--- a/emhttp/plugins/dynamix/include/Helpers.php
+++ b/emhttp/plugins/dynamix/include/Helpers.php
@@ -263,7 +263,7 @@ function urlencode_path($path) {
   return str_replace("%2F", "/", urlencode($path));
 }
 function pgrep($process_name, $escape_arg=true) {
-  $pid = exec("pgrep ".($escape_arg?escapeshellarg($process_name):$process_name), $output, $retval);
+  $pid = exec('pgrep --ns $$ '.($escape_arg?escapeshellarg($process_name):$process_name), $output, $retval);
   return $retval==0 ? $pid : false;
 }
 function is_block($path) {
@@ -372,7 +372,7 @@ function my_rmdir($dirname) {
         'dataset' => $zfsdataset,
         'type' => $fstype,
         'cmd' => $cmdstr,
-        'error' => $error,
+        'error' =>
       ];
       break;
     case "btrfs":
diff --git a/emhttp/plugins/dynamix/include/OpenTerminal.php b/emhttp/plugins/dynamix/include/OpenTerminal.php
index fbba2d93e..ac6a6833a 100644
--- a/emhttp/plugins/dynamix/include/OpenTerminal.php
+++ b/emhttp/plugins/dynamix/include/OpenTerminal.php
@@ -44,10 +44,10 @@ switch ($_GET['tag']) {
 case 'ttyd':
   // check if ttyd already running
   $sock = "/var/run/ttyd.sock";
-  exec("pgrep -f '$sock'", $ttyd_pid, $retval);
+  exec('pgrep --ns $$ -f '."'$sock'", $ttyd_pid, $retval);
   if ($retval == 0) {
     // check if there are any child processes, ie, curently open tty windows
-    exec("pgrep -P ".$ttyd_pid[0], $output, $retval);
+    exec('pgrep --ns $$ -P '.$ttyd_pid[0], $output, $retval);
     // no child processes, restart ttyd to pick up possible font size change
     if ($retval != 0) exec("kill ".$ttyd_pid[0]);
   }
diff --git a/emhttp/plugins/dynamix/include/StartCommand.php b/emhttp/plugins/dynamix/include/StartCommand.php
index 254c41501..b63d3bfdf 100644
--- a/emhttp/plugins/dynamix/include/StartCommand.php
+++ b/emhttp/plugins/dynamix/include/StartCommand.php
@@ -15,7 +15,7 @@ $docroot ??= ($_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp');
 require_once "$docroot/webGui/include/Secure.php";
 
 function pgrep($proc) {
-  return exec("pgrep -f $proc");
+  return exec('pgrep --ns $$ -f '."$proc");
 }
 
 if (isset($_POST['kill']) && $_POST['kill'] > 1) {
diff --git a/emhttp/plugins/dynamix/scripts/reiserfs_check b/emhttp/plugins/dynamix/scripts/reiserfs_check
index 9896880ed..0ec66fa9b 100755
--- a/emhttp/plugins/dynamix/scripts/reiserfs_check
+++ b/emhttp/plugins/dynamix/scripts/reiserfs_check
@@ -16,7 +16,7 @@ case "$1" in
   else
     echo "Not available"
   fi;
-  pgrep -f "/sbin/reiserfsck $2" >/dev/null
+  pgrep --ns $$ -f "/sbin/reiserfsck $2" >/dev/null
 ;;
 'cancel')
   pkill -f "/sbin/reiserfsck $2"
diff --git a/etc/rc.d/rc.K b/etc/rc.d/rc.K
index c8d075d8b..75e450339 100755
--- a/etc/rc.d/rc.K
+++ b/etc/rc.d/rc.K
@@ -99,7 +99,7 @@ if [[ -x /etc/rc.d/rc.acpid && -r /var/run/acpid.pid ]]; then # quit
 fi
 
 # Kill all processes.
-OMITPIDS="$(for P in $(pgrep mdmon); do echo -o $P; done)" # Don't kill mdmon
+OMITPIDS="$(for P in $(pgrep --ns $$  mdmon); do echo -o $P; done)" # Don't kill mdmon
 log "Sending all processes the SIGHUP signal."
 run killall5 -1 $OMITPIDS
 log "Waiting for processes to hang up"
diff --git a/etc/rc.d/rc.acpid b/etc/rc.d/rc.acpid
index bbc6f334f..09d71a234 100755
--- a/etc/rc.d/rc.acpid
+++ b/etc/rc.d/rc.acpid
@@ -40,7 +40,7 @@ acpid_stop(){
     REPLY="Already stopped"
   else
     run kill $(cat /var/run/acpid.pid 2>/dev/null)
-    run killall acpid
+    run killall --ns $$ acpid
     if ! acpid_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."
diff --git a/etc/rc.d/rc.bind b/etc/rc.d/rc.bind
index 1b0b4d6fb..5e6e1ca12 100644
--- a/etc/rc.d/rc.bind
+++ b/etc/rc.d/rc.bind
@@ -96,7 +96,7 @@ bind_stop() {
   fi
   # Kill named processes if there are any running:
   if ps axco command | grep -q -e "^named$"; then
-    echo "Stopping all named processes in this namespace:  /bin/killall -SIGTERM --ns \$\$ named"
+    echo "Stopping all named processes in this namespace:  /bin/killall -SIGTERM --ns $$ named"
     /bin/killall -SIGTERM --ns $$ named 2> /dev/null
   fi
 }
diff --git a/etc/rc.d/rc.dnsmasq b/etc/rc.d/rc.dnsmasq
index 1274cd831..f36c7a742 100644
--- a/etc/rc.d/rc.dnsmasq
+++ b/etc/rc.d/rc.dnsmasq
@@ -15,7 +15,7 @@ PIDFILE="/var/run/dnsmasq.pid"
 
 dnsmasq_running(){
   sleep 0.1
-  pgrep -l -F $PIDFILE 2>/dev/null | grep -q dnsmasq
+  pgrep --ns $$ -l -F $PIDFILE 2>/dev/null | grep -q dnsmasq
 }
 
 dnsmasq_start(){
diff --git a/etc/rc.d/rc.elogind b/etc/rc.d/rc.elogind
index 146eb6d6d..503619f9b 100755
--- a/etc/rc.d/rc.elogind
+++ b/etc/rc.d/rc.elogind
@@ -29,7 +29,7 @@ PIDFILE="/run/elogind.pid"
 
 elogind_running(){
   sleep 0.1
-  pgrep -l -F $PIDFILE 2>/dev/null | grep -q elogind
+  pgrep --ns $$ -l -F $PIDFILE 2>/dev/null | grep -q elogind
 }
 
 elogind_start(){
diff --git a/etc/rc.d/rc.inetd b/etc/rc.d/rc.inetd
index 765d58b0a..231c3f32e 100755
--- a/etc/rc.d/rc.inetd
+++ b/etc/rc.d/rc.inetd
@@ -35,7 +35,7 @@ inetd_stop() {
   if ! inetd_running; then
     REPLY="Already stopped"
   else
-    run killall inetd
+    run killall --ns $$ inetd
     if ! inetd_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."
diff --git a/etc/rc.d/rc.mcelog b/etc/rc.d/rc.mcelog
index 4d3b173bb..a5a737038 100755
--- a/etc/rc.d/rc.mcelog
+++ b/etc/rc.d/rc.mcelog
@@ -74,7 +74,7 @@ mcelog_stop(){
     if ! mcelog_running; then
       REPLY="Already stopped"
     else
-      killall -TERM $MCELOG
+      killall --ns $$ -TERM $MCELOG
       if ! mcelog_running; then REPLY="Stopped"; else REPLY="Failed"; fi
     fi
   elif [[ $MCELOG_MODE == trigger && -f $TRIGGER ]]; then 
diff --git a/etc/rc.d/rc.messagebus b/etc/rc.d/rc.messagebus
index 8a0187ed6..9fadc6b92 100755
--- a/etc/rc.d/rc.messagebus
+++ b/etc/rc.d/rc.messagebus
@@ -52,7 +52,7 @@ dbus_stop(){
   else
     run kill $(cat $PIDFILE)
     # Just in case:
-    run killall dbus-daemon
+    run killall --ns $$ dbus-daemon
     rm -f $PIDFILE
     if ! dbus_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
@@ -65,7 +65,7 @@ dbus_reload(){
     pid=$(cat $PIDFILE)
     run kill -HUP $pid
   else
-    run killall -HUP dbus-daemon
+    run killall --ns $$ -HUP dbus-daemon
   fi
   log "$DAEMON...  Reloaded."
 }
diff --git a/etc/rc.d/rc.nfsd b/etc/rc.d/rc.nfsd
index e15f4ccba..8552df5f5 100755
--- a/etc/rc.d/rc.nfsd
+++ b/etc/rc.d/rc.nfsd
@@ -104,11 +104,11 @@ nfsd_stop(){
   if ! nfsd_running; then
     REPLY="Already stopped"
   else
-    killall rpc.mountd 2>/dev/null
-    killall nfsd 2>/dev/null
+    killall --ns $$ rpc.mountd 2>/dev/null
+    killall --ns $$ nfsd 2>/dev/null
     sleep 1
-    killall -9 nfsd 2>/dev/null
-    killall rpc.rquotad 2>/dev/null
+    killall --ns $$ -9 nfsd 2>/dev/null
+    killall --ns $$ rpc.rquotad 2>/dev/null
     run $EXPORTFS -au
     if ! nfsd_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
diff --git a/etc/rc.d/rc.ntpd b/etc/rc.d/rc.ntpd
index b22fff338..cc9c05711 100755
--- a/etc/rc.d/rc.ntpd
+++ b/etc/rc.d/rc.ntpd
@@ -76,7 +76,7 @@ ntpd_stop(){
       kill -HUP $(cat /var/run/ntpd.pid)
       rm -f /var/run/ntpd.pid
     else
-      killall -HUP -q ntpd
+      killall --ns $$  -HUP -q ntpd
     fi
     if ! ntpd_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
@@ -93,7 +93,7 @@ ntpd_restart(){
 }
 
 ntpd_reload(){
-  killall -HUP -q ntpd
+  killall --ns $$  -HUP -q ntpd
   . <(fromdos <$IDENT)
   ntpd_build
   $NTPD $OPTIONS 2>/dev/null
diff --git a/etc/rc.d/rc.rpc b/etc/rc.d/rc.rpc
index 825e9aa85..aa67bf35f 100755
--- a/etc/rc.d/rc.rpc
+++ b/etc/rc.d/rc.rpc
@@ -80,13 +80,13 @@ rpc_stop(){
   if ! rpc_running; then
     REPLY="Already stopped"
   else
-    killall rpc.statd 2>/dev/null
+    killall --ns $$ rpc.statd 2>/dev/null
     sleep 1
-    killall rpcbind 2>/dev/null
+    killall --ns $$ rpcbind 2>/dev/null
     sleep 1
-    killall -9 rpc.statd 2>/dev/null # make sure :)
+    killall --ns $$ -9 rpc.statd 2>/dev/null # make sure :)
     sleep 1
-    killall -9 rpcbind 2>/dev/null   # make sure :)
+    killall --ns $$ -9 rpcbind 2>/dev/null   # make sure :)
     if ! rpc_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."
diff --git a/etc/rc.d/rc.samba b/etc/rc.d/rc.samba
index 089c4cda1..3b33f92a8 100755
--- a/etc/rc.d/rc.samba
+++ b/etc/rc.d/rc.samba
@@ -34,7 +34,7 @@ PRIVATE="/var/lib/samba/private"
 
 samba_running(){
   sleep 0.1
-  [[ $(pgrep -cf $SMBD) -gt 0 ]]
+  [[ $(pgrep --ns $$ -cf $SMBD) -gt 0 ]]
 }
 
 samba_waitfor_shutdown(){
diff --git a/etc/rc.d/rc.smartd b/etc/rc.d/rc.smartd
index 8254b3942..24f5accd5 100644
--- a/etc/rc.d/rc.smartd
+++ b/etc/rc.d/rc.smartd
@@ -25,7 +25,7 @@ smart_stop() {
   if [ -r /run/smartd.pid ]; then
     kill $(cat /run/smartd.pid)
   else
-    killall smartd
+    killall --ns $$ smartd
   fi
 }
 
diff --git a/etc/rc.d/rc.udev b/etc/rc.d/rc.udev
index b89756fd2..6ccb97bfa 100755
--- a/etc/rc.d/rc.udev
+++ b/etc/rc.d/rc.udev
@@ -191,7 +191,7 @@ case "$1" in
 'force-stop')
   log "Stopping udevd"
   udevadm control --exit
-  killall udevd 2>/dev/null
+  killall --ns $$ udevd 2>/dev/null
   ;;
 'force-restart')
   log "Restarting udevd"
diff --git a/etc/rc.d/rc.wsdd2 b/etc/rc.d/rc.wsdd2
index eedaf81c0..762566183 100755
--- a/etc/rc.d/rc.wsdd2
+++ b/etc/rc.d/rc.wsdd2
@@ -58,7 +58,7 @@ wsdd2_stop(){
   if ! wsdd2_running; then
     REPLY="Already stopped"
   else
-    killall wsdd2
+    killall --ns $$  wsdd2
     if ! wsdd2_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."
diff --git a/sbin/mover b/sbin/mover
index 35547c092..336aebf89 100755
--- a/sbin/mover
+++ b/sbin/mover
@@ -117,7 +117,7 @@ empty() {
 killtree() {
   local pid=$1 child
     
-  for child in $(pgrep -P $pid); do
+  for child in $(pgrep --ns $$ -P $pid); do
     killtree $child
   done
   [ $pid -ne $$ ] && kill -TERM $pid

From 01c6f64b52920dba6ef13a212544b2537d50dc54 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Thu, 10 Oct 2024 21:03:02 +0100
Subject: [PATCH 059/174] Revert sshd loops.

---
 etc/rc.d/rc.sshd | 22 +++-------------------
 1 file changed, 3 insertions(+), 19 deletions(-)

diff --git a/etc/rc.d/rc.sshd b/etc/rc.d/rc.sshd
index f211f6dff..ce5da79ec 100755
--- a/etc/rc.d/rc.sshd
+++ b/etc/rc.d/rc.sshd
@@ -24,13 +24,7 @@ SSH_ETC="/etc/ssh"
 sshd_running(){
   sleep 0.1
   # get all pids from sshd
-  for pid in $(pgrep -f $SSHD); do
-    # check if a sshd is running on host system
-    if ! grep -qE '/docker|/lxc' /proc/$pid/cgroup; then
-      return 0
-    fi
-  done
-  return 1
+  [[ $(pgrep -ns $$ -cf $SSHD) -gt 0 ]]
 }
 
 sshd_build(){
@@ -74,18 +68,8 @@ sshd_stop(){
     REPLY="Already stopped"
   else
     log "Stopping $DAEMON..."
-    # get all pids from sshd
-    for pid in $(pgrep -f $SSHD); do
-      # make sure to kill only sshd from host system
-      if ! grep -qE '/docker|/lxc' /proc/$pid/cgroup; then
-        kill $pid
-      fi
-    done
-    if ! sshd_running; then
-      REPLY="Stopped"
-    else
-      REPLY="Failed"
-    fi
+    killall --ns $$ sshd
+    if ! sshd_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."
 }

From 57ec7909e5bc4d6022a956309f7e03399115d850 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Thu, 10 Oct 2024 21:54:16 +0100
Subject: [PATCH 060/174] Update rc.sshd

---
 etc/rc.d/rc.sshd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.sshd b/etc/rc.d/rc.sshd
index ce5da79ec..051120ee0 100755
--- a/etc/rc.d/rc.sshd
+++ b/etc/rc.d/rc.sshd
@@ -24,7 +24,7 @@ SSH_ETC="/etc/ssh"
 sshd_running(){
   sleep 0.1
   # get all pids from sshd
-  [[ $(pgrep -ns $$ -cf $SSHD) -gt 0 ]]
+  [[ $(pgrep --ns $$ -cf $SSHD) -gt 0 ]]
 }
 
 sshd_build(){

From 2dc82b61de3661027584e341c0583a4b1a8e23f3 Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Thu, 10 Oct 2024 16:16:09 -0500
Subject: [PATCH 061/174] Delete all '*.DS_Store' files when deleting share.

---
 emhttp/plugins/dynamix/include/ShareList.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/ShareList.php b/emhttp/plugins/dynamix/include/ShareList.php
index 20b64fb85..3367abb8d 100644
--- a/emhttp/plugins/dynamix/include/ShareList.php
+++ b/emhttp/plugins/dynamix/include/ShareList.php
@@ -37,7 +37,7 @@ if (isset($_POST['scan'])) {
 		/* Iterate over each item in the directory and its subdirectories */
 		foreach ($iterator as $fileinfo) {
 			/* Check if the current item is a file and not a .DS_Store file */
-			if ($fileinfo->isFile() && $fileinfo->getFilename() !== '.DS_Store') {
+			if ($fileinfo->isFile() && !preg_match('/\.DS_Store$/i', $fileinfo->getFilename())) {
 				$hasFiles = true;
 				break;
 			}
@@ -70,7 +70,7 @@ function removeDSStoreFilesAndEmptyDirs($dir) {
 	);
 
 	foreach ($iterator as $file) {
-		if ($file->isFile() && $file->getFilename() === '.DS_Store') {
+		if ($file->isFile() && preg_match('/\.DS_Store$/i', $file->getFilename())) {
 			unlink($file->getRealPath());
 		}
 	}
@@ -87,7 +87,6 @@ if (isset($_POST['cleanup'])) {
   $n = 0;
   // active shares
   $shares = array_map('strtolower',array_keys(parse_ini_file('state/shares.ini',true)));
-
   // stored shares
   foreach (glob("/boot/config/shares/*.cfg",GLOB_NOSORT) as $name) {
     if (!in_array(strtolower(basename($name,'.cfg')),$shares)) {

From a866de833a889479788adcb7453107ccc0076cef Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Wed, 9 Oct 2024 09:19:14 -0700
Subject: [PATCH 062/174] Revert "stop ntpd from complaining about multiple IP
 addresses"

---
 etc/rc.d/rc.ntpd | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/etc/rc.d/rc.ntpd b/etc/rc.d/rc.ntpd
index cc9c05711..7bd8993d2 100755
--- a/etc/rc.d/rc.ntpd
+++ b/etc/rc.d/rc.ntpd
@@ -101,11 +101,8 @@ ntpd_reload(){
 
 ntpd_update(){
   # 0 = update needed, 1 = no action
-#  if ! ntpd_running; then exit 1; fi
-#  if check && [[ "$(this 'interface listen')" == "$BIND" ]]; then exit 1; else exit 0; fi
-  # upon network change always return 'update needed' - subsequent reload stops ntp complaining
-  # when multiple interfaces have same IP address (such as shim-br0).
-  if ntpd_running; then exit 0; else exit 1; fi
+  if ! ntpd_running; then exit 1; fi
+  if check && [[ "$(this 'interface listen')" == "$BIND" ]]; then exit 1; else exit 0; fi
 }
 
 ntpd_status(){

From b783d4b207eda4e633f4e414ae04fc4f7fe56a27 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Fri, 11 Oct 2024 02:22:55 -0700
Subject: [PATCH 063/174] more killall and pgrep updates.

---
 emhttp/plugins/dynamix/include/FileSystemStatus.php | 2 +-
 emhttp/plugins/dynamix/include/Helpers.php          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/FileSystemStatus.php b/emhttp/plugins/dynamix/include/FileSystemStatus.php
index 2901f3524..736dc2685 100644
--- a/emhttp/plugins/dynamix/include/FileSystemStatus.php
+++ b/emhttp/plugins/dynamix/include/FileSystemStatus.php
@@ -40,7 +40,7 @@ default:
   $file = "/var/lib/$dir/check.status.$id";
   if (file_exists($file)) {
     switch ($cmd) {
-      case 'btrfs-check': $pgrep = 'pgrep --ns \$\$ -f '."'/sbin/btrfs check .*$dev'"; break;
+      case 'btrfs-check': $pgrep = 'pgrep --ns $$ -f '."'/sbin/btrfs check .*$dev'"; break;
       case 'rfs-check': $pgrep = 'pgrep --ns $$  -f '."'/sbin/reiserfsck $dev'"; break;
       case 'xfs-check': $pgrep = 'pgrep --ns $$ -f '."'/sbin/xfs_repair.*$dev'"; break;
     }
diff --git a/emhttp/plugins/dynamix/include/Helpers.php b/emhttp/plugins/dynamix/include/Helpers.php
index 6908d526b..69d61e506 100644
--- a/emhttp/plugins/dynamix/include/Helpers.php
+++ b/emhttp/plugins/dynamix/include/Helpers.php
@@ -372,7 +372,7 @@ function my_rmdir($dirname) {
         'dataset' => $zfsdataset,
         'type' => $fstype,
         'cmd' => $cmdstr,
-        'error' =>
+        'error' => $error,
       ];
       break;
     case "btrfs":

From 95c6913c62e64314b985e08222feb3543113b2ec Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Fri, 11 Oct 2024 02:23:34 -0700
Subject: [PATCH 064/174] small chang in how rc.cgroup2unaid is invoked

---
 etc/rc.d/rc.S.cont        | 8 ++------
 etc/rc.d/rc.cgroup2unraid | 0
 2 files changed, 2 insertions(+), 6 deletions(-)
 mode change 100644 => 100755 etc/rc.d/rc.cgroup2unraid

diff --git a/etc/rc.d/rc.S.cont b/etc/rc.d/rc.S.cont
index 6930cf426..94885b78d 100755
--- a/etc/rc.d/rc.S.cont
+++ b/etc/rc.d/rc.S.cont
@@ -69,7 +69,8 @@ if /bin/grep -wq cgroup /proc/filesystems; then
       # See https://docs.kernel.org/admin-guide/cgroup-v2.html (section Mounting)
       # Mount cgroup2 filesystem
       /sbin/mount -t cgroup2 -o rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot cgroup2 /sys/fs/cgroup
-      chmod +x /etc/rc.d/rc.cgroup2unraid
+      # Start cgroup2 cleanup daemon
+      /etc/rc.d/rc.cgroup2unraid start
     else
       # Display message if /sys/fs/cgroup does not exist
       echo "/sys/fs/cgroup does not exist. cgroup2 cannot be mounted."
@@ -160,11 +161,6 @@ if [[ -x /etc/rc.d/rc.cgconfig && -x /etc/rc.d/rc.cgred && -d /sys/fs/cgroup ]];
   /etc/rc.d/rc.cgred start
 fi
 
-# Start cgroup2 cleanup daemon
-if [[ -x /etc/rc.d/rc.cgroup2unraid && -d /sys/fs/cgroup ]]; then
-  /etc/rc.d/rc.cgroup2unraid start
-fi
-
 # Create /tmp/{.ICE-unix,.X11-unix} if they are not present:
 if [[ ! -e /tmp/.ICE-unix ]]; then
   /bin/mkdir -p /tmp/.ICE-unix
diff --git a/etc/rc.d/rc.cgroup2unraid b/etc/rc.d/rc.cgroup2unraid
old mode 100644
new mode 100755

From 708f6e89eb73558797f57a09498277ed6140b46f Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Fri, 11 Oct 2024 14:04:25 +0100
Subject: [PATCH 065/174] Update noVNC to 1.5

---
 .../novnc/app/error-handler.js                |  123 +-
 .../novnc/app/images/icons/Makefile           |   64 +-
 .../novnc/app/images/icons/novnc-ios-120.png  |  Bin 0 -> 3215 bytes
 .../novnc/app/images/icons/novnc-ios-152.png  |  Bin 0 -> 4190 bytes
 .../novnc/app/images/icons/novnc-ios-167.png  |  Bin 0 -> 4574 bytes
 .../novnc/app/images/icons/novnc-ios-180.png  |  Bin 0 -> 4730 bytes
 .../novnc/app/images/icons/novnc-ios-40.png   |  Bin 0 -> 1245 bytes
 .../novnc/app/images/icons/novnc-ios-58.png   |  Bin 0 -> 1602 bytes
 .../novnc/app/images/icons/novnc-ios-60.png   |  Bin 0 -> 1595 bytes
 .../novnc/app/images/icons/novnc-ios-80.png   |  Bin 0 -> 1825 bytes
 .../novnc/app/images/icons/novnc-ios-87.png   |  Bin 0 -> 2708 bytes
 .../novnc/app/images/icons/novnc-ios-icon.svg |  183 +++
 .../novnc/app/images/icons/novnc.ico          |  Bin 0 -> 310566 bytes
 .../novnc/app/locale/el.json                  |   32 +-
 .../novnc/app/locale/es.json                  |   22 +-
 .../novnc/app/locale/fr.json                  |   72 ++
 .../novnc/app/locale/it.json                  |   68 +
 .../novnc/app/locale/ja.json                  |   39 +-
 .../novnc/app/locale/pt_BR.json               |   72 ++
 .../novnc/app/locale/ru.json                  |   31 +-
 .../novnc/app/locale/sv.json                  |   13 +-
 .../novnc/app/locale/zh_CN.json               |   48 +-
 .../novnc/app/localization.js                 |   60 +-
 .../novnc/app/styles/base.css                 |  384 +++---
 .../novnc/app/styles/input.css                |  281 +++++
 .../dynamix.vm.manager/novnc/app/ui.js        |  143 ++-
 .../dynamix.vm.manager/novnc/app/webutil.js   |  149 +--
 .../novnc/core/crypto/aes.js                  |  178 +++
 .../novnc/core/crypto/bigint.js               |   34 +
 .../novnc/core/crypto/crypto.js               |   90 ++
 .../novnc/core/crypto/des.js                  |  330 +++++
 .../novnc/core/crypto/dh.js                   |   55 +
 .../novnc/core/crypto/md5.js                  |   82 ++
 .../novnc/core/crypto/rsa.js                  |  132 ++
 .../novnc/core/decoders/copyrect.js           |    5 +
 .../novnc/core/decoders/hextile.js            |   92 +-
 .../novnc/core/decoders/jpeg.js               |  146 +++
 .../novnc/core/decoders/raw.js                |   57 +-
 .../novnc/core/decoders/tight.js              |  108 +-
 .../novnc/core/decoders/zrle.js               |  185 +++
 .../dynamix.vm.manager/novnc/core/deflator.js |    5 +-
 .../dynamix.vm.manager/novnc/core/display.js  |  195 +--
 .../novnc/core/encodings.js                   |    5 +
 .../dynamix.vm.manager/novnc/core/inflator.js |    3 +-
 .../novnc/core/input/domkeytable.js           |   46 +-
 .../novnc/core/input/keyboard.js              |  176 +--
 .../novnc/core/input/util.js                  |   55 +-
 .../novnc/core/input/vkeys.js                 |    1 -
 .../novnc/core/input/xtscancodes.js           |    8 +-
 .../dynamix.vm.manager/novnc/core/ra2.js      |  312 +++++
 .../dynamix.vm.manager/novnc/core/rfb.js      | 1102 ++++++++++-------
 .../novnc/core/util/browser.js                |   80 +-
 .../novnc/core/util/cursor.js                 |   20 +-
 .../novnc/core/util/events.js                 |    4 -
 .../dynamix.vm.manager/novnc/core/websock.js  |  211 ++--
 .../dynamix.vm.manager/novnc/package.json     |   71 +-
 emhttp/plugins/dynamix.vm.manager/vnc.html    |  131 +-
 57 files changed, 4156 insertions(+), 1547 deletions(-)
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-120.png
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-152.png
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-167.png
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-180.png
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-40.png
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-58.png
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-60.png
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-80.png
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-87.png
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-icon.svg
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc.ico
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/locale/fr.json
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/locale/it.json
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/locale/pt_BR.json
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/app/styles/input.css
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/aes.js
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/bigint.js
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/crypto.js
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/des.js
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/dh.js
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/md5.js
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/rsa.js
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/jpeg.js
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/zrle.js
 create mode 100644 emhttp/plugins/dynamix.vm.manager/novnc/core/ra2.js

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/error-handler.js b/emhttp/plugins/dynamix.vm.manager/novnc/app/error-handler.js
index 81a6cba8e..67b63720c 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/error-handler.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/error-handler.js
@@ -6,61 +6,74 @@
  * See README.md for usage and integration instructions.
  */
 
-// NB: this should *not* be included as a module until we have
-// native support in the browsers, so that our error handler
-// can catch script-loading errors.
+// Fallback for all uncought errors
+function handleError(event, err) {
+    try {
+        const msg = document.getElementById('noVNC_fallback_errormsg');
 
-// No ES6 can be used in this file since it's used for the translation
-/* eslint-disable prefer-arrow-callback */
-
-(function _scope() {
-    "use strict";
-
-    // Fallback for all uncought errors
-    function handleError(event, err) {
-        try {
-            const msg = document.getElementById('noVNC_fallback_errormsg');
-
-            // Only show the initial error
-            if (msg.hasChildNodes()) {
-                return false;
-            }
-
-            let div = document.createElement("div");
-            div.classList.add('noVNC_message');
-            div.appendChild(document.createTextNode(event.message));
-            msg.appendChild(div);
-
-            if (event.filename) {
-                div = document.createElement("div");
-                div.className = 'noVNC_location';
-                let text = event.filename;
-                if (event.lineno !== undefined) {
-                    text += ":" + event.lineno;
-                    if (event.colno !== undefined) {
-                        text += ":" + event.colno;
-                    }
-                }
-                div.appendChild(document.createTextNode(text));
-                msg.appendChild(div);
-            }
-
-            if (err && err.stack) {
-                div = document.createElement("div");
-                div.className = 'noVNC_stack';
-                div.appendChild(document.createTextNode(err.stack));
-                msg.appendChild(div);
-            }
-
-            document.getElementById('noVNC_fallback_error')
-                .classList.add("noVNC_open");
-        } catch (exc) {
-            document.write("noVNC encountered an error.");
+        // Work around Firefox bug:
+        // https://bugzilla.mozilla.org/show_bug.cgi?id=1685038
+        if (event.message === "ResizeObserver loop completed with undelivered notifications.") {
+            return false;
         }
-        // Don't return true since this would prevent the error
-        // from being printed to the browser console.
-        return false;
+
+        // Only show the initial error
+        if (msg.hasChildNodes()) {
+            return false;
+        }
+
+        let div = document.createElement("div");
+        div.classList.add('noVNC_message');
+        div.appendChild(document.createTextNode(event.message));
+        msg.appendChild(div);
+
+        if (event.filename) {
+            div = document.createElement("div");
+            div.className = 'noVNC_location';
+            let text = event.filename;
+            if (event.lineno !== undefined) {
+                text += ":" + event.lineno;
+                if (event.colno !== undefined) {
+                    text += ":" + event.colno;
+                }
+            }
+            div.appendChild(document.createTextNode(text));
+            msg.appendChild(div);
+        }
+
+        if (err && err.stack) {
+            div = document.createElement("div");
+            div.className = 'noVNC_stack';
+            div.appendChild(document.createTextNode(err.stack));
+            msg.appendChild(div);
+        }
+
+        document.getElementById('noVNC_fallback_error')
+            .classList.add("noVNC_open");
+
+    } catch (exc) {
+        document.write("noVNC encountered an error.");
     }
-    window.addEventListener('error', function onerror(evt) { handleError(evt, evt.error); });
-    window.addEventListener('unhandledrejection', function onreject(evt) { handleError(evt.reason, evt.reason); });
-})();
+
+    // Try to disable keyboard interaction, best effort
+    try {
+        // Remove focus from the currently focused element in order to
+        // prevent keyboard interaction from continuing
+        if (document.activeElement) { document.activeElement.blur(); }
+
+        // Don't let any element be focusable when showing the error
+        let keyboardFocusable = 'a[href], button, input, textarea, select, details, [tabindex]';
+        document.querySelectorAll(keyboardFocusable).forEach((elem) => {
+            elem.setAttribute("tabindex", "-1");
+        });
+    } catch (exc) {
+        // Do nothing
+    }
+
+    // Don't return true since this would prevent the error
+    // from being printed to the browser console.
+    return false;
+}
+
+window.addEventListener('error', evt => handleError(evt, evt.error));
+window.addEventListener('unhandledrejection', evt => handleError(evt.reason, evt.reason));
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/Makefile b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/Makefile
index be564b43b..03eaed071 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/Makefile
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/Makefile
@@ -1,42 +1,42 @@
-ICONS := \
-	novnc-16x16.png \
-	novnc-24x24.png \
-	novnc-32x32.png \
-	novnc-48x48.png \
-	novnc-64x64.png
+BROWSER_SIZES := 16 24 32 48 64
+#ANDROID_SIZES := 72 96 144 192
+# FIXME: The ICO is limited to 8 icons due to a Chrome bug:
+#        https://bugs.chromium.org/p/chromium/issues/detail?id=1381393
+ANDROID_SIZES := 96 144 192
+WEB_ICON_SIZES := $(BROWSER_SIZES) $(ANDROID_SIZES)
 
-ANDROID_LAUNCHER := \
-	novnc-48x48.png \
-	novnc-72x72.png \
-	novnc-96x96.png \
-	novnc-144x144.png \
-	novnc-192x192.png
+#IOS_1X_SIZES := 20 29 40 76 # No such devices exist anymore
+IOS_2X_SIZES := 40 58 80 120 152 167
+IOS_3X_SIZES := 60 87 120 180
+ALL_IOS_SIZES := $(IOS_1X_SIZES) $(IOS_2X_SIZES) $(IOS_3X_SIZES)
 
-IPHONE_LAUNCHER := \
-	novnc-60x60.png \
-	novnc-120x120.png
-
-IPAD_LAUNCHER := \
-	novnc-76x76.png \
-	novnc-152x152.png
-
-ALL_ICONS := $(ICONS) $(ANDROID_LAUNCHER) $(IPHONE_LAUNCHER) $(IPAD_LAUNCHER)
+ALL_ICONS := \
+	$(ALL_IOS_SIZES:%=novnc-ios-%.png) \
+	novnc.ico
 
 all: $(ALL_ICONS)
 
-novnc-16x16.png: novnc-icon-sm.svg
-	convert -density 90 \
-		-background transparent "$<" "$@"
-novnc-24x24.png: novnc-icon-sm.svg
-	convert -density 135 \
-		-background transparent "$<" "$@"
-novnc-32x32.png: novnc-icon-sm.svg
-	convert -density 180 \
-		-background transparent "$<" "$@"
+# Our testing shows that the ICO file need to be sorted in largest to
+# smallest to get the apporpriate behviour
+WEB_ICON_SIZES_REVERSE := $(shell echo $(WEB_ICON_SIZES) | tr ' ' '\n' | sort -nr | tr '\n' ' ')
+WEB_BASE_ICONS := $(WEB_ICON_SIZES_REVERSE:%=novnc-%.png)
+.INTERMEDIATE: $(WEB_BASE_ICONS)
 
+novnc.ico: $(WEB_BASE_ICONS)
+	convert $(WEB_BASE_ICONS) "$@"
+
+# General conversion
 novnc-%.png: novnc-icon.svg
-	convert -density $$[`echo $* | cut -d x -f 1` * 90 / 48] \
-		-background transparent "$<" "$@"
+	convert -depth 8 -background transparent \
+		-size $*x$* "$(lastword $^)" "$@"
+
+# iOS icons use their own SVG
+novnc-ios-%.png: novnc-ios-icon.svg
+	convert -depth 8 -background transparent \
+		-size $*x$* "$(lastword $^)" "$@"
+
+# The smallest sizes are generated using a different SVG
+novnc-16.png novnc-24.png novnc-32.png: novnc-icon-sm.svg
 
 clean:
 	rm -f *.png
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-120.png b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-120.png
new file mode 100644
index 0000000000000000000000000000000000000000..8da7bab3d0f0ff810af3073b14b52b557f91ada7
GIT binary patch
literal 3215
zcmbVOc{tQtAO9KKFk!kf_GOHuY-5PAWEUfnNs1X6GD9Lm6B_GGBTF)s$u32@F0y86
zknJ+AC6zlNgu3?E77~ef?tA}w|9Jm-&+~lG=bZCBpYJ*6^PK1Tev{9gwHFhW69oW3
z4C7#n<zeLC1{UJ=#(swHc_83#<!l82)lA5qk05WZa>W7b3;<Mh0ElM*z%FkoejWgB
zA^~8L001Ug03c1yW4oI1974Wl>}`3-YdbbgaXb(qJ9ymS;q-q@SXrx)HxQ;^ob7~X
z55dIw)t>&)CISE?7GrDW7Wr{G9~X3ltITQje-jiDPSR}&8e3j=xdz7WpMb|9cU_{9
zyMQBdQT_zfx7@Oj?qI1Y8u*$2M4^b$$;DPZxL)L~wRYjaeb>JZ0GX$F2II)c<z?9D
zbzH;P#6c&?C&IrWfAkfFN;MaO8&8~?>yMu6H*Q^hrR7oMhY?jE9VW3s3fHDV`r^`A
zp^a^+oq{9<9po1>O*RqIkH!<a|1Z}aID<^{_$R`h>B@QI_>yf%OT@Rr5TAl+dIAGD
zTBx#V5B>xXX&-b-NuT$A%beczaq5wDI2<DnuVb~N7|@@fTsy3js;8u#fsEb6A0`Z{
zwQ-zFqh#ae>KU1BCeB@G3H?P%8)!LLw9{P}z^q(;AMAkFCRU~C3kU&x^SP6W0S2Og
z3?y}$wCsGQFAD;uPeEyX1SP0=A|HTwgviL$lZFbkKQsT{3ZyL@mu-8~Y#=KmFK=U}
z#PJ(_HbZ1RdXycuaJIYI%Kex7Y9jaU-OFhWlg-=+OyAd4Vj>biMZ|PoT+n&P0eQQ-
zh2Vlg|Emeh8n=(;afNR<C1QI8NwS~lvWX1@o*?L+`Khcljpv*}JmK_H7HA5j4+&{c
z?ZhF!G~#uDqfXz)X!o_&#_NDkc-lUp^|=|=ny*P;Z|EXPIUDvb2ik;QgGs0ov_RTk
zg6cRJ8SuQaUrD1_MJ>45^sCge{2HzMw;kC6%mHWD*5=!mF_w_?Bw#)eX*6UG9Gn?+
zsMaBq1jNv81fYcNnJ|^C0yToyY6AQG1W-T#a;H61WmKYS#e775y|Azh)Y;kDAX&Ls
zX}etPc}PM6p`=?uI3Fj8x5v+KY{4%)e(yad6HjKxGN1;ACp%WRbE8f3?ZY7-w5vki
z3a^(Y*`gyH79X5qfBntkBGV0>P+eVJ-XFr;M=|!`EN14F`Eh7Bhx5R30cUasOmjm#
zEiDy&sOAxVKA*0U(jasRu>4+GQI$}rVSHCrVNCdjBO(s?Ly!cv21{oVzy9!!hx8vw
z_#CB!v}v3Oyn8Vsi!$t`7rox4+!H1Fq@_jHV(**}rc3#j8ogn1#l5)FyA^2t`5XYw
z=9|3O{qgve*!RUUIU8a_-B#fX?Fgfp_S<j;vrC!j;j1mK<+x#H)Jn2dMta70qV)_(
z<Ie-o(U()T{!)~1A-4s2L&_D(rpu6SX}MOibMBwH-LDTW|32)!?Hf??{ZL1SwvQIh
zoet3#d*Gnv59wdz@{hD0pjMi61G5_wdIz4LTM~4Pwu{?z<yTh^8<La5Mt)9Sa!~8f
zPmkJNu=<lb!}dxRsEUaKRbL9~O<1D?(ch<`o}T>^7i5?mJrfgA;8KmB0Ir^KA;dtl
zN5`nZSN$vo6cN$1K45gAbW_n3>!2>?G&kew`k;+{b8%<VCNX|vj+T>?bM=_Gnh2Uw
zBGFFx{Uw!H8@>!MWR?DaTK5OH1LXO0r%s;^Q^plYj5O*6AJ1vu7~Jky8kk5jM1h*O
z+)dO<etY+!)%^mWusFpgV_>qbF|yju6n=9myy?QU>z#*!X|}c$N=XPACqK3At&d-r
zoeeeHZ)C?!)C$ip@moK=-`nsw#dHPuw$gIQb#IJ3QM3MoYYO+$iHB|+wCs?kO^#e^
ziEo!uR8)kU?fg|xQt>+G0SmOej2LM)4h$$7nH}&+@~v<-M*__Uu_m7&Lbur)c(y@;
zSCh`?y5W71wmd<>1i7=Se18rP+hh>W_x7kCJXL2n87KQXOucjEOOzO%=3cCvdsc}T
zQ9zT$PMx~z*c-9%{;=6vJT>t^J_LBD@pc^Vz4?eWu(f2le|<<wQ$2L1S5U#c+2OoW
zaiNB2^W`Op*avD?dzX-AW@xHGQeP&QKR@Erj=a(JdF2tXHG6CJ#=7d-!msgKeI+Gt
zVIjKS;^U1^&rUY#rP(XD_-(#dq;d4O3|{!q(lPX(Ke%OTFkK;~=rxmvn3&M%-baUD
z)|cAQmd9wx$(v;^nqFR(IGmX1i{m3Lrgw_ZG@YEAvDGMU$l$;_S$whn{>EqXu@;!7
z2p3;J+cDHdfZUWmQe~xB`xwm^y{!lZ3sAO~esvM9x?&IBSrQQ78)?w>rKScQQ)2pm
zyx#p1e0}wkI@dWU0C2Bd;n=>`#4=7^6FP@0yUt4?AmAOBTD$PC^3K;WGo_TWD}H6!
zD_e)MG}cCIMbi||S4MoS*G_N?q;3?|plCdv+k!n4)Vc?9b9a~X4BME=)JBKdo+_<F
zov!}{^Uxq6`8gG-95-H4gKW7x)g_G>%2CcW+_H2HyV7e53J7sob(2U)&Btas@~yTs
z02V)=DM3A@5V+(I(0(`CU5~7#Vg8w!t^sC7MrgTbajf%VwOZYM2k6TN-QTnI7mry;
zBKXsH_3LFb`-*pBvsMaWHOS+F;VTNqslDSLUih5L8KY(TVgh|AEZ@Ei)6nG{D!InD
zOYL#YH~Pw>-0&iel-a=?9kL$e#!lFix~<a1S#2Dw>*scv^F6FKM*EQ1tMv}ZhCeaY
z={WZ!tlCfMSrLNKZdIqT`dXedklWzhMZe#nSy|#NR+RA!#%^kfTqwR(t8@CpQksV<
zxx1s^|DEd8bYf>iKa-<$m$1L5$DKoE_{Fpso~dz*J!lDY@9LrAbP3Zr<-V}lm5KDE
zu3eSB1m5Xd7=)7)LK*!wk<HGUx%oC_c!~S74X4h#Yi&I&ayFaKY|Bl8ZdJ#JO*wj%
z<*OHV^JG=vBmFdGn4N2S^#f+{wZkT+eWANA*;w7yypE4`i(5DjlYcT6mvi(g!zp!q
zbOH4^+m2<TPuvkdkT4IxzUXjbe&s&xsSjS*aW=(;+_9xkZ4Kk9<Km=OUgM&)6qu5%
zM>CiE-sHy*8l~2tZd_hvVSB!6yvZ-KyqNj=dS4h#A2w?v;T%Jc>V8;WiXvg;;F5^A
zZ=<&iPF}s6(CK63=^5t5_G$v!_N1N{M8A*!!Vwez@eNE?6JK3|L-ghKwJ}A!XG?$P
zDE9@I;m``*2@q*Y3<vi2XOQi$SGzad5Sg0iVs9^2fe*bt89YWGw1%k@^8b;*yjrH~
zju>QZsq)RZpx>CD<AbCmucm$4$B#={dCjMijBlZWF@}b6wQ3dz(Ypxv=KE2P#Ne@C
zz(O~E3>Cz^`8nQZDf>98LW;}Htcna(sH>~;gGa}{@~nzUJXl++3TzT7J~A*caL22R
zjLwTv6L_Ck!TQC5q>n}?weIg~9vk?wULsDx6l0TYRg+E^-HC`ivQ)YkYXQ^2ml!L@
zGH&y)??kgnsn0vI6*&ssGhx~4I&FgCM;K66W@c{AG3gO2o*qMUuV1x^TV)W>D46L~
z@snTSGn^~PG=CY#<0np>(87(h2|l($-9FLYq4*bmN|p|#TdE+JKdBb+_WWIw^u5%O
zjucv>wqyi}>k3GZko-LAiB}?pbgJ(4)CB#Y{gt-Im4f|Y!5P(QY%`qNq6Wuk`*#Y~
z%d}30jK!Bi@r1iQSu*GIeTc$%0;FezIocYFI^Q2HCeyhbj(~zM1zIf9AVI2^E2UEk
zFR>9=T|7bZ2}>0UM*BKPnBxijQ0uAn$f=DT1#V#NG$=EvZ-zd(+7NBnqk$*ngXx4N
zKbmV}n;e{BnL*S@`J8pQ2G-a%qyh$+DGioO8uCjwf>~IN6cFYisklnEvF(<_LjjKr
zMcJ>cjy!4f#%=6FHRmYmZjj#_5iM}Xi&~|vyd5;o$8pNZ8v~}PfT03>EbKW)c#5j6
zt3k}Qq@f)PLaf7+x|53cdByorirpoOpAUs-awUw&0|13Yp|tf-+9;Hpo`DHc-$dU~
n6NxlIB2B%H;{J;e9O8GCbnAZ;9D)2f9s$7Eowcp7CeZ&4dN;cJ

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-152.png b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-152.png
new file mode 100644
index 0000000000000000000000000000000000000000..60b2bcef533e2030e2bb8d92bbbdf010d89f2d4f
GIT binary patch
literal 4190
zcmc&%XE+@1*B)!JO7s>)uvQ3mR~MaVYxU?QRwsJ&-lMl)qPHN3WrH9IqSs9bA|Xo<
zE&PJ$H6s7b|9Zc?AKuUJT-TX<&dj-=^US%Q=bAGqhWc99s5qzq0Jw(IRyQVM!C!-r
z6VL4ZJiJ5zyQ=D`0zh*X^`$)-(dTj0Hr4}xFaZFFNdSNg;;ooX00=|^zz+-n$Pou%
z^DXHxQXoDccR*{Y6OnkF-|dVh0;R9Er9S|W-1x7B9m)}@07U>wPlMt+4J$1vf5k6R
zX8@qnL#eBpgv{-fhI(?Ea*y;#aF_dej*KtMDQZ7{vQ32(G=FWa!edkv4Wt;(QB_d6
zF{mw*ldL~boy_|s_>3{lDgpeQ<&sQ9J53!%PhHvTtzJ}(vi`_l{NC>)|EpF1KS)}X
z!m7vj@sRDMTCDhf+S1$5tBV^wOS@eoILj6Rk~j>wF_0wr<0G&pGV%Y>;#XxE+51?D
z#!NJtvJDglYz@BSLwiR}Hfr5ZfNZr&p}`gBd)nE&cEspQ313|rNnqFH&_XVks=VP#
zf5QuJbWj6rN69}3^T3=E3Kbmd2K-7CVw?HlgJP>?ed*!k-OfsqQL_+Uk^5htLX#JJ
zPWT)$1cUxOhoz=eGZpOVK7CP3y9jTbF|CvjkVvC>Ln<3J<)@wvf7&FKUe<Fgc>4vJ
zZ?EqmQXj5d7bvw!y8xj9Dy579%!8pE8Ss#<KZxJSMO9?qi{u}B2<%($$>8c$%{O&0
z0DTuv>U3o7MikwAe?ddB$;NjsWOo>sQn|s_gUM?b#Tr(zb*VzS`T`nKwu;w$#Sh1l
z{A2q1R0mfN1nAd66NfYu=YPQ85PMzZz%2TiDd>tpxkUdKA8U%=tYl2|sNgRhAV2x-
zPoQ#2u%@QwTYwzllQm^u5bL>c3_~vl$$WJ3<ydSVOadW~2V!JzP5lD~E)RaO$4vC(
z=<iVuA{g+$PUon=ApRyU%zPY4)BKK`w>NyVOL_SgzIBK+Qs~FlmeIX?k59X9{kY{z
zRm(r^*lfYwo{J!lS9Ntns+n*4WE*T!J?MkfY<{5C+@$!ge)7gMq(m{n|0621s&<hD
zQC6nsWY7XN5VWArkBc%LlQiX4(mB)CE341PuIrL+!IzV*J$aFG+;<5ns<b`InT}WI
zSBu4xd?iVTK-t-b4?mcTe-L?g%(NAME?V${%%$*U@-1ILLFMc;I#uj4{G_DFzV!m?
zTnPj$YRp9jL3mkuptks%hdmYQaxf?oK5YMQBl>eYfj#Et<9rqt7AxhjDLzPloS=g(
zH4T6@FdYaj@;iG7^x6YPy)G>|z2Z%80%yB=0nFzf^S&#D{1YzkaX*gUC6aXhyM}oP
zyBEi+tWt-aS}Nap>>$+7<&Bc+>V&|c*u<3B{sUd3;7Zz972w{zd(=$BgMYf+pHoIs
z{6gNBqBS9DdiN%j2A_*^1!!P)E1}%iu3c*)cph*!3|fAT!!ucE$Gm=@c6Aj6*3@8z
zIZn{~<g-;(RTcaw*D+ugk{a=|_}7wh_8E26pX)<MN3E@j!sV{aVA)dr5C!f6T>-**
zu3Q?~Fma!2p48H3jlh)0)bep8sQB7Xe6uzOxt$lalg>Wtsd%Tj`JMZFMST7dW;gpI
z%FTF3LlHU34x$Q?ij+e<u?)JF3h`iVOoAGFhUQcSBW1cFxbC|2UuYqST*y(TXJ4B*
z{71AvL?UsjpjYeWjggnmE$;67vc8Ao8!Kmifuc+G<`nx^zZU3QN@!>bCTC7u69(|U
z#gV`C?FSyEwDuGiihY~0F7{hV;0jie%gEs6y2IBkd|IOyt>)tsc4lO23!Z;<&GGj|
z%kz5b0ViXbA4XW4L%dT=-sd<CKCZ<uv_etrM(oMSbU|5}S)1C=P9MP7rCl-nwwUbZ
zd#jq%RQCJfJK&NJLeCSIcFX76#fDhSbyrriI-8u|3+5rpO>J$A*R9e`P9cJm8d3Wi
zEK%ngm&M)Q3nErlVg8E~Xn4M@bV{4YkjDPugo;)Yo$H4ZJU(%4e{gS@vkO@mhkX+1
z<_3X6q5eJP(N~fuJMv`prt>>;Z24%K8W5U4#@x<Upz!MQ&@VlUPNES~X7KH2Ck1T!
zW(1PpC10v<VrKUJ$wue~tSS7oQJbILD+eCS!@oBs5sBnTi)M%+cz)Q#8#!f1Zx`IK
zix$1AXln&#ZDmpk1cHM9cowJkUPZH!g4<QgL=2)wx1;Rs;w7!gmp5XW;k!F#fvZbs
zgksu7*sJ4e=0YokN}uK0R^#m5cdy@in1iOLNyoT9x}@2UWb#h6hH!;!H?OtL?>riE
zz(Y6q=U-_|&79b|tlNzxvSH=DMVT{KU(VDzknAWbnnhgHan9Z^?oO?(A%C-)iQ-a_
zz1C@a?jP;l>BWxDOAdD2?Jnku-dCW@8o9Tp$Q`Yakdt#i;!v+@W!)})Ui3;t`3kbV
z@c#0ITGn4vPVZfq@=XnM-M7biY@E_(_H8v;H-2`~h3s~b02{ZhNCE>HJQw6{7qL>2
zbOym1Jv=;|hy4Ax_72{=HhWnscXZ~nlo-Gvac5uZU$e<RT+13?_|)&smZgKQmN7KJ
zK%truXZE7r?XXBgpJqTln0#-LDaypuR48bo^Cw5l5TBA#*gDJ8M#R4fI2<lF5>dq<
z>x*HwepP^!<X7%dvut}{`hkhXZ0(~Wh(_d`f^Np%LCt1gW&s@1MVhK!1X4kx>2bJ~
zTE(;9z0?T)Mn!Ie`_1<8@%ZLqc3O(bDKVf}uNvy9F8C<0kl>Of#LV{PsFh^*EmUb{
zSr#)<2GP{gIvg`C(bfE1Tdtov<|JOx(IM9u(Q{57a%A-HQLb<-DTRKW3shLMVdm>w
zF5QTnB)ZwBjRp~ZKi2a}^KA~43B$9(jU|IaY-yaP2Bjc5xqoKwH@<%Ab9p#H>eC~-
zK<4HQ6(*-4ziW1=P9*?JQ<vqEHAED42m5d-Eg5p(fk*X%=jN+3u=2s6mKMBJ`orOH
zM9*8U@@TlIxTvSokcv_bx62fBp^bLEIjNVIBN?Zij2Fk<yYX*~jyK9<2a+Doo^zP8
zF{P1o2A8MZjLI&fuJa<MJh1E-(ZvvKw29Ku(|q@dz%`^VpUhWV_o&&Z6&94P?@!(p
zl?^rS!2Vq($6MhnFZxynJ*79K>>W7h@`#%)=vGFfJGDoP?-uT^Z~Neg&%?jO63Laa
za5G0w-3XEVmpN^%M-o{43hz?l$QUWDM0@tnE;eMb{~yD*i^x~rEOv9a1hgO%DXE#l
zUhf?UYMUYNWlpF9^xU}tdT{+~Ee76H#x1OLJ}6q`A`a_h>rsCF7`@vaPA~BIEaqa8
z*O{1cb30&pN^47EZgep!9LUX`BaB)YkG`VBCg=tSgfP&g1|y1PNQKRgTuW0*gYN^J
z(#h0DsC+}|Om5r|8iAVs{9`LtW=TYm^ZJP2o%!zXRjIwkaQ^)`((qGFG3h+QS=gW7
zq}k%GT?aZJh3cQ61vzg<G;t--q6~O+rZinz2vk;mjdPV*y6|U#TQPxK&oUa#ZKYxl
zC)nuhb5<Gu8MykL;Y?IHz(Dddm{>S4@aqKj?Xa5DAY*t;)ASCU_s-y|4dKful~)&#
zn~!sT$cwWg^ITNOoUC-8%aF-*7^3ovZ(t<GJ&DgqUzN2CudKV><OzRvt4y1R`C{Pg
zhworhWM_avkMZA_j*Kyf=H#Dua)hynx8rMSSS)C6e&WM*yWnm1xM?9J_`Q!X{(KuR
zr~A7WQP<f>9zwHC*({{ljKk$IZ6{UTQLM$%s0oqWAWD37%XDI?yu|!yS)^GZ64pli
z9KO7zSLAsk8=vSTPGX>Ry}vZLEYHU6-8<rtjosLxGz2_H*R_c&R!C>N21i)@yD+`H
zR6Od>;Qh_)d!tai2P>SnJ>qORHC<Y~%h1TEA{npMQsra}f421kZI}4OUHt54r;4lV
zM_6k>olX*R4Nt7!UP#B(oYj|Q&E=-E)2le@n53KJ*!thdLYIQv@>N+A6O))#&HW*^
z_r52d%Vi9D6SseC?ydZ&A2R1nY5oE;Y0&C;=IQkLbI-TRw1cd#H@I1&Uknd_dMR}*
zK)n=gCyd4vc`rS|C-Og<BbIQ@0s45QbC=7CEjrVu=Qry}<_+Pq-$lE0L3@}Rmsi`7
zU1r26r<NSl{s3Lj=ht2T@Ns0kvr?{T?|s>xZM?mR%Rp<x37$?4{EWT#3~=f^Pk$ds
zw!6WRfb2u{xkNC(tr`U_e`A|3B_3wYRmiTW$m+SYnB1)tskr5kx}x$?J7Hj}5iu|>
zQ_kR(SstF5fp)|6roVs-$Mq#PTi-Ic{U=>3YsO)s3~6OOlz~&t*=zp!Q^&?%k7=fH
zcW5}n@6)VnnSBe7phSaSPL<OWKE{-%_4R1+!Rop?lwW<MB!`BpYpt7=zkkb0aobsh
z($Vp8N)2HrNK!_owu_r8adK&?{PcpX+P8DTqBF=#byqZ%RU~oBP5tg&(*ETm|8p90
zQl@;v8tBDAhVn!r44tP!4_4><w=db)g)MC;uBJvHVZeTDY;061-d#zk*t`byxFk#v
z%bIR@GijjjD7n9qeT``jBVAlr9*qJC-wP>An#P|AKFIEU$67mG_s+6_ze)UAWn~;5
ztVzRYQD`s8QMmnBn2fR^{aYwEJRfap03lxc%9Ua%D2XI+(m=)B8xJKSi`XWLy$(jH
zf`t9XTqL+?cR=hY3@n`o;@fUhloty&tAxbGV6nHy9XGTwFv!H=bE1>l^pMdarSDMT
zt9P(bGBr<ZF0+syp3tDaFYay&s9jGrvQf#=Xk|>aN3y44txM=AbvGb!!0UOO&ZeH~
z`g8}NzD(@$-q^gTWMNYQO^dRoY4}4Qz_WV;k{7(qrE1W${Ky-`Cff#{FJQ!ws0Ny*
z6q+><`@k%bXT1fYCp25(d}X<cez8y!XE?a0K$kRN6fmFgos_acTda5-D=O+pN!c)}
zz0+5*VfObu`P3#HMTN968ZlFD2?NW5b9x!;#KhUgTeQSB(LJUQ6SLrr*aTa4se<k?
zR82vO$IV##b%+j0+7PJzGgg=_%Q(B2ofpzy(scBF(WsTX6|N%03jq<UCc=tFeSi?B
zB0!qCijm~77cX=wr?JKwW~{~XK<L5t`X--roNKqqhW);NjplJz`zA|E9#5h$F@Qmi
zrKFCQ{~_(}Fdw9TGTcG@*M<dXSOhrP2RO?)K6EAmAdVCl7Znp16&E)VlaxbB$Vo^G
nBaw1Qq`WQ6`hO9;e4N}}LjP}q4p6#5BmgK4ef1Y=n7ID{$@6OH

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-167.png b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-167.png
new file mode 100644
index 0000000000000000000000000000000000000000..98fade2e2403681cc451caefdf334dd34c41876b
GIT binary patch
literal 4574
zcmcgwbyQT}w;wvBr9pB8iGd;1Vd#_=6r=<shEC~lh8mIXl>A~K2uO!?4BahA3L`y$
zl+^Ej-+KSNx7Pdj-F461=k9&>KA&^X=bUx+jndP7LP^d_4g!HFHPls}0rK;|g_Ib0
zdNXS80)o(9QAZI3s!X_ZWkm$MbJ?gr(*c13`9PqM2oUHmpbGg70{K8epzT*65IhqE
zV)Dpo(w6}Y#MW9*Q~(KF7s}sJfFScwH}L|2@TC5$F!ANM0ZI~Y4INdIO$tUT0&w9a
z1OWok3~Q(;8u<U%%MEg2pKj@Gv$wcBm0LTfO~E)OV|@NeOynvE<+)KPGi9jN=S=-a
zDd|VC;Z$aXnqcaL(GRs~gHT!l26cflqNZo(MRZM#s!Dp^K|%M)Q)`CT-8iVCs*#w>
zZ|mj<`-}3A*x2nycXvm2hvrWXcvZ8`T}DP?+q^iImk)-l%<5dm6>0E!8sFd(c7%6p
zklu+(p<$%s=N1O*DjBQiM0`txky&wj(se4Wfg{lW{|(fcZ2%<N|Ba+jf4A6HL^3kq
zAb5S`8Oc-*xvN^ZLGg8fprESlwaG8pfWgn5(G*U)X#RCPhoH*0)-kYNIk~s}OZ{*2
zzour;v@oll9l8~p)NW&|JA~E#swHmg7CvBbm1RQcDqc4FdSj$_0$-8ZFx#BIn-qxF
zq)jR1OWM`69$ublm*2x8AI+zAH@af=Qui1TS<R0VR4nl)%_og7>uW!8Fm}r5NN)}W
z9l?AS1U^iA_Z(%-QH(4F)>(DF?0acT)mzWeE5i!=Y7(ZNJe9LX2>MyN?tSYxG%{jw
z>!s0)gLIAE#}Y@NH;8h6%Y<G8&=s3Yx(=GC9ZY+|gZ{$xwf%H>+4|r}k&Ci`oJJ4g
zCf#bVv_qgLz5>#RBSXZz>GZ(BejxX*e&~F>iMH+|q;&&*BDg=4Y#bc&p$Co+f=eO9
zUO73D%gV|oB3K#~;w?u>L!@G`bObc38F6j$@u#Q0gY~Xo)`wiKAs|lUuSHDlT{+^^
z1v_x@EQ-!mD7j{+<tS|`2cwV+iHGRtp*usv!`%6!%KF&@q_k8f>ABU(a5#MX293x-
zh?%Gw+VS%yg9}SbOZRvBY7mKGhhy9sgGn&Rnsz-hEk2&A*y)YME57tEf+N=BIj$cb
zki(^=b>7s`33r!7PwqC-1lyXp-H_3aXG_+OYSf6tiUGvrixmT<l07AT2Trrq061B+
z>kUwJ6&Mf*pf1h-qAs^SJvtcR&p;WU!Wx*+#_F}+PSm7B8ew%&;Lqa3Z+)ExUFlkI
zgCpXMKV{FBux+)dS@YZGUM}}P(F;b)S2Z=T7Dv&Ey|fGpUOlIaDu*%rhRO-c4Ln(W
zX^8A51%Ky$@F7JAwN~T_pP{G^<H%GfBfY(Ya76n?$g$<sqY$MnV(0A5Q&$H~M)@fS
zzb?r5WM5ESibNDbwSv-$tTZ0l8+14Q*CwF*6cb*1+rlWk*FJYZ7;+0LFtg0BnKD^?
zUAGuftj)#H-gIjkd42?o&KJht`*xt8^TaXuf-0o+E(*gO7!>3<jmU*!+#3Aq7W?1d
z1l$dbKU?|LpVDW?G#ue|GToTiZVP&U<8_xViV%arl#5Clf8x+1FwQqlsJ``L^qQAy
zckb$84DCsIqci!<X<CplTv6H$oBUxy*)<0CF^rHNRI!g9`n7XM_G8=EIU#NPL@#j}
zRq893acAnZ2~LZcjg!Ff+1W^2@hISaDPr%sRZh`v*~FnUNkfjNiBqe9K)AMxCcw$A
z^Hu0I)`%UIB7J|Eyd9)kf;2Z_TC)`$|0=ws<OMrp5{ztil?Vc?`kjCGpVbW>Kp2fn
z#yNKZCL<FUPDnT7UF153#bqIVHNEXnjSxE;<WxM4-2d)QUTM6cvidT9HO&aFce;7`
z*Us~DFU?D-x7V=w)O0;r`sxP1_3w04G~!EYtdZqL+k{zi2ql}{*s}bc{LvP_h&=d4
zm*wpbyX|U9CVQU3)rDnU5BI)0SC-u$wHWk*fi=*t%*hngU$LaHFd>2r^#0NC%H=ZW
z>I@S(18zWQknMGO$E&2vp8%$YwdVDBdL%CV&hI@RB!5y*^WSap=WD6pekfB%y4xFT
zrJgZ8lKQLX`I=VKf@h~&^VL`$qs)GA*WIT>JRAwj%=OrBeg{O0uLlEqD{PQRjzfR;
z_4W1H>nmqVw%(N$M{WSX7XxxYou!Szd0A9=R)xFTjC4gxi%IpP$WIU2!VV9$9!@z>
zpDhKkynj6EF^D=5y4TgkVk^#4Q=7FDZOg*Up3~hc_sDwt*jHbeF-iBc*yFSDbS}Ro
z6DKiM^1ac~QQll#BiGoH`-lZ!jp}MT3;)nIS_PCm4lSy^I>3N^5&ESh-u(MHb$3rp
z`^u{=7-Nj#n`EZ7V?5DjXtcvr%bQ4g)!x=O)?|~yv0_+LT@dW`2LQv>=T)Y*u_SE^
zk6q$L)Gh2q`7b{o`M<PKX*1SKZ$H1;m#83V+|@C5^%&uF)8^}Ox#zg(ox*G$P?qUP
z>cU_zH;P;Il3hF+(S3y-p?LNMb5J!i^P-(M0o<_B8;^%NSKgW%(B*WV#V4Wa?#Mjm
znQxlTjqId~wcA3tJY7IupOCiR_{cwU&nq)-b?3zO%3Fk#qpAwE9NLa^wMZi`vidGh
z@zAArCV-vIsrW)|zxjFZ-KRO-qo`Iq7f(570!Mdj!j=V+<-Av(T{>;2__W2Y$-6*t
zP?DG=2)7n<Yg9ReCE!5G#N=Puk`Jasoco5iw))owE%R2=+b;M#{y1zkl$P!^)lQsL
z**w9+j^?)?pq3BjntXKDgR+#B+np<<Ub8;5@pW0I@oYV_pmA?u!2I+xTKaQT7#X4*
zDZ=wUZjL9mN9ONuQpvK{RJG*<39>KXr~Wc^`_HAIiOM{l<fxnDz=eu07BgjLSkrX5
ziXC6W91!l$r0iU)Y?LNPDHxB0iXPWaVB@2s5<6GpNPM;^F$_UnAXW}gqW3C{D?3kL
zxZU2Efa$Qf4w9C-88cC2n`QBRaFy_TR(E{L*s^?SY)Af0_d(r3BMAVVzA=YVXr;W9
z8TY#=xJx#J0C}}OQMr8Z1WfnkLYj(`c+C^pC`=GZW$wF3;L7M!xx@Nb{ra^2XTxjs
zEdvSlc4nsflwOfo{`D?mF<4^R19fV$@@H$}Fq%PV`)~ZA=Su5k$QOYddlj65Y7h1}
z>&8X7#{}|qewHM7ODiQaH@B>CX28Le_Pg()S?QMJN=BRTy~r-B2&KZNww-fNfGoPU
zl#9IevU;@ohP9u3t|>WV4emJK{Q0aPi1?X_S_$>^_B)OwZM%60l`^Rk+jf1(bhH$t
zc!i6Ug_<IEKamLX)YfE&5UhP=oZ0;i^4-g>v>kd<6d-fd_n>}JGjrnI<K^9UcchKX
zf@n}dlLgeo+1Yw#;pIEt$p$B@Vc8&%Mia=q!kz4TB$tdZ{K~R*8v2n|Sy||CLJLF2
zEA2~<8&l@rZf$+hjy;~<WrgvKI9cgbF!>+#3-j?i=PUd<wX3utS@x(G(st~Y7!78B
zlEAvaOF$qMyeaY7<#yk$<KS%e3dJtbZh?{wJ6p!)uY^<M3%!Uf&?_#xWMgh1Rb8!D
z_kAl6Kp#UPe`&(G6wvGctqpZ6?AChWqCBE#E2&euLu4P{R2?3EHIq`AEav`bmFdBK
zx!}K(8g2o+ovAXLo8aAr*+>cd^Lm5yP;B0Ni`N_uTzboc!S@*KrM~vB?|%<naFehf
z(t6hKfgSII-cQ(aWC%Jd@7fr=DxQ3Htl%6)3c(yU%uGH#<I2ZoaKZ{~tp5qbTw&!N
zqi>L{@;`n9KC4#p#KeL91TC5^Wqd1Puu}BH*$R@@qcj0!o27MuwV>toJ9F{Sj|}nm
zViHNBliwJW);H1^iQ|``ALa*=tAD=0T!mA|7na5>pDfURsv!?3`1oQ{Ghrk8-%tw+
zp+CRdCu%Rj=A(L!{Lig!KJ<@3KN_Z2kqj_bPkkg1X+115HTHT1!uh*NZnj<i)FLH3
zhs6D~(kvA=q@FrBGvmO1=lgehbO`c-#UrDl5-3imOR=~f(IflDIP&MFRsw+qv6W5Q
zXFUzsXj917fZOZ#?dgnimgAt)ml49p-`mhu1LY#ExZF>S)HU_9t@KLuq=fi&{sZOF
z)uzVByf#Ss`lalS)4i)-i9J@D<G%VrK?ReO7>?f^;ddWS334QZ=O>)-@tYClK=XL%
zknj7fUHd;dS!dQ&GA9JPx{$j|uDhX+F5SdJ724|%+~qNML3wZLdcR%atnOW3do3P4
zUh)vpc4Uy?aHzJnFC`<b3Sansz*;dQ*<@iZTALl>1q?S;W=!~Wzjg-AM1IBH`Ib_F
z2QPT-t`U1oJW;r!zl^|#XRH{^_T%M2Qf}RL|JqNqZfJoramgCG!3->J*nKA7Hdp(|
zeI}G(gBJ@aDSBeGmSz9QwEW3Cw|m7LGhZVXfIc!072?ik+je)9_P}YHt3z25hL)km
zlvdqj2Gq_XY7xLR4+R#;EFq<1vsem|Xix}n+DPGl%9E>WR`R4+sFZQ$<vVpNO(7sq
z060b5BJhh({TQQWj>5?|JC^az)ECecl7aOeCh5bBHp#}@Zbg{qi#yKv)^7#Mtof*G
z=z4g%Y!b?P4v<)hp%hoOh^#WvUwuiwi$1fGGI;|8+u<Z^Y@eEgO?nR3k+#+IY%`MP
z&Bpd0`Cz`nVZEFO9gkbZo{4E~DeJQH<lDo%9c1%Ra`B@mx$rVGEv@pO<jJ}9TRs;`
z?vAqJ;$h?ZH-Uf3%S9G4{)+tCov+T!%PTjovm0ieJV>la)8-5Jml@G1a&~v`9Y_;$
zKW{AGVP<3N`u*Es_zn?U$L8>R$Tc#;MQYI7mzDaI?cOJf$gaf`(UbBRF=Z%o_x5zD
zn8fpomZ!}RC~PQlb90SbgQX_6B&+6yk0^id4BOo!f?%xCZc=22uVT4b<KW50yo(X<
zXx=Mutr%mNqEeu7B_-(@7E|~@RR_lIE9n>7t&#apSy@@R(SR{fH|W_p`H}tE5y%;>
z-j$S)Mt02zl@QSJcc8^K&tYENVBIh+Fr8;`P9tzM*H6-WFg5ldlSMtJoANwZ?#Z<_
z2UvFvZeZwYtfW<z2#a!l5FKVL%s0fNNXL&?@P~NKK~gXlibuyE`fS2il9gc}K@T3e
zuPa3~qBHo8B+85IIinr#sa+KT9hR=A|HEn^Z3Tp%mCA;q(pY<rv6>>vD@s4_>Ya#o
zNO$9hL@*hk?(2VgKYLx6Y_PZ_S{=-jV{S_b#3^vh_8|Ta0E5JjV!a?HbAsRzMm~CS
zvLtf@QJ|`lj)>^8DwNfhNQ9YD04Lfg6_<taP94BO1<G7=h2%-%@~i_z|HH*j^%z}g
zG3f)O)DaJZ<v4%*_>n!rCr%Jmt)Wj(<m&3GBfllqtXBUtq&V(KZZlM&;J(=)IuZ7s
zv|=`<uC6XUGwOY4_dKCP_FLd<y}q00ln5hI)2Am4??|76d??@XyCi(aHZDmCEaa2N
zZVi-C&uN%##v~~_UU~HUEX%0pi0}@I104s;Sw7z|h2up{5;5E00$Xqw!Fq<Z8<4_4
zZclgwSOe!TGkcTBRjRz^LbD<Ep`>I?vg{+TR9slMBSEa#gJ^t{^um(uhl+GFT%N3Y
z@!e2NJ99W#1IV<hgq4%Q>dAzv`q_35ZK@A%6=p}=OyUsAz`u_B-m1plwpQK<xXo(>
zAVA_!adC*4I7D3BKui)2m4Hh;5`seEP^h%|eY5}J;OcJcXczE*J7|J(v48_eLseI$
JT<KNVe*kw#lp+8C

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-180.png b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-180.png
new file mode 100644
index 0000000000000000000000000000000000000000..5d24df70a243c2bcbff5ba4bee18e6624163ce0a
GIT binary patch
literal 4730
zcmc&&bzD@<*S}Iri%27|D)1n%!qO>=lypi-cL*%GNG~DMq5={U(y<`j@sI-2B}*(J
zARr|n&3m8c{r&U%<Nf=+pP4yx&YbVe{mh(m?wK2<rJ+PY%0vnP0EO~1c^#0}{8NdE
zz*c&QNB|@R_Oj}-08p7gc4<in@=)t%I_d!6#|Z!-;Q(+Bib8$@fHyw?Y*_$+#76+2
zM`ko>OMwGKR;o(!AO)W@x#nPykRYEKc>=&K?SHFT{{9Ilgm@{dD?rxC=_v8pb1q=E
z0C2}qSzcDp7rV3I{PLcCBV_+ZQczNIabY%Q1~ube{$reYih~0d8C^t!##2bb%P}Fv
zd-@zp)ybig&8>n72!Yn-yrIJq2e0TVuy^kelS)WPL)VUaA4Mr|t#rF*oK~659blRF
zjsw2OrguwLSA(-xS7e#n+ODyTv^8J(OC3rH?tN)%YkNSv9KLh{5LezMOhZQCsW&`D
zbDHEJ?v`t1lNfM~hV#%kbkdRvEtCE~3^T{V!IjCtmBZ>r!zKUoCPdcc?@W1AYxDSz
z*yOw!8{XbsGT(nFz$&|q<jIRYt51y2OEgUB2-udYQlTTvu^9Ylm?&%fj!KQ_4qMzq
zDc15qd)Y->=j`obDD7KNH$D$u>q^>s^Hbr6N?vC(VQ*c$rPC@+beY4&$LO**W$$`k
z&hXkb+udPIu-MslzW?KAf<-IRUF&1YA;Tg(R^Go8*_bG)$lvHVp2(jfI0KKYmK^yE
z#U9d!=y4K1U4=9qX@rdZiL;`9Z=0o2rV4H3H2Px+tL3#sE<k^uwajIWmUQ&c`K4CW
zsKO;B{U_=VbyyAROx#@zXI+fQVdObl*|6G)Q&J(|C7$BDhla++#@Ev(efK;(hFjrq
zXe&otWhJ~`hGqAldN9WlVX1y=b#-+Rr_!VAnm}p@QPb4K9mOdAGQe^7K><l0YYqU#
zELDM5U0wZia}y0E{>p81WvdHZTTWcOxSg%K(a5jGOP8p|IW{}%I6?OA1xct@AL52D
zgiHi8$TcdU#YOX_q2Y}dS9qw+m%TJ#ze?R2OL&DC%nzocqkHKG*U<>X4>VO$f&@It
z%J+`7s#y`3eL3Borh<nCRt_5S;X@G{NLm9I=DWq2Jm~no)wi~@;}YKpnhb@^-SlY)
zVK7*7?*|GS9-=gEmSJjz#Oko8RV4=oYtT|U>)0*{A){J(Z30AL0<{M5(?<iKSrB5M
z{<py@a~~5w8Vx7YTZ7Jz)(r!o35EQ}wi^$;Y_9Q5vy8}qbu_$8$GD#oVXYygJC!~Z
zb*{Ncv=r0P;>NniwP)z}sU~eY_;=b|79P%Zer@T==(R%o-+$e*kbc{Gon>vOa>L(S
zhKVdgZck~>?|BsImdwck<!+a5mlMx^xvx$$8d9J$^>XrP{t&&z-#6aO!R^)8a953&
z%ss7s(B*Q|GSrG+eS=q{O7Sr9O_Fe;fWB!qdR)KhLJf5#cNGj=7anOP+sfx^*UONW
z^Y`li@<0Y_6**p@m_4HIaqeaS8JSJu_)G1T_w0HZrpt`vAQ2+(*&TcAonB=3lo5NY
zD2Sx@)H>U4>4_wlPd=iJc$#zB4HG<<nGv2LJji=9xV1K}rgR_hVJW1&#S1XtBZ=~j
zQng4uH8pSRP2ocdGaiYy$GD(f)0{hd+uh^^QoFx?eUs~Evx*aa@V<ZPTdLsmo0tA&
zEb0d7$W0kO@h3AGxV=Jt$**Gw=gXk><vbYHF-V^z)Z$b^kv0M;7K?dN{~$@_K3Gz!
zQ9e4#@2E&4z~Ug<CA)?<bbfwb1XpE>hY~wDJHI#!tcNH*gB=yT&qcg{Ee}SeF-gVG
zVD}+$=<X{xjl(!Hw!pdo6j<xM%Lj=Znsa{tEa3H!_?$!p8o}CrHUwR9zbc;_%as;;
zHIBuw{i?Fp#M6|@33iT|H6qEn{2`L3v&S0Ha?qRJG?)-~c97543hB?Q-tgb~p4dso
zN51*w=Ig`seXR5Sg$>kBT34S;X171CIb?nPp8VKVn{hrIS2QlZR_BsKPp@$KJB8)-
zpw!8C+S35X_s(7#P_2&Kgm~u1hx4AWkD0@kj*k74SH?}vDagxH$+xyBH}VhtHUshE
z)cwo!?Y<CA8R^*D!M=1DjFD#eti!jpN!Tc`KduUE@YTK{u4xpHgs_Umq^72FPdl~q
z1;4^OXb9RL&Vrm@^ufi%-jLBh{`iE=`r<?=Xg^GrhIBW=&&GxzEG$fP!JUV?-`c{0
z7_}h0hixcf@e~h*>a~QWVbH^C44MArgUHmq00>nNd}fz;YC5@RLq^82;oEXoh|dEv
z6bkix8`s(#5_mD}w-s-2b@kA&x$b~ZTGW#yeFqW|eC<i@)=E1W*j7y9`@5f)Ix3up
zZQ%MUC5P+W(*OARQhtg`!ox)3r}sTCd_>z7DVtI4I|CQZQ>LhV<X)?%>+LSOXq_{x
z)*QYmFW$%#=a!_PQ_Jkq?dY9C7yYVNo=nXsW?a_U{_?oLMQl!K>EMqv0|`H&xVE<C
zrnYvECkIiE^^q22vQ%mdxbeiQ1!lMK{Q;iy8F3Ok<gf2TqNx>;VURuxFNu@AAjsu$
zMSkCb@BAd)-#?|Vf7yHf++iu*_HUW`g!=6+Y1fW(+cNB}WSTfwT{!K4ta~Tqp?2_g
z8~;M*<j|@94d0eyOY0i`bPiECliF|HOJXGp4T+DZeD6G6$kh>b_x<-~gWhjyrK@|D
z_j1E<2Ihf(=)bGe^XZ%QzEr$Nc64?~8gwydCv}>Aoz-I97k#<};ma+wZ`JJrfHzim
zF8-K{nAlkWVu4LZ4H(SO@2juE2V(mxF)8~Ie5dX^X%hw;<u+a|`;jt$Qv77#v*&`%
z&9}q?rv4m`pjNEe(#Ni}MBRu^c0YAxT?_5~^hWuguz#@(yVeeppg8(teuH2y{*^?f
zUuJ$=>f#qaYoM1PX#{8AqCLi{(oh}J?lU17HvDUsXbG8JSP*bJRbhNERiW|ovF8us
z{cUse&=OZ~8*<RG%rDXo+Ri65@pEU=Uw``aDPC>1)>`S#)s@@o1rA3f`^A3SEd})U
z^>w@Y$ehyR{!7J<15a@xA}m}QbK^gOCA}x*OVMvr6<wQF?}iJvlzfs11YNF<Tess9
ze5K4Lwl8<w5c!|u=$$9c{)+y*xj>Oki58ilmhq)}%YKm#+u1RaIvV}3EO2$zF@G%J
zVqjn}WZ>9-DX@QBVPH0_D!iqrH8jmwG%@RwWV{lMCv~hxsjI8|ysWkgAJR*HI~w#F
zGvAyeF)Cui%#!VHlBLsw0i{*5Vr@}8O(LwC>ZNBEzMo$&&&lBswu&PzA!zb6;|>qZ
zRa)juSyCgDoaymu5>xF=f0fDcf!e}wWcehuJ-P3CDjp~2FUPuj5?=jZqO6o+nlr5K
zoQ@@kEGHSn{<)}O^5(VMGv~<EYxXAEVsH?I9r*9w+HFNOUC#SHZ`f-yIy%lLPpK^J
zG1U+m-0!~of?v#`#e2+YGTLKmdS(OsQZG^pX*F_Cen^8wb=$soHc@^TecCG;8@xD7
zSD&e;(v51rU{zCNV6$-&c9KQjNV)SBb9@USOR->)S&R!Xy9xgNnxeyAMl$m33_HBA
z&@75xG`mt}_~hWe&B$i3Kjh{rKX97R;}M4)IxK4CWFVhD^7Ou4Gfge(@q_qFgKzPc
zcd64FXS6Q36>jY;ojG!?db#DHpSgrJw>Ae9szzjRQO+|*<`Q)HZO53cblAm7+(YUy
z&G-orP^cliT3pC|!;#J8tqi3qI<q$=`FH9iV06-^ZFYR&)8F<_tWDrWN--}+_JVOy
zSvOL~?u}DsxykIsCBsV?ll0zf9aWQL^g|_&j~N+4wQcy2$8yQXd{s52JuW>leC4@J
z-h{QglFlY%HL1y`i>)2Kad&CcVRQ9-OV<~1>0Caw4VY}ETDUfibGfU7$tQ;b9n}o@
z&OkEH>+Q3X`aX*fn$0if^|j)Rv!*bDOCH%nHQjq{%;4d$k8l3=#wG;V5TWKR15y+3
z!d!WZ6kByLaUW>6-7n(woTBhMZU-B79~}+YMU5DAUtjgUa4R&P*Vm3aw?iX3k{1v&
z_$~z;ZLTc)`&|a^$6G_eL2P~wq|(y8s49=D9v9lFB2@y}FSaQBeMI&xPuRg<Sp?&o
zs)G{>5nZnW)_8i=Kls%&U_LW>JK|=`!@M*Jn2P496BN;Mk;%#FummX&!o+80s58I1
z224qT;??yZ1Dx!!fGicSu#SG&$c|_pe1bao(j7|0AZKsSly&~$;G62PtNRPvI>lBu
zHgm`uAKc)WAexA~zB};A($6s|*5J!f%ey@ox_VkW=Siu`+}!{kO+wH?0!COZ{<y9l
z=4ZX?ZT;WT7UYUX^YHMnX&4&qBXzn|vz&xgq$XMVUO8@E4{n2l@D>_f?ci4bB-rzD
zA5?j5rrL!Wd2@yEzYs2R3M|AXv6GZ=qbn82DIyY8W~)_yHX@v12Xc{4lBWkxW9GOq
zih(QLRAtFS_IB(wb;%W$!RHhCd=@L`DUy_Ii&6E9RrY37nmZm2+_l}uzQsK*NwZAe
z95?4FfwTmLY8o0=US5;QvkuaX|9GB9%k)a!z{@!7SMzIX?+X__uj|WK8BYSS$voGf
zMu&;&rJ|Y3zgvUZNC=KyUg;SS#2t24{}YGW6H`DVNiEji?q6e|WHXD&&+nB?E{d?n
zr}*d`g&#MzQrGDecm8V@VD*0~U2yjC8}4l(K82oZl&DV39BHZWmMD&V6%7$tDwH97
zndv^HYiMqsCF-hgZ*g%#_-!~oS^6)(AXYK&lB0&)T>O7RY@GGR@T(sl;wBA9%O20J
zuKbF{MKh(s0vFd|@HnTXWiF3r(5Z||Cv$Fm{w|B1op_3huPg1;DOp%TqL@|1HJA^}
zO`Ca9l+p%~k2j7sp>*^!OY@DM=WcnFuwC6kJsSbW4Dr=P`$V;Yk7?L&&y9cbmEx_e
z+eBgCTVBl_>&%v|8I`mY+^-u=Q{&9_uh-V5xvxBY6GRuI0Ad$5IFw6NOQo|$n5SKA
zjYOvOxM@hgu6Y#ft{9VnVIBE>9wU~Pmc}dE$z(-_sq}c&Y|3C=;0kOCY16oz^%SpP
zbJUhK=jZ3ID_cAH4K=k=8+mswBTc)=wX&n+@X#SVYr3RDm7lnx%e|c*jdttD!sT<v
zn)aL=xIm_)q{*+5nK13UqBhM7K3@zW*zMdnyiXm~AWaU!;^D8Kv9CmxhJnge4noE$
zk1>oi4pvbmC7C}noVZ5w{_)T{@y%c0?N>O_cJ@eF=@?8opTB1(sWkkyWBEY=WbP>3
z85$bOEOPh&rkVwgmOiBzm)9sIMJWX;f^IAL$jIGiXii#3%M%sMEV9h?c8G5}on6I9
z1?J$o;+}gPS2RVn?er*J+J~uU&5WW>Wn=G}MoSpYWB}esJayNV!!xQlMP`9-;ALeV
zp-nTAL1fHBDs)RrV(i)Tsn?W(2s9_xP}cHEzOGLWqQWW^3T2A(vr^=4*2*?`lr<7*
z$h*FIDBvWEHj4=T8>;u*+n*sm8&UD#GuMNAl>S@q9yM!c8<4Q7c-U!Wi}x|eiQTKa
z%EX!}pw~Z&%=+f~T!GN_w_MS0<R6$Mt$zEA@C=8)w%~tb!T<HDt%{XY2vRd=Q&iGa
z;=?zPgAf%{&<0a?rrj3X!qLLf5C-eFwv0JiMV61_O6W<w@GWCywP^^#WU&vnvo-T?
z5r>8#pkV1(Xr%YaMfiW@9V}l^FVWV{mJWv#WsN`-w6nQLUE-V(=o7#wdHK)9*yN=A
z{kk`JruMP$XYUA%l2h9Co$q#&&^SOGm#5lnj0yzOySPT5Qxn|kvAPoq4S^H&G7!jy
zK#2!MKhP80ddCjqliS+3x%K_*!7IkAf*|le42PG3p_h%Nm#u`ghb>3|0e%4i7+e4*
zAfN{qlHeDV5ES9z=a=B;mo(*g@m~NJHycO0SN}Ia1^Bc90sv(N4f*n?7NP$Gj5_ue

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-40.png b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-40.png
new file mode 100644
index 0000000000000000000000000000000000000000..cf14894daf12da14c536b26101fac933d47ddffe
GIT binary patch
literal 1245
zcmZ{iYfMuI6vxl)6G|}`ETyG9N?i+WX}N7Fr7b9ZT-x%oXj@QVwx#8v4nZpswndqA
zgQ9_D(I9BFjx2*QhmYZ=(TwSIb2C#y6eQ6&l!-Vs(`7nQceii*un+(9JO7jXb3UBY
zWiPcvGZGj85N)%XR}oDAM-gPAp5|NE5unr=N(=x;d!iOSRKoLXtgA`@+C%_5IspD6
zMmz2SY{dZXy8(240P#)xPnG2Ykm&Ye2d+>klu9M7i3U4>+)Nf|1Tu{*vM~~Q8(~>k
zDwT@5i3+U%P5>8>>?EFp2h{+Z0k(liB+AOlg7qK}2;_1(%fUiLXp}oDDJe;#(FldY
zn6wzChnbj|sMTt7b93VyaZ9vI(hO;gdIoHV{QP{rnGZF<=kswKk132H=}C-I1_>j{
zWHOeHMJ^yCI6}%Jp*$4BFss#Sv)Ps}Uw-IN?CaOy^Rb(o1$*~K1_CJ;E>P8K`HdU2
z>(|M0x%lka=*2~lNF-*ndBqC(!-vS!6kwP%D+`;Mp*?y8%a)-nEvX|TRD}YYo~BMt
zg4fHtcoBw&VfSw6?q1r`64lw6xNRFUI}1HMjK)T8RTW*M$()@fEi8aqEz;}d3k&2s
zcOW^L<@M6X$0==XXmxc&TN}5hhko!N+v7p<@}yH!NKQ_UN~O4ZmHhlU7!1ipMbc-_
zkckOMN=mR;MDz2=lP6%er<hEp`udciA@a$SXmK$mGc(ia<Uf51b8~R-9w|FJ``kI&
zt5<O546!lU=i|P30d;i=!^4!`UT!Fq=5z{Qz67n7*4nyMp;$IOO)4lz$jght@mPt3
zi{l)<J|;hZsmX-eY;2>EV=x%>dcDPBF&d4;lel|ar34Ufk;Obx?*F};Fp*8xHCqT4
z{i}th!qr4W57<g@`W%zJg#1SMh0IT6&f3fdN6wEmZVvS+W!IqC=cOTRS9S|}dAtix
zjqkfNcl++$yESw1ZZ<{P(Sc)eAtNi)Rb;hdPYRVqNJB#{w>Wsr9^9NCJ7`a~N-?Qd
z;t;sP%8)Ux)~Qyjw?=0$)Mc#o?eG3P^7+modwlWz`JJo;P6BtJufM;4U!|M&vGBv&
zvJLp4aYLt(SE-M<b@STz)oVX+&j*^fZuxVRN-keX%j`66N?Er8{VfIMur_Ys#WH*!
z1T9kq1?`3t`#+7Fyw91bK;!CokGLBL+yfD=KHoqFg0L@PLGe(-Jd?@Yw`Q6-KBoP8
ztQ8GDfBa3m*q1&k^SRTH$+Ah3pEAXNjGD?SYN_QFZ<eibR<EwS2&=xg-?}o@F*3>x
z_lCb4`||SG8S>%Y@bS-1)5D|J8Mai@y6vw!x|sGL^CQvB`zwzg&_y#psT4@}D~@m9
zORY*hw{hmNc1!AbJx|^}((AeTj<%^!UJ)@TU;AMGq)!}?QQ5frFdARs@%!;z-|lgp
z7iSz7l!hNjeqjkFZ<l{HF%jYftNLB8^XZPYe!RnYWX~y=i^5WdE=j%^J7J^)=UDrd
z^qWnK#BqfIydvQ91pK<1&3*!)#FR>zLMc-!9f~X+rqZdhr5L8eFnzVK@;`yMHu)NA
WTmL^$2nT*80${^S%}0#x_x=V(2bBr{

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-58.png b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-58.png
new file mode 100644
index 0000000000000000000000000000000000000000..f6dfbebd2e233bfec83a4d557187eec9e660d0ed
GIT binary patch
literal 1602
zcmZ{iX;hO}8pofPm_(L<l_X#ig@%L>LXtNxNq{$D$z~STV6>%ZT?hz_xL{C%D2t_a
zX^T@p#!j(NK|w4>+)yhm<I)zUL#ZsSs7DW`C^|}qR5>gM=bic1554C+_jjLrp8q}f
zKKFkxEyYOlVtD}o&1}-A6U6@)i%G;hl6{p$V9{nxvId~D+IxN@naG2)OzFu0C7}T2
z?*YsbTjfsxico;38wl;+00OpucGao|@Mug+vKeGD8HQnO8=JL;#a_)8Xa#}<0ecOb
zujfZbMk0F<C<oXFjCcmu%tgu&D1$c)Z^-3xC<WLJuo(mbfp>v7>;WhQ9*?I`C_n`a
z1|uLKz&p_!ih#vpk&DQ%68!!BX*wE{$&8AMl1L<hZwC?s3=ke3&PnIsIIdQ!6A}`1
zIvv?T1`7yKfh0=8TFo*Vjb6E4uocW^bBHzsN&xl(gaen$jgF3{8|V-T5C{T|fTSdW
z6oMteWQ<H=kd`f578@IDGMTPj^L_mq+-^jr;%PKux0`h7l4n?0*xkF-i3yTk&wusG
zqpE5NilT*uT$hXT@+A@)8k(9aoSlWbI#O#ZV}2e)A`g*BG&)Kd89{JdSX2Z$op5>@
z`Tch=7!1wLw7EIZY6Gp-@VPnU=ux<F!$YBv6chyK<iMs)pj0Y#I&o(w($nMTb_0jA
zXmS$T+Q>2)>Tm>wg!snA#nsgKuU@^>Zs(Vm69t^QIyiNT{PD+LD_5>msiaSyApQLy
z7K<=UHazS#F+sGHQd>)0EVQR*k<;l{S-C7X*Qc~JC^r{^gM)EAVra<2ZfDBn=$$(x
zmkXp)epHlne4Kpe4*2<b>GfeQ7m|{)e8-NUvNGZ*memS28+Ux1ct}WJA7yHa=sCyj
z_W1sLqTV+rhci5k%*-I`*YnhBq_~(~SQw<$`XnWVXJ+D;FMD=$Kury8)vD06G+{)9
z$LZ6H8ykJBR<_wpR;wv*y|qFjp$LUSrBa%f=ELVx;^OEQ3nej;YBEvze11$!j8?1F
zXf!I7O0U-w?)^J<e}Dk8Dbc8Za6IoejYvGVn=*D1-17erasG9gSWq42WCL~Fhv`e=
zHO+~$34<Rp>oqphch85WGY1nml;7INS|9g}HCG;3%rGAIjt%%??0NvTBcJgl@x5JN
za9_mkklx!f**)EwX`{bp)+qCI{!;^U$ENEi_w1c@-d-!=H>-aYrVhwV=e34y+HlXq
zeQzFrx8<}%VL8vLOYf$%Wh6dry7;oS*LdUU0nZaf&xY$uNTcZ54?f*{!K!aQ@~!-|
zSzf>jd6iT9?bCti_=^Y5$9#0C`lR@sL*0xP8Gb<#e{pIRJ3e`!u^{*EuIE*b#-<Xv
zb^or~&t=c))~j-iHhSeS@2g$U-o=wY$*Xo9UoqOg+oGNrjLJx|e6xUmvl~LLnIE2f
z-?sJBn|6Fj-u}`czZI2D6F1P(_b#kBXnpll*2BYDXNudg<@FW+*>x<XeCMWd-i9gq
z<Y>j2w!!(OgH>JEe?4KRoZD<E8rky0L7vC0drqvu&n`Z49zE(p<JZ-`e~Y<oUFE$N
zX2m%2&!dSB^4WA}dpo`M3}vLa@0|_zOSl6xc17~&(Af-g*OptCo?rjrK}Ew?|K{HB
z-Yh+vTH`g>-e`~Co)Ac_(2;NI2K|C6+^x*yFmv_t?+(_uhVnj(N#t4j8;mc=3PzOK
z+-rEa^oq|~&uMF+BH-ta_EzzcPuQ28&y+9j@%LF?WItNi5BWLavrEQE&f1P<S7-6!
zbH^d|^Im7iNmtcxU)JA_-=EYg`s>$gIHA!W=Ff(b`n!%H^4ARs;>kK{XF_r>b=o-d
za>2DQf9vko`*xOf{ZdB1+AW-)dDcY{>zZT7nj~BEv#t&G73VE|)WWx?$t895%(_}l
z+F!~eA{7f8Kdff*vAFy->(6bGKbB^xhivoJoxyGYu=fiuT}jVqoAHbAWwqR-r~gP8
zmG3aT?XYijWaC+d*#rPXF-$DO#299i$#FCik5r0K6h~3jI)3IK1O?mdc{$EM7g(U-
PF(Cl6Aw}Pz-B9^oj2c9P

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-60.png b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-60.png
new file mode 100644
index 0000000000000000000000000000000000000000..8cda29530c8fc0a3ee7499be716f90e22b2c4fc8
GIT binary patch
literal 1595
zcmZ{iYgE$(7{=e-VPk-susJT<9GjED_-|tu1`IYf*bq>V$Pftz0~3j>Gc*M8(hwDm
zykK|=PbFz0q=EwtXxs$E%s?vTfMIBg8Wo79Hv86xK0N1l-sha>eb0H%Q@JWGicDk>
z0f21KYZL4Yc`XObYiH^5a67Qs>R2^Eb2aJjbew%=W#|)P0k-e}%69@hvs>l&05%~2
zzoh{vj{?y0>)PV&i_jITViI*Ckw`2SOC%DfjZRPwm`xZ)G=rz%ITScR8K6p0#7v?<
zE+FNQ=puSRU;y?#EM_f6C=^PiQYZk>0_Xr8isq?#kO+`rzYQK99x|B>(tyEW`1<-n
zIIzN5SRbt08*Wr8H7F>E$z;;k&?yv3aB#3nr3w!Z*J`!wFg7L>;}hva$)vzG(ChVl
zF&|9e=H_NF7z6@=TeKT&0`LSbm&*y|;FjU=EIgadrYq@q8s5*(&y(*-;1h5h9MP4i
z)9Gqzmb`ie>(|qYir5y5%j6_hrQ#0`I`#GvA|w5JdYl&)P+?(V3Pr%w6#DjU5DNKH
zDKa@pxO*2|UGWHl3=N^>a=(EAQbz}T`>jh<R8(mx!)$h_s`4}%fyH9AwqnKNfVnwT
zPY+lukd*}rg+d}hZr;Q`dIS;)Tcr{{evBC%1v1(3=~Fm-m{490IXSHAYV3&<?$OcU
z<Kt6V30JP5OH0W%8)0DqR4PVHjG(g<oSmJOO75*&s249FJA1KGsZ37hzI+L%Poo0@
z0@~VK6$;?<`EhaFnHiX$hr~q2xpSnrIO@7}ypty(C58F$q5X|Z<#KsnANc$GUAso&
z@zA-swDECNXy`JHM)T>XE=D8SY-Sxe05lrSVsY*7M_<40s8;*`{yXZ<9o&;Ab{}*6
zI58q3V*mcdB_+_(f`9xNJuv}2J;dH#Qhz_Wp}|w35DpArPMmNpEc9$|homI1*&I?+
zL8I|)X~FE>3){ClwzL3;!}0R+^7i%)3=E8nj8v=b)rI&}(*`?G#uZW8k!_cPsrJD!
zU;kE-o%#RDT9)v-+k|36td8)jle;s<r~bLW$zI`lgI1lW@0%H!UQJcg@lWJ!?oG?g
z`+6f6Q%Lc0Ut=YXDcG~8p}~R^j5W)<D=e334=>NBW<-$hx`;Ph+t2@j7jBzc`1;!T
zrH<O6@!?$!%8@UJ%l5G;DG|vz;^h}MP)EM>;LhFK@|R$jNB>csbmI?eehd_CNUy2*
zSVsN6uG!sxNe=hj<a4sz3r%lz&HS`>Co)>k$vECUUfV28R`gb%F&=ChYZs5klKLVm
zep%YpqHkJ<+noJX)Jpc{HJ5nihKcd(16v>6c++<5BGEiob!6i!lw)#UbT5WVAiED9
z=&lzsWFhhWmV-%GZNGjNW>}QAgM;?8nL>#4nKBig{s7y%@5mhWz{Xm|a$NL>{@NP1
z5R-4h$t$v4W!6y4{P57RnXL$6$*9#qzx$9=E%A$z&iAbW;GT65IlsQS;z-(kF?aCH
zM^|4cvT;d`vm+xpO=ho>0%22XSLbeQ6@~L78p*}VKCjA^G?`A9x8@Se*tG14k|4Bb
zMmsJ{zq+#PQK-)ZdFy<AT8C0NrG6T|$k}_g@q_r{sRozeYOlV^np0!md+#sKKXxx>
z(eNH7v*1~ZaQN+2T|FV#>FGOnxNUnc3F2@!M$jqk-uv@*8rvLiwUKXGS8R)!FMsZ$
zX}+>(H&dngEhD64gH!jPLz@K^Pl~*E-`|DICp=3Uyb*L(`!^$R{F|EDmk|kyxzvP7
zBR=EVQ$yz`I~q@lJa5oipXVI@p~Kp-qT`Rgm76Q2GdJ^EKcq-w%0fObyzpMgY}lc}
zUz%OHA8qN*w5BvFq$#yy*1A(aD;k-7`7g#Eepek^n<5tqrrQcEXDG7l!rK?W>-x*M
zV_(tbix=x2^n5`a-eg?8YsUkdsoDJU?E1P@wL!t7hr6Y-G@F(2=UriXroF%1V%?hJ
z%=BWDGNaIB2Z#}|*k2^}7mE``fl5T8l*j}KqC}A3b=<Z83FPKwzLQn*|AA;YK5Y+x
MK^LcO)TCAX1K2xE8UO$Q

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-80.png b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-80.png
new file mode 100644
index 0000000000000000000000000000000000000000..6c417c47e8e1eb276fb6bc9266187910a2617bf4
GIT binary patch
literal 1825
zcmZ{jc~sMh5yvMN2?<9K0)YSq5&{W?{1PCLa3v5zf(as3%WY8bz)}toT)`zAcGabE
zfkn}Z3c{m6MG(XV#l@$vV%_B`ib`QsP*!9?pdu>R?Ecq3`p3*?X5RbGn>TOfctm)p
zG0}zy0LDs%EK<*i-;99K`_2LM1wF8Pq-rTZ>q*k5M4UdS?@~mn0S>bOw8a1)^d;>K
zz(EAywFW?331F3eu4{`Q0Qzi%YHJ9e&-d`~@bvT~CzC-7*let2tR>=sIBaqtWD-#M
zDEJca>3D}Q2QM!#LKK0=<2i;oLOxjeS#4l!AZ8FD8JwJ)ghC;>0&oH4f<h1kbp!=U
zfIKiWGxPEBfo))JZtm>t%;9k8bh=H5jiI5TudgqaN@cUz4k`x%f#C1&FOf)sgM&jt
zLIeVVLZMJ9l{7hxl0XrOM1(W~i9`Ztpin45K|vG=1yTU^0dN3|#k#q<g@%Tb$z&pt
zXlG}~U@%NgO~qnyQIY-U&yb!@%g(0f<x#u3$V*G;$Vle(>&BZmbNc#BmY2~U9>~}j
zc47iJ9EMPcJb#XV^ayY`)YKG6B+SM}kV?68bJ(;rhnyUoPDfL#!NS5~WCSG=alZZ5
zy0@1wKMx3E7Z~Wiuz<OJ8_;NUXD3D=aKCoV?EZb&whcrgh>v$(Ux(6CbX^_A+S<Ch
z8rRWb^x*@D#T1o_v$~3EXaIM2_wT-gp&=+PCa$hRb2IAJEwYo7zHUA>g-S~^^Yino
ztu<4rOn2;Hm6ZV=kB^98EG$55td(3Y4+`QgE~5JTfz5Ui2>648q{T(BvI0j($K+(&
zk00UfTTrR&%gQWw?le4nn4X&phYnF>GMSGLZ+aU2;sv<5F}%HbFJBr=PlJBhEEcQ0
z+@zquHa8bnT56M&1Pu)Yfq=HOgz@r1dU|j-ZjdV~(Dn7^{{GyD57EoZsC)PDG8wz8
z%dEK>yuH2S;#k$ymfhXv@$sy+HDEHCS}kQ|1rieMB@&2<!NtT-_<Y;2Ftm${3zy54
zN~M8;fdK&l`nwJMUhJd?YUid<*}v2Gv^nS#!*oUT0X<LsZW;3R1$}_eQmRAnFO4is
zFwE+Y+++Yuno=g+8g*xG^wo|L2^GJ9nU!(ev6o#OIXLTQ7DM8_>=P%=SNgiIN6rR~
zleWlklnmZ@?)=eQ-uqoQ_YVvAm2C*<&Uv@uIDVjga`SM&0L3By)7u|5=C2Q6TMRJq
zO)=t}lt&GlvR{v;(f=hiF1l8DI3%KezeS<V*Rw435$wSqBMvC-o&?dTEQ8=XtL;pQ
zYw-Rm_n@(3gTFj!A2pDlxShRaZk3GqolOug91OksYprofsaBq-z8v+#(JL?Rb+rkR
z^InxbHmW3J7T=&VsqdnFQ&GF=jk}`Zisfn{(n}gsi`flldk*n5E!Z~`!RC7x(KYA0
z3(wW7=L7cbR$uHjuE}ch3XYP;UVgZ@_`|z4v3cE(q@JjeSx@Kk-&(gL2AEdD8&km4
ze%`3)FgSz97+JrbU?!ikHl_ujnf*1BF(p)65mB>DZS~H!?Rjt5D$^b>zpLrUShQGB
z2vbGnRM{W;-+A(Vs{Zt#Qi;<>w>kZ68-Z4iC<5+u!qUqd|HP3{mR#Wy-7T79a2n+{
zP<nUw)P*Rc<`&F9j4~>k;7!M<0uui!#SVYHgjWz&jm-Te?UwYMs<wNvrY#Psmx9OI
z&m4>OlQ0$uYq~nk#CC1!Pu5Svm+h<zTRbj||Jt0=gSI}FT~2#^hezsPn&%39jvo1V
zJio^`$_>BC1Z^u;{jn|-?(6Ii7|y&m)Rx!ZEMP~O)Qn774h;52U-dct`b&B7Po%lO
z6HmDoSh=I)x=IH1gFR}VBp1!FCUq$q>UQ)Hcd_}YLDpBFI{&6)YJTw#^=&L*C4Xb0
zdAwGJ*HxDn&OBp0(VeW2zB0ZaP7`Z4pI;1qg{s*z(7#Sf9;`K}Ib9o=xmvx19cs!;
z{PPaX%~CBTijud#e!lf-+!d=y<J8cYTjh2p^Xe43og{H)>f$9k<?6FbZ`xODiNmO=
zufkDT?F@Ec{*Xz{6_IH2gi-U=g<PF_`HQumPc~lo-cQHl(N7$-m8VRnRhMK}#pMf>
zs)Qb!zqDz#P__B|*cNERG5E0&X^EuF-byw#LU*R{-1w5=*2O#&rowNd<nhWZqq3|d
zx-ibE&+T>#^TCFx#xj2JH?A$32PRWHZ)SSo{<Cc~-3#sdyu5Lwy}-8q%CQEO>fy!G
zPnhkhCK~N{G*|zPPFW#QSxJdm$>Lp^$$EeQ5eT?^0aqZ{%J&o_9%2unD}sm-#5dk4
e_J0JaX-WHbfARkXVNmr-F92moxU4xyQ}|!*g`d*^

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-87.png b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-87.png
new file mode 100644
index 0000000000000000000000000000000000000000..4377d874b18d965cb430f80dc1f97d3e8f0daff0
GIT binary patch
literal 2708
zcmbW3c{tQv8^?cx3`Ptg)mUQ;M#k93q=?57GM19D%!Dk-HWV_9EsQ5>2qB)3p0rq|
zgh_Tv?^vG59!AK%3|X?g)BE51$NSHFU)Oy;=RW6r&$+I1|8d_bwl-!*1x^Y80C3d8
z+{BK<E5DtOmoo-`9P;OY$J@x-2mmV6A$!CloLJVw+|C*RBH;i)NdSOd&JyJZ0ED3c
zV4eT~m>d8&9+Y2)!*VuwuU#}V;gDlH7Z@=d@CTV+C2?5%A5Us5bK*?Ep%&Jr;2A*)
zA#Q~yztp@q$Kowaj2yy;m-6rU!1|>-8oa+*+)~Q(q>o^SOI=6ah}82&emQmV;ljCG
z6;THhsF8}f>6?4dsbZg})Hm|-tva%n#kTjqn)S;cc`$e`0blE4J}#aSkjpHF`&JDx
z7w@ddEG#cxcc;@e8P*1c4Iy0x`lJ~Ky@CB}ze`_kX=w>3`Gd=G88q4{$(m1=d!6=w
z!Uk$A7`z!*gg{xIjC?6=VgXvn!BH~wR^1GzIz%vB7MW0@d<5ef8JS@EWYqb&@q?Pv
zQm6UolW_*+xn*%vF+x2c3~siXG3kF>zBNf~tEGEAXm0@I#u9h84+zzTd~<Yj84L$a
z1}&zp<?Tx@NvfGU0jmQ$!E-X%6T-WnpIwg4Y@N9alXKa0I|5i4l!`oA&x^A%Srqw`
zP*TDr&Mjy1=&Jc7hI07b*IszSJ)~EyMnoWSLi5-6PE+7Q#I6Qt`<=^%<F5)WdO~Ms
zXUKdhUl^+k#FCNs*TH{<(`1{DWV<wR8I}u+VCG(Ja)}>T>FMjsd|OCB@G0dh@0-)!
z$hSWAbxy1S^wQ#o{JVDbpDXx=Jut7+CtTI>J{Q}0-q}^F4t>kLSL^0>Z6q=I#c46q
z6Ri2fwVB^PZ_^Wsl-F+U2W5GI5dTv1IU<!w6086YmZGhk;8oR^AQ@yQ5tNnHR~i*x
zYs;VBe@vB+a#$E`<>4FwJ`*vatGT9;)rTBBsEFN8u1i%1dFH=N{(%gTuv9s-;5{iB
zLUB=~{3BS(Ga*PR2jww&)21w6IK<kDJ<RDzrhUO0VUkI+-E9KIMiuAE$j$keOT`LQ
z{S{byd;2wUP-8EPf}jFG!?^H3Cgj^+$Di0PZ=7Be;ftfx)nWPu2D0&t_d&3v;bG@#
z)=5N%C%VZK4MMqSFef7--nK%oTtHAQt*%q#UY9CBAczf;OoXS<<r^rRVOSY&Mn)TR
z*ws~+@b2@@aA8a}Au7M)g78>lnPcUykC<Ncs6cu4<<UU=h$sdlacp{}p}b`@e=i4L
z9o{os$CKrFuAhgC$1J^6T|yy`r;SzRFQ(prG_zAvqldGZM}5aL?R5O_SHv_N6BEDF
zSgCOmEVPZok5D?K^O~~M3KTRBnwQ7&peYE5^m1)S2KsAYgR8OLd)~P7llxoctXS}j
zW9mt7V(dhVaEp(RkNI==Ww;6&qGZ#@>J-2F(M)F3gPE(*A3s9xcnFmMc6XbD82cw0
zUfvvu3*YQd1^ViJ*=%;QiTq$K$@v&DcF^zRUX-7^U`vT<I<@tl37?RZ<>rm?$j?VD
zoK?aJBh|INL&}H#F^5vy^QzxnF5X%H1TBc155dKShB3v%$c8*}<S8oa{QkzA-`>wW
z%AJ*aUYDu^j$knPdUtNoSs+^nF~;p@a6h*gsR}2*^}BED>qX&8W~&S33yx=_NOb@4
zOZk9XglYZ#6It9i9PYv8E4C7z1cDmIKs|o%vGm}(?j$LL861v?3nky)LN3=_u*|$v
zz!SZbNMO(0eLo<|1;f@*9vdhH9YlFF#VO=HIi(AvcVw{#Xz95pcLLL<MCAfI&qC%_
zM{6zjHZqiPZtsMCEPp8VF|Dpb$GI{}MW=%#!<V%G`tZT<X4bu_P%g8yk6u|vgrsu+
zAhG}S!?B=6=-A9yD>%q@a#q^#y+mw@_{xV5(4yXkb+@fW`WNNp(Fxh0HTk2Av4YK9
zAF&^E&zpPhV|yPl8yg$7osa>{R%HohYgnxw%;0h!0*`DYbz8%K#(Onihp^_Jl`D19
zcos*%gG)c(?+g*3gN)n9x(Xg94G;2dY^76X6*Es6LC@nJc{zwbA^*I3Y&2lU`|XV@
zJaGG;;)%!I^Us?mVj)o*A}H-Pm97vqHH{y0zHQqzQQg(m2q9Pv7gfdIzVNGqqodcp
z)x#P#TaXt#&6nsE`|aCR9<Dh9Po03w)zy}&Q(BtbFf5;zmX_y!yQYS&(!|qjnE5UB
z6^6Q9rmzbV`FTdL#9>w<P1-dvg+Jo%;&NKi(`jdCMuGHkns(Hdt1R?y^Y2(l)0~z^
zcY(IDjypugNo}p~nvO&2!j}E^#uta<euvSzQHJ^zgCEEs{JTz2%MSz!1!(E$loh;6
zN?KU`Ir2Q199W+4YejwOr(JF-JyJiI+DYACjn`I01_XjJ1|AGiWfg515D@qtRPj=|
zQvOMn{j=QFwT}LjkWuglw#^lhdWk>I;7>h61ZyU?t-PPQAd5;@D#%G}kt<JB<tITV
zQ`Nst4QlACT)R4vap|?kSY4ZZq$98OmlLO}ro|q2pC#9w^zQl??MBjE{g<Xk_`%Mn
z%v)q~XS2&wlj26O%$w5f#v(rKLCwKI`H=r*&#ziTJU!zL67lgNPNM_a^XvjFzu-}2
z2nix5CjUE^LNbQwjO9);Ocn<JYcA&s@g4W=aVZlrc``-mE|H)EMxkkk2@l|`_7;|u
z0oJ!rnV*y@x6Cc0AHvUM4!NSAWwh*WR&uMlx~?G~)maU(<nMuH7AbAlJ`LH>y$Ys@
z!7xQ)K&9t;Y&Lr;JuG)j9VX-v9<CQ?z-)Dumf%iItZk!x0^7`dR==qijXhK-QOq@5
zn=RCx>^?_!a;6Sdea`kE2H^A7nXvIFkG9+6J5YhdiVEAo{ohGxh8PX{+oxEKwek??
zZT`!5R^Aph#E89m1yNRRF<w)}3O(B?y>E-)NjIym$9AiR;Az2(u@r6<E$dlqCXK&*
zAeCU-)tFM0BkBj{0-4iFwpRsOP`<sA)?Xq>r`yx=uux;dTW3vp3!Auz|Hvs=mlctO
z<h)}>P^v(rU@*P03R(8zMe2MDRF^ve>V(WH8W<7`*0i;^FCOlKlh`sSgj@nNx#;hq
z<*+HHb+f<D@x_eUX6RO+39fGsl`3~;Lqwv6c{5<N-OpEmR(rGU9s?iwJ!fh(i-i^}
ze#CglHk^*`u{+Jj#d$}2EIIq$$R95COE=&Fkl=`dBm}iCFLrwLAJ#uwM{#0dkKcp@
zU!-2diCMwzhc4BO+i@<5FDp~wi?gNitFDB1o~2xqOHiN<`*pX?wNb^giIPDuaKUU-
z@Tm1#)^(V7E%-javH7BViJb$h@ItF_ZzU4nQ#u#29@C61pF<Z1DsnnB#ZXhHP)}m0
z7seyRivs|SLZj6*&}wM3gN7CcrHRqhQAMFJD3pP#BL2SwHv>I=uSfiEfhF*GmLmWx
MOl?eF8x!LG4f?<8TL1t6

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-icon.svg b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-icon.svg
new file mode 100644
index 000000000..009452ac6
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc-ios-icon.svg
@@ -0,0 +1,183 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="48"
+   height="48"
+   viewBox="0 0 48 48.000001"
+   id="svg2"
+   version="1.1"
+   inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
+   sodipodi:docname="novnc-ios-icon.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:dc="http://purl.org/dc/elements/1.1/">
+  <defs
+     id="defs4" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="11.313708"
+     inkscape:cx="27.356195"
+     inkscape:cy="17.810253"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     units="px"
+     inkscape:object-nodes="true"
+     inkscape:snap-smooth-nodes="true"
+     inkscape:snap-midpoints="true"
+     inkscape:window-width="2560"
+     inkscape:window-height="1371"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:showpageshadow="2"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1">
+    <inkscape:grid
+       type="xygrid"
+       id="grid4169" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-1004.3621)">
+    <rect
+       style="opacity:1;fill:#494949;fill-opacity:1;stroke:none;stroke-width:1;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="rect4167"
+       width="48"
+       height="48"
+       x="0"
+       y="1004.3621"
+       inkscape:label="background" />
+    <path
+       style="opacity:1;fill:#313131;fill-opacity:1;stroke:none;stroke-width:1;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       d="m 0,1004.3621 v 48 h 20 c 15.512,0 28,-16.948 28,-38 v -10 z"
+       id="rect4173"
+       inkscape:connector-curvature="0"
+       sodipodi:nodetypes="cccccc"
+       inkscape:label="darker_grey_plate" />
+    <g
+       id="g4300"
+       style="display:inline;fill:#000000;fill-opacity:1;stroke:none"
+       transform="translate(0.5,0.5)"
+       inkscape:label="shadows">
+      <g
+         id="g4302"
+         style="fill:#000000;fill-opacity:1;stroke:none"
+         inkscape:label="no">
+        <path
+           sodipodi:nodetypes="scsccsssscccs"
+           d="m 11.986926,1016.3621 c 0.554325,0 1.025987,0.2121 1.414987,0.6362 0.398725,0.4138 0.600909,0.9155 0.598087,1.5052 v 6.8586 h -2 v -6.8914 c 0,-0.072 -0.03404,-0.1086 -0.102113,-0.1086 H 7.1021125 C 7.0340375,1018.3621 7,1018.3983 7,1018.4707 v 6.8914 H 5 v -9 z"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           id="path4304"
+           inkscape:connector-curvature="0"
+           inkscape:label="n" />
+        <path
+           sodipodi:nodetypes="sscsscsscsscssssssssss"
+           d="m 17.013073,1016.3621 h 4.973854 c 0.554325,0 1.025987,0.2121 1.414986,0.6362 0.398725,0.4138 0.598087,0.9155 0.598087,1.5052 v 4.7172 c 0,0.5897 -0.199362,1.0966 -0.598087,1.5207 -0.388999,0.4138 -0.860661,0.6207 -1.414986,0.6207 h -4.973854 c -0.554325,0 -1.030849,-0.2069 -1.429574,-0.6207 C 15.1945,1024.3173 15,1023.8104 15,1023.2207 v -4.7172 c 0,-0.5897 0.1945,-1.0914 0.583499,-1.5052 0.398725,-0.4241 0.875249,-0.6362 1.429574,-0.6362 z m 4.884815,2 h -4.795776 c -0.06808,0 -0.102112,0.036 -0.102112,0.1086 v 4.7828 c 0,0.072 0.03404,0.1086 0.102112,0.1086 h 4.795776 c 0.06807,0 0.102112,-0.036 0.102112,-0.1086 v -4.7828 c 0,-0.072 -0.03404,-0.1086 -0.102112,-0.1086 z"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           id="path4306"
+           inkscape:connector-curvature="0"
+           inkscape:label="o" />
+      </g>
+      <g
+         id="g4308"
+         style="fill:#000000;fill-opacity:1;stroke:none"
+         inkscape:label="VNC">
+        <path
+           sodipodi:nodetypes="cccccccc"
+           d="m 12,1036.9177 4.768114,-8.5556 H 19 l -6,11 h -2 l -6,-11 h 2.2318854 z"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           id="path4310"
+           inkscape:connector-curvature="0"
+           inkscape:label="V" />
+        <path
+           sodipodi:nodetypes="ccccccccccc"
+           d="m 29,1036.3621 v -8 h 2 v 11 h -2 l -7,-8 v 8 h -2 v -11 h 2 z"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           id="path4312"
+           inkscape:connector-curvature="0"
+           inkscape:label="N" />
+        <path
+           sodipodi:nodetypes="cssssccscsscscc"
+           d="m 43,1030.3621 h -8.897887 c -0.06808,0 -0.102113,0.036 -0.102113,0.1069 v 6.7862 c 0,0.071 0.03404,0.1069 0.102113,0.1069 H 43 v 2 h -8.972339 c -0.56405,0 -1.045437,-0.2037 -1.444162,-0.6111 C 32.1945,1038.3334 32,1037.8292 32,1037.2385 v -6.7528 c 0,-0.5907 0.1945,-1.0898 0.583499,-1.4972 0.398725,-0.4176 0.880112,-0.6264 1.444162,-0.6264 H 43 Z"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           id="path4314"
+           inkscape:connector-curvature="0"
+           inkscape:label="C" />
+      </g>
+    </g>
+    <g
+       id="g4291"
+       style="stroke:none"
+       inkscape:label="noVNC">
+      <g
+         id="g4282"
+         style="stroke:none"
+         inkscape:label="no">
+        <path
+           inkscape:connector-curvature="0"
+           id="path4143"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           d="m 11.986926,1016.3621 c 0.554325,0 1.025987,0.2121 1.414987,0.6362 0.398725,0.4138 0.600909,0.9155 0.598087,1.5052 l 0,6.8586 -2,0 0,-6.8914 c 0,-0.072 -0.03404,-0.1086 -0.102113,-0.1086 l -4.7957745,0 C 7.0340375,1018.3621 7,1018.3983 7,1018.4707 l 0,6.8914 -2,0 0,-9 z"
+           sodipodi:nodetypes="scsccsssscccs"
+           inkscape:label="n" />
+        <path
+           inkscape:connector-curvature="0"
+           id="path4145"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           d="m 17.013073,1016.3621 4.973854,0 c 0.554325,0 1.025987,0.2121 1.414986,0.6362 0.398725,0.4138 0.598087,0.9155 0.598087,1.5052 l 0,4.7172 c 0,0.5897 -0.199362,1.0966 -0.598087,1.5207 -0.388999,0.4138 -0.860661,0.6207 -1.414986,0.6207 l -4.973854,0 c -0.554325,0 -1.030849,-0.2069 -1.429574,-0.6207 C 15.1945,1024.3173 15,1023.8104 15,1023.2207 l 0,-4.7172 c 0,-0.5897 0.1945,-1.0914 0.583499,-1.5052 0.398725,-0.4241 0.875249,-0.6362 1.429574,-0.6362 z m 4.884815,2 -4.795776,0 c -0.06808,0 -0.102112,0.036 -0.102112,0.1086 l 0,4.7828 c 0,0.072 0.03404,0.1086 0.102112,0.1086 l 4.795776,0 c 0.06807,0 0.102112,-0.036 0.102112,-0.1086 l 0,-4.7828 c 0,-0.072 -0.03404,-0.1086 -0.102112,-0.1086 z"
+           sodipodi:nodetypes="sscsscsscsscssssssssss"
+           inkscape:label="o" />
+      </g>
+      <g
+         id="g4286"
+         style="stroke:none"
+         inkscape:label="VNC">
+        <path
+           inkscape:connector-curvature="0"
+           id="path4147"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#ffff00;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           d="m 12,1036.9177 4.768114,-8.5556 2.231886,0 -6,11 -2,0 -6,-11 2.2318854,0 z"
+           sodipodi:nodetypes="cccccccc"
+           inkscape:label="V" />
+        <path
+           inkscape:connector-curvature="0"
+           id="path4149"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#ffff00;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           d="m 29,1036.3621 0,-8 2,0 0,11 -2,0 -7,-8 0,8 -2,0 0,-11 2,0 z"
+           sodipodi:nodetypes="ccccccccccc"
+           inkscape:label="N" />
+        <path
+           inkscape:connector-curvature="0"
+           id="path4151"
+           style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:medium;line-height:125%;font-family:Orbitron;-inkscape-font-specification:'Orbitron Bold';text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#ffff00;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           d="m 43,1030.3621 -8.897887,0 c -0.06808,0 -0.102113,0.036 -0.102113,0.1069 l 0,6.7862 c 0,0.071 0.03404,0.1069 0.102113,0.1069 l 8.897887,0 0,2 -8.972339,0 c -0.56405,0 -1.045437,-0.2037 -1.444162,-0.6111 C 32.1945,1038.3334 32,1037.8292 32,1037.2385 l 0,-6.7528 c 0,-0.5907 0.1945,-1.0898 0.583499,-1.4972 0.398725,-0.4176 0.880112,-0.6264 1.444162,-0.6264 l 8.972339,0 z"
+           sodipodi:nodetypes="cssssccscsscscc"
+           inkscape:label="C" />
+      </g>
+    </g>
+  </g>
+</svg>
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc.ico b/emhttp/plugins/dynamix.vm.manager/novnc/app/images/icons/novnc.ico
new file mode 100644
index 0000000000000000000000000000000000000000..c3bc58e389396b7beb0fb0a97386e2af3604b386
GIT binary patch
literal 310566
zcmeHw37j28oqxagW+ul>?qqUIj!DRUOa>&}M?y#l2?PPTRuDWu#q|ONgsA!GuC9O_
zg7-&VKzG+wSY5f~|5=T@E+8nNc<mw(P;mtW<d6iC)c^Z?^Xg5#dR5(3-PPUisQG+)
zx?gqG@2YRzzp4&`LNGGewk^QDKUjQ1G5B~81Xo`@^!pvh6@r@)cGg)#zyIaBAn3iJ
z6s%rdiGM^8e1E@=U~sVVenAjCd2vV3-(UGXJ_xS-N=Gnl+R*QR7!?Hj{aZ&c9^u6A
z9UVx2M@O(2Jh$Q6S{Mq)V-Tz^250Oal&|vd4E`N>;DL*AU5@KN_TPX1?W<O;diiy)
zd)=$J_UyCIK5Xy3_ip+Nx-imZ-+lLG(2wo6-+t_X0}fyZ9dr;o<d8$y;fEj2)~s2>
zjy&>6wqe5tcJ$Fl`)k++J7JGM<9Y<weYm~`8*RaL{ISO#J2?Z0I%k1=KLh#y6JX($
zR=~Gw9jKg8`8f2@L(Ao2-MV$YJPely(H6T=9v;}ZapPsU&>}SM-@ykTJOjAD1$n!}
zHD20*9<?E8Bg<_Cl?UHWDBH+~V3+r=UcI`fQAz^Z^m*vl{1EN`o_4@#RytC7Kz&kf
zAADJ;D+|w{UHA~NH!jC=P(uEE75TI~D@?RAAL=jBIKr2OnzBIShI3E`Fv`vD4}G0=
z7~{Rr&UnmAcN%9?Kk0}gju89F?f(43_3PKq&7uUL&cE9CbsA&NipJ42zl6MRcl?w7
zf58~}<h05F#vC1}cOJ;A-t&CJ%N(@{G`|WQwDYwG`hOB-z-fPIU|^sd{hdcW2E#Gf
z2=>8TMBDd`&<@;)acQTEwg7$oF~I&ajgYrq2J`YqYjCvY*2e9@cO8_066%x3JnqbK
z*J!q)a?r+O<*#quy0sX$9RT(pY_$CJ^295PG=JKr;{zHGSpT8lbCt(hJghaU-DvKV
z*3{Z<4FUR|U{e6#m$KH+akdur#WIP0F~fXbJB<yV+q7xZJi{_jLZ9(P(O&+!HOm6^
ziP~uG;D^9}<h&?sa-+w4YvNs(uZJCWSX=aoFfV#WSQ`L4Eb#rF_QF0d6SQv725rIr
zh55{(?*9?DhrhR9IiT@z8;lD+q-q18_e@{+w;$$J^&I(99Cg%DtvWvb^XAQ)$H-*>
zb^om@Tllc{EED8g*Q)!{Fb+6R#=qaU)t)#HtKX<U)S^BVzZCHgAKEvE*}=bS@3KKY
z)~)78gf^hMpBVkU`#r|n8{<*=PiqCOv~CRiU&h-2-}mv@kHSB_Cttc2nj^iR@Q-=l
zr6#)jIKGS!2FQ1!Mf~V?)A>U1hq}UJ+hf}X12isf1)pm4=Z;6;{|7d@`?$WWa11p2
zS{d-a1>>6STpxe;*tW$$GnWC3fp5gv_hnn1eSBX|I0l;BXX0Mq|23|Qzk6KA#Q>en
z)og17sQ(}JK0hAwaWOBaBR}dUD+5nc`z7n)fBP~K7XwY!4*0X0Tj2Wxaj}|Kx@Phj
zO3MbGZu_<&&9pw?aoWB(O*8MQ46I$dw&BMEY1+WkZtt>1WuVdhg*-;v8>4CGKjzmP
zdM{bp`g{7me9_+eM)jTc`1JV90t0mJTqCXxWTCs~;ma6dpb^&wJT^Txv&2B7%?V|x
zyXWQ0TBD7JJtjRSv&I08hZ|)qkhSifpD%BOfkrt~!sF57F)s`>f}c=cx_iF9+|ge8
zyw6$mIP^Ho69aUvP@ZFfJazZHec2-n<hd^3G3YUvHwMU0F0Zq8^VZ$-_vMc;KxfP4
z(GO}y{4H3pfZ^!6&};tu`I+wPjFKlyJNNbVh1!N>jgn{S(xt4ox0j6?HHwu=rAT^F
z`n!Jbs;orWp%LGY9z8lTKPca_lszhcvyx@rym_opC`8&POrB}erWw(Q(mBod?TG&c
z=bXa=#=@_4>#BJ_XU?3|%Rr<&m3Ar&Z?4|;e*EL%wjtX^$TJT9`oU$FvEXMvW5M&!
zN7IYS57+N2^0yuSF;_h5SHFtRj|U%QL9tlQ=dP|UwsPglRLel4;D6S+=dxheu4wz{
z@DKZrx#k)cy!vW14cC~qq1UGPpR;9)dA^)}dbOUTzObwMRYj)}@IU{w(^&A*OJ?>_
z;UCx^cgG!O>20u@M%*^U{~+cDx_<XN^ZePqodqLDmdgN*-3A5*QY!;_<A2GfO|0<L
zQ|7i&;D5$-*O{kJ1JgD%+YtYKS6yYFKj)ucZ3Ac?LsfUX2+I@yD^{;&#fKlZvyFuR
z<wqXLim$w4N5clMuH&{D{s(ZTUg^2#?DOZ@XIU_DVz~?yF&<d9Y*{L0ATRu{gx^5t
zz4zMNMZ*8|&wb9GhHFgQ&}%dN_g;T}{QRMLjEcP`qAa+m?`0af;GgCKZoM_0T_pT>
z(|myq{&J4%YTk#_k@K^WelOp!ffbUp&6E~%pu7w$UcA_O8HmJ=gf|!V9ru;5#K){8
zPY1P=Ib+&}KgX@ByNmoti^jxTZb_au)P7X*eC*h<O^<)0IsPy_OZYGB-W_h^?(VYv
z(#m5Kx@qo}G2x#_oW-Y}%7Uo8dF?e8&=r>7L}PHUS_WMEMTGJuxg@+Lv8C}Gf0#Wa
zd9sv0iSB9b6G$RcnrX+}byqm9DUUz@c{cjS8>8dV+;%13UHe63g&(Uq{uac4TIUC)
ziQ%}kjr<&5e35m|p3Ro6S;I;uYd<OZMPz}0>pA`w#6Mvv4Ik;a7)>pmsh`88moo0(
zGyOB4iEaZ@@{33t|0|9-f)yWmBw9aUzT?_!qvJJc|A+9FMjMbCjv;Rx+D3j3zyCcO
zHEB|nKFx)9{qc{{d7pw`M4I@wnd2{FK6E*JoowZ?jUOjZU8SLYGOoY9?MgNmbd3ER
z-t;CWk7MV2_`}h8pMqaRYWT63<1gHIA6tz0ln1u**v5B}&q-*w-Y=X)7T0Nw{2U&5
zfQ_3lp<4G>WkCLqHt`R2>=%(1evIe%(Kp)bzyquHu$9L)e%0PF+jke~UA6%(<Z(g6
z)X$-SaqN;MORD)T@?LQE+0pf%W50+r@MAp3|I9ONCdLP%4Q%DHjW6=b>-j*G_f}i~
zGV*iy&Ue_9DN}0lTh4=VKm1{I8F1(q;Tk{2bNpD_o^srAb+)jT$2Puf@4SAynhVNH
zevz+{p99vpiYr#I6}ZH-^7GQ;k7tFbH8IIAV$q^Sp)_S4;%}GuF`nbcn%=m#yhSOq
ztvt5zMcwm!KKS5+owNaY>cDv$`8mKxea4I#$~@<E_<iy>z7gF9IP!~dg&&(a{*f17
z%m%Th&Gi-Uw({7<7kTCROmjgl)`auafp{-I`Q&InhZkO8oik?|?`5Pp^Ags_Li3jV
zB49(lE-cR{nc5|k2dzU%^X)3SHh%mx#~-$*(^eka_$vAH3UlEXl$Y$BuaTd_MHjLD
z{(fbB$LYxT8K3@iIQ|Kn4*VjL;wR1=zpShH+g2Xi_#&^opIx*8dFo)~=YV~W;#!xf
zyeo0WeAkmtMwfwvei4cA6LXF~%m%jd*v1dzoyWVRXD8+%bD1aQy~%w2-~0`u^RD8^
z*$*Fy$ox&{7ZFK6r2i9ljz7#6w({7<596K3yH%@JB^n3kAv5tb@^iTVel|YIzAg0c
zNB`m%(PbckUqoE|B$?w6%QIVfY~zRV&g)&0Z;It1v#Fm$0egSx9KIwnE<E#07VOy*
zUIr5QMa02R(mDPxd)Ufj8$XP9Uhk5uhvgx&k)Oj&H$|>>naV!?``-`8KaGWB`bF5{
z$Hg3fnBKPX*v1dzo#(st>(|HX2W2g@k)H$3AS=PgA!@D5RQ9FE9?J?*=bFXzi?G3u
zt2zEKy=~+nI=1n{c<1>p?p$crG8_3hTzxfjeQw*7fBL8BypG`)VTvD@bNpd>W-1S-
zVH=;PYqUFkODT>|P?mZa`8nXMpRVcCwd<R4<sCTua8`;s&ozc$gb{vl7PaYFJ=~8!
zuAWBnU`~qDw~f!!HRAmUtb5v)fh_ef@^e5x+;*+YR0pGRhoxUcB!1{D-fw*?y6wRj
zMD*h~)k%&QDUUQCYa3tY*GRwPjDxe1-^kD5(MMT#lKIXEpLCjc8u7#v;aIfvi-^RJ
z>Di5vAAj6@iIk^>@lWf)8*pZnO&bu`&bH}{{2bs56nCx5RGxnLQbc0J!Y?9{7R@b1
zT?#*bQ+?!kk-S<M|6~i>^<de4Y5X?wbGYXoHX+5jzp5ANh;Hm5i^PecUqmFGDC}$e
z_^a|pv}tm@NO@x7Kg{P&mLbpIw%-v;T~<Rshr*$UCSL0@)ny^}4@a(v8Tv&;;w=pS
zA%6U(y2$Y&<%x-Z?#J3FcUf=ox6R%dF<lzZMt%<P*H80|a+O}=@4Pd*4KVPFh{Rh6
z{=@wERWh4|Mam=L-}L;$M!`LoBg__uqAoQZ1BB5@`p(GDVdqX(!v3o?zfqymW7#ps
zumX68;>Ex(A~byn_M`mxRWh4|Mam=Lzawf+I7Ej?UTLJ2<X73mrVpe_?<&k_zVV7H
z*i7tgamCYyPOr(?i4lGgaWIf{jz3JtNO>gubkle4(!gn2G$r|UwlM7j>Cz_+H}Z3U
z&%uZk*1Ak(CmAE_zX-nwTkN=);}6p>QXUCE&HDX|FdNW2(>_oXow)Cf{2bo<UN(2`
z++6B@u2<jXmq*usA$}2&coXYEM|1pKcGW#n9tr==`u!u7?qZl}A4p8&>e<N80a!?L
zt;<xGLF}Ix@%ZE6Wgx^aA`)*L{|@K)!*q+3N5VhR>bvsFaQ(Rsjc`}Uud|0qA4r!r
zNw|@p1I{T~xNu>vbwAf}F7@%F@>b&)5t)wYI-cX_a;xr<@~H5GHIYf*{&uttqHL7K
zdzJi}H4>AxFqI9Hgqip`(3op)*gOdz*J*pO*DMq}n5$oe@9fHaL(>o*kZ$e;7u2Pb
z>A3nGC6AU5@?-jEKN~$KmIcN`cxdHUlmU~oLT%`o#EtZGz+S9{XPuQ99!zAWIE&6W
zBXUh_EWXJh(~H6zjW6UhY5tCqCyMt{%nSGa<3F-d_^xWv<hu$XSdEe;&ig3&#rG!X
zLx}PHbG$R#z1<quZc#qbKJOYg?|j}Q&zq=o61|O++t}N%acvm2FU;p%<K~^u8#j3q
z_PqdaV>dSTc5GZbhRuWed~4i%^LgVYZ^HIPdK<g3vA1L6+A(Yl;Pb6<^UddtyS&kj
z0lbaf+1T5%ac!v^1Nb~^+&uGn<1TM>V}P`5%=fA3?ymXj`0(&3ess<*?ZF&{v#N@8
zW>3Y>%GI4{5^ds<^i1C<UHtp{a-$mqq-Cop+_>hOgx_@R!6_69&M~i(iOPcMx6EAI
zsh#Pm&d7Cbk6>%SLN5#dRTJ4ld66s;{Km~4$Aa~U_fA|NjF3G_H`RNhNwnADnt-b!
z58b1_<!Yk8k5gaQ>uj=S&6>J>@w&Ki!;|9CmTwY%V>gdw!H0lJ6>ifA+X7yP)RuwS
zvu9`OA8KpgR*J7WBiglokyxtKf3En(<u~EY6SBj-T$VNtmw{5Ll=;~gu590IboR$L
z;pB5sT<Z`Qk8$OQ!>{kezWlJy%fjo1%Yf^%-s9S`)zi^_fOg0Kiv3rx;-#41;W*6e
zelhSrYN!nK^z`^XkYfK<8s$-52XoCM5?8@cp1a~}%WuXhGxEniFLMVC*`l+v)8juQ
z{I6cUx~2_qg+orq7LPn#+`BEmo_F^&4*t&^!avQu#?{}aGoSw<Tgm%jT-(nUk4gF4
z^6U6uN8{lC{2~0)Txe1|`1EGwKpq3Twwo;;lk&IaSNI6lxp@CWb?<W5KU=wKWjL=7
zd;BNOf7|r(I<Rf}sQ97SBD|rlb6MZn^0SQ}rEk>xtocRB<KOSijyme7>KMSaJ+jVk
zTYk3jliDY1eo5tRhxFq2;$7>Tb$;9OvyGqBK3VfiDsMZa7k!~!>zj3c+w!xGpVU5C
z^GhmkJERxqfL!aFb$;9OvyGqBK3VfiDsMZa7w3Rn>zj3c+w!xGpVU5C^GhmkJERxq
zfL!aFb$;9OvyGqBK3VfiDsMZa7rztiTHmbm+m@eg{G|5DnqN|R+a*2!Hh^n=v(9f@
zezx(G+9zv%N#$*q^!!|0*ZO9i-?sd0<0rLG*8Gyn+b-$(9H?u3v(9f@ezx(G+9zv%
zN#$*q^n5RvYkjlMZ(Dx0@srvoYko=PZI|@?JQUaZW}V-*{A}YVwNKXklFHjI>G>Lf
zYkjlMZ(Dx0@srvoYko=PZI|@>?z?Z<2hO#=S?9McKil|8?UOaXr1G{)dcGIfwZ2*B
zw=F;0_(|=PHNT|two`iYgLbX2X@0L<xzY)56Mo|ULX-HkKOryqT<3?Ur{5PwYhbSJ
zV~Q`n4<_+lwTDX#1D3`8<&7?%>-_Na^!TT<AY9ug5?_`5g^6(wTn9u;#Jc=k*<UE0
zFJij?F)#UC=ZB}K$3LBi=-NJ^c$D#(_U{XZ_F9VPOEuK~cZGbe^TX5A<Db@mUE8Oj
z@Q?FF<nsj^?fes2KG*r->FM!**kOmYHvVzG)SNkUYIK}&a$}u;CClgWs>iEq+mH{0
zYnlyH|KohYDYK{4=||@umbR3_#|>%s%ZR>4KG*r->FLW8?Sph}pGLv|#3LqZb(?j<
ztlaS*CZFp(@$}SX;GlyJ(qbg8%^Cs!lTV!-sn?V<r{q=!OyrAef1gf`b(LKXIN*Rt
zoT$=;h2@F=;)jZC<{M@j>qKLL;)k<43))t`FgyEq<~Y~cihSU7@8X7Mjek1JeAIcP
z*wi;pWy=m;X06ZCgYn(FH}<lT=Z$2=E$+)gQu*TMgHIP-KK9#hKWn^ryGGm9+o(Bg
zL_VNCubLyTd_K9)Cy#&kHuX4d9-DgnH&0&qa^*g+=o~C>SNC@HHf;`@di*y>KKb&L
zPCn5dFmKy*Z0qgX_;&U9Z~Q#+<tV*8^7v2BwjQ_MwjKi>10Dk&10Dk&10Dk&10Dk&
z10Dk&10Dk&10Dk&10Dk&10Dk&19@V=uK{@c<%z#Mc@y^G1GFbk89Z-a{_?^A@V^^A
z(68mi-}Cj@&l3ZLeOxc+DTC+j%RpWjShZ@^OV|VacwYQHUyuDfF@W<=9>aIQw&f{<
z=k3ctUKjxO{{v^hU6~hu&(~u=PYeM6m*ZNIrwpFAF9UgD0R5jO_|8LsG4PJOWbk}F
z{`0^9F#if+pZ?GWJdlSBo~OrtUKl{#|C1r~2LZ+aZ_P^%&)1iMJTQQ>pHJubr@QY1
zc^u|}!#sEb>pMm4(=*zG+wzdb^YrB|YYd?7zeUFX>eZ`f!XLu>0`2Ybm^B`=<VP4M
ztjqYXv;qH}r7WJ8FKbz20B8RHP=$R8!}q`z`ZmC0GHXm`#SgyDyYbEIc{==4IOc-B
zo|QbFk1uOkVgU2}{}_gSdWXJI2gb)QW+|8F<;y|Z7=WMW3xIbi3jg#T{h%X#KgeS;
zZA@lGpRkNMpY<l#=W!7KvsuaK`S`MyCI$%09M?8?jFo?$rd*!3$9>uuAm1Jv%!_ep
zEPyhwJ#861eP0gJzyPrO`;$&OsY}GP?eoz`A3YZP#GXk*K2Ou*J}nGjy!$lfGRN5B
zT@|0`pe#L+maLwxF9$9$0IdEF*H{&n<A$Ac&N-c+>Bj@!Kcb<(83c?zNLY=F^Qd$f
zOJC#XMtyzlvc7gj3qG7*jKZ&r_ZU-e@M~ng47kE=QaXf1+xdM5<)8$fUqD;1JE{CW
zy)R2~FhKnf)WtWa+24sOC*(7ScIQXFPvkKi2g7mF5Y|xl{?}oL9kw6}pIN<!EVF12
z4ehOoqmxhL%TE*r2wQ|Po&SDTSdZd^HsLL_?gn}Nxe|W9DA9ZoVF;MNADDV`6z&@F
zJ=&?|SU<QD<>3d=<8iE|y$qdR^XE?c`kvSKgayI`VFMW1PFMkMt|08BjcLYMJqrXf
zwxd3L4ux;44=+)8eQ*#Uc$X^ta3%R5n8Vofs`%rSY~jwz*j82if?6C1v_};^2tJ|<
zSBf75hbyc@l;<eL4}x*J@a<}OM(Dz~spFSy!?&vG6l}xQWPGT%fVY6RfVY6RfVY6R
zfVY6RfVY6RfVY5a3v5*rv>wN8Q`4~?S8i9+8KDc;jf-{Rx^cH|oUR+!>%x`O7&MWw
zRizl_8MdjyF)yK10P`411u*ZSQ~>iNN`VlpVqBhwQ81W8@fCy+xESJJjjO*91cjh~
zNSPxG!QbO#Xu4efVSZ~F=CrQC{MP;CpN%=Moiz7_^}IxL#C#sj^&PU&_W>E?WRRU<
zZjM2IcIcspvcnHQoUL8EmK}A}Q4D(|TH)FWJ^qaAHybu=xE=SaaGkP#{rX;)7_g;9
z{spl4H(~#mT<342&?Ah&Z<Rq;cEk}!v=XMMT<pPh_r{GI--WU=(Ki3%#z$G*hw7O|
z$>Xf$K>b>-r*Pg+E7VO~hnG+{eF|8b78e&$=};C&12?yLf2QH}Icoo~hRIq8OD_XM
zTa)gMl(B^RoBX2xnsr%kCVte9g0EDov~fR0n>Js@L7d+xUzhtjXSmKW!8GdWR;ZKy
zf;Me)9L(@E=<9r~QO8gw`IvVc>U&ea8~xN~y><aZZ|8WhxuXpE^Bx`f=uw}W<^-A)
zM|;pGdYcV)FfPBs*E@D?mPuVl^-+`dwW%I5YRk~yS?BvZ?y)1{i{>huaDMVdU}#ZT
zJ+y4uvL1{hUJ-Tm&*@-^<|eV<pxN5ApF-|V9fnXYzUT3h4qkM2r8W&~3C)C~^Huo4
zy3Z=#=gAg398+ZXCaQ~GP|Z_gyyd?&>S(;habbI>b=)TD7hNINL9`ZXtE-QnPF+Q7
zB26$xdkOOqlQ@P@_uS<1kPaT=*p=EdS_^69`67(P&gJ-NWgm<<`PV3EXq=CHYE&HE
zP56P&)Ig)y%ga$;2h#YgLHk5|HgDcM6>ZmbKHuu|t&wa(Yx|8j#>Y79Wc2wTY$RKG
zS=3mj`Njt9S6_wt(Vu~y^SIr#%rqc|Zi7s(n#%9vsq2O;?LuR-23pI182ItuCU27Z
zhvT$?F!VIZ!sYV!{OcFfJZKOM`E%TwtnLx<)d>9|Q6B%?JoOLHE5gvab?b7QW8`x9
zd-Gw3=NYY;<u%91W$^dr#Si5j`B>+%*5Pr}+_(|*4{HgTw__rI|J?joqB9_}T(|d_
zX@1Ozc}U~>Eccv=y!~@)V2Q?LS*^Ev%(Mn(<b2GkKP~h1zgq`SbT&xZeIbvR*1?M^
zFVpS|sd)OZ*1;6@h0>fC@>ppdtmyKR_64QYj_G)29X@yNTsC#;)VhnpUCT0m{`@*V
z#GArh^O`efjx{grBWJT`&t}u7PgkZ@*(oZF=*^oqPkT{+I}XNN+ba&e6)RS-VzEdE
z$<|#IzI^#|r};W<+O#@8#GAt7$gfM&-`}s~qvJI&Fu*2GoTyEsvX84UDm%@Hp9SZf
z!{~ER$_wktWS_~CCp*hmC7+=~ke%XZ%HRLJS|<&!0nGb#{_Wqg;731V!3!_w)9P%M
zBpfzwO8lU2H}aRi)Z6O82U&pnr%))cB}<k#!B7_XnRV{DEZDV6ua{KUtyr^$b=-Te
zK7JBxn51n|{LI<1CE8}EpI)wm#*ZK06!_We)KgjT(o5lb3HTXA8S1|8zVP@a7)TPQ
z3Gp+C{#xe~Pej{o`*s$L99hQD!i5VHV<^q~XYt03tnk!R(K-qE>A&>S==e#nVUo59
z@zZzJRpxd(|NJt3y1Tm@7C+1J-Gk!851Z*E;AhM|_n4(I!9mP8ixw>^f5V|!`p*M6
z8=&~?v*vcAxRr59((!y6_0LMouXOzQ$L9J7`0055dGmBJ@uAhZLN5+(cpBZ<GtKbc
z>#w)B*=3iN>!1-MMzF!b!PxbX)|Nt^TIo(>fLm^{(?{SH?AfDE+tuZCJgCyi#eP;5
z-893NQ6FK)4z<l5dyJKIeWF)hVFBjiXgoh_)~trX&)6@2S*=T0T_NH}7f*<jR(`~t
zGvsv--P4jyM|Z+^zpJ%(@r`d}vo5+w`#zw03wG`3=wLM0rsEM7?y~*~o#WBrg2DxC
zxRfVMZ{543ds%gK(+FRD^2sdNy<3eB^dI_W&SZOI9<7_^eN^_Rw0KYUr@8$&GAijx
zd1^v;=6l|w*9G)Cue(mIgT%{~JSH-$;v}tuR5a5H>-q2h*4nfa=lt`2&B8O!WZHhg
z9e0%R6L($1MSexi@f2^pm90P@&4iapoV4<T(_Mr4OR-I|dFC|IzK5<;+;kJ8wIWf5
z@!$Wx-u?;JHIn96)ErL%bAd~+AB%J`;bjs>v`ZS#N$Q|9<f)?>wodWtt8A2_FSGQR
zV_0G5PIVq6Sl39BUy*Y>k37N_z~_(aZ^FwY4yTvqJ+7Zwnlf?Pq3aZwM_jOALDl9w
z4c(`F{p)J{P#+@Zx<=gmik#zl<{35z^`a=h2``g4BF(g(<JLiG$;0V}u2Ves92*Cp
z6dqT;4`5EWq?=!hxvmi_zoO=NFt;%E_~YyJFyUnqN485^zvGO>(vpSK4O^!uU|nMA
z(xr8F=V|HQcjcA(Iw;1vMx6W#o#VlnaQs`}s?@=Rmq{Ga9%(+u@l#Awp3rrQM;~QV
zXuJ-Lgk4mBjnK_03hNr=TNg%$zq8G+s5zd|mt3OdYr@MU4wpTPyY0TQG-V1~rzoCs
z3M0Qm6aM`dUZ}5wEY~$`@+-=Zhvs<roP$aa6J929RJ79yv)%KPmK@7*?sb9I9H_4=
zUw7X<G*=i=_lUA}Kkz_39inTwu2Clomra-xCcdU~Jfe*9vk5PgI5OQdf7AYFoBbMT
z$r83s(TVR~g_T>CObgFALqDfzv94i~Up8|*Dp`4$2``g4oL*LUe2d9=J~0iMLf0w2
z@eLN&2V?x5cdF|ki*=2t{IZ?n3A0}mFG_0?CyYlL@8~=#(>drg_-ofGFdsO|u+O8C
zYgyQwqT#wmSbj~#9C)Z7k7ABTB_|IH<Hh%Sn8e}qvb>v)<z34Zx=wNV<t(WWYVQp<
z=*z6Zx`sBt;HO`_`DQ(B^s}a&aDq{PpW9T+OXzEv#NqU^ywkT^OzI$~GKH;EV5~jf
zaEu)$6U_-|efA92HMIE^=1&_k#}g*2mRA$t$Fv_EroZjGuyu;Ud*2&5S7^#_Ch9S5
z-bAcxXw&g=nBpEb#}g*AmRA$thx9V}re>J_Ht#~$DX^~CYcN-6%5M<gqZ#q|<7x~=
ztZQiVRDm0c8#TuhCbO28A%1ATK-9iuSMODOw@v1w!}Pa#7q(7OJn_WX{(?Fg=F-}Q
zCeMSAbq#GA1ugE!qmv;jT+2(uPl*3B`N?H<@&3H5Q`EV@a{M^IL)R(px{J+B;IAAe
zPtX1Lt1%R^uA$9S2|uDAPnZm0@3g!G{Al}fk~~^kF5(ID$ofRh1<CQ_{MN2hplo%b
zziT^JXez^^usKD|x`t6cNPaw~^2qVDyoCH}g#BNlKentxR2wG8xBVTuP67WN({)W-
zzC8Yf+izFbL7H_9ZJzRSY&pln<xt(VyafF8WBpYdkIR(yU64nmM_3!Cif<F9U8g|)
zbw~JS*znQCCHxi%D=Hf+)-{yzcv{d=`SIv@M}=#7iTQ;&kKF4ZQ69ybWLO&(WrMKy
zVe1q<*Iw)F%#1J@=-t$>epQVh%-c*k>L@m2#*C^g+B`+v-gmy!YJM<EE*&qDNA$U*
z{$tNiexlZaV>`vWERU>L*tzy{T$|rx&^K1us001i0i1(wLn}$#0r(tupxsf)G8Qt5
zv{i8^tPgWaVmuemI$kQ;bPmVtkA9SqpFuI|{0_%hQpqERh0P_3@%(eRFIzj?N4Fl<
z&NlJ7o0peE4mm`*9_DRmZo_uAmCmQ5oo(WEw<|lUalE&ooekUBUaEc0?Q9RPyIt8)
z`2=|z+S#z3?X?Pi53)~LQhU(4zsiR|<qu%WD-KN;XSUOsFmz5k(K3~_-Qvl8prrbz
zahAIc&6O)xvPqLBIrnp*Gs}r~Qv0-8dbtmjM89Aw{8Lm{#Cl2?PbEF#p`bZ1IKa9N
z>|()N@%|ExEGqd_VU+$Yxc0$Szy*FiJw2)U4usjDk>APlKuKh^$!k+SrZflkA7Gv5
zbgJ>I!iP=Rn}DAYLl~mA*;Mv+h`0a#``7e=lIU!j*ET$iXzsH&>v?BSI@sYjJ8cL*
zbk14avleaiZkD+6T38afjq+OI4-m%Fgy!61=BA4sj-kav7>c{!F-*^9ezy+$r1&^2
zi5@0-ZA;&T=Gb$`W`mzf9n{y?=i4x$9uWJ`w)rc@H_2-;zR9x*&5lbtvcb;>hUy=k
zZ@Gy+tr$n_LnqPCB(H7ho6rnCf_&v|jCe1_`v%<L>u^@8NQXZYpCBGhTfLhpzUUL3
zL~f<c$@U3sZbH)}j;&s4(6p7IS>lUp@kwM(!{#P5P2$+<l?F{)8Ja0RpNCE&a~d``
zp=lDwR<AT@+RD&O@%gt`lE|Ef%}r>U#Ie;Y4VtzxG*f)OH$I8XY1rI^rb!%Iz0#m*
zD?>BIKNR~TXbvce%xT!%gr-RxTfNetX)8lB#pk|2Nn}pL<|Z^v;@Iky22EQTnkhbC
z2TLMz8a6kfX%fd)uQX`d%Fs;lUx)o_zWo~ZJ@oh)wuK3f`8ujeTwR<rY;Ho+B#usI
zU3eNab-Y?7oaTU%=#qxbO=z0LvDGULnzk}DTYQ=WN+NR_HaDSZ6314rG-%q&&}{MP
zn_)?04zqdOv-`qm(m4?%Z&;i(_<H{hb>E22bx8$3SO=#yRO^e<(fX@=Ro20|A6MA=
zyERXe(~xfxTeV_ZnnO&YS6x2K`R?jB{BT4+(k%UdM7~LE)rx89TRlni$_zh$6O{Lu
zaaptUKlJ|d>b8sWg65!kp2WFlg`ZJ-kE+>6Gj~%q{?DTZYx%~pQ7fk*Ke8nHWr3d&
zXN;)94wrZAJJR)m*74>1{e5pnYZyuFkT!mL-rmDju2Sy-9auHM#=L7xeP7!_pDT=S
z5_`2;TKZ;l5}ne(PjO3;b-%lt%|326+Z+45!sHv=XOPW){p@mlN|!_)8@^#OwbMH~
zPobUk^}2?aM_c=lAGB>6AKz^rG_yTv4ZfM>_p;}UWsjeH?ceP9Cm)Vx*TKu5Um5WD
z$<Ow!fP0T0kDpe+vDd-l*kizBz+=E;z+=E;z+=E;pjj~B$6y|-aj{C+!5s9Sxaobm
z_QoFYvj_Nj)#ISOaS%8EvHt!le1M*bo8G5uZ`=VpPr--vL63v>#zEZt$9I|UhY$T{
z;->fM+8cMk&Na9OJr3F%2XXWNu)_{pf&H2R`av(prQy@HC-&g`{1Rb@{?Lxy>~YYZ
zIEb6?*n9e~L+A+toJYSfE*+n)J#j~v;rO9D_Ja9wnDC7dUoQ0J0%P|3MeNWs&QjRV
z+e~jWZ<`_8(3%DCvyY4)`i<~Ay`4OU!Y}}g+@`_~g`rP02L0++!qWS9?Tasr)BlQZ
zF?Q?lL*c;J(X=k+animxQRO{h0&|6%!mz{Np&q)5+Bp>+AJ%@jA}jzCmvelW+%YHg
zPaZ4nhZR+x)BK<bX5=`iuWt19P<vwt{h4pcxUl){+p_k=Po=+eg$-78ajD<r$7St<
zBg$*k8yj_ah!YM!#nIFb5-wG3qz`Kid?Amw;avG~aWG<%2J0SJ>hNnFtyW%un+I?n
z_$m_&xQIjRXH*|~-;d_4cgP0=d3ck&7U}{YHZ;J0CECmD&{uyDb<;ECSMB$8G!CvP
zFDOqaZzzv|nd>OeZ1Pwam$9wls{+GU2iPt#C<qRxu;**T#!=X|+OQIZZLJL}P*`nH
zIbe?*_K_fv*n)8o?2zNl2?9x!AV6!qU5+<G9kxx5R|*1E*j71SA;9sR(w`<wisgTL
z3wR573wR573wR573*=^jtukj#|3wvVo19kDZ`v-$)AYkseK=KLPt_+>^&M4xOl4nG
zQl#8xm4qqxZ6(I#K5#9;a$k8d^gRm~ku3!M_>aG<gW%@Ap=&6>{6EHo(=cCsHTwC#
zLZAOd^!;~dwT1>>w4a|rhVr)=AP2)96Gq?3TfcsN`Fp|i&ETA_o#6W?T=(Gm+{TR?
zPhP!xb&t7a!(&3%L5#0{nU$^M%zpt73}Zh=-<@lK{2&~>gzF2NHf@?0Ze9IbjAJK2
zr~hnZyQ}hw<ON>Jc|qT?g&p#|c5c|P;p312wXOLd<UatIdP${UGlfxJP`RM*!RDL~
zccEUIW|9M#Z#xBY?`|eLo5)IKV(r?sdFI0t$b<5}NL@ZqT@T#vGSR15<4`{2SRVdx
z%rVEH2UP!uHhVnIU3jrs?P@DG)k`_G)px1d1ITlqtq#o|pZc`GUFLNX>Y-1FB>?r#
z`ewIf68SNv$+|4;6#J&A6aOcP{H>6d%0kBN^B1WMV1M59X6xgpncwv7XY|>#sFPlz
zaWd-tYtz)H8EMn}MizMh9w(vh`*kzgC~cXkpPKgg8SU`r$=4!nU7D3X&G)682Y0vP
zSl4BK)7)N)<Agu?wl~_Jhsr@pd9cGJR$7@>T6Iw?+sw6Y)F!*`7rB<P)#*{+)a6`u
ztJ^CL{b-%dRUV`vUpvsGwPzQ3&<?grLr0n~a?vMBL$-FIiS?4iWuRSbm6o0~UzemF
zN=vSGqPuS0y4ZP;mYo(XSU|34HP`(4^JAU8BGZW@b6;OyjVwe{q_cGCQZ|14cvdQr
z=Uc7ZaeteX3sDAF&kN2uhXo8fR>TV!88vEDjm{?gYG@EW$!;bzCVlK<wX#Tb7Qj!a
z@Xc?s;Q8n4<B2-hJVVZ0?2mpy*Fz80>+#@&EGQP)oH=u>@*t`G``+;m7VO$pFHa>O
zmu=k0icddX|K7&ds<=7XfA*!9>UBB&bk^0?#a6CdX`Ba1>_7M9lUeZ6OKN#4_Mdp`
zt?KtGo7#lsVE;k%$2uN=T(8ge?JO8Ml2Ki3Qg2Y4xb|NJzr(^)Pt~XAHmumc<GJVb
zad_Mqcayq@;+WdOB;NE-eX3TMJ$qO{mni=Q7nIvLoVRDhyCyBssn{({o@MZjE<XHl
zEniUvfli%#D4$`pqu$Xxsm&Z+6g|`T1Elk_&(`YvFaN^E-hO*+7{!@5k@fcW8tG|k
z|CR71>G<)FYkA7H7ws><Gsxd4o7ngiMbR>SKl!U)t<`zwPBsbiwabn<h86H!W5>%b
zV@0&Z%a$#R%!8VAg58vIq3s`W%PqCMkY>bZKU){Z%aIj*!*j4{&CIk6DD^Pp!_zK@
zzeeGeS88-DTyX{CbxiLKH`KffC@%Uz6HyL04c*<wK0ROhQY|0YzI5AdY#^i^v7xV%
zQ58=6LrmHLRa)Dyao_n)t=_0(W-MP`wJp_69dh6L`s>Se`JzROs_|5OP3@!V;}`C`
zk1a!=favPz=)zU9*o4vioJkq5p{a_ynEH6Tch~6Gao%}saB#53t}`#cye3XL4gB-R
zjvZSQPv&7_A5|Z}@aUs#;UR}qY3u0d!eu$){9dzWO=KB}Lsv{Q`oI3G)~>((E$d&n
zu&OtYJBWV42<m@|?cE)Bl*>TayhKfWMg6br<3IBZ>&Lz@&YSK!I=XN%ZQN(-3q{pI
zacNUJ)jY$<(@v|=Tckht{PXMW5HT+iW*=oAA8pI@6Hly@K}SayF3O$cIcl9IHf_~B
z!(Df=MT-~L=`Ql<x&Qv!JcyW=(Ah`X$45Ol@$9pe{B?A6;iAk*p2@d5tPI4ZT{q8w
zan=~D$wkpyjPfD37eUCpgvvg;K7P-ZEn5C6IwY$uJW3Cn_hIwXHgtGg)jUJt>t8qO
z&l8Oa=o8lH9WpOb6OZbDj2lLL_q(;}5l(%4xy|SD(!GvOWt^o87t<zv4qKy%L%VLC
z0d?+V)JLYYXuMFA#tQ-32AX^4V+KyE&OTRNRcA}y$LDEO_c}Tm+MmW_x;jWDYgm|S
zo}u{3PuAHjj0U}%Dvy^n^AdG-6Z=ni7W?>NJnQI$*gvcsh4Bb`r`z)vmPYliZk_>i
zjD1);QpF7m8#wr2)`5Ovja?M;5;gB-+e>}?Fn)D(xc%k%LCn9!UGI|9iSl4yud)n?
zaiX48^9&vDc~5A)8%A^HCq7YYf5p5+o!xjIDEjzeyz1yw>|Zx7=k$}_EA+Wcy74f7
zZ*s4jXZX!;*j&X}%Y+ui!DeGN663WR+eq^gHSf4hG=2OqzIAje_DOU7MV3c37LeoU
zeyipgMxJz%b-g3gpZC7^)!LutGK6`FI=hAR@nzcL?>aga`!7RZpfjcQN0C20)1G6w
z9hT$heviS}O4OkTb6dK&w&7#$xu=HqSn%RBM4t5Ahj}Fa&gL%D5z{W)w26(s^G;UM
ztyS`JXK@$l^Ji5*h`;mq=zSP2Y$T7xT+sA1%=1oO7x1<-x19@H$@4)jXnGpvc}V;1
z#B~{OJ9FE)vXywwfep>D@m(05uynKrKViZIE5A#cC!#ba>-S-D<@HXSk2944hitQ&
zOB&zl=+vYk8bZ2-`z>U}Q;ICOSfVZS5`R<NH{co<u+Gj-wp>_e*2&Ol;bI$LDqENx
z!)WNzEk9^ED_#iOi?+3SJ`Z^?CSa2$O^P)h2$MPOcQhBl$6=<t>g*KM`fuy#=+aGm
z%f$G$=lQfbU>zMDO=o|y6+hQNXE!-qXGb}n{9Bi<<AWW^?SBEvfFTZKx$^$a+h9{U
zbasqNuS*wv1h(Tirh75EJPqzMSeu4uG^zdhI4sJ3{C$nB$X<qe>(c4MIX~S!ZaN*k
zyu$fhoGJgfdh62Z!lUGgn=XoO*6+D*kSX7|dh62Z!lUGgn=XoO*6(Q?Ono3zzH#-|
zrPGB+$rCqS6x}@DQy<8bZ(O}~>2%>y^2ALSMK_Q4G#72kH?H2gbh_{;dE%yvqMOHi
zT8}j48&_{#I$d~_JaN-S(aqyM?UOO(tJ2%VPezrFc&fsa&@<Jek>cSS3-Rrb@e+*z
zLNAI#V+DR;yu{}VRO7EuTEr`aUL)DnR2DkR$uw@&hTN8M?wBv&^JT8)A2>ZzJsK$<
zoo8k$j|=-3Utg@w7rU5$6X}`i(Ma*Kw14sZB3r!g@ZJELf9|}fbGUA@EKf4MMzX7^
zEOdU5Y23K@FKxkE)!7pm*<0qd>>#XtorAS6#4)8GMo*^S=)Y+WqS0k+W%<Y-tCjU@
zblqqjtkGp`W%>Ns&)NH)v@)K&ZXQn_10Dk&1Lhd;ZLqnmT;qytkE`XrwdvYUY0*Rf
ze>cX!{`)&vk4VeLVRSM6eGzkTzX^-u-=&u~@WcHT{D7|WHcrpRVYbEk%hgx|?hA|K
z-=&i`)b?T@z;vwn1t<sq>+PJ5opp9az5h$HJ^kTqf}?fue7O63A?%~>862|y(0`PH
zpL$!nx3$WqXmkHlv^_n;7h(d|!(LX!_hIhx1^xZM!uNlYY=8QV?<yTiV*+n)clH)-
zNn>4L{~(p^c^JyUX+96!+aF`CU1(=d;dTzY<J{1Lsho&;=bz)}3C%IU_WOp}Tz*G&
zly8&c+nnPS_04_Mw#xQ3{Y`ySKR&R}2lVg%2Yt--rgn~s2VdQpG*?0MMO2=A8!?<G
zd>#`x{WWZKE&TdtMA?(SXWRHwsr+$?$}hHy2cuiGWB7T_^TW^Mwhup#*f#uJ5}&sY
zhZn@>;b8ydE#NJXw*|Hi3s6%|w+)Bal<V!o;UmO4L98ppI)ohcD}PL^a~30THLk6=
z3PC^q<8O5kTrhFyD*q1ohcVk4)OojI?ED=1xUbRN25<Z0-iZeJ=AoTos8ea4kkMWp
zzGt7Go#5cU6Eq&jc|708{lZO~Hq8rBwdNJg-%uMHSI4;N$S$;RLq5mMfh}l1=4-gV
zuzB<5sWr+<KhP&T6K&qExH`B>NBFS$){cdZ{s64)C#hZj3Eki3N`6;#2oovT;jbtc
zt3(?R<{P=+M|jYkb8M0K)w5ZU<_}_7$fLZ+!3Z!~bH-Rq-OF~^xN+m>2?MBej*KHq
zUTFvmF1}9<+r38Z0@}FS^U@_QUzAnG&sj-=0i?YE_Iy6B9C@cpS~pVvfciFh>yd;%
z`e|alX8Zh@i+)`a`CX(<fP<Yb_~%W7@-VIq@|N8t|2TD`Oa6J&qW+@oSSoLsUGt~C
zk2Y<hYyOQukH(RvHb^4xf&~lM+_`hhm&v!M7vh@=JiZBE`hJ}ppU!d+>G1dReZ`6u
zHS-lZdzi?fiZheG`S!2>I&__KO60en7ryCDtn=UgZ74qGK2$Wtu!;EQRh51v{tE1C
z@A~kES@6&QJp7K!5OxpwR+z}s^m!%5A%#EvY4~h^d@H7eb8F>q9EtSiUU=bf{D|*6
zOnvWrYrpSI@zLk)lD;P(pZ%}>jr1<_f8u98Gpq~$cECqJ8v5;HQ~hV-n`yz09kui!
z|DrR_s14(M4erF-mHx}|{l~(~FAvG`;)|@nzpa3Kapp|z*~KRM&)>Y61@gD1Nk8a6
z_X8go)*t0f#8%id<~FptlTE_Xs@{#EvRAQr=f^(ArhoqP)!)GvzM%c~Z<PK^Fb`S~
zzA@kNv!4yqCH*bRk0>|w4a4S6#JEw<OJ4ta7QFV_kX(QG1KSJVTBmRJb^h^>Lt(pi
zu>j{@tG>M(CjS8Ps7T*y<aYhmw^+ZVZ&>;$xoNK11^!3jTOwS>(eHX!6+5%HZmos~
z-~P7p+qXLTG4aN_gm0-A@!i(}%yG!^<=;^{%kOpb%5ps2@A+?j^RSM{tEFQ53LQrO
z`q#tn@qJwR+p{|PM+@I;EBxwLY)R$p967%HTPLS3oaW9{7|_L+!@KZZ9G>^%Q6A;@
zHQ$WIcj`xt9$gbhCI5Kw+sRKp$@UV?EtBKRzh(YWzo{NjjSZsG(firL_iYQe-pb^@
z6{j&){ATeR-oWPITj>0qEPqWKk9K4h>V6)V?s9zjw;0#-Sv;SfV<9RneP6ls$Rk5}
zkNT}w$Rj!Jk`qo~1*!w79z&Y0o*u^g#WnI@d+l%=Pc+~5wi?}uZcY3I^}i@1jSsor
z{4Ty%Jx}|)zpLWDi1sb&EVap~yLmYYP)GLl^_6w2(Wg?+Q@n8>{9v8#Ci?gH_gBXT
za^GL|o9iaGg*;q!uj%K$@B*7{aIVgZwQGmJHzo9oRr-(m)TflXtMs4$&UX&m74=JX
zY!KG(=kF@x2cj#F4OM#cuu1s#E6>X=v~fH<>OTFt>#FI3O21gvzY{naggiQ0HSvM}
z0jw3*eOFSz5tmbW7wT)d4CweT#~Gf*zy7tXM+yC##i&1ZapiF86LnSkL<M})Z#LRA
zQJ;~>KWgLUbmDI@es86(L1TbXXd?q&#~A9*({uV_8Q@{<bQjx!cG8>cD$bGduy(ui
zZ#9MKO>Nis@#D*vE*{NA@i_EM@u<z8F=IygTR!}qeDCe;WlLjxUsorGZ8-mCr!L*x
zW9AN@-L_2s4Tb9YZYKrh_IP0b0oHK}zJYOxa6YJf1|PjUAz;PPMeTfnPA*sBybjRO
zi>v?GGsh0wP1alfeOwSaXQY$OMK~W5>uAN*zj#UI+dt<Atoy8PHvVjsAL;76xN<(@
zML}rU(#hr`oc9BCwBqV7mj@MnvImbx^@1u+7GX3V)bVKt{iz?+&id1uaXafz-^yuc
z{b^3jRDa!go7ZCj+W&d;=2h!8`aNaJ6y+G5+6A7DzIUjTA?<MZerb8v)PHBAzXE;g
zu2Y0Q&apwcFH^d-a^@}Czq<IG2EC)c0NOu3Ka#etD*7}IP=!-ijs9}KMe%#m0Yl&G
zvpN5|^9`Mm^GQ1ST!d2}Ku5<^|I!CaY})2&RXPLv4X_Dso4|@&^xr_FcVo{Q%U0}L
zyGE^(C9Uu<{nO&vNOZ}MvXSJ;T9#Ju{YzrAcGo|N?OG*mJ7a)!M;nm)exJOs1l?b2
zX8-r3cB8$0=mUQ*DV=6bPx~7&23psw@+XxW<KH7_4-n=8A5KcE+0xUVFVda<@Qkit
z`<zdNdVe?V`5V%H=s(KB+uNlrM45k^s5^g#P0ns*98kVP_jho8Rd>_{`%rz*YFME1
zE@NJ$KM$jJ0cGM2Y9pzS)J*muSxM$f`+hs^@#K2R_sUrUhgZ%T;AfBUb4N;BhZ69!
z3kq_2|GTj)uyshBYJP1S`d!*SbmwPEjN|!E=R{CLa2BrWIT7=N;MZe@E(9z8P&QtV
zdg7<R*$&`sk8S&3!6>6SNYG+57awQ;7WZSr{Y6|4VO{@IxGz--jX;#^F_8P`w(^?B
zr#U6?2=%!ZWUlkatGwHV{n^)mR;Q>3$&PyLSyNe(#)F*_=>Z-7pQr=qJ(N_YIO%B*
zfXesPARidz1LXns*&d%~8-Q|FJ}bpUW+~1t{9cMO_COrlxlSYdA4;++%LA2Zs%Kow
z5|<v~$wY1;&O>qP$hh*Eq@y}lkT2@_FD5jzj$@M#S<7b1kNY7-<%KD|JmTS8(<uBj
z^g0XG>rrQl*w~f)&!<kET3-9srK9~Z6i41CBgUuw6Jngjix;!$)2EliC|tbA-;mbd
z>7qWBj3<$9*z>%%zP0MRUBF(y<;&~8?@H;ppY^n9!)u=+-HGt~7URq&y2Ac8{!Vo#
zo5YeIeXp8*bJ(Xe8Ge?cT>P2yRmnf&?QgH~v8FgBL)nQg^_$|z-*@rFLpH<S+R`)6
zl%EUOH@sxYk~$r9^7q5nJ>YvXEB@gme>Fbv!)>6t>)K~kTrq4Am@7W^SeZ}v1sAYc
zpZLTO&+XgUIAB$bOV3q#1pF-AxRC|eGePf02zw7|<QL-0H0iglEUV&*VN*W&$sw7r
zk8LUZcWGbVh=(5@3d8;<?%T`L$nr14_@(f_|67jVf&F|dQKyJ;#Ai-Jcc<}#4SoiQ
z_n-e<<~IR*1UTJ!w2zuFfIYRNu{W28(_NHj0Q<^ImA%!)pZtU^uY5mUj3YjabX3oj
z2XcQ~6_1CF`{EbN@)WjhtJ_09hVS{l?6Pv*#?w^gLA}@Y@BcoO{?SL-BJ2~XizDJc
z0zW)0jYq{i;NkLp8GI-M+9$GmH=7Fl%I_CruQI(0un(jQ=Oys{Q(XSyHP;N~1<L!p
z4I66G^Efv6=ltoMEED;=Z@Q_>zjVV5RoOTVexF#eZ*cwfY}Tw<Wf{3_<vVnndGg6M
zvQt_fN0h%Cd*Z})OZCj##Hf8Li>R(6+rs{HaOMS<SH3St9+mg<AZ`hEp>qnjY?OX7
z>U%kjEPv+{PYkE2)T>n*(r?n2(u?I-MZfz;KPuB4d-c^y{$iSGU;0ux?uZ}!pxhpC
z-qg;D@x*5yhtBDk4;?$P$CQVK-6=lNp}7o>A(3t~J@b9f%_OrZD?i^$4CBvXeMtG8
zuJ1_wNmc)X^GJH<<4hHupyEf!%ZnICd^dabY!<v<@U;~E58oHC!n{IiI?%iel>t#U
z{w&JK!}wi%*Kr>9!-z7=&+iG!`-ON~*LR(tKbI-W{-*I<%gyQ0yfA+j@1}B@#uI6~
ze5Nw2qGu|XX*?AV7h%+nspy!>Wg1V#!$la?K`J_2uI}#cx;_biN8@V#92HN+!$la4
z=T&sLT-rP86{_32F6gT2pp09Ir{duvjOtJo9i=Rly0LUYiOo5D==_NJ>*ll03oCoZ
zq`Fg#r{duvjQT+?=;TF%#$$Q$_I&kc95j<{fFbKO-bT@nWN)PPBU`(W?3h!0&^BG8
z#E0xZ#X84{%~}tk|L}TR1IF6>FB`?CrgFgcKPTDg5Au)2ywG!|Y4eUpz7FK`FeLrZ
zf6{^Sp^>pfvcc{T$+C-jP<fy-O=Y_gbRii?7GV7W@^uhprRTDL*tj6rMn6hJ-<5&G
z5V~;q^Il<Og+zZ_DYanFZS)&<=5{APt$tjqaaH}a#s|U8eM1+5YyN<*HvnIBzPr(P
zSE-Ln;|v<>(RwaFABE5VY3@%V{A>7*!g7&0*5yBw6w{QRWRceqG;-{Kyr+>2q<2!@
zV!cPSX#8$qj~!$O*nGQ~-qkbcn%LrN$Va36jw2W9hbS5T7>BM+8d}!~S*y>ak4oi4
zhX<7|v?fpM9CVl8%k#ASy}b5M>qfNp!q-b?Vm*(q_ls-(JUzcJKK0b<oPVd{%rU+W
zAkG0!!TPNn-gD!PHEZJhJ-?G4R5m$ZejhKK?-^Wm72|6Q{5?<4`OiJ=wBfT6v97|y
ztLM&2Yb`uIl@FOeo!wY?`swm|c=^m?tSwKJ)}ncO;<J>_;KjMNJdEyD{uRE{r1kT#
zb;ADly{}BG0NYKt<(8r6<BzXd<K(=iB5ynHy|)~vOR!lTe`)=a>L(G4+^%#V{k`v%
z>5ao#ob%5;xBML7407>YPR_qrSzjvRY`PUF=R7=$Kk=dZk=M(d{|eYLc=c5lz@7`q
ze*x`F$N&9bIjkFJH}ZI#Px+2B^A=RjB;nyQf7SXStzmGV7fyHDKm0>khtic-R(bVe
zjk8P_`NGfM;(SQf>B1T&53lm)=N@bDM`cjN-^j{&xU)8Gs`4+d1tWduFMh#jJ%(iE
zd?sIVNj07r&dbZ>Z+<hh{Lz}G$e-IGtGjG}UA-oU%k>(s-{?;D9bYdu(L-G4;B$*S
z|9E;iyyui27JOK-wnSkY12%j1?3#SxbX0dbQ;mnqe01ST-h7S|GRX3CI;uPRKKA@8
zyktH)`Bi**82MxJXI*+ZT>c%Ep1)V!F)qxNKlP8eTwE`C&47n<d-LB>@i^VEyV&pL
zbd`7DisL#8e>`3oU;fUBKX{KhWlXhPPd;<9w)~0lIFClZr`i9G(jE5SjegMMQSs7x
z58jVq%yvpz^uy>9_Gs)!V?fC8xv;pd-w|&b^Ad0VM|PmRND~i48$7miy@~fW%o=RX
zVMc~{5^tKPn1*W*S9P9ZR1o~<<e>|})j!C-8g=&XVL$D-jciNxD&m&EaVGY4d7ra#
z{|nxI1J5&w0p_tbgwfSufcVLMdWp|7!~=3asiR>MPW>g_+y?0pM|PPn@S*#ju(NMI
zQr@V><FYI?=Agcx7*2g#I#-T|k*_)R`FP))-qUZ2vkc!Aq4(4ur2OD%=-&JBkC*$=
z#q-Xqwks4)ed`jw(L&EF&^IYo`s5@_Kb@z(V@I|B&HLdUIPYGj-|^5xL*FBM;DH*S
z{wjT7hWnsW7}4*od?RQqWb4H_?^7`jnTv15?EUU{*U(=?{-H?IUGaDB5&RfA{jo?(
zeu|y&&E@o`ROk~gZVPcg3=bRo<u8}VU`sGQpmWS=49<P}iB@p;-DTRN;a@A#6rVXQ
zDjOWL6voHbofZGZDew;^|LqwSnacDj5Ae;1L8KLFa{Cm)w}kIt@T>c{<Er+V`~LTr
z_2pwIK7N{ny#&O+Y@gr$mSJ;S`FC%{hUBZg7tTyC?A%$7!{wlR&lOix>2tkY->Ezh
z&Hf|$S?Q=!4Q57f9?eEA8&!Tk?NID1z<crPTG~~`zfLZipQU$GPMT8o>ku(O{k_uK
zQu%#hOQGKH<I<pvPaSOvr+HTs`XVn~d=($wPmhv6E`6$7MR_JpoLH_$s4fv{(sS{M
zV)fmaW5?9lQzbvut0H}(BVHrdjtsTGyq7@cLFJ6X7OY*sdQa%BxuzaJm91DcbZ+2Y
z8}?#TPn=rwzW>PK`c$SX{&vy6i1fr~qK!QMgBa%WnfeUar?NT?9f&6NOQ;V)JV*~0
zd@441lKLe?dn+yWr1VF$sUL>rq4JthwI9||zpo#4$s)3+tRsF``(29teJ@fU<=A77
zolI#>@|Nc9xi2>FPgVLkWvrXfAep2y0$$|l=$l01cgN_Ne~*yL8$DAT>Qhkpr8+`9
z|9Ql1x3L1g-Nn;TTS0LrSH68j&qeGn5!({lD@FX5qdul@w-vERpbz~M3Zr;a@J*uv
z_CIl2{7&z=P3d_u`Wz!Z{b@GwD_>z<`0g1`A7DS#Oxoj6k%jJbUM%&aX#SAPPxFb?
zMpFA&`uWexdQ#j87hP1PMe#c-vd}xas83D2L|gG^vK8^6OIKgfyl+`n)PH0j@wxcE
z;&7b^|3WcuC>~uX3pHuP^i-e9G<iCHCrt4)+%7yF-Q_Tzj^Fuw4aMab$xXV8KHEHu
orxWjlN%6PMGnF~h@}r`Qw7<g{-is^c*H{jcnbJ_%Pg({2e}YF?Q2+n{

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/el.json b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/el.json
index f801251c5..4df3e03c4 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/el.json
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/el.json
@@ -1,4 +1,5 @@
 {
+    "HTTPS is required for full functionality": "Το HTTPS είναι απαιτούμενο για πλήρη λειτουργικότητα",
     "Connecting...": "Συνδέεται...",
     "Disconnecting...": "Aποσυνδέεται...",
     "Reconnecting...": "Επανασυνδέεται...",
@@ -7,19 +8,15 @@
     "Connected (encrypted) to ": "Συνδέθηκε (κρυπτογραφημένα) με το ",
     "Connected (unencrypted) to ": "Συνδέθηκε (μη κρυπτογραφημένα) με το ",
     "Something went wrong, connection is closed": "Κάτι πήγε στραβά, η σύνδεση διακόπηκε",
+    "Failed to connect to server": "Αποτυχία στη σύνδεση με το διακομιστή",
     "Disconnected": "Αποσυνδέθηκε",
     "New connection has been rejected with reason: ": "Η νέα σύνδεση απορρίφθηκε διότι: ",
     "New connection has been rejected": "Η νέα σύνδεση απορρίφθηκε ",
-    "Password is required": "Απαιτείται ο κωδικός πρόσβασης",
+    "Credentials are required": "Απαιτούνται διαπιστευτήρια",
     "noVNC encountered an error:": "το noVNC αντιμετώπισε ένα σφάλμα:",
     "Hide/Show the control bar": "Απόκρυψη/Εμφάνιση γραμμής ελέγχου",
+    "Drag": "Σύρσιμο",
     "Move/Drag Viewport": "Μετακίνηση/Σύρσιμο Θεατού πεδίου",
-    "viewport drag": "σύρσιμο θεατού πεδίου",
-    "Active Mouse Button": "Ενεργό Πλήκτρο Ποντικιού",
-    "No mousebutton": "Χωρίς Πλήκτρο Ποντικιού",
-    "Left mousebutton": "Αριστερό Πλήκτρο Ποντικιού",
-    "Middle mousebutton": "Μεσαίο Πλήκτρο Ποντικιού",
-    "Right mousebutton": "Δεξί Πλήκτρο Ποντικιού",
     "Keyboard": "Πληκτρολόγιο",
     "Show Keyboard": "Εμφάνιση Πληκτρολογίου",
     "Extra keys": "Επιπλέον πλήκτρα",
@@ -28,6 +25,8 @@
     "Toggle Ctrl": "Εναλλαγή Ctrl",
     "Alt": "Alt",
     "Toggle Alt": "Εναλλαγή Alt",
+    "Toggle Windows": "Εναλλαγή Παράθυρων",
+    "Windows": "Παράθυρα",
     "Send Tab": "Αποστολή Tab",
     "Tab": "Tab",
     "Esc": "Esc",
@@ -41,8 +40,7 @@
     "Reboot": "Επανεκκίνηση",
     "Reset": "Επαναφορά",
     "Clipboard": "Πρόχειρο",
-    "Clear": "Καθάρισμα",
-    "Fullscreen": "Πλήρης Οθόνη",
+    "Edit clipboard content in the textarea below.": "Επεξεργαστείτε το περιεχόμενο του πρόχειρου στην περιοχή κειμένου παρακάτω.",
     "Settings": "Ρυθμίσεις",
     "Shared Mode": "Κοινόχρηστη Λειτουργία",
     "View Only": "Μόνο Θέαση",
@@ -52,6 +50,8 @@
     "Local Scaling": "Τοπική Κλιμάκωση",
     "Remote Resizing": "Απομακρυσμένη Αλλαγή μεγέθους",
     "Advanced": "Για προχωρημένους",
+    "Quality:": "Ποιότητα:",
+    "Compression level:": "Επίπεδο συμπίεσης:",
     "Repeater ID:": "Repeater ID:",
     "WebSocket": "WebSocket",
     "Encrypt": "Κρυπτογράφηση",
@@ -60,10 +60,20 @@
     "Path:": "Διαδρομή:",
     "Automatic Reconnect": "Αυτόματη επανασύνδεση",
     "Reconnect Delay (ms):": "Καθυστέρηση επανασύνδεσης (ms):",
+    "Show Dot when No Cursor": "Εμφάνιση Τελείας όταν δεν υπάρχει Δρομέας",
     "Logging:": "Καταγραφή:",
+    "Version:": "Έκδοση:",
     "Disconnect": "Αποσύνδεση",
     "Connect": "Σύνδεση",
+    "Server identity": "Ταυτότητα Διακομιστή",
+    "The server has provided the following identifying information:": "Ο διακομιστής παρείχε την ακόλουθη πληροφορία ταυτοποίησης:",
+    "Fingerprint:": "Δακτυλικό αποτύπωμα:",
+    "Please verify that the information is correct and press \"Approve\". Otherwise press \"Reject\".": "Παρακαλώ επαληθεύσετε ότι η πληροφορία είναι σωστή και πιέστε \"Αποδοχή\". Αλλιώς πιέστε \"Απόρριψη\".",
+    "Approve": "Αποδοχή",
+    "Reject": "Απόρριψη",
+    "Credentials": "Διαπιστευτήρια",
+    "Username:": "Κωδικός Χρήστη:",
     "Password:": "Κωδικός Πρόσβασης:",
-    "Cancel": "Ακύρωση",
-    "Canvas not supported.": "Δεν υποστηρίζεται το στοιχείο Canvas"
+    "Send Credentials": "Αποστολή Διαπιστευτηρίων",
+    "Cancel": "Ακύρωση"
 }
\ No newline at end of file
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/es.json b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/es.json
index 23f23f497..b9e663a3d 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/es.json
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/es.json
@@ -4,9 +4,9 @@
     "Connected (unencrypted) to ": "Conectado (sin encriptación) a",
     "Disconnecting...": "Desconectando...",
     "Disconnected": "Desconectado",
-    "Must set host": "Debes configurar el host",
+    "Must set host": "Se debe configurar el host",
     "Reconnecting...": "Reconectando...",
-    "Password is required": "Contraseña es obligatoria",
+    "Password is required": "La contraseña es obligatoria",
     "Disconnect timeout": "Tiempo de desconexión agotado",
     "noVNC encountered an error:": "noVNC ha encontrado un error:",
     "Hide/Show the control bar": "Ocultar/Mostrar la barra de control",
@@ -41,6 +41,7 @@
     "Clear": "Vaciar",
     "Fullscreen": "Pantalla Completa",
     "Settings": "Configuraciones",
+    "Encrypt": "Encriptar",
     "Shared Mode": "Modo Compartido",
     "View Only": "Solo visualización",
     "Clip to Window": "Recortar al tamaño de la ventana",
@@ -51,18 +52,17 @@
     "Remote Resizing": "Cambio de tamaño remoto",
     "Advanced": "Avanzado",
     "Local Cursor": "Cursor Local",
-    "Repeater ID:": "ID del Repetidor",
+    "Repeater ID:": "ID del Repetidor:",
     "WebSocket": "WebSocket",
-    "Encrypt": "",
-    "Host:": "Host",
-    "Port:": "Puesto",
-    "Path:": "Ruta",
+    "Host:": "Host:",
+    "Port:": "Puerto:",
+    "Path:": "Ruta:",
     "Automatic Reconnect": "Reconexión automática",
-    "Reconnect Delay (ms):": "Retraso en la reconexión (ms)",
-    "Logging:": "Logging",
+    "Reconnect Delay (ms):": "Retraso en la reconexión (ms):",
+    "Logging:": "Registrando:",
     "Disconnect": "Desconectar",
     "Connect": "Conectar",
-    "Password:": "Contraseña",
+    "Password:": "Contraseña:",
     "Cancel": "Cancelar",
-    "Canvas not supported.": "Canvas no está soportado"
+    "Canvas not supported.": "Canvas no soportado."
 }
\ No newline at end of file
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/fr.json b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/fr.json
new file mode 100644
index 000000000..c0eeec7d3
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/fr.json
@@ -0,0 +1,72 @@
+{
+    "Connecting...": "En cours de connexion...",
+    "Disconnecting...": "Déconnexion en cours...",
+    "Reconnecting...": "Reconnexion en cours...",
+    "Internal error": "Erreur interne",
+    "Must set host": "Doit définir l'hôte",
+    "Connected (encrypted) to ": "Connecté (chiffré) à ",
+    "Connected (unencrypted) to ": "Connecté (non chiffré) à ",
+    "Something went wrong, connection is closed": "Quelque chose s'est mal passé, la connexion a été fermée",
+    "Failed to connect to server": "Échec de connexion au serveur",
+    "Disconnected": "Déconnecté",
+    "New connection has been rejected with reason: ": "Une nouvelle connexion a été rejetée avec motif : ",
+    "New connection has been rejected": "Une nouvelle connexion a été rejetée",
+    "Credentials are required": "Les identifiants sont requis",
+    "noVNC encountered an error:": "noVNC a rencontré une erreur :",
+    "Hide/Show the control bar": "Masquer/Afficher la barre de contrôle",
+    "Drag": "Faire glisser",
+    "Move/Drag Viewport": "Déplacer/faire glisser le Viewport",
+    "Keyboard": "Clavier",
+    "Show Keyboard": "Afficher le clavier",
+    "Extra keys": "Touches supplémentaires",
+    "Show Extra Keys": "Afficher les touches supplémentaires",
+    "Ctrl": "Ctrl",
+    "Toggle Ctrl": "Basculer Ctrl",
+    "Alt": "Alt",
+    "Toggle Alt": "Basculer Alt",
+    "Toggle Windows": "Basculer Windows",
+    "Windows": "Windows",
+    "Send Tab": "Envoyer l'onglet",
+    "Tab": "l'onglet",
+    "Esc": "Esc",
+    "Send Escape": "Envoyer Escape",
+    "Ctrl+Alt+Del": "Ctrl+Alt+Del",
+    "Send Ctrl-Alt-Del": "Envoyer Ctrl-Alt-Del",
+    "Shutdown/Reboot": "Arrêter/Redémarrer",
+    "Shutdown/Reboot...": "Arrêter/Redémarrer...",
+    "Power": "Alimentation",
+    "Shutdown": "Arrêter",
+    "Reboot": "Redémarrer",
+    "Reset": "Réinitialiser",
+    "Clipboard": "Presse-papiers",
+    "Clear": "Effacer",
+    "Fullscreen": "Plein écran",
+    "Settings": "Paramètres",
+    "Shared Mode": "Mode partagé",
+    "View Only": "Afficher uniquement",
+    "Clip to Window": "Clip à fenêtre",
+    "Scaling Mode:": "Mode mise à l'échelle :",
+    "None": "Aucun",
+    "Local Scaling": "Mise à l'échelle locale",
+    "Remote Resizing": "Redimensionnement à distance",
+    "Advanced": "Avancé",
+    "Quality:": "Qualité :",
+    "Compression level:": "Niveau de compression :",
+    "Repeater ID:": "ID Répéteur :",
+    "WebSocket": "WebSocket",
+    "Encrypt": "Chiffrer",
+    "Host:": "Hôte :",
+    "Port:": "Port :",
+    "Path:": "Chemin :",
+    "Automatic Reconnect": "Reconnecter automatiquemen",
+    "Reconnect Delay (ms):": "Délai de reconnexion (ms) :",
+    "Show Dot when No Cursor": "Afficher le point lorsqu'il n'y a pas de curseur",
+    "Logging:": "Se connecter :",
+    "Version:": "Version :",
+    "Disconnect": "Déconnecter",
+    "Connect": "Connecter",
+    "Username:": "Nom d'utilisateur :",
+    "Password:": "Mot de passe :",
+    "Send Credentials": "Envoyer les identifiants",
+    "Cancel": "Annuler"
+}
\ No newline at end of file
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/it.json b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/it.json
new file mode 100644
index 000000000..18a7f7447
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/it.json
@@ -0,0 +1,68 @@
+{
+    "Connecting...": "Connessione in corso...",
+    "Disconnecting...": "Disconnessione...",
+    "Reconnecting...": "Riconnessione...",
+    "Internal error": "Errore interno",
+    "Must set host": "Devi impostare l'host",
+    "Connected (encrypted) to ": "Connesso (crittografato) a ",
+    "Connected (unencrypted) to ": "Connesso (non crittografato) a",
+    "Something went wrong, connection is closed": "Qualcosa è andato storto, la connessione è stata chiusa",
+    "Failed to connect to server": "Impossibile connettersi al server",
+    "Disconnected": "Disconnesso",
+    "New connection has been rejected with reason: ": "La nuova connessione è stata rifiutata con motivo: ",
+    "New connection has been rejected": "La nuova connessione è stata rifiutata",
+    "Credentials are required": "Le credenziali sono obbligatorie",
+    "noVNC encountered an error:": "noVNC ha riscontrato un errore:",
+    "Hide/Show the control bar": "Nascondi/Mostra la barra di controllo",
+    "Keyboard": "Tastiera",
+    "Show Keyboard": "Mostra tastiera",
+    "Extra keys": "Tasti Aggiuntivi",
+    "Show Extra Keys": "Mostra Tasti Aggiuntivi",
+    "Ctrl": "Ctrl",
+    "Toggle Ctrl": "Tieni premuto Ctrl",
+    "Alt": "Alt",
+    "Toggle Alt": "Tieni premuto Alt",
+    "Toggle Windows": "Tieni premuto Windows",
+    "Windows": "Windows",
+    "Send Tab": "Invia Tab",
+    "Tab": "Tab",
+    "Esc": "Esc",
+    "Send Escape": "Invia Esc",
+    "Ctrl+Alt+Del": "Ctrl+Alt+Canc",
+    "Send Ctrl-Alt-Del": "Invia Ctrl-Alt-Canc",
+    "Shutdown/Reboot": "Spegnimento/Riavvio",
+    "Shutdown/Reboot...": "Spegnimento/Riavvio...",
+    "Power": "Alimentazione",
+    "Shutdown": "Spegnimento",
+    "Reboot": "Riavvio",
+    "Reset": "Reset",
+    "Clipboard": "Clipboard",
+    "Clear": "Pulisci",
+    "Fullscreen": "Schermo intero",
+    "Settings": "Impostazioni",
+    "Shared Mode": "Modalità condivisa",
+    "View Only": "Sola Visualizzazione",
+    "Scaling Mode:": "Modalità di ridimensionamento:",
+    "None": "Nessuna",
+    "Local Scaling": "Ridimensionamento Locale",
+    "Remote Resizing": "Ridimensionamento Remoto",
+    "Advanced": "Avanzate",
+    "Quality:": "Qualità:",
+    "Compression level:": "Livello Compressione:",
+    "Repeater ID:": "ID Ripetitore:",
+    "WebSocket": "WebSocket",
+    "Encrypt": "Crittografa",
+    "Host:": "Host:",
+    "Port:": "Porta:",
+    "Path:": "Percorso:",
+    "Automatic Reconnect": "Riconnessione Automatica",
+    "Reconnect Delay (ms):": "Ritardo Riconnessione (ms):",
+    "Show Dot when No Cursor": "Mostra Punto quando Nessun Cursore",
+    "Version:": "Versione:",
+    "Disconnect": "Disconnetti",
+    "Connect": "Connetti",
+    "Username:": "Utente:",
+    "Password:": "Password:",
+    "Send Credentials": "Invia Credenziale",
+    "Cancel": "Annulla"
+}
\ No newline at end of file
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/ja.json b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/ja.json
index e5fe3401f..70fd7a5d1 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/ja.json
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/ja.json
@@ -1,4 +1,5 @@
 {
+    "HTTPS is required for full functionality": "すべての機能を使用するにはHTTPS接続が必要です",
     "Connecting...": "接続しています...",
     "Disconnecting...": "切断しています...",
     "Reconnecting...": "再接続しています...",
@@ -6,30 +7,25 @@
     "Must set host": "ホストを設定する必要があります",
     "Connected (encrypted) to ": "接続しました (暗号化済み): ",
     "Connected (unencrypted) to ": "接続しました (暗号化されていません): ",
-    "Something went wrong, connection is closed": "何かが問題で、接続が閉じられました",
+    "Something went wrong, connection is closed": "何らかの問題で、接続が閉じられました",
     "Failed to connect to server": "サーバーへの接続に失敗しました",
     "Disconnected": "切断しました",
     "New connection has been rejected with reason: ": "新規接続は次の理由で拒否されました: ",
     "New connection has been rejected": "新規接続は拒否されました",
-    "Password is required": "パスワードが必要です",
+    "Credentials are required": "資格情報が必要です",
     "noVNC encountered an error:": "noVNC でエラーが発生しました:",
     "Hide/Show the control bar": "コントロールバーを隠す/表示する",
+    "Drag": "ドラッグ",
     "Move/Drag Viewport": "ビューポートを移動/ドラッグ",
-    "viewport drag": "ビューポートをドラッグ",
-    "Active Mouse Button": "アクティブなマウスボタン",
-    "No mousebutton": "マウスボタンなし",
-    "Left mousebutton": "左マウスボタン",
-    "Middle mousebutton": "中マウスボタン",
-    "Right mousebutton": "右マウスボタン",
     "Keyboard": "キーボード",
     "Show Keyboard": "キーボードを表示",
     "Extra keys": "追加キー",
     "Show Extra Keys": "追加キーを表示",
     "Ctrl": "Ctrl",
-    "Toggle Ctrl": "Ctrl キーを切り替え",
+    "Toggle Ctrl": "Ctrl キーをトグル",
     "Alt": "Alt",
-    "Toggle Alt": "Alt キーを切り替え",
-    "Toggle Windows": "Windows キーを切り替え",
+    "Toggle Alt": "Alt キーをトグル",
+    "Toggle Windows": "Windows キーをトグル",
     "Windows": "Windows",
     "Send Tab": "Tab キーを送信",
     "Tab": "Tab",
@@ -44,17 +40,19 @@
     "Reboot": "再起動",
     "Reset": "リセット",
     "Clipboard": "クリップボード",
-    "Clear": "クリア",
-    "Fullscreen": "全画面表示",
+    "Edit clipboard content in the textarea below.": "以下の入力欄からクリップボードの内容を編集できます。",
+    "Full Screen": "全画面表示",
     "Settings": "設定",
     "Shared Mode": "共有モード",
-    "View Only": "表示のみ",
+    "View Only": "表示専用",
     "Clip to Window": "ウィンドウにクリップ",
     "Scaling Mode:": "スケーリングモード:",
     "None": "なし",
     "Local Scaling": "ローカルスケーリング",
     "Remote Resizing": "リモートでリサイズ",
     "Advanced": "高度",
+    "Quality:": "品質:",
+    "Compression level:": "圧縮レベル:",
     "Repeater ID:": "リピーター ID:",
     "WebSocket": "WebSocket",
     "Encrypt": "暗号化",
@@ -63,11 +61,20 @@
     "Path:": "パス:",
     "Automatic Reconnect": "自動再接続",
     "Reconnect Delay (ms):": "再接続する遅延 (ミリ秒):",
-    "Show Dot when No Cursor": "カーソルがないときにドットを表示",
+    "Show Dot when No Cursor": "カーソルがないときにドットを表示する",
     "Logging:": "ロギング:",
+    "Version:": "バージョン:",
     "Disconnect": "切断",
     "Connect": "接続",
+    "Server identity": "サーバーの識別情報",
+    "The server has provided the following identifying information:": "サーバーは以下の識別情報を提供しています:",
+    "Fingerprint:": "フィンガープリント:",
+    "Please verify that the information is correct and press \"Approve\". Otherwise press \"Reject\".": "この情報が正しい場合は「承認」を、そうでない場合は「拒否」を押してください。",
+    "Approve": "承認",
+    "Reject": "拒否",
+    "Credentials": "資格情報",
+    "Username:": "ユーザー名:",
     "Password:": "パスワード:",
-    "Send Password": "パスワードを送信",
+    "Send Credentials": "資格情報を送信",
     "Cancel": "キャンセル"
 }
\ No newline at end of file
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/pt_BR.json b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/pt_BR.json
new file mode 100644
index 000000000..aa130f764
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/pt_BR.json
@@ -0,0 +1,72 @@
+{
+    "Connecting...": "Conectando...",
+    "Disconnecting...": "Desconectando...",
+    "Reconnecting...": "Reconectando...",
+    "Internal error": "Erro interno",
+    "Must set host": "É necessário definir o host",
+    "Connected (encrypted) to ": "Conectado (com criptografia) a ",
+    "Connected (unencrypted) to ": "Conectado (sem criptografia) a ",
+    "Something went wrong, connection is closed": "Algo deu errado. A conexão foi encerrada.",
+    "Failed to connect to server": "Falha ao conectar-se ao servidor",
+    "Disconnected": "Desconectado",
+    "New connection has been rejected with reason: ": "A nova conexão foi rejeitada pelo motivo: ",
+    "New connection has been rejected": "A nova conexão foi rejeitada",
+    "Credentials are required": "Credenciais são obrigatórias",
+    "noVNC encountered an error:": "O noVNC encontrou um erro:",
+    "Hide/Show the control bar": "Esconder/mostrar a barra de controles",
+    "Drag": "Arrastar",
+    "Move/Drag Viewport": "Mover/arrastar a janela",
+    "Keyboard": "Teclado",
+    "Show Keyboard": "Mostrar teclado",
+    "Extra keys": "Teclas adicionais",
+    "Show Extra Keys": "Mostar teclas adicionais",
+    "Ctrl": "Ctrl",
+    "Toggle Ctrl": "Pressionar/soltar Ctrl",
+    "Alt": "Alt",
+    "Toggle Alt": "Pressionar/soltar Alt",
+    "Toggle Windows": "Pressionar/soltar Windows",
+    "Windows": "Windows",
+    "Send Tab": "Enviar Tab",
+    "Tab": "Tab",
+    "Esc": "Esc",
+    "Send Escape": "Enviar Esc",
+    "Ctrl+Alt+Del": "Ctrl+Alt+Del",
+    "Send Ctrl-Alt-Del": "Enviar Ctrl-Alt-Del",
+    "Shutdown/Reboot": "Desligar/reiniciar",
+    "Shutdown/Reboot...": "Desligar/reiniciar...",
+    "Power": "Ligar",
+    "Shutdown": "Desligar",
+    "Reboot": "Reiniciar",
+    "Reset": "Reiniciar (forçado)",
+    "Clipboard": "Área de transferência",
+    "Clear": "Limpar",
+    "Fullscreen": "Tela cheia",
+    "Settings": "Configurações",
+    "Shared Mode": "Modo compartilhado",
+    "View Only": "Apenas visualizar",
+    "Clip to Window": "Recortar à janela",
+    "Scaling Mode:": "Modo de dimensionamento:",
+    "None": "Nenhum",
+    "Local Scaling": "Local",
+    "Remote Resizing": "Remoto",
+    "Advanced": "Avançado",
+    "Quality:": "Qualidade:",
+    "Compression level:": "Nível de compressão:",
+    "Repeater ID:": "ID do repetidor:",
+    "WebSocket": "WebSocket",
+    "Encrypt": "Criptografar",
+    "Host:": "Host:",
+    "Port:": "Porta:",
+    "Path:": "Caminho:",
+    "Automatic Reconnect": "Reconexão automática",
+    "Reconnect Delay (ms):": "Atraso da reconexão (ms)",
+    "Show Dot when No Cursor": "Mostrar ponto quando não há cursor",
+    "Logging:": "Registros:",
+    "Version:": "Versão:",
+    "Disconnect": "Desconectar",
+    "Connect": "Conectar",
+    "Username:": "Nome de usuário:",
+    "Password:": "Senha:",
+    "Send Credentials": "Enviar credenciais",
+    "Cancel": "Cancelar"
+}
\ No newline at end of file
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/ru.json b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/ru.json
index 52e57f37f..cab97396e 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/ru.json
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/ru.json
@@ -9,26 +9,21 @@
     "Something went wrong, connection is closed": "Что-то пошло не так, подключение разорвано",
     "Failed to connect to server": "Ошибка подключения к серверу",
     "Disconnected": "Отключено",
-    "New connection has been rejected with reason: ": "Подключиться не удалось: ",
-    "New connection has been rejected": "Подключиться не удалось",
-    "Password is required": "Требуется пароль",
+    "New connection has been rejected with reason: ": "Новое соединение отклонено по причине: ",
+    "New connection has been rejected": "Новое соединение отклонено",
+    "Credentials are required": "Требуются учетные данные",
     "noVNC encountered an error:": "Ошибка noVNC: ",
     "Hide/Show the control bar": "Скрыть/Показать контрольную панель",
+    "Drag": "Переместить",
     "Move/Drag Viewport": "Переместить окно",
-    "viewport drag": "Переместить окно",
-    "Active Mouse Button": "Активировать кнопки мыши",
-    "No mousebutton": "Отключить кнопки мыши",
-    "Left mousebutton": "Левая кнопка мыши",
-    "Middle mousebutton": "Средняя  кнопка мыши",
-    "Right mousebutton": "Правая кнопка мыши",
     "Keyboard": "Клавиатура",
     "Show Keyboard": "Показать клавиатуру",
-    "Extra keys": "Доп. кнопки",
-    "Show Extra Keys": "Показать дополнительные кнопки",
+    "Extra keys": "Дополнительные Кнопки",
+    "Show Extra Keys": "Показать Дополнительные Кнопки",
     "Ctrl": "Ctrl",
-    "Toggle Ctrl": "Передать нажатие Ctrl",
+    "Toggle Ctrl": "Переключение нажатия Ctrl",
     "Alt": "Alt",
-    "Toggle Alt": "Передать нажатие Alt",
+    "Toggle Alt": "Переключение нажатия Alt",
     "Toggle Windows": "Переключение вкладок",
     "Windows": "Вкладка",
     "Send Tab": "Передать нажатие Tab",
@@ -48,13 +43,15 @@
     "Fullscreen": "Во весь экран",
     "Settings": "Настройки",
     "Shared Mode": "Общий режим",
-    "View Only": "Просмотр",
+    "View Only": "Только Просмотр",
     "Clip to Window": "В окно",
     "Scaling Mode:": "Масштаб:",
     "None": "Нет",
     "Local Scaling": "Локльный масштаб",
-    "Remote Resizing": "Удаленный масштаб",
+    "Remote Resizing": "Удаленная перенастройка размера",
     "Advanced": "Дополнительно",
+    "Quality:": "Качество",
+    "Compression level:": "Уровень Сжатия",
     "Repeater ID:": "Идентификатор ID:",
     "WebSocket": "WebSocket",
     "Encrypt": "Шифрование",
@@ -65,9 +62,11 @@
     "Reconnect Delay (ms):": "Задержка переподключения (мс):",
     "Show Dot when No Cursor": "Показать точку вместо курсора",
     "Logging:": "Лог:",
+    "Version:": "Версия",
     "Disconnect": "Отключение",
     "Connect": "Подключение",
+    "Username:": "Имя Пользователя",
     "Password:": "Пароль:",
-    "Send Password": "Пароль: ",
+    "Send Credentials": "Передача Учетных Данных",
     "Cancel": "Выход"
 }
\ No newline at end of file
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/sv.json b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/sv.json
index e46df45b5..80a400bfa 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/sv.json
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/sv.json
@@ -1,9 +1,11 @@
 {
+    "Running without HTTPS is not recommended, crashes or other issues are likely.": "Det är ej rekommenderat att köra utan HTTPS, krascher och andra problem är troliga.",
     "Connecting...": "Ansluter...",
     "Disconnecting...": "Kopplar ner...",
     "Reconnecting...": "Återansluter...",
     "Internal error": "Internt fel",
     "Must set host": "Du måste specifiera en värd",
+    "Failed to connect to server: ": "Misslyckades att ansluta till servern: ",
     "Connected (encrypted) to ": "Ansluten (krypterat) till ",
     "Connected (unencrypted) to ": "Ansluten (okrypterat) till ",
     "Something went wrong, connection is closed": "Något gick fel, anslutningen avslutades",
@@ -39,8 +41,8 @@
     "Reboot": "Boota om",
     "Reset": "Återställ",
     "Clipboard": "Urklipp",
-    "Clear": "Rensa",
-    "Fullscreen": "Fullskärm",
+    "Edit clipboard content in the textarea below.": "Redigera urklippets innehåll i fältet nedan.",
+    "Full Screen": "Fullskärm",
     "Settings": "Inställningar",
     "Shared Mode": "Delat Läge",
     "View Only": "Endast Visning",
@@ -65,6 +67,13 @@
     "Version:": "Version:",
     "Disconnect": "Koppla från",
     "Connect": "Anslut",
+    "Server identity": "Server-identitet",
+    "The server has provided the following identifying information:": "Servern har gett följande identifierande information:",
+    "Fingerprint:": "Fingeravtryck:",
+    "Please verify that the information is correct and press \"Approve\". Otherwise press \"Reject\".": "Kontrollera att informationen är korrekt och tryck sedan \"Godkänn\". Tryck annars \"Neka\".",
+    "Approve": "Godkänn",
+    "Reject": "Neka",
+    "Credentials": "Användaruppgifter",
     "Username:": "Användarnamn:",
     "Password:": "Lösenord:",
     "Send Credentials": "Skicka Användaruppgifter",
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/zh_CN.json b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/zh_CN.json
index f0aea9af3..3679eaddd 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/zh_CN.json
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/locale/zh_CN.json
@@ -1,69 +1,69 @@
 {
     "Connecting...": "连接中...",
+    "Connected (encrypted) to ": "已连接（已加密）到",
+    "Connected (unencrypted) to ": "已连接（未加密）到",
     "Disconnecting...": "正在断开连接...",
-    "Reconnecting...": "重新连接中...",
-    "Internal error": "内部错误",
-    "Must set host": "请提供主机名",
-    "Connected (encrypted) to ": "已连接到（加密）",
-    "Connected (unencrypted) to ": "已连接到（未加密）",
-    "Something went wrong, connection is closed": "发生错误，连接已关闭",
-    "Failed to connect to server": "无法连接到服务器",
     "Disconnected": "已断开连接",
-    "New connection has been rejected with reason: ": "连接被拒绝，原因：",
-    "New connection has been rejected": "连接被拒绝",
+    "Must set host": "必须设置主机",
+    "Reconnecting...": "重新连接中...",
     "Password is required": "请提供密码",
+    "Disconnect timeout": "超时断开",
     "noVNC encountered an error:": "noVNC 遇到一个错误：",
     "Hide/Show the control bar": "显示/隐藏控制栏",
-    "Move/Drag Viewport": "拖放显示范围",
-    "viewport drag": "显示范围拖放",
-    "Active Mouse Button": "启动鼠标按鍵",
-    "No mousebutton": "禁用鼠标按鍵",
-    "Left mousebutton": "鼠标左鍵",
-    "Middle mousebutton": "鼠标中鍵",
-    "Right mousebutton": "鼠标右鍵",
+    "Move/Drag Viewport": "移动/拖动窗口",
+    "viewport drag": "窗口拖动",
+    "Active Mouse Button": "启动鼠标按键",
+    "No mousebutton": "禁用鼠标按键",
+    "Left mousebutton": "鼠标左键",
+    "Middle mousebutton": "鼠标中键",
+    "Right mousebutton": "鼠标右键",
     "Keyboard": "键盘",
     "Show Keyboard": "显示键盘",
     "Extra keys": "额外按键",
     "Show Extra Keys": "显示额外按键",
     "Ctrl": "Ctrl",
     "Toggle Ctrl": "切换 Ctrl",
+    "Edit clipboard content in the textarea below.": "在下面的文本区域中编辑剪贴板内容。",
     "Alt": "Alt",
     "Toggle Alt": "切换 Alt",
     "Send Tab": "发送 Tab 键",
     "Tab": "Tab",
     "Esc": "Esc",
     "Send Escape": "发送 Escape 键",
-    "Ctrl+Alt+Del": "Ctrl-Alt-Del",
-    "Send Ctrl-Alt-Del": "发送 Ctrl-Alt-Del 键",
-    "Shutdown/Reboot": "关机/重新启动",
-    "Shutdown/Reboot...": "关机/重新启动...",
+    "Ctrl+Alt+Del": "Ctrl+Alt+Del",
+    "Send Ctrl-Alt-Del": "发送 Ctrl+Alt+Del 键",
+    "Shutdown/Reboot": "关机/重启",
+    "Shutdown/Reboot...": "关机/重启...",
     "Power": "电源",
     "Shutdown": "关机",
-    "Reboot": "重新启动",
+    "Reboot": "重启",
     "Reset": "重置",
     "Clipboard": "剪贴板",
     "Clear": "清除",
     "Fullscreen": "全屏",
     "Settings": "设置",
+    "Encrypt": "加密",
     "Shared Mode": "分享模式",
     "View Only": "仅查看",
     "Clip to Window": "限制/裁切窗口大小",
     "Scaling Mode:": "缩放模式：",
     "None": "无",
     "Local Scaling": "本地缩放",
+    "Local Downscaling": "降低本地尺寸",
     "Remote Resizing": "远程调整大小",
     "Advanced": "高级",
+    "Local Cursor": "本地光标",
     "Repeater ID:": "中继站 ID",
     "WebSocket": "WebSocket",
-    "Encrypt": "加密",
     "Host:": "主机：",
     "Port:": "端口：",
     "Path:": "路径：",
     "Automatic Reconnect": "自动重新连接",
     "Reconnect Delay (ms):": "重新连接间隔 (ms)：",
     "Logging:": "日志级别：",
-    "Disconnect": "中断连接",
+    "Disconnect": "断开连接",
     "Connect": "连接",
     "Password:": "密码：",
-    "Cancel": "取消"
+    "Cancel": "取消",
+    "Canvas not supported.": "不支持 Canvas。"
 }
\ No newline at end of file
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/localization.js b/emhttp/plugins/dynamix.vm.manager/novnc/app/localization.js
index 100901c9d..7d7e6e6af 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/localization.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/localization.js
@@ -16,13 +16,19 @@ export class Localizer {
         this.language = 'en';
 
         // Current dictionary of translations
-        this.dictionary = undefined;
+        this._dictionary = undefined;
     }
 
     // Configure suitable language based on user preferences
-    setup(supportedLanguages) {
+    async setup(supportedLanguages, baseURL) {
         this.language = 'en'; // Default: US English
+        this._dictionary = undefined;
 
+        this._setupLanguage(supportedLanguages);
+        await this._setupDictionary(baseURL);
+    }
+
+    _setupLanguage(supportedLanguages) {
         /*
          * Navigator.languages only available in Chrome (32+) and FireFox (32+)
          * Fall back to navigator.language for other browsers
@@ -40,12 +46,6 @@ export class Localizer {
                 .replace("_", "-")
                 .split("-");
 
-            // Built-in default?
-            if ((userLang[0] === 'en') &&
-                ((userLang[1] === undefined) || (userLang[1] === 'us'))) {
-                return;
-            }
-
             // First pass: perfect match
             for (let j = 0; j < supportedLanguages.length; j++) {
                 const supLang = supportedLanguages[j]
@@ -64,7 +64,12 @@ export class Localizer {
                 return;
             }
 
-            // Second pass: fallback
+            // Second pass: English fallback
+            if (userLang[0] === 'en') {
+                return;
+            }
+
+            // Third pass pass: other fallback
             for (let j = 0;j < supportedLanguages.length;j++) {
                 const supLang = supportedLanguages[j]
                     .toLowerCase()
@@ -84,10 +89,32 @@ export class Localizer {
         }
     }
 
+    async _setupDictionary(baseURL) {
+        if (baseURL) {
+            if (!baseURL.endsWith("/")) {
+                baseURL = baseURL + "/";
+            }
+        } else {
+            baseURL = "";
+        }
+
+        if (this.language === "en") {
+            return;
+        }
+
+        let response = await fetch(baseURL + this.language + ".json");
+        if (!response.ok) {
+            throw Error("" + response.status + " " + response.statusText);
+        }
+
+        this._dictionary = await response.json();
+    }
+
     // Retrieve localised text
     get(id) {
-        if (typeof this.dictionary !== 'undefined' && this.dictionary[id]) {
-            return this.dictionary[id];
+        if (typeof this._dictionary !== 'undefined' &&
+            this._dictionary[id]) {
+            return this._dictionary[id];
         } else {
             return id;
         }
@@ -103,13 +130,20 @@ export class Localizer {
                 return items.indexOf(searchElement) !== -1;
             }
 
+            function translateString(str) {
+                // We assume surrounding whitespace, and whitespace around line
+                // breaks is just for source formatting
+                str = str.split("\n").map(s => s.trim()).join(" ").trim();
+                return self.get(str);
+            }
+
             function translateAttribute(elem, attr) {
-                const str = self.get(elem.getAttribute(attr));
+                const str = translateString(elem.getAttribute(attr));
                 elem.setAttribute(attr, str);
             }
 
             function translateTextNode(node) {
-                const str = self.get(node.data.trim());
+                const str = translateString(node.data);
                 node.data = str;
             }
 
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/styles/base.css b/emhttp/plugins/dynamix.vm.manager/novnc/app/styles/base.css
index fd78b79c7..f83ad4b93 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/styles/base.css
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/styles/base.css
@@ -19,10 +19,23 @@
  * 10000: Max (used for polyfills)
  */
 
+/*
+ * State variables (set on :root):
+ *
+ * noVNC_loading: Page is still loading
+ * noVNC_connecting: Connecting to server
+ * noVNC_reconnecting: Re-establishing a connection
+ * noVNC_connected: Connected to server (most common state)
+ * noVNC_disconnecting: Disconnecting from server
+ */
+
+:root {
+  font-family: sans-serif;
+}
+
 body {
   margin:0;
   padding:0;
-  font-family: Helvetica;
   /*Background image with light grey curve.*/
   background-color:#494949;
   background-repeat:no-repeat;
@@ -78,144 +91,6 @@ html {
   50% { box-shadow: 60px 10px 0 rgba(255, 255, 255, 0); width: 10px; }
 }
 
-/* ----------------------------------------
- * Input Elements
- * ----------------------------------------
- */
-
-input:not([type]),
-input[type=date],
-input[type=datetime-local],
-input[type=email],
-input[type=month],
-input[type=number],
-input[type=password],
-input[type=search],
-input[type=tel],
-input[type=text],
-input[type=time],
-input[type=url],
-input[type=week],
-textarea {
-  /* Disable default rendering */
-  -webkit-appearance: none;
-  -moz-appearance: none;
-  background: none;
-
-  margin: 2px;
-  padding: 2px;
-  border: 1px solid rgb(192, 192, 192);
-  border-radius: 5px;
-  color: black;
-  background: linear-gradient(to top, rgb(255, 255, 255) 80%, rgb(240, 240, 240));
-}
-
-input[type=button],
-input[type=color],
-input[type=reset],
-input[type=submit],
-select {
-  /* Disable default rendering */
-  -webkit-appearance: none;
-  -moz-appearance: none;
-  background: none;
-
-  margin: 2px;
-  padding: 2px;
-  border: 1px solid rgb(192, 192, 192);
-  border-bottom-width: 2px;
-  border-radius: 5px;
-  color: black;
-  background: linear-gradient(to top, rgb(255, 255, 255), rgb(240, 240, 240));
-
-  /* This avoids it jumping around when :active */
-  vertical-align: middle;
-}
-
-input[type=button],
-input[type=color],
-input[type=reset],
-input[type=submit] {
-  padding-left: 20px;
-  padding-right: 20px;
-}
-
-option {
-  color: black;
-  background: white;
-}
-
-input:not([type]):focus,
-input[type=button]:focus,
-input[type=color]:focus,
-input[type=date]:focus,
-input[type=datetime-local]:focus,
-input[type=email]:focus,
-input[type=month]:focus,
-input[type=number]:focus,
-input[type=password]:focus,
-input[type=reset]:focus,
-input[type=search]:focus,
-input[type=submit]:focus,
-input[type=tel]:focus,
-input[type=text]:focus,
-input[type=time]:focus,
-input[type=url]:focus,
-input[type=week]:focus,
-select:focus,
-textarea:focus {
-  box-shadow: 0px 0px 3px rgba(74, 144, 217, 0.5);
-  border-color: rgb(74, 144, 217);
-  outline: none;
-}
-
-input[type=button]::-moz-focus-inner,
-input[type=color]::-moz-focus-inner,
-input[type=reset]::-moz-focus-inner,
-input[type=submit]::-moz-focus-inner {
-  border: none;
-}
-
-input:not([type]):disabled,
-input[type=button]:disabled,
-input[type=color]:disabled,
-input[type=date]:disabled,
-input[type=datetime-local]:disabled,
-input[type=email]:disabled,
-input[type=month]:disabled,
-input[type=number]:disabled,
-input[type=password]:disabled,
-input[type=reset]:disabled,
-input[type=search]:disabled,
-input[type=submit]:disabled,
-input[type=tel]:disabled,
-input[type=text]:disabled,
-input[type=time]:disabled,
-input[type=url]:disabled,
-input[type=week]:disabled,
-select:disabled,
-textarea:disabled {
-  color: rgb(128, 128, 128);
-  background: rgb(240, 240, 240);
-}
-
-input[type=button]:active,
-input[type=color]:active,
-input[type=reset]:active,
-input[type=submit]:active,
-select:active {
-  border-bottom-width: 1px;
-  margin-top: 3px;
-}
-
-:root:not(.noVNC_touch) input[type=button]:hover:not(:disabled),
-:root:not(.noVNC_touch) input[type=color]:hover:not(:disabled),
-:root:not(.noVNC_touch) input[type=reset]:hover:not(:disabled),
-:root:not(.noVNC_touch) input[type=submit]:hover:not(:disabled),
-:root:not(.noVNC_touch) select:hover:not(:disabled) {
-  background: linear-gradient(to top, rgb(255, 255, 255), rgb(250, 250, 250));
-}
-
 /* ----------------------------------------
  * WebKit centering hacks
  * ----------------------------------------
@@ -242,13 +117,15 @@ select:active {
   pointer-events: auto;
 }
 .noVNC_vcenter {
-  display: flex;
+  display: flex !important;
   flex-direction: column;
   justify-content: center;
   position: fixed;
   top: 0;
   left: 0;
   height: 100%;
+  margin: 0 !important;
+  padding: 0 !important;
   pointer-events: none;
 }
 .noVNC_vcenter > * {
@@ -272,13 +149,20 @@ select:active {
 #noVNC_fallback_error {
   z-index: 1000;
   visibility: hidden;
+  /* Put a dark background in front of everything but the error,
+     and don't let mouse events pass through */
+  background: rgba(0, 0, 0, 0.8);
+  pointer-events: all;
 }
 #noVNC_fallback_error.noVNC_open {
   visibility: visible;
 }
 
 #noVNC_fallback_error > div {
-  max-width: 90%;
+  max-width: calc(100vw - 30px - 30px);
+  max-height: calc(100vh - 30px - 30px);
+  overflow: auto;
+
   padding: 15px;
 
   transition: 0.5s ease-in-out;
@@ -317,7 +201,6 @@ select:active {
 }
 
 #noVNC_fallback_error .noVNC_stack {
-  max-height: 50vh;
   padding: 10px;
   margin: 10px;
   font-size: 0.8em;
@@ -361,6 +244,9 @@ select:active {
   background-color: rgb(110, 132, 163);
   border-radius: 0 10px 10px 0;
 
+  user-select: none;
+  -webkit-user-select: none;
+  -webkit-touch-callout: none; /* Disable iOS image long-press popup */
 }
 #noVNC_control_bar.noVNC_open {
   box-shadow: 6px 6px 0px rgba(0, 0, 0, 0.5);
@@ -433,38 +319,50 @@ select:active {
 .noVNC_right #noVNC_control_bar.noVNC_open #noVNC_control_bar_handle:after {
   transform: none;
 }
+/* Larger touch area for the handle, used when a touch screen is available */
 #noVNC_control_bar_handle div {
   position: absolute;
   right: -35px;
   top: 0;
   width: 50px;
-  height: 50px;
-}
-:root:not(.noVNC_touch) #noVNC_control_bar_handle div {
+  height: 100%;
   display: none;
 }
+@media (any-pointer: coarse) {
+  #noVNC_control_bar_handle div {
+    display: initial;
+  }
+}
 .noVNC_right #noVNC_control_bar_handle div {
   left: -35px;
   right: auto;
 }
 
-#noVNC_control_bar .noVNC_scroll {
+#noVNC_control_bar > .noVNC_scroll {
   max-height: 100vh; /* Chrome is buggy with 100% */
   overflow-x: hidden;
   overflow-y: auto;
-  padding: 0 10px 0 5px;
+  padding: 0 10px;
 }
-.noVNC_right #noVNC_control_bar .noVNC_scroll {
-  padding: 0 5px 0 10px;
+
+#noVNC_control_bar > .noVNC_scroll > * {
+  display: block;
+  margin: 10px auto;
 }
 
 /* Control bar hint */
-#noVNC_control_bar_hint {
+#noVNC_hint_anchor {
   position: fixed;
-  left: calc(100vw - 50px);
+  right: -50px;
+  left: auto;
+}
+#noVNC_control_bar_anchor.noVNC_right + #noVNC_hint_anchor {
+  left: -50px;
   right: auto;
-  top: 50%;
-  transform: translateY(-50%) scale(0);
+}
+#noVNC_control_bar_hint {
+  position: relative;
+  transform: scale(0);
   width: 100px;
   height: 50%;
   max-height: 600px;
@@ -477,61 +375,65 @@ select:active {
   border-radius: 10px;
   transition-delay: 0s;
 }
-#noVNC_control_bar_anchor.noVNC_right #noVNC_control_bar_hint{
-  left: auto;
-  right: calc(100vw - 50px);
-}
 #noVNC_control_bar_hint.noVNC_active {
   visibility: visible;
   opacity: 1;
   transition-delay: 0.2s;
-  transform: translateY(-50%) scale(1);
+  transform: scale(1);
+}
+#noVNC_control_bar_hint.noVNC_notransition {
+  transition: none !important;
 }
 
-/* General button style */
-.noVNC_button {
-  display: block;
+/* Control bar buttons */
+#noVNC_control_bar .noVNC_button {
   padding: 4px 4px;
-  margin: 10px 0;
   vertical-align: middle;
   border:1px solid rgba(255, 255, 255, 0.2);
   border-radius: 6px;
+  background-color: transparent;
+  background-image: unset; /* we don't want the gradiant from input.css */
 }
-.noVNC_button.noVNC_selected {
+#noVNC_control_bar .noVNC_button.noVNC_selected {
   border-color: rgba(0, 0, 0, 0.8);
-  background: rgba(0, 0, 0, 0.5);
+  background-color: rgba(0, 0, 0, 0.5);
 }
-.noVNC_button:disabled {
-  opacity: 0.4;
+#noVNC_control_bar .noVNC_button.noVNC_selected:not(:disabled):hover {
+  border-color: rgba(0, 0, 0, 0.4);
+  background-color: rgba(0, 0, 0, 0.2);
 }
-.noVNC_button:focus {
-  outline: none;
+#noVNC_control_bar .noVNC_button:not(:disabled):hover {
+  background-color: rgba(255, 255, 255, 0.2);
 }
-.noVNC_button:active {
+#noVNC_control_bar .noVNC_button:not(:disabled):active {
   padding-top: 5px;
   padding-bottom: 3px;
 }
-/* Android browsers don't properly update hover state if touch events
- * are intercepted, but focus should be safe to display */
-:root:not(.noVNC_touch) .noVNC_button.noVNC_selected:hover,
-.noVNC_button.noVNC_selected:focus {
-  border-color: rgba(0, 0, 0, 0.4);
-  background: rgba(0, 0, 0, 0.2);
+#noVNC_control_bar .noVNC_button.noVNC_hidden {
+  display: none !important;
 }
-:root:not(.noVNC_touch) .noVNC_button:hover,
-.noVNC_button:focus {
-  background: rgba(255, 255, 255, 0.2);
-}
-.noVNC_button.noVNC_hidden {
-  display: none;
+
+/* Android browsers don't properly update hover state if touch events are
+ * intercepted, like they are when clicking on the remote screen. */
+@media (any-pointer: coarse) {
+  #noVNC_control_bar .noVNC_button:not(:disabled):hover {
+    background-color: transparent;
+  }
+  #noVNC_control_bar .noVNC_button.noVNC_selected:not(:disabled):hover {
+    border-color: rgba(0, 0, 0, 0.8);
+    background-color: rgba(0, 0, 0, 0.5);
+  }
 }
 
+
 /* Panels */
 .noVNC_panel {
   transform: translateX(25px);
 
   transition: 0.5s ease-in-out;
 
+  box-sizing: border-box; /* so max-width don't have to care about padding */
+  max-width: calc(100vw - 75px - 25px); /* minus left and right margins */
   max-height: 100vh; /* Chrome is buggy with 100% */
   overflow-x: hidden;
   overflow-y: auto;
@@ -563,6 +465,17 @@ select:active {
   transform: translateX(-75px);
 }
 
+.noVNC_panel > * {
+  display: block;
+  margin: 10px auto;
+}
+.noVNC_panel > *:first-child {
+  margin-top: 0 !important;
+}
+.noVNC_panel > *:last-child {
+  margin-bottom: 0 !important;
+}
+
 .noVNC_panel hr {
   border: none;
   border-top: 1px solid rgb(192, 192, 192);
@@ -571,6 +484,11 @@ select:active {
 .noVNC_panel label {
   display: block;
   white-space: nowrap;
+  margin: 5px;
+}
+
+.noVNC_panel li {
+  margin: 5px;
 }
 
 .noVNC_panel .noVNC_heading {
@@ -581,7 +499,6 @@ select:active {
   padding-right: 8px;
   color: white;
   font-size: 20px;
-  margin-bottom: 10px;
   white-space: nowrap;
 }
 .noVNC_panel .noVNC_heading img {
@@ -622,6 +539,12 @@ select:active {
   font-size: 13px;
 }
 
+.noVNC_logo + hr {
+    /* Remove all but top border */
+    border: none;
+    border-top: 1px solid rgba(255, 255, 255, 0.2);
+}
+
 :root:not(.noVNC_connected) #noVNC_view_drag_button {
   display: none;
 }
@@ -630,8 +553,15 @@ select:active {
 :root:not(.noVNC_connected) #noVNC_mobile_buttons {
   display: none;
 }
-:root:not(.noVNC_touch) #noVNC_mobile_buttons {
-  display: none;
+@media not all and (any-pointer: coarse) {
+  /* FIXME: The button for the virtual keyboard is the only button in this
+            group of "mobile buttons". It is bad to assume that no touch
+            devices have physical keyboards available. Hopefully we can get
+            a media query for this:
+            https://github.com/w3c/csswg-drafts/issues/3871 */
+  :root.noVNC_connected #noVNC_mobile_buttons {
+    display: none;
+  }
 }
 
 /* Extra manual keys */
@@ -642,7 +572,7 @@ select:active {
 #noVNC_modifiers {
   background-color: rgb(92, 92, 92);
   border: none;
-  padding: 0 10px;
+  padding: 10px;
 }
 
 /* Shutdown/Reboot */
@@ -663,13 +593,16 @@ select:active {
 :root:not(.noVNC_connected) #noVNC_clipboard_button {
   display: none;
 }
-#noVNC_clipboard {
-  /* Full screen, minus padding and left and right margins */
-  max-width: calc(100vw - 2*15px - 75px - 25px);
-}
 #noVNC_clipboard_text {
-  width: 500px;
+  width: 360px;
+  min-width: 150px;
+  height: 160px;
+  min-height: 70px;
+
+  box-sizing: border-box;
   max-width: 100%;
+  /* minus approximate height of title, height of subtitle, and margin */
+  max-height: calc(100vh - 10em - 25px);
 }
 
 /* Settings */
@@ -677,7 +610,6 @@ select:active {
 }
 #noVNC_settings ul {
   list-style: none;
-  margin: 0px;
   padding: 0px;
 }
 #noVNC_setting_port {
@@ -729,7 +661,7 @@ select:active {
   justify-content: center;
   align-content: center;
 
-  line-height: 25px;
+  line-height: 1.6;
   word-wrap: break-word;
   color: #fff;
 
@@ -803,36 +735,32 @@ select:active {
     font-size: calc(25vw - 30px);
   }
 }
-#noVNC_connect_button {
-  cursor: pointer;
+#noVNC_connect_dlg div {
+  padding: 12px;
 
-  padding: 10px;
-
-  color: white;
   background-color: rgb(110, 132, 163);
   border-radius: 12px;
-
   text-align: center;
   font-size: 20px;
 
   box-shadow: 6px 6px 0px rgba(0, 0, 0, 0.5);
 }
-#noVNC_connect_button div {
-  margin: 2px;
+#noVNC_connect_button {
+  width: 100%;
   padding: 5px 30px;
-  border: 1px solid rgb(83, 99, 122);
-  border-bottom-width: 2px;
+
+  cursor: pointer;
+
+  border-color: rgb(83, 99, 122);
   border-radius: 5px;
+
   background: linear-gradient(to top, rgb(110, 132, 163), rgb(99, 119, 147));
+  color: white;
 
   /* This avoids it jumping around when :active */
   vertical-align: middle;
 }
-#noVNC_connect_button div:active {
-  border-bottom-width: 1px;
-  margin-top: 3px;
-}
-:root:not(.noVNC_touch) #noVNC_connect_button div:hover {
+#noVNC_connect_button:hover {
   background: linear-gradient(to top, rgb(110, 132, 163), rgb(105, 125, 155));
 }
 
@@ -841,6 +769,23 @@ select:active {
   height: 1.3em;
 }
 
+/* ----------------------------------------
+ * Server verification Dialog
+ * ----------------------------------------
+ */
+
+#noVNC_verify_server_dlg {
+  position: relative;
+
+  transform: translateY(-50px);
+}
+#noVNC_verify_server_dlg.noVNC_open {
+  transform: translateY(0);
+}
+#noVNC_fingerprint_block {
+  margin: 10px;
+}
+
 /* ----------------------------------------
  * Password Dialog
  * ----------------------------------------
@@ -854,12 +799,8 @@ select:active {
 #noVNC_credentials_dlg.noVNC_open {
   transform: translateY(0);
 }
-#noVNC_credentials_dlg ul {
-  list-style: none;
-  margin: 0px;
-  padding: 0px;
-}
-.noVNC_hidden {
+#noVNC_username_block.noVNC_hidden,
+#noVNC_password_block.noVNC_hidden {
   display: none;
 }
 
@@ -871,7 +812,11 @@ select:active {
 
 /* Transition screen */
 #noVNC_transition {
-  display: none;
+  transition: 0.5s ease-in-out;
+
+  display: flex;
+  opacity: 0;
+  visibility: hidden;
 
   position: fixed;
   top: 0;
@@ -892,7 +837,8 @@ select:active {
 :root.noVNC_connecting #noVNC_transition,
 :root.noVNC_disconnecting #noVNC_transition,
 :root.noVNC_reconnecting #noVNC_transition {
-  display: flex;
+  opacity: 1;
+  visibility: visible;
 }
 :root:not(.noVNC_reconnecting) #noVNC_cancel_reconnect_button {
   display: none;
@@ -908,6 +854,12 @@ select:active {
   background-color: #313131;
   border-bottom-right-radius: 800px 600px;
   /*border-top-left-radius: 800px 600px;*/
+
+  /* If selection isn't disabled, long-pressing stuff in the sidebar
+     can accidentally select the container or the canvas. This can
+     happen when attempting to move the handle. */
+  user-select: none;
+  -webkit-user-select: none;
 }
 
 #noVNC_keyboardinput {
@@ -935,7 +887,7 @@ select:active {
 .noVNC_logo {
   color:yellow;
   font-family: 'Orbitron', 'OrbitronTTF', sans-serif;
-  line-height:90%;
+  line-height: 0.9;
   text-shadow: 0.1em 0.1em 0 black;
 }
 .noVNC_logo span{
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/styles/input.css b/emhttp/plugins/dynamix.vm.manager/novnc/app/styles/input.css
new file mode 100644
index 000000000..dc345aabc
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/styles/input.css
@@ -0,0 +1,281 @@
+/*
+ * noVNC general input element CSS
+ * Copyright (C) 2022 The noVNC Authors
+ * noVNC is licensed under the MPL 2.0 (see LICENSE.txt)
+ * This file is licensed under the 2-Clause BSD license (see LICENSE.txt).
+ */
+
+/*
+ * Common for all inputs
+ */
+input, input::file-selector-button, button, select, textarea {
+  /* Respect standard font settings */
+  font: inherit;
+
+  /* Disable default rendering */
+  appearance: none;
+  background: none;
+
+  padding: 5px;
+  border: 1px solid rgb(192, 192, 192);
+  border-radius: 5px;
+  color: black;
+  --bg-gradient: linear-gradient(to top, rgb(255, 255, 255) 80%, rgb(240, 240, 240));
+  background-image: var(--bg-gradient);
+}
+
+/*
+ * Buttons
+ */
+input[type=button],
+input[type=color],
+input[type=image],
+input[type=reset],
+input[type=submit],
+input::file-selector-button,
+button,
+select {
+  border-bottom-width: 2px;
+
+  /* This avoids it jumping around when :active */
+  vertical-align: middle;
+  margin-top: 0;
+
+  padding-left: 20px;
+  padding-right: 20px;
+
+  /* Disable Chrome's touch tap highlight */
+  -webkit-tap-highlight-color: transparent;
+}
+
+/*
+ * Select dropdowns
+ */
+select {
+  --select-arrow: url('data:image/svg+xml;utf8, \
+      <svg width="8" height="6" version="1.1" viewBox="0 0 8 6" \
+           xmlns="http://www.w3.org/2000/svg"> \
+          <path d="m6.5 1.5 -2.5 3 -2.5 -3 5 0" stroke-width="3" \
+                stroke="rgb(31,31,31)" fill="none" \
+                stroke-linecap="round" stroke-linejoin="round" /> \
+      </svg>');
+  background-image: var(--select-arrow), var(--bg-gradient);
+  background-position: calc(100% - 7px), left top;
+  background-repeat: no-repeat;
+  padding-right: calc(2*7px + 8px);
+  padding-left: 7px;
+}
+/* FIXME: :active isn't set when the <select> is opened in Firefox:
+          https://bugzilla.mozilla.org/show_bug.cgi?id=1805406 */
+select:active {
+  /* Rotated arrow */
+  background-image: url('data:image/svg+xml;utf8, \
+      <svg width="8" height="6" version="1.1" viewBox="0 0 8 6" \
+           xmlns="http://www.w3.org/2000/svg" transform="rotate(180)" > \
+          <path d="m6.5 1.5 -2.5 3 -2.5 -3 5 0" stroke-width="3" \
+                stroke="rgb(31,31,31)" fill="none" \
+                stroke-linecap="round" stroke-linejoin="round" /> \
+      </svg>'), var(--bg-gradient);
+}
+option {
+  color: black;
+  background: white;
+}
+
+/*
+ * Checkboxes
+ */
+input[type=checkbox] {
+  display: inline-flex;
+  justify-content: center;
+  align-items: center;
+  background-color: white;
+  background-image: unset;
+  border: 1px solid dimgrey;
+  border-radius: 3px;
+  width: 13px;
+  height: 13px;
+  padding: 0;
+  margin-right: 6px;
+  vertical-align: bottom;
+  transition: 0.2s background-color linear;
+}
+input[type=checkbox]:checked {
+  background-color: rgb(110, 132, 163);
+  border-color: rgb(110, 132, 163);
+}
+input[type=checkbox]:checked::after {
+  content: "";
+  display: block; /* width & height doesn't work on inline elements */
+  width: 3px;
+  height: 7px;
+  border: 1px solid white;
+  border-width: 0 2px 2px 0;
+  transform: rotate(40deg) translateY(-1px);
+}
+
+/*
+ * Radiobuttons
+ */
+input[type=radio] {
+  border-radius: 50%;
+  border: 1px solid dimgrey;
+  width: 12px;
+  height: 12px;
+  padding: 0;
+  margin-right: 6px;
+  transition: 0.2s border linear;
+}
+input[type=radio]:checked {
+  border: 6px solid rgb(110, 132, 163);
+}
+
+/*
+ * Range sliders
+ */
+input[type=range] {
+  border: unset;
+  border-radius: 3px;
+  height: 20px;
+  padding: 0;
+  background: transparent;
+}
+/* -webkit-slider.. & -moz-range.. cant be in selector lists:
+   https://bugs.chromium.org/p/chromium/issues/detail?id=1154623 */
+input[type=range]::-webkit-slider-runnable-track {
+  background-color: rgb(110, 132, 163);
+  height: 6px;
+  border-radius: 3px;
+}
+input[type=range]::-moz-range-track {
+  background-color: rgb(110, 132, 163);
+  height: 6px;
+  border-radius: 3px;
+}
+input[type=range]::-webkit-slider-thumb {
+  appearance: none;
+  width: 18px;
+  height: 20px;
+  border-radius: 5px;
+  background-color: white;
+  border: 1px solid dimgray;
+  margin-top: -7px;
+}
+input[type=range]::-moz-range-thumb {
+  appearance: none;
+  width: 18px;
+  height: 20px;
+  border-radius: 5px;
+  background-color: white;
+  border: 1px solid dimgray;
+  margin-top: -7px;
+}
+
+/*
+ * File choosers
+ */
+input[type=file] {
+  background-image: none;
+  border: none;
+}
+input::file-selector-button {
+  margin-right: 6px;
+}
+
+/*
+ * Hover
+ */
+input[type=button]:hover,
+input[type=color]:hover,
+input[type=image]:hover,
+input[type=reset]:hover,
+input[type=submit]:hover,
+input::file-selector-button:hover,
+button:hover {
+  background-image: linear-gradient(to top, rgb(255, 255, 255), rgb(250, 250, 250));
+}
+select:hover {
+  background-image: var(--select-arrow),
+    linear-gradient(to top, rgb(255, 255, 255), rgb(250, 250, 250));
+  background-position: calc(100% - 7px), left top;
+  background-repeat: no-repeat;
+}
+@media (any-pointer: coarse) {
+  /* We don't want a hover style after touch input */
+  input[type=button]:hover,
+  input[type=color]:hover,
+  input[type=image]:hover,
+  input[type=reset]:hover,
+  input[type=submit]:hover,
+  input::file-selector-button:hover,
+  button:hover {
+    background-image: var(--bg-gradient);
+  }
+  select:hover {
+    background-image: var(--select-arrow), var(--bg-gradient);
+  }
+}
+
+/*
+ * Active (clicked)
+ */
+input[type=button]:active,
+input[type=color]:active,
+input[type=image]:active,
+input[type=reset]:active,
+input[type=submit]:active,
+input::file-selector-button:active,
+button:active,
+select:active {
+  border-bottom-width: 1px;
+  margin-top: 1px;
+}
+
+/*
+ * Focus (tab)
+ */
+input:focus-visible,
+input:focus-visible::file-selector-button,
+button:focus-visible,
+select:focus-visible,
+textarea:focus-visible {
+  outline: 2px solid rgb(74, 144, 217);
+  outline-offset: 1px;
+}
+input[type=file]:focus-visible {
+  outline: none; /* We outline the button instead of the entire element */
+}
+
+/*
+ * Disabled
+ */
+input:disabled,
+input:disabled::file-selector-button,
+button:disabled,
+select:disabled,
+textarea:disabled {
+  opacity: 0.4;
+}
+input[type=button]:disabled,
+input[type=color]:disabled,
+input[type=image]:disabled,
+input[type=reset]:disabled,
+input[type=submit]:disabled,
+input:disabled::file-selector-button,
+button:disabled,
+select:disabled {
+  background-image: var(--bg-gradient);
+  border-bottom-width: 2px;
+  margin-top: 0;
+}
+input[type=file]:disabled {
+  background-image: none;
+}
+select:disabled {
+  background-image: var(--select-arrow), var(--bg-gradient);
+}
+input[type=image]:disabled {
+  /* See Firefox bug:
+     https://bugzilla.mozilla.org/show_bug.cgi?id=1798304 */
+  cursor: default;
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/ui.js b/emhttp/plugins/dynamix.vm.manager/novnc/app/ui.js
index dc0a28c96..f27dfe28e 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/ui.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/ui.js
@@ -8,7 +8,8 @@
 
 import * as Log from '../core/util/logging.js';
 import _, { l10n } from './localization.js';
-import { isTouchDevice, isSafari, hasScrollbarGutter, dragThreshold }
+import { isTouchDevice, isMac, isIOS, isAndroid, isChromeOS, isSafari,
+         hasScrollbarGutter, dragThreshold }
     from '../core/util/browser.js';
 import { setCapture, getPointerEvent } from '../core/util/events.js';
 import KeyTable from "../core/input/keysym.js";
@@ -61,7 +62,21 @@ const UI = {
         // Translate the DOM
         l10n.translateDOM();
 
-        WebUtil.fetchJSON('./package.json')
+        // We rely on modern APIs which might not be available in an
+        // insecure context
+        if (!window.isSecureContext) {
+            // FIXME: This gets hidden when connecting
+            UI.showStatus(_("Running without HTTPS is not recommended, crashes or other issues are likely."), 'error');
+        }
+
+        // Try to fetch version number
+        fetch('./package.json')
+            .then((response) => {
+                if (!response.ok) {
+                    throw Error("" + response.status + " " + response.statusText);
+                }
+                return response.json();
+            })
             .then((packageInfo) => {
                 Array.from(document.getElementsByClassName('noVNC_version')).forEach(el => el.innerText = packageInfo.version);
             })
@@ -74,7 +89,6 @@ const UI = {
 
         // Adapt the interface for touch screen devices
         if (isTouchDevice) {
-            document.documentElement.classList.add("noVNC_touch");
             // Remove the address bar
             setTimeout(() => window.scrollTo(0, 1), 100);
         }
@@ -160,7 +174,7 @@ const UI = {
         UI.initSetting('port', port);
         UI.initSetting('encrypt', (window.location.protocol === "https:"));
         UI.initSetting('view_clip', false);
-        UI.initSetting('resize', 'scale');
+        UI.initSetting('resize', 'off');
         UI.initSetting('quality', 6);
         UI.initSetting('compression', 2);
         UI.initSetting('shared', true);
@@ -310,6 +324,10 @@ const UI = {
         document.getElementById("noVNC_cancel_reconnect_button")
             .addEventListener('click', UI.cancelReconnect);
 
+        document.getElementById("noVNC_approve_server_button")
+            .addEventListener('click', UI.approveServer);
+        document.getElementById("noVNC_reject_server_button")
+            .addEventListener('click', UI.rejectServer);
         document.getElementById("noVNC_credentials_button")
             .addEventListener('click', UI.setCredentials);
     },
@@ -319,8 +337,6 @@ const UI = {
             .addEventListener('click', UI.toggleClipboardPanel);
         document.getElementById("noVNC_clipboard_text")
             .addEventListener('change', UI.clipboardSend);
-        document.getElementById("noVNC_clipboard_clear_button")
-            .addEventListener('click', UI.clipboardClear);
     },
 
     // Add a call to save settings when the element changes,
@@ -439,6 +455,8 @@ const UI = {
         // State change closes dialogs as they may not be relevant
         // anymore
         UI.closeAllPanels();
+        document.getElementById('noVNC_verify_server_dlg')
+            .classList.remove('noVNC_open');
         document.getElementById('noVNC_credentials_dlg')
             .classList.remove('noVNC_open');
     },
@@ -571,10 +589,20 @@ const UI = {
 
         // Consider this a movement of the handle
         UI.controlbarDrag = true;
+
+        // The user has "followed" hint, let's hide it until the next drag
+        UI.showControlbarHint(false, false);
     },
 
-    showControlbarHint(show) {
+    showControlbarHint(show, animate=true) {
         const hint = document.getElementById('noVNC_control_bar_hint');
+
+        if (animate) {
+            hint.classList.remove("noVNC_notransition");
+        } else {
+            hint.classList.add("noVNC_notransition");
+        }
+
         if (show) {
             hint.classList.add("noVNC_active");
         } else {
@@ -755,11 +783,6 @@ const UI = {
                 }
             }
         } else {
-            /*Weird IE9 error leads to 'null' appearring
-            in textboxes instead of ''.*/
-            if (value === null) {
-                value = "";
-            }
             ctrl.value = value;
         }
     },
@@ -953,11 +976,6 @@ const UI = {
         Log.Debug("<< UI.clipboardReceive");
     },
 
-    clipboardClear() {
-        document.getElementById('noVNC_clipboard_text').value = "";
-        UI.rfb.clipboardPasteFrom("");
-    },
-
     clipboardSend() {
         const text = document.getElementById('noVNC_clipboard_text').value;
         Log.Debug(">> UI.clipboardSend: " + text.substr(0, 40) + "...");
@@ -1023,15 +1041,24 @@ const UI = {
         }
         url += '/' + path;
 
-        UI.rfb = new RFB(document.getElementById('noVNC_container'), url,
-                         { shared: UI.getSetting('shared'),
-                           repeaterID: UI.getSetting('repeaterID'),
-                           credentials: { password: password },
-                           wsProtocols: ['binary'] });
+        try {
+            UI.rfb = new RFB(document.getElementById('noVNC_container'), url,
+                             { shared: UI.getSetting('shared'),
+                               repeaterID: UI.getSetting('repeaterID'),
+                               credentials: { password: password } });
+        } catch (exc) {
+            Log.Error("Failed to connect to server: " + exc);
+            UI.updateVisualState('disconnected');
+            UI.showStatus(_("Failed to connect to server: ") + exc, 'error');
+            return;
+        }
+
         UI.rfb.addEventListener("connect", UI.connectFinished);
         UI.rfb.addEventListener("disconnect", UI.disconnectFinished);
+        UI.rfb.addEventListener("serververification", UI.serverVerify);
         UI.rfb.addEventListener("credentialsrequired", UI.credentials);
         UI.rfb.addEventListener("securityfailure", UI.securityFailed);
+        UI.rfb.addEventListener("clippingviewport", UI.updateViewDrag);
         UI.rfb.addEventListener("capabilities", UI.updatePowerButton);
         UI.rfb.addEventListener("clipboard", UI.clipboardReceive);
         UI.rfb.addEventListener("bell", UI.bell);
@@ -1118,7 +1145,9 @@ const UI = {
             } else {
                 UI.showStatus(_("Failed to connect to server"), 'error');
             }
-        } else if (UI.getSetting('reconnect', false) === true && !UI.inhibitReconnect) {
+        }
+        // If reconnecting is allowed process it now
+        if (UI.getSetting('reconnect', false) === true && !UI.inhibitReconnect) {
             UI.updateVisualState('reconnecting');
 
             const delay = parseInt(UI.getSetting('reconnect_delay'));
@@ -1152,6 +1181,37 @@ const UI = {
 /* ------^-------
  *  /CONNECTION
  * ==============
+ * SERVER VERIFY
+ * ------v------*/
+
+    async serverVerify(e) {
+        const type = e.detail.type;
+        if (type === 'RSA') {
+            const publickey = e.detail.publickey;
+            let fingerprint = await window.crypto.subtle.digest("SHA-1", publickey);
+            // The same fingerprint format as RealVNC
+            fingerprint = Array.from(new Uint8Array(fingerprint).slice(0, 8)).map(
+                x => x.toString(16).padStart(2, '0')).join('-');
+            document.getElementById('noVNC_verify_server_dlg').classList.add('noVNC_open');
+            document.getElementById('noVNC_fingerprint').innerHTML = fingerprint;
+        }
+    },
+
+    approveServer(e) {
+        e.preventDefault();
+        document.getElementById('noVNC_verify_server_dlg').classList.remove('noVNC_open');
+        UI.rfb.approveServer();
+    },
+
+    rejectServer(e) {
+        e.preventDefault();
+        document.getElementById('noVNC_verify_server_dlg').classList.remove('noVNC_open');
+        UI.disconnect();
+    },
+
+/* ------^-------
+ * /SERVER VERIFY
+ * ==============
  *   PASSWORD
  * ------v------*/
 
@@ -1275,13 +1335,25 @@ const UI = {
 
         const scaling = UI.getSetting('resize') === 'scale';
 
+        // Some platforms have overlay scrollbars that are difficult
+        // to use in our case, which means we have to force panning
+        // FIXME: Working scrollbars can still be annoying to use with
+        //        touch, so we should ideally be able to have both
+        //        panning and scrollbars at the same time
+
+        let brokenScrollbars = false;
+
+        if (!hasScrollbarGutter) {
+            if (isIOS() || isAndroid() || isMac() || isChromeOS()) {
+                brokenScrollbars = true;
+            }
+        }
+
         if (scaling) {
             // Can't be clipping if viewport is scaled to fit
             UI.forceSetting('view_clip', false);
             UI.rfb.clipViewport  = false;
-        } else if (!hasScrollbarGutter) {
-            // Some platforms have scrollbars that are difficult
-            // to use in our case, so we always use our own panning
+        } else if (brokenScrollbars) {
             UI.forceSetting('view_clip', true);
             UI.rfb.clipViewport = true;
         } else {
@@ -1312,7 +1384,8 @@ const UI = {
 
         const viewDragButton = document.getElementById('noVNC_view_drag_button');
 
-        if (!UI.rfb.clipViewport && UI.rfb.dragViewport) {
+        if ((!UI.rfb.clipViewport || !UI.rfb.clippingViewport) &&
+            UI.rfb.dragViewport) {
             // We are no longer clipping the viewport. Make sure
             // viewport drag isn't active when it can't be used.
             UI.rfb.dragViewport = false;
@@ -1329,6 +1402,8 @@ const UI = {
         } else {
             viewDragButton.classList.add("noVNC_hidden");
         }
+
+        viewDragButton.disabled = !UI.rfb.clippingViewport;
     },
 
 /* ------^-------
@@ -1695,15 +1770,9 @@ const UI = {
 };
 
 // Set up translations
-const LINGUAS = ["cs", "de", "el", "es", "ja", "ko", "nl", "pl", "ru", "sv", "tr", "zh_CN", "zh_TW"];
-l10n.setup(LINGUAS);
-if (l10n.language === "en" || l10n.dictionary !== undefined) {
-    UI.prime();
-} else {
-    WebUtil.fetchJSON('app/locale/' + l10n.language + '.json')
-        .then((translations) => { l10n.dictionary = translations; })
-        .catch(err => Log.Error("Failed to load translations: " + err))
-        .then(UI.prime);
-}
+const LINGUAS = ["cs", "de", "el", "es", "fr", "it", "ja", "ko", "nl", "pl", "pt_BR", "ru", "sv", "tr", "zh_CN", "zh_TW"];
+l10n.setup(LINGUAS, "app/locale/")
+    .catch(err => Log.Error("Failed to load translations: " + err))
+    .then(UI.prime);
 
 export default UI;
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/app/webutil.js b/emhttp/plugins/dynamix.vm.manager/novnc/app/webutil.js
index a099f9d70..6011442cb 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/app/webutil.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/app/webutil.js
@@ -6,24 +6,33 @@
  * See README.md for usage and integration instructions.
  */
 
-import { initLogging as mainInitLogging } from '../core/util/logging.js';
+import * as Log from '../core/util/logging.js';
 
 // init log level reading the logging HTTP param
 export function initLogging(level) {
     "use strict";
     if (typeof level !== "undefined") {
-        mainInitLogging(level);
+        Log.initLogging(level);
     } else {
         const param = document.location.href.match(/logging=([A-Za-z0-9._-]*)/);
-        mainInitLogging(param || undefined);
+        Log.initLogging(param || undefined);
     }
 }
 
 // Read a query string variable
+// A URL with a query parameter can look like this (But will most probably get logged on the http server):
+// https://www.example.com?myqueryparam=myvalue
+//
+// For privacy (Using a hastag #, the parameters will not be sent to the server)
+// the url can be requested in the following way:
+// https://www.example.com#myqueryparam=myvalue&password=secretvalue
+//
+// Even Mixing public and non public parameters will work:
+// https://www.example.com?nonsecretparam=example.com#password=secretvalue
 export function getQueryVar(name, defVal) {
     "use strict";
     const re = new RegExp('.*[?&]' + name + '=([^&#]*)'),
-        match = document.location.href.match(re);
+          match = document.location.href.match(re);
     if (typeof defVal === 'undefined') { defVal = null; }
 
     if (match) {
@@ -37,7 +46,7 @@ export function getQueryVar(name, defVal) {
 export function getHashVar(name, defVal) {
     "use strict";
     const re = new RegExp('.*[&#]' + name + '=([^&]*)'),
-        match = document.location.hash.match(re);
+          match = document.location.hash.match(re);
     if (typeof defVal === 'undefined') { defVal = null; }
 
     if (match) {
@@ -137,7 +146,7 @@ export function writeSetting(name, value) {
     if (window.chrome && window.chrome.storage) {
         window.chrome.storage.sync.set(settings);
     } else {
-        localStorage.setItem(name, value);
+        localStorageSet(name, value);
     }
 }
 
@@ -147,7 +156,7 @@ export function readSetting(name, defaultValue) {
     if ((name in settings) || (window.chrome && window.chrome.storage)) {
         value = settings[name];
     } else {
-        value = localStorage.getItem(name);
+        value = localStorageGet(name);
         settings[name] = value;
     }
     if (typeof value === "undefined") {
@@ -172,68 +181,70 @@ export function eraseSetting(name) {
     if (window.chrome && window.chrome.storage) {
         window.chrome.storage.sync.remove(name);
     } else {
+        localStorageRemove(name);
+    }
+}
+
+let loggedMsgs = [];
+function logOnce(msg, level = "warn") {
+    if (!loggedMsgs.includes(msg)) {
+        switch (level) {
+            case "error":
+                Log.Error(msg);
+                break;
+            case "warn":
+                Log.Warn(msg);
+                break;
+            case "debug":
+                Log.Debug(msg);
+                break;
+            default:
+                Log.Info(msg);
+        }
+        loggedMsgs.push(msg);
+    }
+}
+
+let cookiesMsg = "Couldn't access noVNC settings, are cookies disabled?";
+
+function localStorageGet(name) {
+    let r;
+    try {
+        r = localStorage.getItem(name);
+    } catch (e) {
+        if (e instanceof DOMException) {
+            logOnce(cookiesMsg);
+            logOnce("'localStorage.getItem(" + name + ")' failed: " + e,
+                    "debug");
+        } else {
+            throw e;
+        }
+    }
+    return r;
+}
+function localStorageSet(name, value) {
+    try {
+        localStorage.setItem(name, value);
+    } catch (e) {
+        if (e instanceof DOMException) {
+            logOnce(cookiesMsg);
+            logOnce("'localStorage.setItem(" + name + "," + value +
+                    ")' failed: " + e, "debug");
+        } else {
+            throw e;
+        }
+    }
+}
+function localStorageRemove(name) {
+    try {
         localStorage.removeItem(name);
+    } catch (e) {
+        if (e instanceof DOMException) {
+            logOnce(cookiesMsg);
+            logOnce("'localStorage.removeItem(" + name + ")' failed: " + e,
+                    "debug");
+        } else {
+            throw e;
+        }
     }
 }
-
-export function injectParamIfMissing(path, param, value) {
-    // force pretend that we're dealing with a relative path
-    // (assume that we wanted an extra if we pass one in)
-    path = "/" + path;
-
-    const elem = document.createElement('a');
-    elem.href = path;
-
-    const paramEq = encodeURIComponent(param) + "=";
-    let query;
-    if (elem.search) {
-        query = elem.search.slice(1).split('&');
-    } else {
-        query = [];
-    }
-
-    if (!query.some(v => v.startsWith(paramEq))) {
-        query.push(paramEq + encodeURIComponent(value));
-        elem.search = "?" + query.join("&");
-    }
-
-    // some browsers (e.g. IE11) may occasionally omit the leading slash
-    // in the elem.pathname string. Handle that case gracefully.
-    if (elem.pathname.charAt(0) == "/") {
-        return elem.pathname.slice(1) + elem.search + elem.hash;
-    }
-
-    return elem.pathname + elem.search + elem.hash;
-}
-
-// sadly, we can't use the Fetch API until we decide to drop
-// IE11 support or polyfill promises and fetch in IE11.
-// resolve will receive an object on success, while reject
-// will receive either an event or an error on failure.
-export function fetchJSON(path) {
-    return new Promise((resolve, reject) => {
-        // NB: IE11 doesn't support JSON as a responseType
-        const req = new XMLHttpRequest();
-        req.open('GET', path);
-
-        req.onload = () => {
-            if (req.status === 200) {
-                let resObj;
-                try {
-                    resObj = JSON.parse(req.responseText);
-                } catch (err) {
-                    reject(err);
-                }
-                resolve(resObj);
-            } else {
-                reject(new Error("XHR got non-200 status while trying to load '" + path + "': " + req.status));
-            }
-        };
-
-        req.onerror = evt => reject(new Error("XHR encountered an error while trying to load '" + path + "': " + evt.message));
-
-        req.ontimeout = evt => reject(new Error("XHR timed out while trying to load '" + path + "'"));
-
-        req.send();
-    });
-}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/aes.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/aes.js
new file mode 100644
index 000000000..e6aaea7c2
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/aes.js
@@ -0,0 +1,178 @@
+export class AESECBCipher {
+    constructor() {
+        this._key = null;
+    }
+
+    get algorithm() {
+        return { name: "AES-ECB" };
+    }
+
+    static async importKey(key, _algorithm, extractable, keyUsages) {
+        const cipher = new AESECBCipher;
+        await cipher._importKey(key, extractable, keyUsages);
+        return cipher;
+    }
+
+    async _importKey(key, extractable, keyUsages) {
+        this._key = await window.crypto.subtle.importKey(
+            "raw", key, {name: "AES-CBC"}, extractable, keyUsages);
+    }
+
+    async encrypt(_algorithm, plaintext) {
+        const x = new Uint8Array(plaintext);
+        if (x.length % 16 !== 0 || this._key === null) {
+            return null;
+        }
+        const n = x.length / 16;
+        for (let i = 0; i < n; i++) {
+            const y = new Uint8Array(await window.crypto.subtle.encrypt({
+                name: "AES-CBC",
+                iv: new Uint8Array(16),
+            }, this._key, x.slice(i * 16, i * 16 + 16))).slice(0, 16);
+            x.set(y, i * 16);
+        }
+        return x;
+    }
+}
+
+export class AESEAXCipher {
+    constructor() {
+        this._rawKey = null;
+        this._ctrKey = null;
+        this._cbcKey = null;
+        this._zeroBlock = new Uint8Array(16);
+        this._prefixBlock0 = this._zeroBlock;
+        this._prefixBlock1 = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]);
+        this._prefixBlock2 = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2]);
+    }
+
+    get algorithm() {
+        return { name: "AES-EAX" };
+    }
+
+    async _encryptBlock(block) {
+        const encrypted = await window.crypto.subtle.encrypt({
+            name: "AES-CBC",
+            iv: this._zeroBlock,
+        }, this._cbcKey, block);
+        return new Uint8Array(encrypted).slice(0, 16);
+    }
+
+    async _initCMAC() {
+        const k1 = await this._encryptBlock(this._zeroBlock);
+        const k2 = new Uint8Array(16);
+        const v = k1[0] >>> 6;
+        for (let i = 0; i < 15; i++) {
+            k2[i] = (k1[i + 1] >> 6) | (k1[i] << 2);
+            k1[i] = (k1[i + 1] >> 7) | (k1[i] << 1);
+        }
+        const lut = [0x0, 0x87, 0x0e, 0x89];
+        k2[14] ^= v >>> 1;
+        k2[15] = (k1[15] << 2) ^ lut[v];
+        k1[15] = (k1[15] << 1) ^ lut[v >> 1];
+        this._k1 = k1;
+        this._k2 = k2;
+    }
+
+    async _encryptCTR(data, counter) {
+        const encrypted = await window.crypto.subtle.encrypt({
+            name: "AES-CTR",
+            counter: counter,
+            length: 128
+        }, this._ctrKey, data);
+        return new Uint8Array(encrypted);
+    }
+
+    async _decryptCTR(data, counter) {
+        const decrypted = await window.crypto.subtle.decrypt({
+            name: "AES-CTR",
+            counter: counter,
+            length: 128
+        }, this._ctrKey, data);
+        return new Uint8Array(decrypted);
+    }
+
+    async _computeCMAC(data, prefixBlock) {
+        if (prefixBlock.length !== 16) {
+            return null;
+        }
+        const n = Math.floor(data.length / 16);
+        const m = Math.ceil(data.length / 16);
+        const r = data.length - n * 16;
+        const cbcData = new Uint8Array((m + 1) * 16);
+        cbcData.set(prefixBlock);
+        cbcData.set(data, 16);
+        if (r === 0) {
+            for (let i = 0; i < 16; i++) {
+                cbcData[n * 16 + i] ^= this._k1[i];
+            }
+        } else {
+            cbcData[(n + 1) * 16 + r] = 0x80;
+            for (let i = 0; i < 16; i++) {
+                cbcData[(n + 1) * 16 + i] ^= this._k2[i];
+            }
+        }
+        let cbcEncrypted = await window.crypto.subtle.encrypt({
+            name: "AES-CBC",
+            iv: this._zeroBlock,
+        }, this._cbcKey, cbcData);
+
+        cbcEncrypted = new Uint8Array(cbcEncrypted);
+        const mac = cbcEncrypted.slice(cbcEncrypted.length - 32, cbcEncrypted.length - 16);
+        return mac;
+    }
+
+    static async importKey(key, _algorithm, _extractable, _keyUsages) {
+        const cipher = new AESEAXCipher;
+        await cipher._importKey(key);
+        return cipher;
+    }
+
+    async _importKey(key) {
+        this._rawKey = key;
+        this._ctrKey = await window.crypto.subtle.importKey(
+            "raw", key, {name: "AES-CTR"}, false, ["encrypt", "decrypt"]);
+        this._cbcKey = await window.crypto.subtle.importKey(
+            "raw", key, {name: "AES-CBC"}, false, ["encrypt"]);
+        await this._initCMAC();
+    }
+
+    async encrypt(algorithm, message) {
+        const ad = algorithm.additionalData;
+        const nonce = algorithm.iv;
+        const nCMAC = await this._computeCMAC(nonce, this._prefixBlock0);
+        const encrypted = await this._encryptCTR(message, nCMAC);
+        const adCMAC = await this._computeCMAC(ad, this._prefixBlock1);
+        const mac = await this._computeCMAC(encrypted, this._prefixBlock2);
+        for (let i = 0; i < 16; i++) {
+            mac[i] ^= nCMAC[i] ^ adCMAC[i];
+        }
+        const res = new Uint8Array(16 + encrypted.length);
+        res.set(encrypted);
+        res.set(mac, encrypted.length);
+        return res;
+    }
+
+    async decrypt(algorithm, data) {
+        const encrypted = data.slice(0, data.length - 16);
+        const ad = algorithm.additionalData;
+        const nonce = algorithm.iv;
+        const mac = data.slice(data.length - 16);
+        const nCMAC = await this._computeCMAC(nonce, this._prefixBlock0);
+        const adCMAC = await this._computeCMAC(ad, this._prefixBlock1);
+        const computedMac = await this._computeCMAC(encrypted, this._prefixBlock2);
+        for (let i = 0; i < 16; i++) {
+            computedMac[i] ^= nCMAC[i] ^ adCMAC[i];
+        }
+        if (computedMac.length !== mac.length) {
+            return null;
+        }
+        for (let i = 0; i < mac.length; i++) {
+            if (computedMac[i] !== mac[i]) {
+                return null;
+            }
+        }
+        const res = await this._decryptCTR(encrypted, nCMAC);
+        return res;
+    }
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/bigint.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/bigint.js
new file mode 100644
index 000000000..d34432650
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/bigint.js
@@ -0,0 +1,34 @@
+export function modPow(b, e, m) {
+    let r = 1n;
+    b = b % m;
+    while (e > 0n) {
+        if ((e & 1n) === 1n) {
+            r = (r * b) % m;
+        }
+        e = e >> 1n;
+        b = (b * b) % m;
+    }
+    return r;
+}
+
+export function bigIntToU8Array(bigint, padLength=0) {
+    let hex = bigint.toString(16);
+    if (padLength === 0) {
+        padLength = Math.ceil(hex.length / 2);
+    }
+    hex = hex.padStart(padLength * 2, '0');
+    const length = hex.length / 2;
+    const arr = new Uint8Array(length);
+    for (let i = 0; i < length; i++) {
+        arr[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return arr;
+}
+
+export function u8ArrayToBigInt(arr) {
+    let hex = '0x';
+    for (let i = 0; i < arr.length; i++) {
+        hex += arr[i].toString(16).padStart(2, '0');
+    }
+    return BigInt(hex);
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/crypto.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/crypto.js
new file mode 100644
index 000000000..cc17da228
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/crypto.js
@@ -0,0 +1,90 @@
+import { AESECBCipher, AESEAXCipher } from "./aes.js";
+import { DESCBCCipher, DESECBCipher } from "./des.js";
+import { RSACipher } from "./rsa.js";
+import { DHCipher } from "./dh.js";
+import { MD5 } from "./md5.js";
+
+// A single interface for the cryptographic algorithms not supported by SubtleCrypto.
+// Both synchronous and asynchronous implmentations are allowed.
+class LegacyCrypto {
+    constructor() {
+        this._algorithms = {
+            "AES-ECB": AESECBCipher,
+            "AES-EAX": AESEAXCipher,
+            "DES-ECB": DESECBCipher,
+            "DES-CBC": DESCBCCipher,
+            "RSA-PKCS1-v1_5": RSACipher,
+            "DH": DHCipher,
+            "MD5": MD5,
+        };
+    }
+
+    encrypt(algorithm, key, data) {
+        if (key.algorithm.name !== algorithm.name) {
+            throw new Error("algorithm does not match");
+        }
+        if (typeof key.encrypt !== "function") {
+            throw new Error("key does not support encryption");
+        }
+        return key.encrypt(algorithm, data);
+    }
+
+    decrypt(algorithm, key, data) {
+        if (key.algorithm.name !== algorithm.name) {
+            throw new Error("algorithm does not match");
+        }
+        if (typeof key.decrypt !== "function") {
+            throw new Error("key does not support encryption");
+        }
+        return key.decrypt(algorithm, data);
+    }
+
+    importKey(format, keyData, algorithm, extractable, keyUsages) {
+        if (format !== "raw") {
+            throw new Error("key format is not supported");
+        }
+        const alg = this._algorithms[algorithm.name];
+        if (typeof alg === "undefined" || typeof alg.importKey !== "function") {
+            throw new Error("algorithm is not supported");
+        }
+        return alg.importKey(keyData, algorithm, extractable, keyUsages);
+    }
+
+    generateKey(algorithm, extractable, keyUsages) {
+        const alg = this._algorithms[algorithm.name];
+        if (typeof alg === "undefined" || typeof alg.generateKey !== "function") {
+            throw new Error("algorithm is not supported");
+        }
+        return alg.generateKey(algorithm, extractable, keyUsages);
+    }
+
+    exportKey(format, key) {
+        if (format !== "raw") {
+            throw new Error("key format is not supported");
+        }
+        if (typeof key.exportKey !== "function") {
+            throw new Error("key does not support exportKey");
+        }
+        return key.exportKey();
+    }
+
+    digest(algorithm, data) {
+        const alg = this._algorithms[algorithm];
+        if (typeof alg !== "function") {
+            throw new Error("algorithm is not supported");
+        }
+        return alg(data);
+    }
+
+    deriveBits(algorithm, key, length) {
+        if (key.algorithm.name !== algorithm.name) {
+            throw new Error("algorithm does not match");
+        }
+        if (typeof key.deriveBits !== "function") {
+            throw new Error("key does not support deriveBits");
+        }
+        return key.deriveBits(algorithm, length);
+    }
+}
+
+export default new LegacyCrypto;
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/des.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/des.js
new file mode 100644
index 000000000..8dab31fb4
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/des.js
@@ -0,0 +1,330 @@
+/*
+ * Ported from Flashlight VNC ActionScript implementation:
+ *     http://www.wizhelp.com/flashlight-vnc/
+ *
+ * Full attribution follows:
+ *
+ * -------------------------------------------------------------------------
+ *
+ * This DES class has been extracted from package Acme.Crypto for use in VNC.
+ * The unnecessary odd parity code has been removed.
+ *
+ * These changes are:
+ *  Copyright (C) 1999 AT&T Laboratories Cambridge.  All Rights Reserved.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+
+ * DesCipher - the DES encryption method
+ *
+ * The meat of this code is by Dave Zimmerman <dzimm@widget.com>, and is:
+ *
+ * Copyright (c) 1996 Widget Workshop, Inc. All Rights Reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software
+ * and its documentation for NON-COMMERCIAL or COMMERCIAL purposes and
+ * without fee is hereby granted, provided that this copyright notice is kept
+ * intact.
+ *
+ * WIDGET WORKSHOP MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY
+ * OF THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+ * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. WIDGET WORKSHOP SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
+ * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.
+ *
+ * THIS SOFTWARE IS NOT DESIGNED OR INTENDED FOR USE OR RESALE AS ON-LINE
+ * CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE
+ * PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT
+ * NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE
+ * SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE
+ * SOFTWARE COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE
+ * PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES").  WIDGET WORKSHOP
+ * SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR
+ * HIGH RISK ACTIVITIES.
+ *
+ *
+ * The rest is:
+ *
+ * Copyright (C) 1996 by Jef Poskanzer <jef@acme.com>.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * Visit the ACME Labs Java page for up-to-date versions of this and other
+ * fine Java utilities: http://www.acme.com/java/
+ */
+
+/* eslint-disable comma-spacing */
+
+// Tables, permutations, S-boxes, etc.
+const PC2 = [13,16,10,23, 0, 4, 2,27,14, 5,20, 9,22,18,11, 3,
+             25, 7,15, 6,26,19,12, 1,40,51,30,36,46,54,29,39,
+             50,44,32,47,43,48,38,55,33,52,45,41,49,35,28,31 ],
+      totrot = [ 1, 2, 4, 6, 8,10,12,14,15,17,19,21,23,25,27,28];
+
+const z = 0x0;
+let a,b,c,d,e,f;
+a=1<<16; b=1<<24; c=a|b; d=1<<2; e=1<<10; f=d|e;
+const SP1 = [c|e,z|z,a|z,c|f,c|d,a|f,z|d,a|z,z|e,c|e,c|f,z|e,b|f,c|d,b|z,z|d,
+             z|f,b|e,b|e,a|e,a|e,c|z,c|z,b|f,a|d,b|d,b|d,a|d,z|z,z|f,a|f,b|z,
+             a|z,c|f,z|d,c|z,c|e,b|z,b|z,z|e,c|d,a|z,a|e,b|d,z|e,z|d,b|f,a|f,
+             c|f,a|d,c|z,b|f,b|d,z|f,a|f,c|e,z|f,b|e,b|e,z|z,a|d,a|e,z|z,c|d];
+a=1<<20; b=1<<31; c=a|b; d=1<<5; e=1<<15; f=d|e;
+const SP2 = [c|f,b|e,z|e,a|f,a|z,z|d,c|d,b|f,b|d,c|f,c|e,b|z,b|e,a|z,z|d,c|d,
+             a|e,a|d,b|f,z|z,b|z,z|e,a|f,c|z,a|d,b|d,z|z,a|e,z|f,c|e,c|z,z|f,
+             z|z,a|f,c|d,a|z,b|f,c|z,c|e,z|e,c|z,b|e,z|d,c|f,a|f,z|d,z|e,b|z,
+             z|f,c|e,a|z,b|d,a|d,b|f,b|d,a|d,a|e,z|z,b|e,z|f,b|z,c|d,c|f,a|e];
+a=1<<17; b=1<<27; c=a|b; d=1<<3; e=1<<9; f=d|e;
+const SP3 = [z|f,c|e,z|z,c|d,b|e,z|z,a|f,b|e,a|d,b|d,b|d,a|z,c|f,a|d,c|z,z|f,
+             b|z,z|d,c|e,z|e,a|e,c|z,c|d,a|f,b|f,a|e,a|z,b|f,z|d,c|f,z|e,b|z,
+             c|e,b|z,a|d,z|f,a|z,c|e,b|e,z|z,z|e,a|d,c|f,b|e,b|d,z|e,z|z,c|d,
+             b|f,a|z,b|z,c|f,z|d,a|f,a|e,b|d,c|z,b|f,z|f,c|z,a|f,z|d,c|d,a|e];
+a=1<<13; b=1<<23; c=a|b; d=1<<0; e=1<<7; f=d|e;
+const SP4 = [c|d,a|f,a|f,z|e,c|e,b|f,b|d,a|d,z|z,c|z,c|z,c|f,z|f,z|z,b|e,b|d,
+             z|d,a|z,b|z,c|d,z|e,b|z,a|d,a|e,b|f,z|d,a|e,b|e,a|z,c|e,c|f,z|f,
+             b|e,b|d,c|z,c|f,z|f,z|z,z|z,c|z,a|e,b|e,b|f,z|d,c|d,a|f,a|f,z|e,
+             c|f,z|f,z|d,a|z,b|d,a|d,c|e,b|f,a|d,a|e,b|z,c|d,z|e,b|z,a|z,c|e];
+a=1<<25; b=1<<30; c=a|b; d=1<<8; e=1<<19; f=d|e;
+const SP5 = [z|d,a|f,a|e,c|d,z|e,z|d,b|z,a|e,b|f,z|e,a|d,b|f,c|d,c|e,z|f,b|z,
+             a|z,b|e,b|e,z|z,b|d,c|f,c|f,a|d,c|e,b|d,z|z,c|z,a|f,a|z,c|z,z|f,
+             z|e,c|d,z|d,a|z,b|z,a|e,c|d,b|f,a|d,b|z,c|e,a|f,b|f,z|d,a|z,c|e,
+             c|f,z|f,c|z,c|f,a|e,z|z,b|e,c|z,z|f,a|d,b|d,z|e,z|z,b|e,a|f,b|d];
+a=1<<22; b=1<<29; c=a|b; d=1<<4; e=1<<14; f=d|e;
+const SP6 = [b|d,c|z,z|e,c|f,c|z,z|d,c|f,a|z,b|e,a|f,a|z,b|d,a|d,b|e,b|z,z|f,
+             z|z,a|d,b|f,z|e,a|e,b|f,z|d,c|d,c|d,z|z,a|f,c|e,z|f,a|e,c|e,b|z,
+             b|e,z|d,c|d,a|e,c|f,a|z,z|f,b|d,a|z,b|e,b|z,z|f,b|d,c|f,a|e,c|z,
+             a|f,c|e,z|z,c|d,z|d,z|e,c|z,a|f,z|e,a|d,b|f,z|z,c|e,b|z,a|d,b|f];
+a=1<<21; b=1<<26; c=a|b; d=1<<1; e=1<<11; f=d|e;
+const SP7 = [a|z,c|d,b|f,z|z,z|e,b|f,a|f,c|e,c|f,a|z,z|z,b|d,z|d,b|z,c|d,z|f,
+             b|e,a|f,a|d,b|e,b|d,c|z,c|e,a|d,c|z,z|e,z|f,c|f,a|e,z|d,b|z,a|e,
+             b|z,a|e,a|z,b|f,b|f,c|d,c|d,z|d,a|d,b|z,b|e,a|z,c|e,z|f,a|f,c|e,
+             z|f,b|d,c|f,c|z,a|e,z|z,z|d,c|f,z|z,a|f,c|z,z|e,b|d,b|e,z|e,a|d];
+a=1<<18; b=1<<28; c=a|b; d=1<<6; e=1<<12; f=d|e;
+const SP8 = [b|f,z|e,a|z,c|f,b|z,b|f,z|d,b|z,a|d,c|z,c|f,a|e,c|e,a|f,z|e,z|d,
+             c|z,b|d,b|e,z|f,a|e,a|d,c|d,c|e,z|f,z|z,z|z,c|d,b|d,b|e,a|f,a|z,
+             a|f,a|z,c|e,z|e,z|d,c|d,z|e,a|f,b|e,z|d,b|d,c|z,c|d,b|z,a|z,b|f,
+             z|z,c|f,a|d,b|d,c|z,b|e,b|f,z|z,c|f,a|e,a|e,z|f,z|f,a|d,b|z,c|e];
+
+/* eslint-enable comma-spacing */
+
+class DES {
+    constructor(password) {
+        this.keys = [];
+
+        // Set the key.
+        const pc1m = [], pcr = [], kn = [];
+
+        for (let j = 0, l = 56; j < 56; ++j, l -= 8) {
+            l += l < -5 ? 65 : l < -3 ? 31 : l < -1 ? 63 : l === 27 ? 35 : 0; // PC1
+            const m = l & 0x7;
+            pc1m[j] = ((password[l >>> 3] & (1<<m)) !== 0) ? 1: 0;
+        }
+
+        for (let i = 0; i < 16; ++i) {
+            const m = i << 1;
+            const n = m + 1;
+            kn[m] = kn[n] = 0;
+            for (let o = 28; o < 59; o += 28) {
+                for (let j = o - 28; j < o; ++j) {
+                    const l = j + totrot[i];
+                    pcr[j] = l < o ? pc1m[l] : pc1m[l - 28];
+                }
+            }
+            for (let j = 0; j < 24; ++j) {
+                if (pcr[PC2[j]] !== 0) {
+                    kn[m] |= 1 << (23 - j);
+                }
+                if (pcr[PC2[j + 24]] !== 0) {
+                    kn[n] |= 1 << (23 - j);
+                }
+            }
+        }
+
+        // cookey
+        for (let i = 0, rawi = 0, KnLi = 0; i < 16; ++i) {
+            const raw0 = kn[rawi++];
+            const raw1 = kn[rawi++];
+            this.keys[KnLi] = (raw0 & 0x00fc0000) << 6;
+            this.keys[KnLi] |= (raw0 & 0x00000fc0) << 10;
+            this.keys[KnLi] |= (raw1 & 0x00fc0000) >>> 10;
+            this.keys[KnLi] |= (raw1 & 0x00000fc0) >>> 6;
+            ++KnLi;
+            this.keys[KnLi] = (raw0 & 0x0003f000) << 12;
+            this.keys[KnLi] |= (raw0 & 0x0000003f) << 16;
+            this.keys[KnLi] |= (raw1 & 0x0003f000) >>> 4;
+            this.keys[KnLi] |= (raw1 & 0x0000003f);
+            ++KnLi;
+        }
+    }
+
+    // Encrypt 8 bytes of text
+    enc8(text) {
+        const b = text.slice();
+        let i = 0, l, r, x; // left, right, accumulator
+
+        // Squash 8 bytes to 2 ints
+        l = b[i++]<<24 | b[i++]<<16 | b[i++]<<8 | b[i++];
+        r = b[i++]<<24 | b[i++]<<16 | b[i++]<<8 | b[i++];
+
+        x = ((l >>> 4) ^ r) & 0x0f0f0f0f;
+        r ^= x;
+        l ^= (x << 4);
+        x = ((l >>> 16) ^ r) & 0x0000ffff;
+        r ^= x;
+        l ^= (x << 16);
+        x = ((r >>> 2) ^ l) & 0x33333333;
+        l ^= x;
+        r ^= (x << 2);
+        x = ((r >>> 8) ^ l) & 0x00ff00ff;
+        l ^= x;
+        r ^= (x << 8);
+        r = (r << 1) | ((r >>> 31) & 1);
+        x = (l ^ r) & 0xaaaaaaaa;
+        l ^= x;
+        r ^= x;
+        l = (l << 1) | ((l >>> 31) & 1);
+
+        for (let i = 0, keysi = 0; i < 8; ++i) {
+            x = (r << 28) | (r >>> 4);
+            x ^= this.keys[keysi++];
+            let fval =  SP7[x & 0x3f];
+            fval |= SP5[(x >>> 8) & 0x3f];
+            fval |= SP3[(x >>> 16) & 0x3f];
+            fval |= SP1[(x >>> 24) & 0x3f];
+            x = r ^ this.keys[keysi++];
+            fval |= SP8[x & 0x3f];
+            fval |= SP6[(x >>> 8) & 0x3f];
+            fval |= SP4[(x >>> 16) & 0x3f];
+            fval |= SP2[(x >>> 24) & 0x3f];
+            l ^= fval;
+            x = (l << 28) | (l >>> 4);
+            x ^= this.keys[keysi++];
+            fval =  SP7[x & 0x3f];
+            fval |= SP5[(x >>> 8) & 0x3f];
+            fval |= SP3[(x >>> 16) & 0x3f];
+            fval |= SP1[(x >>> 24) & 0x3f];
+            x = l ^ this.keys[keysi++];
+            fval |= SP8[x & 0x0000003f];
+            fval |= SP6[(x >>> 8) & 0x3f];
+            fval |= SP4[(x >>> 16) & 0x3f];
+            fval |= SP2[(x >>> 24) & 0x3f];
+            r ^= fval;
+        }
+
+        r = (r << 31) | (r >>> 1);
+        x = (l ^ r) & 0xaaaaaaaa;
+        l ^= x;
+        r ^= x;
+        l = (l << 31) | (l >>> 1);
+        x = ((l >>> 8) ^ r) & 0x00ff00ff;
+        r ^= x;
+        l ^= (x << 8);
+        x = ((l >>> 2) ^ r) & 0x33333333;
+        r ^= x;
+        l ^= (x << 2);
+        x = ((r >>> 16) ^ l) & 0x0000ffff;
+        l ^= x;
+        r ^= (x << 16);
+        x = ((r >>> 4) ^ l) & 0x0f0f0f0f;
+        l ^= x;
+        r ^= (x << 4);
+
+        // Spread ints to bytes
+        x = [r, l];
+        for (i = 0; i < 8; i++) {
+            b[i] = (x[i>>>2] >>> (8 * (3 - (i % 4)))) % 256;
+            if (b[i] < 0) { b[i] += 256; } // unsigned
+        }
+        return b;
+    }
+}
+
+export class DESECBCipher {
+    constructor() {
+        this._cipher = null;
+    }
+
+    get algorithm() {
+        return { name: "DES-ECB" };
+    }
+
+    static importKey(key, _algorithm, _extractable, _keyUsages) {
+        const cipher = new DESECBCipher;
+        cipher._importKey(key);
+        return cipher;
+    }
+
+    _importKey(key, _extractable, _keyUsages) {
+        this._cipher = new DES(key);
+    }
+
+    encrypt(_algorithm, plaintext) {
+        const x = new Uint8Array(plaintext);
+        if (x.length % 8 !== 0 || this._cipher === null) {
+            return null;
+        }
+        const n = x.length / 8;
+        for (let i = 0; i < n; i++) {
+            x.set(this._cipher.enc8(x.slice(i * 8, i * 8 + 8)), i * 8);
+        }
+        return x;
+    }
+}
+
+export class DESCBCCipher {
+    constructor() {
+        this._cipher = null;
+    }
+
+    get algorithm() {
+        return { name: "DES-CBC" };
+    }
+
+    static importKey(key, _algorithm, _extractable, _keyUsages) {
+        const cipher = new DESCBCCipher;
+        cipher._importKey(key);
+        return cipher;
+    }
+
+    _importKey(key) {
+        this._cipher = new DES(key);
+    }
+
+    encrypt(algorithm, plaintext) {
+        const x = new Uint8Array(plaintext);
+        let y = new Uint8Array(algorithm.iv);
+        if (x.length % 8 !== 0 || this._cipher === null) {
+            return null;
+        }
+        const n = x.length / 8;
+        for (let i = 0; i < n; i++) {
+            for (let j = 0; j < 8; j++) {
+                y[j] ^= plaintext[i * 8 + j];
+            }
+            y = this._cipher.enc8(y);
+            x.set(y, i * 8);
+        }
+        return x;
+    }
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/dh.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/dh.js
new file mode 100644
index 000000000..bd705d9bf
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/dh.js
@@ -0,0 +1,55 @@
+import { modPow, bigIntToU8Array, u8ArrayToBigInt } from "./bigint.js";
+
+class DHPublicKey {
+    constructor(key) {
+        this._key = key;
+    }
+
+    get algorithm() {
+        return { name: "DH" };
+    }
+
+    exportKey() {
+        return this._key;
+    }
+}
+
+export class DHCipher {
+    constructor() {
+        this._g = null;
+        this._p = null;
+        this._gBigInt = null;
+        this._pBigInt = null;
+        this._privateKey = null;
+    }
+
+    get algorithm() {
+        return { name: "DH" };
+    }
+
+    static generateKey(algorithm, _extractable) {
+        const cipher = new DHCipher;
+        cipher._generateKey(algorithm);
+        return { privateKey: cipher, publicKey: new DHPublicKey(cipher._publicKey) };
+    }
+
+    _generateKey(algorithm) {
+        const g = algorithm.g;
+        const p = algorithm.p;
+        this._keyBytes = p.length;
+        this._gBigInt = u8ArrayToBigInt(g);
+        this._pBigInt = u8ArrayToBigInt(p);
+        this._privateKey = window.crypto.getRandomValues(new Uint8Array(this._keyBytes));
+        this._privateKeyBigInt = u8ArrayToBigInt(this._privateKey);
+        this._publicKey = bigIntToU8Array(modPow(
+            this._gBigInt, this._privateKeyBigInt, this._pBigInt), this._keyBytes);
+    }
+
+    deriveBits(algorithm, length) {
+        const bytes = Math.ceil(length / 8);
+        const pkey = new Uint8Array(algorithm.public);
+        const len = bytes > this._keyBytes ? bytes : this._keyBytes;
+        const secret = modPow(u8ArrayToBigInt(pkey), this._privateKeyBigInt, this._pBigInt);
+        return bigIntToU8Array(secret, len).slice(0, len);
+    }
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/md5.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/md5.js
new file mode 100644
index 000000000..fcfefff06
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/md5.js
@@ -0,0 +1,82 @@
+/*
+ * noVNC: HTML5 VNC client
+ * Copyright (C) 2021 The noVNC Authors
+ * Licensed under MPL 2.0 (see LICENSE.txt)
+ *
+ * See README.md for usage and integration instructions.
+ */
+
+/*
+ * Performs MD5 hashing on an array of bytes, returns an array of bytes
+ */
+
+export async function MD5(d) {
+    let s = "";
+    for (let i = 0; i < d.length; i++) {
+        s += String.fromCharCode(d[i]);
+    }
+    return M(V(Y(X(s), 8 * s.length)));
+}
+
+function M(d) {
+    let f = new Uint8Array(d.length);
+    for (let i=0;i<d.length;i++) {
+        f[i] = d.charCodeAt(i);
+    }
+    return f;
+}
+
+function X(d) {
+    let r = Array(d.length >> 2);
+    for (let m = 0; m < r.length; m++) r[m] = 0;
+    for (let m = 0; m < 8 * d.length; m += 8) r[m >> 5] |= (255 & d.charCodeAt(m / 8)) << m % 32;
+    return r;
+}
+
+function V(d) {
+    let r = "";
+    for (let m = 0; m < 32 * d.length; m += 8) r += String.fromCharCode(d[m >> 5] >>> m % 32 & 255);
+    return r;
+}
+
+function Y(d, g) {
+    d[g >> 5] |= 128 << g % 32, d[14 + (g + 64 >>> 9 << 4)] = g;
+    let m = 1732584193, f = -271733879, r = -1732584194, i = 271733878;
+    for (let n = 0; n < d.length; n += 16) {
+        let h = m,
+            t = f,
+            g = r,
+            e = i;
+        f = ii(f = ii(f = ii(f = ii(f = hh(f = hh(f = hh(f = hh(f = gg(f = gg(f = gg(f = gg(f = ff(f = ff(f = ff(f = ff(f, r = ff(r, i = ff(i, m = ff(m, f, r, i, d[n + 0], 7, -680876936), f, r, d[n + 1], 12, -389564586), m, f, d[n + 2], 17, 606105819), i, m, d[n + 3], 22, -1044525330), r = ff(r, i = ff(i, m = ff(m, f, r, i, d[n + 4], 7, -176418897), f, r, d[n + 5], 12, 1200080426), m, f, d[n + 6], 17, -1473231341), i, m, d[n + 7], 22, -45705983), r = ff(r, i = ff(i, m = ff(m, f, r, i, d[n + 8], 7, 1770035416), f, r, d[n + 9], 12, -1958414417), m, f, d[n + 10], 17, -42063), i, m, d[n + 11], 22, -1990404162), r = ff(r, i = ff(i, m = ff(m, f, r, i, d[n + 12], 7, 1804603682), f, r, d[n + 13], 12, -40341101), m, f, d[n + 14], 17, -1502002290), i, m, d[n + 15], 22, 1236535329), r = gg(r, i = gg(i, m = gg(m, f, r, i, d[n + 1], 5, -165796510), f, r, d[n + 6], 9, -1069501632), m, f, d[n + 11], 14, 643717713), i, m, d[n + 0], 20, -373897302), r = gg(r, i = gg(i, m = gg(m, f, r, i, d[n + 5], 5, -701558691), f, r, d[n + 10], 9, 38016083), m, f, d[n + 15], 14, -660478335), i, m, d[n + 4], 20, -405537848), r = gg(r, i = gg(i, m = gg(m, f, r, i, d[n + 9], 5, 568446438), f, r, d[n + 14], 9, -1019803690), m, f, d[n + 3], 14, -187363961), i, m, d[n + 8], 20, 1163531501), r = gg(r, i = gg(i, m = gg(m, f, r, i, d[n + 13], 5, -1444681467), f, r, d[n + 2], 9, -51403784), m, f, d[n + 7], 14, 1735328473), i, m, d[n + 12], 20, -1926607734), r = hh(r, i = hh(i, m = hh(m, f, r, i, d[n + 5], 4, -378558), f, r, d[n + 8], 11, -2022574463), m, f, d[n + 11], 16, 1839030562), i, m, d[n + 14], 23, -35309556), r = hh(r, i = hh(i, m = hh(m, f, r, i, d[n + 1], 4, -1530992060), f, r, d[n + 4], 11, 1272893353), m, f, d[n + 7], 16, -155497632), i, m, d[n + 10], 23, -1094730640), r = hh(r, i = hh(i, m = hh(m, f, r, i, d[n + 13], 4, 681279174), f, r, d[n + 0], 11, -358537222), m, f, d[n + 3], 16, -722521979), i, m, d[n + 6], 23, 76029189), r = hh(r, i = hh(i, m = hh(m, f, r, i, d[n + 9], 4, -640364487), f, r, d[n + 12], 11, -421815835), m, f, d[n + 15], 16, 530742520), i, m, d[n + 2], 23, -995338651), r = ii(r, i = ii(i, m = ii(m, f, r, i, d[n + 0], 6, -198630844), f, r, d[n + 7], 10, 1126891415), m, f, d[n + 14], 15, -1416354905), i, m, d[n + 5], 21, -57434055), r = ii(r, i = ii(i, m = ii(m, f, r, i, d[n + 12], 6, 1700485571), f, r, d[n + 3], 10, -1894986606), m, f, d[n + 10], 15, -1051523), i, m, d[n + 1], 21, -2054922799), r = ii(r, i = ii(i, m = ii(m, f, r, i, d[n + 8], 6, 1873313359), f, r, d[n + 15], 10, -30611744), m, f, d[n + 6], 15, -1560198380), i, m, d[n + 13], 21, 1309151649), r = ii(r, i = ii(i, m = ii(m, f, r, i, d[n + 4], 6, -145523070), f, r, d[n + 11], 10, -1120210379), m, f, d[n + 2], 15, 718787259), i, m, d[n + 9], 21, -343485551), m = add(m, h), f = add(f, t), r = add(r, g), i = add(i, e);
+    }
+    return Array(m, f, r, i);
+}
+
+function cmn(d, g, m, f, r, i) {
+    return add(rol(add(add(g, d), add(f, i)), r), m);
+}
+
+function ff(d, g, m, f, r, i, n) {
+    return cmn(g & m | ~g & f, d, g, r, i, n);
+}
+
+function gg(d, g, m, f, r, i, n) {
+    return cmn(g & f | m & ~f, d, g, r, i, n);
+}
+
+function hh(d, g, m, f, r, i, n) {
+    return cmn(g ^ m ^ f, d, g, r, i, n);
+}
+
+function ii(d, g, m, f, r, i, n) {
+    return cmn(m ^ (g | ~f), d, g, r, i, n);
+}
+
+function add(d, g) {
+    let m = (65535 & d) + (65535 & g);
+    return (d >> 16) + (g >> 16) + (m >> 16) << 16 | 65535 & m;
+}
+
+function rol(d, g) {
+    return d << g | d >>> 32 - g;
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/rsa.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/rsa.js
new file mode 100644
index 000000000..68e8e869f
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/crypto/rsa.js
@@ -0,0 +1,132 @@
+import Base64 from "../base64.js";
+import { modPow, bigIntToU8Array, u8ArrayToBigInt } from "./bigint.js";
+
+export class RSACipher {
+    constructor() {
+        this._keyLength = 0;
+        this._keyBytes = 0;
+        this._n = null;
+        this._e = null;
+        this._d = null;
+        this._nBigInt = null;
+        this._eBigInt = null;
+        this._dBigInt = null;
+        this._extractable = false;
+    }
+
+    get algorithm() {
+        return { name: "RSA-PKCS1-v1_5" };
+    }
+
+    _base64urlDecode(data) {
+        data = data.replace(/-/g, "+").replace(/_/g, "/");
+        data = data.padEnd(Math.ceil(data.length / 4) * 4, "=");
+        return Base64.decode(data);
+    }
+
+    _padArray(arr, length) {
+        const res = new Uint8Array(length);
+        res.set(arr, length - arr.length);
+        return res;
+    }
+
+    static async generateKey(algorithm, extractable, _keyUsages) {
+        const cipher = new RSACipher;
+        await cipher._generateKey(algorithm, extractable);
+        return { privateKey: cipher };
+    }
+
+    async _generateKey(algorithm, extractable) {
+        this._keyLength = algorithm.modulusLength;
+        this._keyBytes = Math.ceil(this._keyLength / 8);
+        const key = await window.crypto.subtle.generateKey(
+            {
+                name: "RSA-OAEP",
+                modulusLength: algorithm.modulusLength,
+                publicExponent: algorithm.publicExponent,
+                hash: {name: "SHA-256"},
+            },
+            true, ["encrypt", "decrypt"]);
+        const privateKey = await window.crypto.subtle.exportKey("jwk", key.privateKey);
+        this._n = this._padArray(this._base64urlDecode(privateKey.n), this._keyBytes);
+        this._nBigInt = u8ArrayToBigInt(this._n);
+        this._e = this._padArray(this._base64urlDecode(privateKey.e), this._keyBytes);
+        this._eBigInt = u8ArrayToBigInt(this._e);
+        this._d = this._padArray(this._base64urlDecode(privateKey.d), this._keyBytes);
+        this._dBigInt = u8ArrayToBigInt(this._d);
+        this._extractable = extractable;
+    }
+
+    static async importKey(key, _algorithm, extractable, keyUsages) {
+        if (keyUsages.length !== 1 || keyUsages[0] !== "encrypt") {
+            throw new Error("only support importing RSA public key");
+        }
+        const cipher = new RSACipher;
+        await cipher._importKey(key, extractable);
+        return cipher;
+    }
+
+    async _importKey(key, extractable) {
+        const n = key.n;
+        const e = key.e;
+        if (n.length !== e.length) {
+            throw new Error("the sizes of modulus and public exponent do not match");
+        }
+        this._keyBytes = n.length;
+        this._keyLength = this._keyBytes * 8;
+        this._n = new Uint8Array(this._keyBytes);
+        this._e = new Uint8Array(this._keyBytes);
+        this._n.set(n);
+        this._e.set(e);
+        this._nBigInt = u8ArrayToBigInt(this._n);
+        this._eBigInt = u8ArrayToBigInt(this._e);
+        this._extractable = extractable;
+    }
+
+    async encrypt(_algorithm, message) {
+        if (message.length > this._keyBytes - 11) {
+            return null;
+        }
+        const ps = new Uint8Array(this._keyBytes - message.length - 3);
+        window.crypto.getRandomValues(ps);
+        for (let i = 0; i < ps.length; i++) {
+            ps[i] = Math.floor(ps[i] * 254 / 255 + 1);
+        }
+        const em = new Uint8Array(this._keyBytes);
+        em[1] = 0x02;
+        em.set(ps, 2);
+        em.set(message, ps.length + 3);
+        const emBigInt = u8ArrayToBigInt(em);
+        const c = modPow(emBigInt, this._eBigInt, this._nBigInt);
+        return bigIntToU8Array(c, this._keyBytes);
+    }
+
+    async decrypt(_algorithm, message) {
+        if (message.length !== this._keyBytes) {
+            return null;
+        }
+        const msgBigInt = u8ArrayToBigInt(message);
+        const emBigInt = modPow(msgBigInt, this._dBigInt, this._nBigInt);
+        const em = bigIntToU8Array(emBigInt, this._keyBytes);
+        if (em[0] !== 0x00 || em[1] !== 0x02) {
+            return null;
+        }
+        let i = 2;
+        for (; i < em.length; i++) {
+            if (em[i] === 0x00) {
+                break;
+            }
+        }
+        if (i === em.length) {
+            return null;
+        }
+        return em.slice(i + 1, em.length);
+    }
+
+    async exportKey() {
+        if (!this._extractable) {
+            throw new Error("key is not extractable");
+        }
+        return { n: this._n, e: this._e, d: this._d };
+    }
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/copyrect.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/copyrect.js
index 0e0536a6a..9e6391a17 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/copyrect.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/copyrect.js
@@ -15,6 +15,11 @@ export default class CopyRectDecoder {
 
         let deltaX = sock.rQshift16();
         let deltaY = sock.rQshift16();
+
+        if ((width === 0) || (height === 0)) {
+            return true;
+        }
+
         display.copyImage(deltaX, deltaY, x, y, width, height);
 
         return true;
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/hextile.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/hextile.js
index 8dbe80922..cc33e0e10 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/hextile.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/hextile.js
@@ -13,6 +13,7 @@ export default class HextileDecoder {
     constructor() {
         this._tiles = 0;
         this._lastsubencoding = 0;
+        this._tileBuffer = new Uint8Array(16 * 16 * 4);
     }
 
     decodeRect(x, y, width, height, sock, display, depth) {
@@ -30,10 +31,7 @@ export default class HextileDecoder {
                 return false;
             }
 
-            let rQ = sock.rQ;
-            let rQi = sock.rQi;
-
-            let subencoding = rQ[rQi];  // Peek
+            let subencoding = sock.rQpeek8();
             if (subencoding > 30) {  // Raw
                 throw new Error("Illegal hextile subencoding (subencoding: " +
                             subencoding + ")");
@@ -64,7 +62,7 @@ export default class HextileDecoder {
                         return false;
                     }
 
-                    let subrects = rQ[rQi + bytes - 1];  // Peek
+                    let subrects = sock.rQpeekBytes(bytes).at(-1);
                     if (subencoding & 0x10) {  // SubrectsColoured
                         bytes += subrects * (4 + 2);
                     } else {
@@ -78,7 +76,7 @@ export default class HextileDecoder {
             }
 
             // We know the encoding and have a whole tile
-            rQi++;
+            sock.rQshift8();
             if (subencoding === 0) {
                 if (this._lastsubencoding & 0x01) {
                     // Weird: ignore blanks are RAW
@@ -87,51 +85,97 @@ export default class HextileDecoder {
                     display.fillRect(tx, ty, tw, th, this._background);
                 }
             } else if (subencoding & 0x01) {  // Raw
-                display.blitImage(tx, ty, tw, th, rQ, rQi);
-                rQi += bytes - 1;
+                let pixels = tw * th;
+                let data = sock.rQshiftBytes(pixels * 4, false);
+                // Max sure the image is fully opaque
+                for (let i = 0;i <  pixels;i++) {
+                    data[i * 4 + 3] = 255;
+                }
+                display.blitImage(tx, ty, tw, th, data, 0);
             } else {
                 if (subencoding & 0x02) {  // Background
-                    this._background = [rQ[rQi], rQ[rQi + 1], rQ[rQi + 2], rQ[rQi + 3]];
-                    rQi += 4;
+                    this._background = new Uint8Array(sock.rQshiftBytes(4));
                 }
                 if (subencoding & 0x04) {  // Foreground
-                    this._foreground = [rQ[rQi], rQ[rQi + 1], rQ[rQi + 2], rQ[rQi + 3]];
-                    rQi += 4;
+                    this._foreground = new Uint8Array(sock.rQshiftBytes(4));
                 }
 
-                display.startTile(tx, ty, tw, th, this._background);
+                this._startTile(tx, ty, tw, th, this._background);
                 if (subencoding & 0x08) {  // AnySubrects
-                    let subrects = rQ[rQi];
-                    rQi++;
+                    let subrects = sock.rQshift8();
 
                     for (let s = 0; s < subrects; s++) {
                         let color;
                         if (subencoding & 0x10) {  // SubrectsColoured
-                            color = [rQ[rQi], rQ[rQi + 1], rQ[rQi + 2], rQ[rQi + 3]];
-                            rQi += 4;
+                            color = sock.rQshiftBytes(4);
                         } else {
                             color = this._foreground;
                         }
-                        const xy = rQ[rQi];
-                        rQi++;
+                        const xy = sock.rQshift8();
                         const sx = (xy >> 4);
                         const sy = (xy & 0x0f);
 
-                        const wh = rQ[rQi];
-                        rQi++;
+                        const wh = sock.rQshift8();
                         const sw = (wh >> 4) + 1;
                         const sh = (wh & 0x0f) + 1;
 
-                        display.subTile(sx, sy, sw, sh, color);
+                        this._subTile(sx, sy, sw, sh, color);
                     }
                 }
-                display.finishTile();
+                this._finishTile(display);
             }
-            sock.rQi = rQi;
             this._lastsubencoding = subencoding;
             this._tiles--;
         }
 
         return true;
     }
+
+    // start updating a tile
+    _startTile(x, y, width, height, color) {
+        this._tileX = x;
+        this._tileY = y;
+        this._tileW = width;
+        this._tileH = height;
+
+        const red = color[0];
+        const green = color[1];
+        const blue = color[2];
+
+        const data = this._tileBuffer;
+        for (let i = 0; i < width * height * 4; i += 4) {
+            data[i]     = red;
+            data[i + 1] = green;
+            data[i + 2] = blue;
+            data[i + 3] = 255;
+        }
+    }
+
+    // update sub-rectangle of the current tile
+    _subTile(x, y, w, h, color) {
+        const red = color[0];
+        const green = color[1];
+        const blue = color[2];
+        const xend = x + w;
+        const yend = y + h;
+
+        const data = this._tileBuffer;
+        const width = this._tileW;
+        for (let j = y; j < yend; j++) {
+            for (let i = x; i < xend; i++) {
+                const p = (i + (j * width)) * 4;
+                data[p]     = red;
+                data[p + 1] = green;
+                data[p + 2] = blue;
+                data[p + 3] = 255;
+            }
+        }
+    }
+
+    // draw the current tile to the screen
+    _finishTile(display) {
+        display.blitImage(this._tileX, this._tileY,
+                          this._tileW, this._tileH,
+                          this._tileBuffer, 0);
+    }
 }
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/jpeg.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/jpeg.js
new file mode 100644
index 000000000..feb2aeb6c
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/jpeg.js
@@ -0,0 +1,146 @@
+/*
+ * noVNC: HTML5 VNC client
+ * Copyright (C) 2019 The noVNC Authors
+ * Licensed under MPL 2.0 (see LICENSE.txt)
+ *
+ * See README.md for usage and integration instructions.
+ *
+ */
+
+export default class JPEGDecoder {
+    constructor() {
+        // RealVNC will reuse the quantization tables
+        // and Huffman tables, so we need to cache them.
+        this._cachedQuantTables = [];
+        this._cachedHuffmanTables = [];
+
+        this._segments = [];
+    }
+
+    decodeRect(x, y, width, height, sock, display, depth) {
+        // A rect of JPEG encodings is simply a JPEG file
+        while (true) {
+            let segment = this._readSegment(sock);
+            if (segment === null) {
+                return false;
+            }
+            this._segments.push(segment);
+            // End of image?
+            if (segment[1] === 0xD9) {
+                break;
+            }
+        }
+
+        let huffmanTables = [];
+        let quantTables = [];
+        for (let segment of this._segments) {
+            let type = segment[1];
+            if (type === 0xC4) {
+                // Huffman tables
+                huffmanTables.push(segment);
+            } else if (type === 0xDB) {
+                // Quantization tables
+                quantTables.push(segment);
+            }
+        }
+
+        const sofIndex = this._segments.findIndex(
+            x => x[1] == 0xC0 || x[1] == 0xC2
+        );
+        if (sofIndex == -1) {
+            throw new Error("Illegal JPEG image without SOF");
+        }
+
+        if (quantTables.length === 0) {
+            this._segments.splice(sofIndex+1, 0,
+                                  ...this._cachedQuantTables);
+        }
+        if (huffmanTables.length === 0) {
+            this._segments.splice(sofIndex+1, 0,
+                                  ...this._cachedHuffmanTables);
+        }
+
+        let length = 0;
+        for (let segment of this._segments) {
+            length += segment.length;
+        }
+
+        let data = new Uint8Array(length);
+        length = 0;
+        for (let segment of this._segments) {
+            data.set(segment, length);
+            length += segment.length;
+        }
+
+        display.imageRect(x, y, width, height, "image/jpeg", data);
+
+        if (huffmanTables.length !== 0) {
+            this._cachedHuffmanTables = huffmanTables;
+        }
+        if (quantTables.length !== 0) {
+            this._cachedQuantTables = quantTables;
+        }
+
+        this._segments = [];
+
+        return true;
+    }
+
+    _readSegment(sock) {
+        if (sock.rQwait("JPEG", 2)) {
+            return null;
+        }
+
+        let marker = sock.rQshift8();
+        if (marker != 0xFF) {
+            throw new Error("Illegal JPEG marker received (byte: " +
+                               marker + ")");
+        }
+        let type = sock.rQshift8();
+        if (type >= 0xD0 && type <= 0xD9 || type == 0x01) {
+            // No length after marker
+            return new Uint8Array([marker, type]);
+        }
+
+        if (sock.rQwait("JPEG", 2, 2)) {
+            return null;
+        }
+
+        let length = sock.rQshift16();
+        if (length < 2) {
+            throw new Error("Illegal JPEG length received (length: " +
+                               length + ")");
+        }
+
+        if (sock.rQwait("JPEG", length-2, 4)) {
+            return null;
+        }
+
+        let extra = 0;
+        if (type === 0xDA) {
+            // start of scan
+            extra += 2;
+            while (true) {
+                if (sock.rQwait("JPEG", length-2+extra, 4)) {
+                    return null;
+                }
+                let data = sock.rQpeekBytes(length-2+extra, false);
+                if (data.at(-2) === 0xFF && data.at(-1) !== 0x00 &&
+                    !(data.at(-1) >= 0xD0 && data.at(-1) <= 0xD7)) {
+                    extra -= 2;
+                    break;
+                }
+                extra++;
+            }
+        }
+
+        let segment = new Uint8Array(2 + length + extra);
+        segment[0] = marker;
+        segment[1] = type;
+        segment[2] = length >> 8;
+        segment[3] = length;
+        segment.set(sock.rQshiftBytes(length-2+extra, false), 4);
+
+        return segment;
+    }
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/raw.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/raw.js
index 4d84d7d10..3c1661425 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/raw.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/raw.js
@@ -13,6 +13,10 @@ export default class RawDecoder {
     }
 
     decodeRect(x, y, width, height, sock, display, depth) {
+        if ((width === 0) || (height === 0)) {
+            return true;
+        }
+
         if (this._lines === 0) {
             this._lines = height;
         }
@@ -20,35 +24,34 @@ export default class RawDecoder {
         const pixelSize = depth == 8 ? 1 : 4;
         const bytesPerLine = width * pixelSize;
 
-        if (sock.rQwait("RAW", bytesPerLine)) {
-            return false;
-        }
-
-        const curY = y + (height - this._lines);
-        const currHeight = Math.min(this._lines,
-                                    Math.floor(sock.rQlen / bytesPerLine));
-        let data = sock.rQ;
-        let index = sock.rQi;
-
-        // Convert data if needed
-        if (depth == 8) {
-            const pixels = width * currHeight;
-            const newdata = new Uint8Array(pixels * 4);
-            for (let i = 0; i < pixels; i++) {
-                newdata[i * 4 + 0] = ((data[index + i] >> 0) & 0x3) * 255 / 3;
-                newdata[i * 4 + 1] = ((data[index + i] >> 2) & 0x3) * 255 / 3;
-                newdata[i * 4 + 2] = ((data[index + i] >> 4) & 0x3) * 255 / 3;
-                newdata[i * 4 + 4] = 0;
+        while (this._lines > 0) {
+            if (sock.rQwait("RAW", bytesPerLine)) {
+                return false;
             }
-            data = newdata;
-            index = 0;
-        }
 
-        display.blitImage(x, curY, width, currHeight, data, index);
-        sock.rQskipBytes(currHeight * bytesPerLine);
-        this._lines -= currHeight;
-        if (this._lines > 0) {
-            return false;
+            const curY = y + (height - this._lines);
+
+            let data = sock.rQshiftBytes(bytesPerLine, false);
+
+            // Convert data if needed
+            if (depth == 8) {
+                const newdata = new Uint8Array(width * 4);
+                for (let i = 0; i < width; i++) {
+                    newdata[i * 4 + 0] = ((data[i] >> 0) & 0x3) * 255 / 3;
+                    newdata[i * 4 + 1] = ((data[i] >> 2) & 0x3) * 255 / 3;
+                    newdata[i * 4 + 2] = ((data[i] >> 4) & 0x3) * 255 / 3;
+                    newdata[i * 4 + 3] = 255;
+                }
+                data = newdata;
+            }
+
+            // Max sure the image is fully opaque
+            for (let i = 0; i < width; i++) {
+                data[i * 4 + 3] = 255;
+            }
+
+            display.blitImage(x, curY, width, 1, data, 0);
+            this._lines--;
         }
 
         return true;
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/tight.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/tight.js
index b207419e1..8bc977a79 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/tight.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/tight.js
@@ -56,7 +56,7 @@ export default class TightDecoder {
         } else if (this._ctl === 0x0A) {
             ret = this._pngRect(x, y, width, height,
                                 sock, display, depth);
-        } else if ((this._ctl & 0x80) == 0) {
+        } else if ((this._ctl & 0x08) == 0) {
             ret = this._basicRect(this._ctl, x, y, width, height,
                                   sock, display, depth);
         } else {
@@ -76,12 +76,8 @@ export default class TightDecoder {
             return false;
         }
 
-        const rQi = sock.rQi;
-        const rQ = sock.rQ;
-
-        display.fillRect(x, y, width, height,
-                         [rQ[rQi + 2], rQ[rQi + 1], rQ[rQi]], false);
-        sock.rQskipBytes(3);
+        let pixel = sock.rQshiftBytes(3);
+        display.fillRect(x, y, width, height, pixel, false);
 
         return true;
     }
@@ -148,6 +144,10 @@ export default class TightDecoder {
         const uncompressedSize = width * height * 3;
         let data;
 
+        if (uncompressedSize === 0) {
+            return true;
+        }
+
         if (uncompressedSize < 12) {
             if (sock.rQwait("TIGHT", uncompressedSize)) {
                 return false;
@@ -165,7 +165,15 @@ export default class TightDecoder {
             this._zlibs[streamId].setInput(null);
         }
 
-        display.blitRgbImage(x, y, width, height, data, 0, false);
+        let rgbx = new Uint8Array(width * height * 4);
+        for (let i = 0, j = 0; i < width * height * 4; i += 4, j += 3) {
+            rgbx[i]     = data[j];
+            rgbx[i + 1] = data[j + 1];
+            rgbx[i + 2] = data[j + 2];
+            rgbx[i + 3] = 255;  // Alpha
+        }
+
+        display.blitImage(x, y, width, height, rgbx, 0, false);
 
         return true;
     }
@@ -195,6 +203,10 @@ export default class TightDecoder {
 
         let data;
 
+        if (uncompressedSize === 0) {
+            return true;
+        }
+
         if (uncompressedSize < 12) {
             if (sock.rQwait("TIGHT", uncompressedSize)) {
                 return false;
@@ -237,7 +249,7 @@ export default class TightDecoder {
                 for (let b = 7; b >= 0; b--) {
                     dp = (y * width + x * 8 + 7 - b) * 4;
                     sp = (data[y * w + x] >> b & 1) * 3;
-                    dest[dp] = palette[sp];
+                    dest[dp]     = palette[sp];
                     dest[dp + 1] = palette[sp + 1];
                     dest[dp + 2] = palette[sp + 2];
                     dest[dp + 3] = 255;
@@ -247,14 +259,14 @@ export default class TightDecoder {
             for (let b = 7; b >= 8 - width % 8; b--) {
                 dp = (y * width + x * 8 + 7 - b) * 4;
                 sp = (data[y * w + x] >> b & 1) * 3;
-                dest[dp] = palette[sp];
+                dest[dp]     = palette[sp];
                 dest[dp + 1] = palette[sp + 1];
                 dest[dp + 2] = palette[sp + 2];
                 dest[dp + 3] = 255;
             }
         }
 
-        display.blitRgbxImage(x, y, width, height, dest, 0, false);
+        display.blitImage(x, y, width, height, dest, 0, false);
     }
 
     _paletteRect(x, y, width, height, data, palette, display) {
@@ -263,17 +275,83 @@ export default class TightDecoder {
         const total = width * height * 4;
         for (let i = 0, j = 0; i < total; i += 4, j++) {
             const sp = data[j] * 3;
-            dest[i] = palette[sp];
+            dest[i]     = palette[sp];
             dest[i + 1] = palette[sp + 1];
             dest[i + 2] = palette[sp + 2];
             dest[i + 3] = 255;
         }
 
-        display.blitRgbxImage(x, y, width, height, dest, 0, false);
+        display.blitImage(x, y, width, height, dest, 0, false);
     }
 
     _gradientFilter(streamId, x, y, width, height, sock, display, depth) {
-        throw new Error("Gradient filter not implemented");
+        // assume the TPIXEL is 3 bytes long
+        const uncompressedSize = width * height * 3;
+        let data;
+
+        if (uncompressedSize === 0) {
+            return true;
+        }
+
+        if (uncompressedSize < 12) {
+            if (sock.rQwait("TIGHT", uncompressedSize)) {
+                return false;
+            }
+
+            data = sock.rQshiftBytes(uncompressedSize);
+        } else {
+            data = this._readData(sock);
+            if (data === null) {
+                return false;
+            }
+
+            this._zlibs[streamId].setInput(data);
+            data = this._zlibs[streamId].inflate(uncompressedSize);
+            this._zlibs[streamId].setInput(null);
+        }
+
+        let rgbx = new Uint8Array(4 * width * height);
+
+        let rgbxIndex = 0, dataIndex = 0;
+        let left = new Uint8Array(3);
+        for (let x = 0; x < width; x++) {
+            for (let c = 0; c < 3; c++) {
+                const prediction = left[c];
+                const value = data[dataIndex++] + prediction;
+                rgbx[rgbxIndex++] = value;
+                left[c] = value;
+            }
+            rgbx[rgbxIndex++] = 255;
+        }
+
+        let upperIndex = 0;
+        let upper = new Uint8Array(3),
+            upperleft = new Uint8Array(3);
+        for (let y = 1; y < height; y++) {
+            left.fill(0);
+            upperleft.fill(0);
+            for (let x = 0; x < width; x++) {
+                for (let c = 0; c < 3; c++) {
+                    upper[c] = rgbx[upperIndex++];
+                    let prediction = left[c] + upper[c] - upperleft[c];
+                    if (prediction < 0) {
+                        prediction = 0;
+                    } else if (prediction > 255) {
+                        prediction = 255;
+                    }
+                    const value = data[dataIndex++] + prediction;
+                    rgbx[rgbxIndex++] = value;
+                    upperleft[c] = upper[c];
+                    left[c] = value;
+                }
+                rgbx[rgbxIndex++] = 255;
+                upperIndex++;
+            }
+        }
+
+        display.blitImage(x, y, width, height, rgbx, 0, false);
+
+        return true;
     }
 
     _readData(sock) {
@@ -300,7 +378,7 @@ export default class TightDecoder {
             return null;
         }
 
-        let data = sock.rQshiftBytes(this._len);
+        let data = sock.rQshiftBytes(this._len, false);
         this._len = 0;
 
         return data;
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/zrle.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/zrle.js
new file mode 100644
index 000000000..49128e798
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/decoders/zrle.js
@@ -0,0 +1,185 @@
+/*
+ * noVNC: HTML5 VNC client
+ * Copyright (C) 2021 The noVNC Authors
+ * Licensed under MPL 2.0 (see LICENSE.txt)
+ *
+ * See README.md for usage and integration instructions.
+ *
+ */
+
+import Inflate from "../inflator.js";
+
+const ZRLE_TILE_WIDTH = 64;
+const ZRLE_TILE_HEIGHT = 64;
+
+export default class ZRLEDecoder {
+    constructor() {
+        this._length = 0;
+        this._inflator = new Inflate();
+
+        this._pixelBuffer = new Uint8Array(ZRLE_TILE_WIDTH * ZRLE_TILE_HEIGHT * 4);
+        this._tileBuffer = new Uint8Array(ZRLE_TILE_WIDTH * ZRLE_TILE_HEIGHT * 4);
+    }
+
+    decodeRect(x, y, width, height, sock, display, depth) {
+        if (this._length === 0) {
+            if (sock.rQwait("ZLib data length", 4)) {
+                return false;
+            }
+            this._length = sock.rQshift32();
+        }
+        if (sock.rQwait("Zlib data", this._length)) {
+            return false;
+        }
+
+        const data = sock.rQshiftBytes(this._length, false);
+
+        this._inflator.setInput(data);
+
+        for (let ty = y; ty < y + height; ty += ZRLE_TILE_HEIGHT) {
+            let th = Math.min(ZRLE_TILE_HEIGHT, y + height - ty);
+
+            for (let tx = x; tx < x + width; tx += ZRLE_TILE_WIDTH) {
+                let tw = Math.min(ZRLE_TILE_WIDTH, x + width - tx);
+
+                const tileSize = tw * th;
+                const subencoding = this._inflator.inflate(1)[0];
+                if (subencoding === 0) {
+                    // raw data
+                    const data = this._readPixels(tileSize);
+                    display.blitImage(tx, ty, tw, th, data, 0, false);
+                } else if (subencoding === 1) {
+                    // solid
+                    const background = this._readPixels(1);
+                    display.fillRect(tx, ty, tw, th, [background[0], background[1], background[2]]);
+                } else if (subencoding >= 2 && subencoding <= 16) {
+                    const data = this._decodePaletteTile(subencoding, tileSize, tw, th);
+                    display.blitImage(tx, ty, tw, th, data, 0, false);
+                } else if (subencoding === 128) {
+                    const data = this._decodeRLETile(tileSize);
+                    display.blitImage(tx, ty, tw, th, data, 0, false);
+                } else if (subencoding >= 130 && subencoding <= 255) {
+                    const data = this._decodeRLEPaletteTile(subencoding - 128, tileSize);
+                    display.blitImage(tx, ty, tw, th, data, 0, false);
+                } else {
+                    throw new Error('Unknown subencoding: ' + subencoding);
+                }
+            }
+        }
+        this._length = 0;
+        return true;
+    }
+
+    _getBitsPerPixelInPalette(paletteSize) {
+        if (paletteSize <= 2) {
+            return 1;
+        } else if (paletteSize <= 4) {
+            return 2;
+        } else if (paletteSize <= 16) {
+            return 4;
+        }
+    }
+
+    _readPixels(pixels) {
+        let data = this._pixelBuffer;
+        const buffer = this._inflator.inflate(3*pixels);
+        for (let i = 0, j = 0; i < pixels*4; i += 4, j += 3) {
+            data[i]     = buffer[j];
+            data[i + 1] = buffer[j + 1];
+            data[i + 2] = buffer[j + 2];
+            data[i + 3] = 255;  // Add the Alpha
+        }
+        return data;
+    }
+
+    _decodePaletteTile(paletteSize, tileSize, tilew, tileh) {
+        const data = this._tileBuffer;
+        const palette = this._readPixels(paletteSize);
+        const bitsPerPixel = this._getBitsPerPixelInPalette(paletteSize);
+        const mask = (1 << bitsPerPixel) - 1;
+
+        let offset = 0;
+        let encoded = this._inflator.inflate(1)[0];
+
+        for (let y=0; y<tileh; y++) {
+            let shift = 8-bitsPerPixel;
+            for (let x=0; x<tilew; x++) {
+                if (shift<0) {
+                    shift=8-bitsPerPixel;
+                    encoded = this._inflator.inflate(1)[0];
+                }
+                let indexInPalette = (encoded>>shift) & mask;
+
+                data[offset] = palette[indexInPalette * 4];
+                data[offset + 1] = palette[indexInPalette * 4 + 1];
+                data[offset + 2] = palette[indexInPalette * 4 + 2];
+                data[offset + 3] = palette[indexInPalette * 4 + 3];
+                offset += 4;
+                shift-=bitsPerPixel;
+            }
+            if (shift<8-bitsPerPixel && y<tileh-1) {
+                encoded =  this._inflator.inflate(1)[0];
+            }
+        }
+        return data;
+    }
+
+    _decodeRLETile(tileSize) {
+        const data = this._tileBuffer;
+        let i = 0;
+        while (i < tileSize) {
+            const pixel = this._readPixels(1);
+            const length = this._readRLELength();
+            for (let j = 0; j < length; j++) {
+                data[i * 4] = pixel[0];
+                data[i * 4 + 1] = pixel[1];
+                data[i * 4 + 2] = pixel[2];
+                data[i * 4 + 3] = pixel[3];
+                i++;
+            }
+        }
+        return data;
+    }
+
+    _decodeRLEPaletteTile(paletteSize, tileSize) {
+        const data = this._tileBuffer;
+
+        // palette
+        const palette = this._readPixels(paletteSize);
+
+        let offset = 0;
+        while (offset < tileSize) {
+            let indexInPalette = this._inflator.inflate(1)[0];
+            let length = 1;
+            if (indexInPalette >= 128) {
+                indexInPalette -= 128;
+                length = this._readRLELength();
+            }
+            if (indexInPalette > paletteSize) {
+                throw new Error('Too big index in palette: ' + indexInPalette + ', palette size: ' + paletteSize);
+            }
+            if (offset + length > tileSize) {
+                throw new Error('Too big rle length in palette mode: ' + length + ', allowed length is: ' + (tileSize - offset));
+            }
+
+            for (let j = 0; j < length; j++) {
+                data[offset * 4] = palette[indexInPalette * 4];
+                data[offset * 4 + 1] = palette[indexInPalette * 4 + 1];
+                data[offset * 4 + 2] = palette[indexInPalette * 4 + 2];
+                data[offset * 4 + 3] = palette[indexInPalette * 4 + 3];
+                offset++;
+            }
+        }
+        return data;
+    }
+
+    _readRLELength() {
+        let length = 0;
+        let current = 0;
+        do {
+            current = this._inflator.inflate(1)[0];
+            length += current;
+        } while (current === 255);
+        return length + 1;
+    }
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/deflator.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/deflator.js
index fe2a8f703..22f6770b3 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/deflator.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/deflator.js
@@ -7,7 +7,7 @@
  */
 
 import { deflateInit, deflate } from "../vendor/pako/lib/zlib/deflate.js";
-import { Z_FULL_FLUSH } from "../vendor/pako/lib/zlib/deflate.js";
+import { Z_FULL_FLUSH, Z_DEFAULT_COMPRESSION } from "../vendor/pako/lib/zlib/deflate.js";
 import ZStream from "../vendor/pako/lib/zlib/zstream.js";
 
 export default class Deflator {
@@ -15,9 +15,8 @@ export default class Deflator {
         this.strm = new ZStream();
         this.chunkSize = 1024 * 10 * 10;
         this.outputBuffer = new Uint8Array(this.chunkSize);
-        this.windowBits = 5;
 
-        deflateInit(this.strm, this.windowBits);
+        deflateInit(this.strm, Z_DEFAULT_COMPRESSION);
     }
 
     deflate(inData) {
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/display.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/display.js
index cf1a51aaa..fcd626999 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/display.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/display.js
@@ -8,7 +8,6 @@
 
 import * as Log from './util/logging.js';
 import Base64 from "./base64.js";
-import { supportsImageMetadata } from './util/browser.js';
 import { toSigned32bit } from './util/int.js';
 
 export default class Display {
@@ -16,17 +15,13 @@ export default class Display {
         this._drawCtx = null;
 
         this._renderQ = [];  // queue drawing actions for in-oder rendering
-        this._flushing = false;
+        this._flushPromise = null;
 
         // the full frame buffer (logical canvas) size
         this._fbWidth = 0;
         this._fbHeight = 0;
 
         this._prevDrawStyle = "";
-        this._tile = null;
-        this._tile16x16 = null;
-        this._tileX = 0;
-        this._tileY = 0;
 
         Log.Debug(">> Display.constructor");
 
@@ -60,22 +55,12 @@ export default class Display {
 
         Log.Debug("User Agent: " + navigator.userAgent);
 
-        // Check canvas features
-        if (!('createImageData' in this._drawCtx)) {
-            throw new Error("Canvas does not support createImageData");
-        }
-
-        this._tile16x16 = this._drawCtx.createImageData(16, 16);
         Log.Debug("<< Display.constructor");
 
         // ===== PROPERTIES =====
 
         this._scale = 1.0;
         this._clipViewport = false;
-
-        // ===== EVENT HANDLERS =====
-
-        this.onflush = () => {}; // A flush request has finished
     }
 
     // ===== PROPERTIES =====
@@ -235,6 +220,18 @@ export default class Display {
         this.viewportChangePos(0, 0);
     }
 
+    getImageData() {
+        return this._drawCtx.getImageData(0, 0, this.width, this.height);
+    }
+
+    toDataURL(type, encoderOptions) {
+        return this._backbuffer.toDataURL(type, encoderOptions);
+    }
+
+    toBlob(callback, type, quality) {
+        return this._backbuffer.toBlob(callback, type, quality);
+    }
+
     // Track what parts of the visible canvas that need updating
     _damage(x, y, w, h) {
         if (x < this._damageBounds.left) {
@@ -305,9 +302,14 @@ export default class Display {
 
     flush() {
         if (this._renderQ.length === 0) {
-            this.onflush();
+            return Promise.resolve();
         } else {
-            this._flushing = true;
+            if (this._flushPromise === null) {
+                this._flushPromise = new Promise((resolve) => {
+                    this._flushResolve = resolve;
+                });
+            }
+            return this._flushPromise;
         }
     }
 
@@ -378,57 +380,6 @@ export default class Display {
         });
     }
 
-    // start updating a tile
-    startTile(x, y, width, height, color) {
-        this._tileX = x;
-        this._tileY = y;
-        if (width === 16 && height === 16) {
-            this._tile = this._tile16x16;
-        } else {
-            this._tile = this._drawCtx.createImageData(width, height);
-        }
-
-        const red = color[2];
-        const green = color[1];
-        const blue = color[0];
-
-        const data = this._tile.data;
-        for (let i = 0; i < width * height * 4; i += 4) {
-            data[i] = red;
-            data[i + 1] = green;
-            data[i + 2] = blue;
-            data[i + 3] = 255;
-        }
-    }
-
-    // update sub-rectangle of the current tile
-    subTile(x, y, w, h, color) {
-        const red = color[2];
-        const green = color[1];
-        const blue = color[0];
-        const xend = x + w;
-        const yend = y + h;
-
-        const data = this._tile.data;
-        const width = this._tile.width;
-        for (let j = y; j < yend; j++) {
-            for (let i = x; i < xend; i++) {
-                const p = (i + (j * width)) * 4;
-                data[p] = red;
-                data[p + 1] = green;
-                data[p + 2] = blue;
-                data[p + 3] = 255;
-            }
-        }
-    }
-
-    // draw the current tile to the screen
-    finishTile() {
-        this._drawCtx.putImageData(this._tile, this._tileX, this._tileY);
-        this._damage(this._tileX, this._tileY,
-                     this._tile.width, this._tile.height);
-    }
-
     blitImage(x, y, width, height, arr, offset, fromQueue) {
         if (this._renderQ.length !== 0 && !fromQueue) {
             // NB(directxman12): it's technically more performant here to use preallocated arrays,
@@ -445,47 +396,13 @@ export default class Display {
                 'height': height,
             });
         } else {
-            this._bgrxImageData(x, y, width, height, arr, offset);
-        }
-    }
-
-    blitRgbImage(x, y, width, height, arr, offset, fromQueue) {
-        if (this._renderQ.length !== 0 && !fromQueue) {
-            // NB(directxman12): it's technically more performant here to use preallocated arrays,
-            // but it's a lot of extra work for not a lot of payoff -- if we're using the render queue,
-            // this probably isn't getting called *nearly* as much
-            const newArr = new Uint8Array(width * height * 3);
-            newArr.set(new Uint8Array(arr.buffer, 0, newArr.length));
-            this._renderQPush({
-                'type': 'blitRgb',
-                'data': newArr,
-                'x': x,
-                'y': y,
-                'width': width,
-                'height': height,
-            });
-        } else {
-            this._rgbImageData(x, y, width, height, arr, offset);
-        }
-    }
-
-    blitRgbxImage(x, y, width, height, arr, offset, fromQueue) {
-        if (this._renderQ.length !== 0 && !fromQueue) {
-            // NB(directxman12): it's technically more performant here to use preallocated arrays,
-            // but it's a lot of extra work for not a lot of payoff -- if we're using the render queue,
-            // this probably isn't getting called *nearly* as much
-            const newArr = new Uint8Array(width * height * 4);
-            newArr.set(new Uint8Array(arr.buffer, 0, newArr.length));
-            this._renderQPush({
-                'type': 'blitRgbx',
-                'data': newArr,
-                'x': x,
-                'y': y,
-                'width': width,
-                'height': height,
-            });
-        } else {
-            this._rgbxImageData(x, y, width, height, arr, offset);
+            // NB(directxman12): arr must be an Type Array view
+            let data = new Uint8ClampedArray(arr.buffer,
+                                             arr.byteOffset + offset,
+                                             width * height * 4);
+            let img = new ImageData(data, width, height);
+            this._drawCtx.putImageData(img, x, y);
+            this._damage(x, y, width, height);
         }
     }
 
@@ -537,52 +454,13 @@ export default class Display {
     }
 
     _setFillColor(color) {
-        const newStyle = 'rgb(' + color[2] + ',' + color[1] + ',' + color[0] + ')';
+        const newStyle = 'rgb(' + color[0] + ',' + color[1] + ',' + color[2] + ')';
         if (newStyle !== this._prevDrawStyle) {
             this._drawCtx.fillStyle = newStyle;
             this._prevDrawStyle = newStyle;
         }
     }
 
-    _rgbImageData(x, y, width, height, arr, offset) {
-        const img = this._drawCtx.createImageData(width, height);
-        const data = img.data;
-        for (let i = 0, j = offset; i < width * height * 4; i += 4, j += 3) {
-            data[i]     = arr[j];
-            data[i + 1] = arr[j + 1];
-            data[i + 2] = arr[j + 2];
-            data[i + 3] = 255;  // Alpha
-        }
-        this._drawCtx.putImageData(img, x, y);
-        this._damage(x, y, img.width, img.height);
-    }
-
-    _bgrxImageData(x, y, width, height, arr, offset) {
-        const img = this._drawCtx.createImageData(width, height);
-        const data = img.data;
-        for (let i = 0, j = offset; i < width * height * 4; i += 4, j += 4) {
-            data[i]     = arr[j + 2];
-            data[i + 1] = arr[j + 1];
-            data[i + 2] = arr[j];
-            data[i + 3] = 255;  // Alpha
-        }
-        this._drawCtx.putImageData(img, x, y);
-        this._damage(x, y, img.width, img.height);
-    }
-
-    _rgbxImageData(x, y, width, height, arr, offset) {
-        // NB(directxman12): arr must be an Type Array view
-        let img;
-        if (supportsImageMetadata) {
-            img = new ImageData(new Uint8ClampedArray(arr.buffer, arr.byteOffset, width * height * 4), width, height);
-        } else {
-            img = this._drawCtx.createImageData(width, height);
-            img.data.set(new Uint8ClampedArray(arr.buffer, arr.byteOffset, width * height * 4));
-        }
-        this._drawCtx.putImageData(img, x, y);
-        this._damage(x, y, img.width, img.height);
-    }
-
     _renderQPush(action) {
         this._renderQ.push(action);
         if (this._renderQ.length === 1) {
@@ -616,15 +494,8 @@ export default class Display {
                 case 'blit':
                     this.blitImage(a.x, a.y, a.width, a.height, a.data, 0, true);
                     break;
-                case 'blitRgb':
-                    this.blitRgbImage(a.x, a.y, a.width, a.height, a.data, 0, true);
-                    break;
-                case 'blitRgbx':
-                    this.blitRgbxImage(a.x, a.y, a.width, a.height, a.data, 0, true);
-                    break;
                 case 'img':
-                    /* IE tends to set "complete" prematurely, so check dimensions */
-                    if (a.img.complete && (a.img.width !== 0) && (a.img.height !== 0)) {
+                    if (a.img.complete) {
                         if (a.img.width !== a.width || a.img.height !== a.height) {
                             Log.Error("Decoded image has incorrect dimensions. Got " +
                                       a.img.width + "x" + a.img.height + ". Expected " +
@@ -647,9 +518,11 @@ export default class Display {
             }
         }
 
-        if (this._renderQ.length === 0 && this._flushing) {
-            this._flushing = false;
-            this.onflush();
+        if (this._renderQ.length === 0 &&
+            this._flushPromise !== null) {
+            this._flushResolve();
+            this._flushPromise = null;
+            this._flushResolve = null;
         }
     }
 }
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/encodings.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/encodings.js
index 51c099291..1a79989d1 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/encodings.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/encodings.js
@@ -12,7 +12,9 @@ export const encodings = {
     encodingRRE: 2,
     encodingHextile: 5,
     encodingTight: 7,
+    encodingZRLE: 16,
     encodingTightPNG: -260,
+    encodingJPEG: 21,
 
     pseudoEncodingQualityLevel9: -23,
     pseudoEncodingQualityLevel0: -32,
@@ -20,6 +22,7 @@ export const encodings = {
     pseudoEncodingLastRect: -224,
     pseudoEncodingCursor: -239,
     pseudoEncodingQEMUExtendedKeyEvent: -258,
+    pseudoEncodingQEMULedEvent: -261,
     pseudoEncodingDesktopName: -307,
     pseudoEncodingExtendedDesktopSize: -308,
     pseudoEncodingXvp: -309,
@@ -38,7 +41,9 @@ export function encodingName(num) {
         case encodings.encodingRRE:      return "RRE";
         case encodings.encodingHextile:  return "Hextile";
         case encodings.encodingTight:    return "Tight";
+        case encodings.encodingZRLE:     return "ZRLE";
         case encodings.encodingTightPNG: return "TightPNG";
+        case encodings.encodingJPEG:     return "JPEG";
         default:                         return "[unknown encoding " + num + "]";
     }
 }
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/inflator.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/inflator.js
index 4b337607b..f851f2a7d 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/inflator.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/inflator.js
@@ -14,9 +14,8 @@ export default class Inflate {
         this.strm = new ZStream();
         this.chunkSize = 1024 * 10 * 10;
         this.strm.output = new Uint8Array(this.chunkSize);
-        this.windowBits = 5;
 
-        inflateInit(this.strm, this.windowBits);
+        inflateInit(this.strm);
     }
 
     setInput(data) {
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/domkeytable.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/domkeytable.js
index b84ad45de..f79aeadfa 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/domkeytable.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/domkeytable.js
@@ -35,7 +35,7 @@ function addNumpad(key, standard, numpad) {
     DOMKeyTable[key] = [standard, standard, standard, numpad];
 }
 
-// 2.2. Modifier Keys
+// 3.2. Modifier Keys
 
 addLeftRight("Alt", KeyTable.XK_Alt_L, KeyTable.XK_Alt_R);
 addStandard("AltGraph", KeyTable.XK_ISO_Level3_Shift);
@@ -49,25 +49,27 @@ addStandard("ScrollLock", KeyTable.XK_Scroll_Lock);
 addLeftRight("Shift", KeyTable.XK_Shift_L, KeyTable.XK_Shift_R);
 // - Symbol
 // - SymbolLock
+// - Hyper
+// - Super
 
-// 2.3. Whitespace Keys
+// 3.3. Whitespace Keys
 
 addNumpad("Enter", KeyTable.XK_Return, KeyTable.XK_KP_Enter);
 addStandard("Tab", KeyTable.XK_Tab);
 addNumpad(" ", KeyTable.XK_space, KeyTable.XK_KP_Space);
 
-// 2.4. Navigation Keys
+// 3.4. Navigation Keys
 
 addNumpad("ArrowDown", KeyTable.XK_Down, KeyTable.XK_KP_Down);
-addNumpad("ArrowUp", KeyTable.XK_Up, KeyTable.XK_KP_Up);
 addNumpad("ArrowLeft", KeyTable.XK_Left, KeyTable.XK_KP_Left);
 addNumpad("ArrowRight", KeyTable.XK_Right, KeyTable.XK_KP_Right);
+addNumpad("ArrowUp", KeyTable.XK_Up, KeyTable.XK_KP_Up);
 addNumpad("End", KeyTable.XK_End, KeyTable.XK_KP_End);
 addNumpad("Home", KeyTable.XK_Home, KeyTable.XK_KP_Home);
 addNumpad("PageDown", KeyTable.XK_Next, KeyTable.XK_KP_Next);
 addNumpad("PageUp", KeyTable.XK_Prior, KeyTable.XK_KP_Prior);
 
-// 2.5. Editing Keys
+// 3.5. Editing Keys
 
 addStandard("Backspace", KeyTable.XK_BackSpace);
 // Browsers send "Clear" for the numpad 5 without NumLock because
@@ -85,7 +87,7 @@ addStandard("Paste", KeyTable.XF86XK_Paste);
 addStandard("Redo", KeyTable.XK_Redo);
 addStandard("Undo", KeyTable.XK_Undo);
 
-// 2.6. UI Keys
+// 3.6. UI Keys
 
 // - Accept
 // - Again (could just be XK_Redo)
@@ -103,7 +105,7 @@ addStandard("Select", KeyTable.XK_Select);
 addStandard("ZoomIn", KeyTable.XF86XK_ZoomIn);
 addStandard("ZoomOut", KeyTable.XF86XK_ZoomOut);
 
-// 2.7. Device Keys
+// 3.7. Device Keys
 
 addStandard("BrightnessDown", KeyTable.XF86XK_MonBrightnessDown);
 addStandard("BrightnessUp", KeyTable.XF86XK_MonBrightnessUp);
@@ -116,10 +118,10 @@ addStandard("Hibernate", KeyTable.XF86XK_Hibernate);
 addStandard("Standby", KeyTable.XF86XK_Standby);
 addStandard("WakeUp", KeyTable.XF86XK_WakeUp);
 
-// 2.8. IME and Composition Keys
+// 3.8. IME and Composition Keys
 
 addStandard("AllCandidates", KeyTable.XK_MultipleCandidate);
-addStandard("Alphanumeric", KeyTable.XK_Eisu_Shift); // could also be _Eisu_Toggle
+addStandard("Alphanumeric", KeyTable.XK_Eisu_toggle);
 addStandard("CodeInput", KeyTable.XK_Codeinput);
 addStandard("Compose", KeyTable.XK_Multi_key);
 addStandard("Convert", KeyTable.XK_Henkan);
@@ -137,7 +139,7 @@ addStandard("PreviousCandidate", KeyTable.XK_PreviousCandidate);
 addStandard("SingleCandidate", KeyTable.XK_SingleCandidate);
 addStandard("HangulMode", KeyTable.XK_Hangul);
 addStandard("HanjaMode", KeyTable.XK_Hangul_Hanja);
-addStandard("JunjuaMode", KeyTable.XK_Hangul_Jeonja);
+addStandard("JunjaMode", KeyTable.XK_Hangul_Jeonja);
 addStandard("Eisu", KeyTable.XK_Eisu_toggle);
 addStandard("Hankaku", KeyTable.XK_Hankaku);
 addStandard("Hiragana", KeyTable.XK_Hiragana);
@@ -147,9 +149,9 @@ addStandard("KanjiMode", KeyTable.XK_Kanji);
 addStandard("Katakana", KeyTable.XK_Katakana);
 addStandard("Romaji", KeyTable.XK_Romaji);
 addStandard("Zenkaku", KeyTable.XK_Zenkaku);
-addStandard("ZenkakuHanaku", KeyTable.XK_Zenkaku_Hankaku);
+addStandard("ZenkakuHankaku", KeyTable.XK_Zenkaku_Hankaku);
 
-// 2.9. General-Purpose Function Keys
+// 3.9. General-Purpose Function Keys
 
 addStandard("F1", KeyTable.XK_F1);
 addStandard("F2", KeyTable.XK_F2);
@@ -188,7 +190,7 @@ addStandard("F34", KeyTable.XK_F34);
 addStandard("F35", KeyTable.XK_F35);
 // - Soft1...
 
-// 2.10. Multimedia Keys
+// 3.10. Multimedia Keys
 
 // - ChannelDown
 // - ChannelUp
@@ -200,6 +202,7 @@ addStandard("MailSend", KeyTable.XF86XK_Send);
 addStandard("MediaFastForward", KeyTable.XF86XK_AudioForward);
 addStandard("MediaPause", KeyTable.XF86XK_AudioPause);
 addStandard("MediaPlay", KeyTable.XF86XK_AudioPlay);
+// - MediaPlayPause
 addStandard("MediaRecord", KeyTable.XF86XK_AudioRecord);
 addStandard("MediaRewind", KeyTable.XF86XK_AudioRewind);
 addStandard("MediaStop", KeyTable.XF86XK_AudioStop);
@@ -211,12 +214,12 @@ addStandard("Print", KeyTable.XK_Print);
 addStandard("Save", KeyTable.XF86XK_Save);
 addStandard("SpellCheck", KeyTable.XF86XK_Spell);
 
-// 2.11. Multimedia Numpad Keys
+// 3.11. Multimedia Numpad Keys
 
 // - Key11
 // - Key12
 
-// 2.12. Audio Keys
+// 3.12. Audio Keys
 
 // - AudioBalanceLeft
 // - AudioBalanceRight
@@ -236,16 +239,17 @@ addStandard("AudioVolumeMute", KeyTable.XF86XK_AudioMute);
 // - MicrophoneVolumeUp
 addStandard("MicrophoneVolumeMute", KeyTable.XF86XK_AudioMicMute);
 
-// 2.13. Speech Keys
+// 3.13. Speech Keys
 
 // - SpeechCorrectionList
 // - SpeechInputToggle
 
-// 2.14. Application Keys
+// 3.14. Application Keys
 
 addStandard("LaunchApplication1", KeyTable.XF86XK_MyComputer);
 addStandard("LaunchApplication2", KeyTable.XF86XK_Calculator);
 addStandard("LaunchCalendar", KeyTable.XF86XK_Calendar);
+// - LaunchContacts
 addStandard("LaunchMail", KeyTable.XF86XK_Mail);
 addStandard("LaunchMediaPlayer", KeyTable.XF86XK_AudioMedia);
 addStandard("LaunchMusicPlayer", KeyTable.XF86XK_Music);
@@ -256,7 +260,7 @@ addStandard("LaunchWebBrowser", KeyTable.XF86XK_WWW);
 addStandard("LaunchWebCam", KeyTable.XF86XK_WebCam);
 addStandard("LaunchWordProcessor", KeyTable.XF86XK_Word);
 
-// 2.15. Browser Keys
+// 3.15. Browser Keys
 
 addStandard("BrowserBack", KeyTable.XF86XK_Back);
 addStandard("BrowserFavorites", KeyTable.XF86XK_Favorites);
@@ -266,15 +270,15 @@ addStandard("BrowserRefresh", KeyTable.XF86XK_Refresh);
 addStandard("BrowserSearch", KeyTable.XF86XK_Search);
 addStandard("BrowserStop", KeyTable.XF86XK_Stop);
 
-// 2.16. Mobile Phone Keys
+// 3.16. Mobile Phone Keys
 
 // - A whole bunch...
 
-// 2.17. TV Keys
+// 3.17. TV Keys
 
 // - A whole bunch...
 
-// 2.18. Media Controller Keys
+// 3.18. Media Controller Keys
 
 // - A whole bunch...
 addStandard("Dimmer", KeyTable.XF86XK_BrightnessAdjust);
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/keyboard.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/keyboard.js
index 9e6af2ac7..68da2312b 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/keyboard.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/keyboard.js
@@ -20,16 +20,13 @@ export default class Keyboard {
 
         this._keyDownList = {};         // List of depressed keys
                                         // (even if they are happy)
-        this._pendingKey = null;        // Key waiting for keypress
         this._altGrArmed = false;       // Windows AltGr detection
 
         // keep these here so we can refer to them later
         this._eventHandlers = {
             'keyup': this._handleKeyUp.bind(this),
             'keydown': this._handleKeyDown.bind(this),
-            'keypress': this._handleKeyPress.bind(this),
             'blur': this._allKeysUp.bind(this),
-            'checkalt': this._checkAlt.bind(this),
         };
 
         // ===== EVENT HANDLERS =====
@@ -39,7 +36,7 @@ export default class Keyboard {
 
     // ===== PRIVATE METHODS =====
 
-    _sendKeyEvent(keysym, code, down) {
+    _sendKeyEvent(keysym, code, down, numlock = null, capslock = null) {
         if (down) {
             this._keyDownList[code] = keysym;
         } else {
@@ -51,8 +48,9 @@ export default class Keyboard {
         }
 
         Log.Debug("onkeyevent " + (down ? "down" : "up") +
-                  ", keysym: " + keysym, ", code: " + code);
-        this.onkeyevent(keysym, code, down);
+                  ", keysym: " + keysym, ", code: " + code +
+                  ", numlock: " + numlock + ", capslock: " + capslock);
+        this.onkeyevent(keysym, code, down, numlock, capslock);
     }
 
     _getKeyCode(e) {
@@ -62,9 +60,7 @@ export default class Keyboard {
         }
 
         // Unstable, but we don't have anything else to go on
-        // (don't use it for 'keypress' events thought since
-        // WebKit sets it to the same as charCode)
-        if (e.keyCode && (e.type !== 'keypress')) {
+        if (e.keyCode) {
             // 229 is used for composition events
             if (e.keyCode !== 229) {
                 return 'Platform' + e.keyCode;
@@ -91,6 +87,14 @@ export default class Keyboard {
     _handleKeyDown(e) {
         const code = this._getKeyCode(e);
         let keysym = KeyboardUtil.getKeysym(e);
+        let numlock = e.getModifierState('NumLock');
+        let capslock = e.getModifierState('CapsLock');
+
+        // getModifierState for NumLock is not supported on mac and ios and always returns false.
+        // Set to null to indicate unknown/unsupported instead.
+        if (browser.isMac() || browser.isIOS()) {
+            numlock = null;
+        }
 
         // Windows doesn't have a proper AltGr, but handles it using
         // fake Ctrl+Alt. However the remote end might not be Windows,
@@ -112,7 +116,7 @@ export default class Keyboard {
                 //        key to "AltGraph".
                 keysym = KeyTable.XK_ISO_Level3_Shift;
             } else {
-                this._sendKeyEvent(KeyTable.XK_Control_L, "ControlLeft", true);
+                this._sendKeyEvent(KeyTable.XK_Control_L, "ControlLeft", true, numlock, capslock);
             }
         }
 
@@ -123,8 +127,8 @@ export default class Keyboard {
                 // If it's a virtual keyboard then it should be
                 // sufficient to just send press and release right
                 // after each other
-                this._sendKeyEvent(keysym, code, true);
-                this._sendKeyEvent(keysym, code, false);
+                this._sendKeyEvent(keysym, code, true, numlock, capslock);
+                this._sendKeyEvent(keysym, code, false, numlock, capslock);
             }
 
             stopEvent(e);
@@ -158,31 +162,41 @@ export default class Keyboard {
             keysym = this._keyDownList[code];
         }
 
+        // macOS doesn't send proper key releases if a key is pressed
+        // while meta is held down
+        if ((browser.isMac() || browser.isIOS()) &&
+            (e.metaKey && code !== 'MetaLeft' && code !== 'MetaRight')) {
+            this._sendKeyEvent(keysym, code, true, numlock, capslock);
+            this._sendKeyEvent(keysym, code, false, numlock, capslock);
+            stopEvent(e);
+            return;
+        }
+
         // macOS doesn't send proper key events for modifiers, only
         // state change events. That gets extra confusing for CapsLock
         // which toggles on each press, but not on release. So pretend
         // it was a quick press and release of the button.
         if ((browser.isMac() || browser.isIOS()) && (code === 'CapsLock')) {
-            this._sendKeyEvent(KeyTable.XK_Caps_Lock, 'CapsLock', true);
-            this._sendKeyEvent(KeyTable.XK_Caps_Lock, 'CapsLock', false);
+            this._sendKeyEvent(KeyTable.XK_Caps_Lock, 'CapsLock', true, numlock, capslock);
+            this._sendKeyEvent(KeyTable.XK_Caps_Lock, 'CapsLock', false, numlock, capslock);
             stopEvent(e);
             return;
         }
 
-        // If this is a legacy browser then we'll need to wait for
-        // a keypress event as well
-        // (IE and Edge has a broken KeyboardEvent.key, so we can't
-        // just check for the presence of that field)
-        if (!keysym && (!e.key || browser.isIE() || browser.isEdge())) {
-            this._pendingKey = code;
-            // However we might not get a keypress event if the key
-            // is non-printable, which needs some special fallback
-            // handling
-            setTimeout(this._handleKeyPressTimeout.bind(this), 10, e);
+        // Windows doesn't send proper key releases for a bunch of
+        // Japanese IM keys so we have to fake the release right away
+        const jpBadKeys = [ KeyTable.XK_Zenkaku_Hankaku,
+                            KeyTable.XK_Eisu_toggle,
+                            KeyTable.XK_Katakana,
+                            KeyTable.XK_Hiragana,
+                            KeyTable.XK_Romaji ];
+        if (browser.isWindows() && jpBadKeys.includes(keysym)) {
+            this._sendKeyEvent(keysym, code, true, numlock, capslock);
+            this._sendKeyEvent(keysym, code, false, numlock, capslock);
+            stopEvent(e);
             return;
         }
 
-        this._pendingKey = null;
         stopEvent(e);
 
         // Possible start of AltGr sequence? (see above)
@@ -194,70 +208,7 @@ export default class Keyboard {
             return;
         }
 
-        this._sendKeyEvent(keysym, code, true);
-    }
-
-    // Legacy event for browsers without code/key
-    _handleKeyPress(e) {
-        stopEvent(e);
-
-        // Are we expecting a keypress?
-        if (this._pendingKey === null) {
-            return;
-        }
-
-        let code = this._getKeyCode(e);
-        const keysym = KeyboardUtil.getKeysym(e);
-
-        // The key we were waiting for?
-        if ((code !== 'Unidentified') && (code != this._pendingKey)) {
-            return;
-        }
-
-        code = this._pendingKey;
-        this._pendingKey = null;
-
-        if (!keysym) {
-            Log.Info('keypress with no keysym:', e);
-            return;
-        }
-
-        this._sendKeyEvent(keysym, code, true);
-    }
-
-    _handleKeyPressTimeout(e) {
-        // Did someone manage to sort out the key already?
-        if (this._pendingKey === null) {
-            return;
-        }
-
-        let keysym;
-
-        const code = this._pendingKey;
-        this._pendingKey = null;
-
-        // We have no way of knowing the proper keysym with the
-        // information given, but the following are true for most
-        // layouts
-        if ((e.keyCode >= 0x30) && (e.keyCode <= 0x39)) {
-            // Digit
-            keysym = e.keyCode;
-        } else if ((e.keyCode >= 0x41) && (e.keyCode <= 0x5a)) {
-            // Character (A-Z)
-            let char = String.fromCharCode(e.keyCode);
-            // A feeble attempt at the correct case
-            if (e.shiftKey) {
-                char = char.toUpperCase();
-            } else {
-                char = char.toLowerCase();
-            }
-            keysym = char.charCodeAt();
-        } else {
-            // Unknown, give up
-            keysym = 0;
-        }
-
-        this._sendKeyEvent(keysym, code, true);
+        this._sendKeyEvent(keysym, code, true, numlock, capslock);
     }
 
     _handleKeyUp(e) {
@@ -312,30 +263,6 @@ export default class Keyboard {
         Log.Debug("<< Keyboard.allKeysUp");
     }
 
-    // Alt workaround for Firefox on Windows, see below
-    _checkAlt(e) {
-        if (e.skipCheckAlt) {
-            return;
-        }
-        if (e.altKey) {
-            return;
-        }
-
-        const target = this._target;
-        const downList = this._keyDownList;
-        ['AltLeft', 'AltRight'].forEach((code) => {
-            if (!(code in downList)) {
-                return;
-            }
-
-            const event = new KeyboardEvent('keyup',
-                                            { key: downList[code],
-                                              code: code });
-            event.skipCheckAlt = true;
-            target.dispatchEvent(event);
-        });
-    }
-
     // ===== PUBLIC METHODS =====
 
     grab() {
@@ -343,41 +270,18 @@ export default class Keyboard {
 
         this._target.addEventListener('keydown', this._eventHandlers.keydown);
         this._target.addEventListener('keyup', this._eventHandlers.keyup);
-        this._target.addEventListener('keypress', this._eventHandlers.keypress);
 
         // Release (key up) if window loses focus
         window.addEventListener('blur', this._eventHandlers.blur);
 
-        // Firefox on Windows has broken handling of Alt, so we need to
-        // poll as best we can for releases (still doesn't prevent the
-        // menu from popping up though as we can't call
-        // preventDefault())
-        if (browser.isWindows() && browser.isFirefox()) {
-            const handler = this._eventHandlers.checkalt;
-            ['mousedown', 'mouseup', 'mousemove', 'wheel',
-             'touchstart', 'touchend', 'touchmove',
-             'keydown', 'keyup'].forEach(type =>
-                document.addEventListener(type, handler,
-                                          { capture: true,
-                                            passive: true }));
-        }
-
         //Log.Debug("<< Keyboard.grab");
     }
 
     ungrab() {
         //Log.Debug(">> Keyboard.ungrab");
 
-        if (browser.isWindows() && browser.isFirefox()) {
-            const handler = this._eventHandlers.checkalt;
-            ['mousedown', 'mouseup', 'mousemove', 'wheel',
-             'touchstart', 'touchend', 'touchmove',
-             'keydown', 'keyup'].forEach(type => document.removeEventListener(type, handler));
-        }
-
         this._target.removeEventListener('keydown', this._eventHandlers.keydown);
         this._target.removeEventListener('keyup', this._eventHandlers.keyup);
-        this._target.removeEventListener('keypress', this._eventHandlers.keypress);
         window.removeEventListener('blur', this._eventHandlers.blur);
 
         // Release (key up) all keys that are in a down state
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/util.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/util.js
index 1b98040be..36b698176 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/util.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/util.js
@@ -22,9 +22,8 @@ export function getKeycode(evt) {
     }
 
     // The de-facto standard is to use Windows Virtual-Key codes
-    // in the 'keyCode' field for non-printable characters. However
-    // Webkit sets it to the same as charCode in 'keypress' events.
-    if ((evt.type !== 'keypress') && (evt.keyCode in vkeys)) {
+    // in the 'keyCode' field for non-printable characters
+    if (evt.keyCode in vkeys) {
         let code = vkeys[evt.keyCode];
 
         // macOS has messed up this code for some reason
@@ -68,27 +67,7 @@ export function getKeycode(evt) {
 // Get 'KeyboardEvent.key', handling legacy browsers
 export function getKey(evt) {
     // Are we getting a proper key value?
-    if (evt.key !== undefined) {
-        // IE and Edge use some ancient version of the spec
-        // https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/8860571/
-        switch (evt.key) {
-            case 'Spacebar': return ' ';
-            case 'Esc': return 'Escape';
-            case 'Scroll': return 'ScrollLock';
-            case 'Win': return 'Meta';
-            case 'Apps': return 'ContextMenu';
-            case 'Up': return 'ArrowUp';
-            case 'Left': return 'ArrowLeft';
-            case 'Right': return 'ArrowRight';
-            case 'Down': return 'ArrowDown';
-            case 'Del': return 'Delete';
-            case 'Divide': return '/';
-            case 'Multiply': return '*';
-            case 'Subtract': return '-';
-            case 'Add': return '+';
-            case 'Decimal': return evt.char;
-        }
-
+    if ((evt.key !== undefined) && (evt.key !== 'Unidentified')) {
         // Mozilla isn't fully in sync with the spec yet
         switch (evt.key) {
             case 'OS': return 'Meta';
@@ -110,18 +89,7 @@ export function getKey(evt) {
             return 'Delete';
         }
 
-        // IE and Edge need special handling, but for everyone else we
-        // can trust the value provided
-        if (!browser.isIE() && !browser.isEdge()) {
-            return evt.key;
-        }
-
-        // IE and Edge have broken handling of AltGraph so we can only
-        // trust them for non-printable characters (and unfortunately
-        // they also specify 'Unidentified' for some problem keys)
-        if ((evt.key.length !== 1) && (evt.key !== 'Unidentified')) {
-            return evt.key;
-        }
+        return evt.key;
     }
 
     // Try to deduce it based on the physical key
@@ -189,6 +157,21 @@ export function getKeysym(evt) {
             }
         }
 
+        // Windows sends alternating symbols for some keys when using a
+        // Japanese layout. We have no way of synchronising with the IM
+        // running on the remote system, so we send some combined keysym
+        // instead and hope for the best.
+        if (browser.isWindows()) {
+            switch (key) {
+                case 'Zenkaku':
+                case 'Hankaku':
+                    return KeyTable.XK_Zenkaku_Hankaku;
+                case 'Romaji':
+                case 'KanaMode':
+                    return KeyTable.XK_Romaji;
+            }
+        }
+
         return DOMKeyTable[key][location];
     }
 
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/vkeys.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/vkeys.js
index f84109b25..dacc35809 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/vkeys.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/vkeys.js
@@ -13,7 +13,6 @@ export default {
     0x08: 'Backspace',
     0x09: 'Tab',
     0x0a: 'NumpadClear',
-    0x0c: 'Numpad5', // IE11 sends evt.keyCode: 12 when numlock is off
     0x0d: 'Enter',
     0x10: 'ShiftLeft',
     0x11: 'ControlLeft',
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/xtscancodes.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/xtscancodes.js
index 514809c6f..8ab9c17fd 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/input/xtscancodes.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/input/xtscancodes.js
@@ -1,8 +1,8 @@
 /*
- * This file is auto-generated from keymaps.csv on 2017-05-31 16:20
- * Database checksum sha256(92fd165507f2a3b8c5b3fa56e425d45788dbcb98cf067a307527d91ce22cab94)
+ * This file is auto-generated from keymaps.csv
+ * Database checksum sha256(76d68c10e97d37fe2ea459e210125ae41796253fb217e900bf2983ade13a7920)
  * To re-generate, run:
- *   keymap-gen --lang=js code-map keymaps.csv html atset1
+ *   keymap-gen code-map --lang=js keymaps.csv html atset1
 */
 export default {
   "Again": 0xe005, /* html:Again (Again) -> linux:129 (KEY_AGAIN) -> atset1:57349 */
@@ -111,6 +111,8 @@ export default {
   "KeyX": 0x2d, /* html:KeyX (KeyX) -> linux:45 (KEY_X) -> atset1:45 */
   "KeyY": 0x15, /* html:KeyY (KeyY) -> linux:21 (KEY_Y) -> atset1:21 */
   "KeyZ": 0x2c, /* html:KeyZ (KeyZ) -> linux:44 (KEY_Z) -> atset1:44 */
+  "Lang1": 0x72, /* html:Lang1 (Lang1) -> linux:122 (KEY_HANGEUL) -> atset1:114 */
+  "Lang2": 0x71, /* html:Lang2 (Lang2) -> linux:123 (KEY_HANJA) -> atset1:113 */
   "Lang3": 0x78, /* html:Lang3 (Lang3) -> linux:90 (KEY_KATAKANA) -> atset1:120 */
   "Lang4": 0x77, /* html:Lang4 (Lang4) -> linux:91 (KEY_HIRAGANA) -> atset1:119 */
   "Lang5": 0x76, /* html:Lang5 (Lang5) -> linux:85 (KEY_ZENKAKUHANKAKU) -> atset1:118 */
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/ra2.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/ra2.js
new file mode 100644
index 000000000..d330b848d
--- /dev/null
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/ra2.js
@@ -0,0 +1,312 @@
+import { encodeUTF8 } from './util/strings.js';
+import EventTargetMixin from './util/eventtarget.js';
+import legacyCrypto from './crypto/crypto.js';
+
+class RA2Cipher {
+    constructor() {
+        this._cipher = null;
+        this._counter = new Uint8Array(16);
+    }
+
+    async setKey(key) {
+        this._cipher = await legacyCrypto.importKey(
+            "raw", key, { name: "AES-EAX" }, false, ["encrypt, decrypt"]);
+    }
+
+    async makeMessage(message) {
+        const ad = new Uint8Array([(message.length & 0xff00) >>> 8, message.length & 0xff]);
+        const encrypted = await legacyCrypto.encrypt({
+            name: "AES-EAX",
+            iv: this._counter,
+            additionalData: ad,
+        }, this._cipher, message);
+        for (let i = 0; i < 16 && this._counter[i]++ === 255; i++);
+        const res = new Uint8Array(message.length + 2 + 16);
+        res.set(ad);
+        res.set(encrypted, 2);
+        return res;
+    }
+
+    async receiveMessage(length, encrypted) {
+        const ad = new Uint8Array([(length & 0xff00) >>> 8, length & 0xff]);
+        const res = await legacyCrypto.decrypt({
+            name: "AES-EAX",
+            iv: this._counter,
+            additionalData: ad,
+        }, this._cipher, encrypted);
+        for (let i = 0; i < 16 && this._counter[i]++ === 255; i++);
+        return res;
+    }
+}
+
+export default class RSAAESAuthenticationState extends EventTargetMixin {
+    constructor(sock, getCredentials) {
+        super();
+        this._hasStarted = false;
+        this._checkSock = null;
+        this._checkCredentials = null;
+        this._approveServerResolve = null;
+        this._sockReject = null;
+        this._credentialsReject = null;
+        this._approveServerReject = null;
+        this._sock = sock;
+        this._getCredentials = getCredentials;
+    }
+
+    _waitSockAsync(len) {
+        return new Promise((resolve, reject) => {
+            const hasData = () => !this._sock.rQwait('RA2', len);
+            if (hasData()) {
+                resolve();
+            } else {
+                this._checkSock = () => {
+                    if (hasData()) {
+                        resolve();
+                        this._checkSock = null;
+                        this._sockReject = null;
+                    }
+                };
+                this._sockReject = reject;
+            }
+        });
+    }
+
+    _waitApproveKeyAsync() {
+        return new Promise((resolve, reject) => {
+            this._approveServerResolve = resolve;
+            this._approveServerReject = reject;
+        });
+    }
+
+    _waitCredentialsAsync(subtype) {
+        const hasCredentials = () => {
+            if (subtype === 1 && this._getCredentials().username !== undefined &&
+                this._getCredentials().password !== undefined) {
+                return true;
+            } else if (subtype === 2 && this._getCredentials().password !== undefined) {
+                return true;
+            }
+            return false;
+        };
+        return new Promise((resolve, reject) => {
+            if (hasCredentials()) {
+                resolve();
+            } else {
+                this._checkCredentials = () => {
+                    if (hasCredentials()) {
+                        resolve();
+                        this._checkCredentials = null;
+                        this._credentialsReject = null;
+                    }
+                };
+                this._credentialsReject = reject;
+            }
+        });
+    }
+
+    checkInternalEvents() {
+        if (this._checkSock !== null) {
+            this._checkSock();
+        }
+        if (this._checkCredentials !== null) {
+            this._checkCredentials();
+        }
+    }
+
+    approveServer() {
+        if (this._approveServerResolve !== null) {
+            this._approveServerResolve();
+            this._approveServerResolve = null;
+        }
+    }
+
+    disconnect() {
+        if (this._sockReject !== null) {
+            this._sockReject(new Error("disconnect normally"));
+            this._sockReject = null;
+        }
+        if (this._credentialsReject !== null) {
+            this._credentialsReject(new Error("disconnect normally"));
+            this._credentialsReject = null;
+        }
+        if (this._approveServerReject !== null) {
+            this._approveServerReject(new Error("disconnect normally"));
+            this._approveServerReject = null;
+        }
+    }
+
+    async negotiateRA2neAuthAsync() {
+        this._hasStarted = true;
+        // 1: Receive server public key
+        await this._waitSockAsync(4);
+        const serverKeyLengthBuffer = this._sock.rQpeekBytes(4);
+        const serverKeyLength = this._sock.rQshift32();
+        if (serverKeyLength < 1024) {
+            throw new Error("RA2: server public key is too short: " + serverKeyLength);
+        } else if (serverKeyLength > 8192) {
+            throw new Error("RA2: server public key is too long: " + serverKeyLength);
+        }
+        const serverKeyBytes = Math.ceil(serverKeyLength / 8);
+        await this._waitSockAsync(serverKeyBytes * 2);
+        const serverN = this._sock.rQshiftBytes(serverKeyBytes);
+        const serverE = this._sock.rQshiftBytes(serverKeyBytes);
+        const serverRSACipher = await legacyCrypto.importKey(
+            "raw", { n: serverN, e: serverE }, { name: "RSA-PKCS1-v1_5" }, false, ["encrypt"]);
+        const serverPublickey = new Uint8Array(4 + serverKeyBytes * 2);
+        serverPublickey.set(serverKeyLengthBuffer);
+        serverPublickey.set(serverN, 4);
+        serverPublickey.set(serverE, 4 + serverKeyBytes);
+
+        // verify server public key
+        let approveKey = this._waitApproveKeyAsync();
+        this.dispatchEvent(new CustomEvent("serververification", {
+            detail: { type: "RSA", publickey: serverPublickey }
+        }));
+        await approveKey;
+
+        // 2: Send client public key
+        const clientKeyLength = 2048;
+        const clientKeyBytes = Math.ceil(clientKeyLength / 8);
+        const clientRSACipher = (await legacyCrypto.generateKey({
+            name: "RSA-PKCS1-v1_5",
+            modulusLength: clientKeyLength,
+            publicExponent: new Uint8Array([1, 0, 1]),
+        }, true, ["encrypt"])).privateKey;
+        const clientExportedRSAKey = await legacyCrypto.exportKey("raw", clientRSACipher);
+        const clientN = clientExportedRSAKey.n;
+        const clientE = clientExportedRSAKey.e;
+        const clientPublicKey = new Uint8Array(4 + clientKeyBytes * 2);
+        clientPublicKey[0] = (clientKeyLength & 0xff000000) >>> 24;
+        clientPublicKey[1] = (clientKeyLength & 0xff0000) >>> 16;
+        clientPublicKey[2] = (clientKeyLength & 0xff00) >>> 8;
+        clientPublicKey[3] = clientKeyLength & 0xff;
+        clientPublicKey.set(clientN, 4);
+        clientPublicKey.set(clientE, 4 + clientKeyBytes);
+        this._sock.sQpushBytes(clientPublicKey);
+        this._sock.flush();
+
+        // 3: Send client random
+        const clientRandom = new Uint8Array(16);
+        window.crypto.getRandomValues(clientRandom);
+        const clientEncryptedRandom = await legacyCrypto.encrypt(
+            { name: "RSA-PKCS1-v1_5" }, serverRSACipher, clientRandom);
+        const clientRandomMessage = new Uint8Array(2 + serverKeyBytes);
+        clientRandomMessage[0] = (serverKeyBytes & 0xff00) >>> 8;
+        clientRandomMessage[1] = serverKeyBytes & 0xff;
+        clientRandomMessage.set(clientEncryptedRandom, 2);
+        this._sock.sQpushBytes(clientRandomMessage);
+        this._sock.flush();
+
+        // 4: Receive server random
+        await this._waitSockAsync(2);
+        if (this._sock.rQshift16() !== clientKeyBytes) {
+            throw new Error("RA2: wrong encrypted message length");
+        }
+        const serverEncryptedRandom = this._sock.rQshiftBytes(clientKeyBytes);
+        const serverRandom = await legacyCrypto.decrypt(
+            { name: "RSA-PKCS1-v1_5" }, clientRSACipher, serverEncryptedRandom);
+        if (serverRandom === null || serverRandom.length !== 16) {
+            throw new Error("RA2: corrupted server encrypted random");
+        }
+
+        // 5: Compute session keys and set ciphers
+        let clientSessionKey = new Uint8Array(32);
+        let serverSessionKey = new Uint8Array(32);
+        clientSessionKey.set(serverRandom);
+        clientSessionKey.set(clientRandom, 16);
+        serverSessionKey.set(clientRandom);
+        serverSessionKey.set(serverRandom, 16);
+        clientSessionKey = await window.crypto.subtle.digest("SHA-1", clientSessionKey);
+        clientSessionKey = new Uint8Array(clientSessionKey).slice(0, 16);
+        serverSessionKey = await window.crypto.subtle.digest("SHA-1", serverSessionKey);
+        serverSessionKey = new Uint8Array(serverSessionKey).slice(0, 16);
+        const clientCipher = new RA2Cipher();
+        await clientCipher.setKey(clientSessionKey);
+        const serverCipher = new RA2Cipher();
+        await serverCipher.setKey(serverSessionKey);
+
+        // 6: Compute and exchange hashes
+        let serverHash = new Uint8Array(8 + serverKeyBytes * 2 + clientKeyBytes * 2);
+        let clientHash = new Uint8Array(8 + serverKeyBytes * 2 + clientKeyBytes * 2);
+        serverHash.set(serverPublickey);
+        serverHash.set(clientPublicKey, 4 + serverKeyBytes * 2);
+        clientHash.set(clientPublicKey);
+        clientHash.set(serverPublickey, 4 + clientKeyBytes * 2);
+        serverHash = await window.crypto.subtle.digest("SHA-1", serverHash);
+        clientHash = await window.crypto.subtle.digest("SHA-1", clientHash);
+        serverHash = new Uint8Array(serverHash);
+        clientHash = new Uint8Array(clientHash);
+        this._sock.sQpushBytes(await clientCipher.makeMessage(clientHash));
+        this._sock.flush();
+        await this._waitSockAsync(2 + 20 + 16);
+        if (this._sock.rQshift16() !== 20) {
+            throw new Error("RA2: wrong server hash");
+        }
+        const serverHashReceived = await serverCipher.receiveMessage(
+            20, this._sock.rQshiftBytes(20 + 16));
+        if (serverHashReceived === null) {
+            throw new Error("RA2: failed to authenticate the message");
+        }
+        for (let i = 0; i < 20; i++) {
+            if (serverHashReceived[i] !== serverHash[i]) {
+                throw new Error("RA2: wrong server hash");
+            }
+        }
+
+        // 7: Receive subtype
+        await this._waitSockAsync(2 + 1 + 16);
+        if (this._sock.rQshift16() !== 1) {
+            throw new Error("RA2: wrong subtype");
+        }
+        let subtype = (await serverCipher.receiveMessage(
+            1, this._sock.rQshiftBytes(1 + 16)));
+        if (subtype === null) {
+            throw new Error("RA2: failed to authenticate the message");
+        }
+        subtype = subtype[0];
+        let waitCredentials = this._waitCredentialsAsync(subtype);
+        if (subtype === 1) {
+            if (this._getCredentials().username === undefined ||
+                this._getCredentials().password === undefined) {
+                this.dispatchEvent(new CustomEvent(
+                    "credentialsrequired",
+                    { detail: { types: ["username", "password"] } }));
+            }
+        } else if (subtype === 2) {
+            if (this._getCredentials().password === undefined) {
+                this.dispatchEvent(new CustomEvent(
+                    "credentialsrequired",
+                    { detail: { types: ["password"] } }));
+            }
+        } else {
+            throw new Error("RA2: wrong subtype");
+        }
+        await waitCredentials;
+        let username;
+        if (subtype === 1) {
+            username = encodeUTF8(this._getCredentials().username).slice(0, 255);
+        } else {
+            username = "";
+        }
+        const password = encodeUTF8(this._getCredentials().password).slice(0, 255);
+        const credentials = new Uint8Array(username.length + password.length + 2);
+        credentials[0] = username.length;
+        credentials[username.length + 1] = password.length;
+        for (let i = 0; i < username.length; i++) {
+            credentials[i + 1] = username.charCodeAt(i);
+        }
+        for (let i = 0; i < password.length; i++) {
+            credentials[username.length + 2 + i] = password.charCodeAt(i);
+        }
+        this._sock.sQpushBytes(await clientCipher.makeMessage(credentials));
+        this._sock.flush();
+    }
+
+    get hasStarted() {
+        return this._hasStarted;
+    }
+
+    set hasStarted(s) {
+        this._hasStarted = s;
+    }
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/rfb.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/rfb.js
index f35d503f1..f2deb0e7b 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/rfb.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/rfb.js
@@ -21,11 +21,11 @@ import Keyboard from "./input/keyboard.js";
 import GestureHandler from "./input/gesturehandler.js";
 import Cursor from "./util/cursor.js";
 import Websock from "./websock.js";
-import DES from "./des.js";
 import KeyTable from "./input/keysym.js";
 import XtScancode from "./input/xtscancodes.js";
 import { encodings } from "./encodings.js";
-import "./util/polyfill.js";
+import RSAAESAuthenticationState from "./ra2.js";
+import legacyCrypto from "./crypto/crypto.js";
 
 import RawDecoder from "./decoders/raw.js";
 import CopyRectDecoder from "./decoders/copyrect.js";
@@ -33,6 +33,8 @@ import RREDecoder from "./decoders/rre.js";
 import HextileDecoder from "./decoders/hextile.js";
 import TightDecoder from "./decoders/tight.js";
 import TightPNGDecoder from "./decoders/tightpng.js";
+import ZRLEDecoder from "./decoders/zrle.js";
+import JPEGDecoder from "./decoders/jpeg.js";
 
 // How many seconds to wait for a disconnect to finish
 const DISCONNECT_TIMEOUT = 3;
@@ -51,6 +53,22 @@ const GESTURE_SCRLSENS = 50;
 const DOUBLE_TAP_TIMEOUT = 1000;
 const DOUBLE_TAP_THRESHOLD = 50;
 
+// Security types
+const securityTypeNone              = 1;
+const securityTypeVNCAuth           = 2;
+const securityTypeRA2ne             = 6;
+const securityTypeTight             = 16;
+const securityTypeVeNCrypt          = 19;
+const securityTypeXVP               = 22;
+const securityTypeARD               = 30;
+const securityTypeMSLogonII         = 113;
+
+// Special Tight security types
+const securityTypeUnixLogon         = 129;
+
+// VeNCrypt security types
+const securityTypePlain             = 256;
+
 // Extended clipboard pseudo-encoding formats
 const extendedClipboardFormatText   = 1;
 /*eslint-disable no-unused-vars */
@@ -67,20 +85,31 @@ const extendedClipboardActionPeek    = 1 << 26;
 const extendedClipboardActionNotify  = 1 << 27;
 const extendedClipboardActionProvide = 1 << 28;
 
-
 export default class RFB extends EventTargetMixin {
-    constructor(target, url, options) {
+    constructor(target, urlOrChannel, options) {
         if (!target) {
             throw new Error("Must specify target");
         }
-        if (!url) {
-            throw new Error("Must specify URL");
+        if (!urlOrChannel) {
+            throw new Error("Must specify URL, WebSocket or RTCDataChannel");
+        }
+
+        // We rely on modern APIs which might not be available in an
+        // insecure context
+        if (!window.isSecureContext) {
+            Log.Error("noVNC requires a secure context (TLS). Expect crashes!");
         }
 
         super();
 
         this._target = target;
-        this._url = url;
+
+        if (typeof urlOrChannel === "string") {
+            this._url = urlOrChannel;
+        } else {
+            this._url = null;
+            this._rawChannel = urlOrChannel;
+        }
 
         // Connection details
         options = options || {};
@@ -94,6 +123,7 @@ export default class RFB extends EventTargetMixin {
         this._rfbInitState = '';
         this._rfbAuthScheme = -1;
         this._rfbCleanDisconnect = true;
+        this._rfbRSAAESAuthenticationState = null;
 
         // Server capabilities
         this._rfbVersion = 0;
@@ -130,6 +160,7 @@ export default class RFB extends EventTargetMixin {
         this._flushing = false;         // Display flushing state
         this._keyboard = null;          // Keyboard input handler object
         this._gestures = null;          // Gesture input handler object
+        this._resizeObserver = null;    // Resize observer object
 
         // Timers
         this._disconnTimer = null;      // disconnection timer
@@ -167,10 +198,12 @@ export default class RFB extends EventTargetMixin {
         // Bound event handlers
         this._eventHandlers = {
             focusCanvas: this._focusCanvas.bind(this),
-            windowResize: this._windowResize.bind(this),
+            handleResize: this._handleResize.bind(this),
             handleMouse: this._handleMouse.bind(this),
             handleWheel: this._handleWheel.bind(this),
             handleGesture: this._handleGesture.bind(this),
+            handleRSAAESCredentialsRequired: this._handleRSAAESCredentialsRequired.bind(this),
+            handleRSAAESServerVerification: this._handleRSAAESServerVerification.bind(this),
         };
 
         // main setup
@@ -187,8 +220,6 @@ export default class RFB extends EventTargetMixin {
         this._canvas.style.margin = 'auto';
         // Some browsers add an outline on focus
         this._canvas.style.outline = 'none';
-        // IE miscalculates width without this :(
-        this._canvas.style.flexShrink = '0';
         this._canvas.width = 0;
         this._canvas.height = 0;
         this._canvas.tabIndex = -1;
@@ -215,6 +246,8 @@ export default class RFB extends EventTargetMixin {
         this._decoders[encodings.encodingHextile] = new HextileDecoder();
         this._decoders[encodings.encodingTight] = new TightDecoder();
         this._decoders[encodings.encodingTightPNG] = new TightPNGDecoder();
+        this._decoders[encodings.encodingZRLE] = new ZRLEDecoder();
+        this._decoders[encodings.encodingJPEG] = new JPEGDecoder();
 
         // NB: nothing that needs explicit teardown should be done
         // before this point, since this can throw an exception
@@ -224,66 +257,26 @@ export default class RFB extends EventTargetMixin {
             Log.Error("Display exception: " + exc);
             throw exc;
         }
-        this._display.onflush = this._onFlush.bind(this);
 
         this._keyboard = new Keyboard(this._canvas);
         this._keyboard.onkeyevent = this._handleKeyEvent.bind(this);
+        this._remoteCapsLock = null; // Null indicates unknown or irrelevant
+        this._remoteNumLock = null;
 
         this._gestures = new GestureHandler();
 
         this._sock = new Websock();
-        this._sock.on('message', () => {
-            this._handleMessage();
-        });
-        this._sock.on('open', () => {
-            if ((this._rfbConnectionState === 'connecting') &&
-                (this._rfbInitState === '')) {
-                this._rfbInitState = 'ProtocolVersion';
-                Log.Debug("Starting VNC handshake");
-            } else {
-                this._fail("Unexpected server connection while " +
-                           this._rfbConnectionState);
-            }
-        });
-        this._sock.on('close', (e) => {
-            Log.Debug("WebSocket on-close event");
-            let msg = "";
-            if (e.code) {
-                msg = "(code: " + e.code;
-                if (e.reason) {
-                    msg += ", reason: " + e.reason;
-                }
-                msg += ")";
-            }
-            switch (this._rfbConnectionState) {
-                case 'connecting':
-                    this._fail("Connection closed " + msg);
-                    break;
-                case 'connected':
-                    // Handle disconnects that were initiated server-side
-                    this._updateConnectionState('disconnecting');
-                    this._updateConnectionState('disconnected');
-                    break;
-                case 'disconnecting':
-                    // Normal disconnection path
-                    this._updateConnectionState('disconnected');
-                    break;
-                case 'disconnected':
-                    this._fail("Unexpected server disconnect " +
-                               "when already disconnected " + msg);
-                    break;
-                default:
-                    this._fail("Unexpected server disconnect before connecting " +
-                               msg);
-                    break;
-            }
-            this._sock.off('close');
-        });
-        this._sock.on('error', e => Log.Warn("WebSocket on-error event"));
+        this._sock.on('open', this._socketOpen.bind(this));
+        this._sock.on('close', this._socketClose.bind(this));
+        this._sock.on('message', this._handleMessage.bind(this));
+        this._sock.on('error', this._socketError.bind(this));
 
-        // Slight delay of the actual connection so that the caller has
-        // time to set up callbacks
-        setTimeout(this._updateConnectionState.bind(this, 'connecting'));
+        this._expectedClientWidth = null;
+        this._expectedClientHeight = null;
+        this._resizeObserver = new ResizeObserver(this._eventHandlers.handleResize);
+
+        // All prepared, kick off the connection
+        this._updateConnectionState('connecting');
 
         Log.Debug("<< RFB.constructor");
 
@@ -294,6 +287,7 @@ export default class RFB extends EventTargetMixin {
 
         this._viewOnly = false;
         this._clipViewport = false;
+        this._clippingViewport = false;
         this._scaleViewport = false;
         this._resizeSession = false;
 
@@ -325,6 +319,16 @@ export default class RFB extends EventTargetMixin {
 
     get capabilities() { return this._capabilities; }
 
+    get clippingViewport() { return this._clippingViewport; }
+    _setClippingViewport(on) {
+        if (on === this._clippingViewport) {
+            return;
+        }
+        this._clippingViewport = on;
+        this.dispatchEvent(new CustomEvent("clippingviewport",
+                                           { detail: this._clippingViewport }));
+    }
+
     get touchButton() { return 0; }
     set touchButton(button) { Log.Warn("Using old API!"); }
 
@@ -412,11 +416,20 @@ export default class RFB extends EventTargetMixin {
         this._sock.off('error');
         this._sock.off('message');
         this._sock.off('open');
+        if (this._rfbRSAAESAuthenticationState !== null) {
+            this._rfbRSAAESAuthenticationState.disconnect();
+        }
+    }
+
+    approveServer() {
+        if (this._rfbRSAAESAuthenticationState !== null) {
+            this._rfbRSAAESAuthenticationState.approveServer();
+        }
     }
 
     sendCredentials(creds) {
         this._rfbCredentials = creds;
-        setTimeout(this._initMsg.bind(this), 0);
+        this._resumeAuthentication();
     }
 
     sendCtrlAltDel() {
@@ -472,8 +485,8 @@ export default class RFB extends EventTargetMixin {
         }
     }
 
-    focus() {
-        this._canvas.focus();
+    focus(options) {
+        this._canvas.focus(options);
     }
 
     blur() {
@@ -489,31 +502,66 @@ export default class RFB extends EventTargetMixin {
             this._clipboardText = text;
             RFB.messages.extendedClipboardNotify(this._sock, [extendedClipboardFormatText]);
         } else {
-            let data = new Uint8Array(text.length);
-            for (let i = 0; i < text.length; i++) {
-                // FIXME: text can have values outside of Latin1/Uint8
-                data[i] = text.charCodeAt(i);
+            let length, i;
+            let data;
+
+            length = 0;
+            // eslint-disable-next-line no-unused-vars
+            for (let codePoint of text) {
+                length++;
+            }
+
+            data = new Uint8Array(length);
+
+            i = 0;
+            for (let codePoint of text) {
+                let code = codePoint.codePointAt(0);
+
+                /* Only ISO 8859-1 is supported */
+                if (code > 0xff) {
+                    code = 0x3f; // '?'
+                }
+
+                data[i++] = code;
             }
 
             RFB.messages.clientCutText(this._sock, data);
         }
     }
 
+    getImageData() {
+        return this._display.getImageData();
+    }
+
+    toDataURL(type, encoderOptions) {
+        return this._display.toDataURL(type, encoderOptions);
+    }
+
+    toBlob(callback, type, quality) {
+        return this._display.toBlob(callback, type, quality);
+    }
+
     // ===== PRIVATE METHODS =====
 
     _connect() {
         Log.Debug(">> RFB.connect");
 
-        Log.Info("connecting to " + this._url);
-
-        try {
-            // WebSocket.onopen transitions to the RFB init states
+        if (this._url) {
+            Log.Info(`connecting to ${this._url}`);
             this._sock.open(this._url, this._wsProtocols);
-        } catch (e) {
-            if (e.name === 'SyntaxError') {
-                this._fail("Invalid host or port (" + e + ")");
-            } else {
-                this._fail("Error when opening socket (" + e + ")");
+        } else {
+            Log.Info(`attaching ${this._rawChannel} to Websock`);
+            this._sock.attach(this._rawChannel);
+
+            if (this._sock.readyState === 'closed') {
+                throw Error("Cannot use already closed WebSocket/RTCDataChannel");
+            }
+
+            if (this._sock.readyState === 'open') {
+                // FIXME: _socketOpen() can in theory call _fail(), which
+                //        isn't allowed this early, but I'm not sure that can
+                //        happen without a bug messing up our state variables
+                this._socketOpen();
             }
         }
 
@@ -525,9 +573,8 @@ export default class RFB extends EventTargetMixin {
         this._cursor.attach(this._canvas);
         this._refreshCursor();
 
-        // Monitor size changes of the screen
-        // FIXME: Use ResizeObserver, or hidden overflow
-        window.addEventListener('resize', this._eventHandlers.windowResize);
+        // Monitor size changes of the screen element
+        this._resizeObserver.observe(this._screen);
 
         // Always grab focus on some kind of click event
         this._canvas.addEventListener("mousedown", this._eventHandlers.focusCanvas);
@@ -568,7 +615,7 @@ export default class RFB extends EventTargetMixin {
         this._canvas.removeEventListener('contextmenu', this._eventHandlers.handleMouse);
         this._canvas.removeEventListener("mousedown", this._eventHandlers.focusCanvas);
         this._canvas.removeEventListener("touchstart", this._eventHandlers.focusCanvas);
-        window.removeEventListener('resize', this._eventHandlers.windowResize);
+        this._resizeObserver.disconnect();
         this._keyboard.ungrab();
         this._gestures.detach();
         this._sock.close();
@@ -587,12 +634,64 @@ export default class RFB extends EventTargetMixin {
         Log.Debug("<< RFB.disconnect");
     }
 
+    _socketOpen() {
+        if ((this._rfbConnectionState === 'connecting') &&
+            (this._rfbInitState === '')) {
+            this._rfbInitState = 'ProtocolVersion';
+            Log.Debug("Starting VNC handshake");
+        } else {
+            this._fail("Unexpected server connection while " +
+                       this._rfbConnectionState);
+        }
+    }
+
+    _socketClose(e) {
+        Log.Debug("WebSocket on-close event");
+        let msg = "";
+        if (e.code) {
+            msg = "(code: " + e.code;
+            if (e.reason) {
+                msg += ", reason: " + e.reason;
+            }
+            msg += ")";
+        }
+        switch (this._rfbConnectionState) {
+            case 'connecting':
+                this._fail("Connection closed " + msg);
+                break;
+            case 'connected':
+                // Handle disconnects that were initiated server-side
+                this._updateConnectionState('disconnecting');
+                this._updateConnectionState('disconnected');
+                break;
+            case 'disconnecting':
+                // Normal disconnection path
+                this._updateConnectionState('disconnected');
+                break;
+            case 'disconnected':
+                this._fail("Unexpected server disconnect " +
+                           "when already disconnected " + msg);
+                break;
+            default:
+                this._fail("Unexpected server disconnect before connecting " +
+                           msg);
+                break;
+        }
+        this._sock.off('close');
+        // Delete reference to raw channel to allow cleanup.
+        this._rawChannel = null;
+    }
+
+    _socketError(e) {
+        Log.Warn("WebSocket on-error event");
+    }
+
     _focusCanvas(event) {
         if (!this.focusOnClick) {
             return;
         }
 
-        this.focus();
+        this.focus({ preventScroll: true });
     }
 
     _setDesktopName(name) {
@@ -602,7 +701,26 @@ export default class RFB extends EventTargetMixin {
             { detail: { name: this._fbName } }));
     }
 
-    _windowResize(event) {
+    _saveExpectedClientSize() {
+        this._expectedClientWidth = this._screen.clientWidth;
+        this._expectedClientHeight = this._screen.clientHeight;
+    }
+
+    _currentClientSize() {
+        return [this._screen.clientWidth, this._screen.clientHeight];
+    }
+
+    _clientHasExpectedSize() {
+        const [currentWidth, currentHeight] = this._currentClientSize();
+        return currentWidth == this._expectedClientWidth &&
+            currentHeight == this._expectedClientHeight;
+    }
+
+    _handleResize() {
+        // Don't change anything if the client size is already as expected
+        if (this._clientHasExpectedSize()) {
+            return;
+        }
         // If the window resized then our screen element might have
         // as well. Update the viewport dimensions.
         window.requestAnimationFrame(() => {
@@ -642,6 +760,16 @@ export default class RFB extends EventTargetMixin {
             const size = this._screenSize();
             this._display.viewportChangeSize(size.w, size.h);
             this._fixScrollbars();
+            this._setClippingViewport(size.w < this._display.width ||
+                                      size.h < this._display.height);
+        } else {
+            this._setClippingViewport(false);
+        }
+
+        // When changing clipping we might show or hide scrollbars.
+        // This causes the expected client dimensions to change.
+        if (curClip !== newClip) {
+            this._saveExpectedClientSize();
         }
     }
 
@@ -667,6 +795,7 @@ export default class RFB extends EventTargetMixin {
         }
 
         const size = this._screenSize();
+
         RFB.messages.setDesktopSize(this._sock,
                                     Math.floor(size.w), Math.floor(size.h),
                                     this._screenID, this._screenFlags);
@@ -682,12 +811,13 @@ export default class RFB extends EventTargetMixin {
     }
 
     _fixScrollbars() {
-        // This is a hack because Chrome screws up the calculation
-        // for when scrollbars are needed. So to fix it we temporarily
-        // toggle them off and on.
+        // This is a hack because Safari on macOS screws up the calculation
+        // for when scrollbars are needed. We get scrollbars when making the
+        // browser smaller, despite remote resize being enabled. So to fix it
+        // we temporarily toggle them off and on.
         const orig = this._screen.style.overflow;
         this._screen.style.overflow = 'hidden';
-        // Force Chrome to recalculate the layout by asking for
+        // Force Safari to recalculate the layout by asking for
         // an element's dimensions
         this._screen.getBoundingClientRect();
         this._screen.style.overflow = orig;
@@ -830,7 +960,7 @@ export default class RFB extends EventTargetMixin {
     }
 
     _handleMessage() {
-        if (this._sock.rQlen === 0) {
+        if (this._sock.rQwait("message", 1)) {
             Log.Warn("handleMessage called on an empty receive queue");
             return;
         }
@@ -847,18 +977,53 @@ export default class RFB extends EventTargetMixin {
                     if (!this._normalMsg()) {
                         break;
                     }
-                    if (this._sock.rQlen === 0) {
+                    if (this._sock.rQwait("message", 1)) {
+                        break;
+                    }
+                }
+                break;
+            case 'connecting':
+                while (this._rfbConnectionState === 'connecting') {
+                    if (!this._initMsg()) {
                         break;
                     }
                 }
                 break;
             default:
-                this._initMsg();
+                Log.Error("Got data while in an invalid state");
                 break;
         }
     }
 
-    _handleKeyEvent(keysym, code, down) {
+    _handleKeyEvent(keysym, code, down, numlock, capslock) {
+        // If remote state of capslock is known, and it doesn't match the local led state of
+        // the keyboard, we send a capslock keypress first to bring it into sync.
+        // If we just pressed CapsLock, or we toggled it remotely due to it being out of sync
+        // we clear the remote state so that we don't send duplicate or spurious fixes,
+        // since it may take some time to receive the new remote CapsLock state.
+        if (code == 'CapsLock' && down) {
+            this._remoteCapsLock = null;
+        }
+        if (this._remoteCapsLock !== null && capslock !== null && this._remoteCapsLock !== capslock && down) {
+            Log.Debug("Fixing remote caps lock");
+
+            this.sendKey(KeyTable.XK_Caps_Lock, 'CapsLock', true);
+            this.sendKey(KeyTable.XK_Caps_Lock, 'CapsLock', false);
+            // We clear the remote capsLock state when we do this to prevent issues with doing this twice
+            // before we receive an update of the the remote state.
+            this._remoteCapsLock = null;
+        }
+
+        // Logic for numlock is exactly the same.
+        if (code == 'NumLock' && down) {
+            this._remoteNumLock = null;
+        }
+        if (this._remoteNumLock !== null && numlock !== null && this._remoteNumLock !== numlock && down) {
+            Log.Debug("Fixing remote num lock");
+            this.sendKey(KeyTable.XK_Num_Lock, 'NumLock', true);
+            this.sendKey(KeyTable.XK_Num_Lock, 'NumLock', false);
+            this._remoteNumLock = null;
+        }
         this.sendKey(keysym, code, down);
     }
 
@@ -1225,13 +1390,13 @@ export default class RFB extends EventTargetMixin {
                 break;
             case "003.003":
             case "003.006":  // UltraVNC
-            case "003.889":  // Apple Remote Desktop
                 this._rfbVersion = 3.3;
                 break;
             case "003.007":
                 this._rfbVersion = 3.7;
                 break;
             case "003.008":
+            case "003.889":  // Apple Remote Desktop
             case "004.000":  // Intel AMT KVM
             case "004.001":  // RealVNC 4.6
             case "005.000":  // RealVNC 5.3
@@ -1246,7 +1411,8 @@ export default class RFB extends EventTargetMixin {
             while (repeaterID.length < 250) {
                 repeaterID += "\0";
             }
-            this._sock.sendString(repeaterID);
+            this._sock.sQpushString(repeaterID);
+            this._sock.flush();
             return true;
         }
 
@@ -1256,24 +1422,30 @@ export default class RFB extends EventTargetMixin {
 
         const cversion = "00" + parseInt(this._rfbVersion, 10) +
                        ".00" + ((this._rfbVersion * 10) % 10);
-        this._sock.sendString("RFB " + cversion + "\n");
+        this._sock.sQpushString("RFB " + cversion + "\n");
+        this._sock.flush();
         Log.Debug('Sent ProtocolVersion: ' + cversion);
 
         this._rfbInitState = 'Security';
     }
 
-    _negotiateSecurity() {
-        // Polyfill since IE and PhantomJS doesn't have
-        // TypedArray.includes()
-        function includes(item, array) {
-            for (let i = 0; i < array.length; i++) {
-                if (array[i] === item) {
-                    return true;
-                }
-            }
-            return false;
-        }
+    _isSupportedSecurityType(type) {
+        const clientTypes = [
+            securityTypeNone,
+            securityTypeVNCAuth,
+            securityTypeRA2ne,
+            securityTypeTight,
+            securityTypeVeNCrypt,
+            securityTypeXVP,
+            securityTypeARD,
+            securityTypeMSLogonII,
+            securityTypePlain,
+        ];
 
+        return clientTypes.includes(type);
+    }
+
+    _negotiateSecurity() {
         if (this._rfbVersion >= 3.7) {
             // Server sends supported list, client decides
             const numTypes = this._sock.rQshift8();
@@ -1283,28 +1455,28 @@ export default class RFB extends EventTargetMixin {
                 this._rfbInitState = "SecurityReason";
                 this._securityContext = "no security types";
                 this._securityStatus = 1;
-                return this._initMsg();
+                return true;
             }
 
             const types = this._sock.rQshiftBytes(numTypes);
             Log.Debug("Server security types: " + types);
 
-            // Look for each auth in preferred order
-            if (includes(1, types)) {
-                this._rfbAuthScheme = 1; // None
-            } else if (includes(22, types)) {
-                this._rfbAuthScheme = 22; // XVP
-            } else if (includes(16, types)) {
-                this._rfbAuthScheme = 16; // Tight
-            } else if (includes(2, types)) {
-                this._rfbAuthScheme = 2; // VNC Auth
-            } else if (includes(19, types)) {
-                this._rfbAuthScheme = 19; // VeNCrypt Auth
-            } else {
+            // Look for a matching security type in the order that the
+            // server prefers
+            this._rfbAuthScheme = -1;
+            for (let type of types) {
+                if (this._isSupportedSecurityType(type)) {
+                    this._rfbAuthScheme = type;
+                    break;
+                }
+            }
+
+            if (this._rfbAuthScheme === -1) {
                 return this._fail("Unsupported security types (types: " + types + ")");
             }
 
-            this._sock.send([this._rfbAuthScheme]);
+            this._sock.sQpush8(this._rfbAuthScheme);
+            this._sock.flush();
         } else {
             // Server decides
             if (this._sock.rQwait("security scheme", 4)) { return false; }
@@ -1314,14 +1486,14 @@ export default class RFB extends EventTargetMixin {
                 this._rfbInitState = "SecurityReason";
                 this._securityContext = "authentication scheme";
                 this._securityStatus = 1;
-                return this._initMsg();
+                return true;
             }
         }
 
         this._rfbInitState = 'Authentication';
         Log.Debug('Authenticating using scheme: ' + this._rfbAuthScheme);
 
-        return this._initMsg(); // jump to authentication
+        return true;
     }
 
     _handleSecurityReason() {
@@ -1366,12 +1538,15 @@ export default class RFB extends EventTargetMixin {
             return false;
         }
 
-        const xvpAuthStr = String.fromCharCode(this._rfbCredentials.username.length) +
-                           String.fromCharCode(this._rfbCredentials.target.length) +
-                           this._rfbCredentials.username +
-                           this._rfbCredentials.target;
-        this._sock.sendString(xvpAuthStr);
-        this._rfbAuthScheme = 2;
+        this._sock.sQpush8(this._rfbCredentials.username.length);
+        this._sock.sQpush8(this._rfbCredentials.target.length);
+        this._sock.sQpushString(this._rfbCredentials.username);
+        this._sock.sQpushString(this._rfbCredentials.target);
+
+        this._sock.flush();
+
+        this._rfbAuthScheme = securityTypeVNCAuth;
+
         return this._negotiateAuthentication();
     }
 
@@ -1389,7 +1564,9 @@ export default class RFB extends EventTargetMixin {
                 return this._fail("Unsupported VeNCrypt version " + major + "." + minor);
             }
 
-            this._sock.send([0, 2]);
+            this._sock.sQpush8(0);
+            this._sock.sQpush8(2);
+            this._sock.flush();
             this._rfbVeNCryptState = 1;
         }
 
@@ -1429,40 +1606,55 @@ export default class RFB extends EventTargetMixin {
                 subtypes.push(this._sock.rQshift32());
             }
 
-            // 256 = Plain subtype
-            if (subtypes.indexOf(256) != -1) {
-                // 0x100 = 256
-                this._sock.send([0, 0, 1, 0]);
-                this._rfbVeNCryptState = 4;
-            } else {
-                return this._fail("VeNCrypt Plain subtype not offered by server");
-            }
-        }
+            // Look for a matching security type in the order that the
+            // server prefers
+            this._rfbAuthScheme = -1;
+            for (let type of subtypes) {
+                // Avoid getting in to a loop
+                if (type === securityTypeVeNCrypt) {
+                    continue;
+                }
 
-        // negotiated Plain subtype, server waits for password
-        if (this._rfbVeNCryptState == 4) {
-            if (!this._rfbCredentials.username ||
-                !this._rfbCredentials.password) {
-                this.dispatchEvent(new CustomEvent(
-                    "credentialsrequired",
-                    { detail: { types: ["username", "password"] } }));
-                return false;
+                if (this._isSupportedSecurityType(type)) {
+                    this._rfbAuthScheme = type;
+                    break;
+                }
             }
 
-            const user = encodeUTF8(this._rfbCredentials.username);
-            const pass = encodeUTF8(this._rfbCredentials.password);
+            if (this._rfbAuthScheme === -1) {
+                return this._fail("Unsupported security types (types: " + subtypes + ")");
+            }
 
-            // XXX we assume lengths are <= 255 (should not be an issue in the real world)
-            this._sock.send([0, 0, 0, user.length]);
-            this._sock.send([0, 0, 0, pass.length]);
-            this._sock.sendString(user);
-            this._sock.sendString(pass);
+            this._sock.sQpush32(this._rfbAuthScheme);
+            this._sock.flush();
 
-            this._rfbInitState = "SecurityResult";
+            this._rfbVeNCryptState = 4;
             return true;
         }
     }
 
+    _negotiatePlainAuth() {
+        if (this._rfbCredentials.username === undefined ||
+            this._rfbCredentials.password === undefined) {
+            this.dispatchEvent(new CustomEvent(
+                "credentialsrequired",
+                { detail: { types: ["username", "password"] } }));
+            return false;
+        }
+
+        const user = encodeUTF8(this._rfbCredentials.username);
+        const pass = encodeUTF8(this._rfbCredentials.password);
+
+        this._sock.sQpush32(user.length);
+        this._sock.sQpush32(pass.length);
+        this._sock.sQpushString(user);
+        this._sock.sQpushString(pass);
+        this._sock.flush();
+
+        this._rfbInitState = "SecurityResult";
+        return true;
+    }
+
     _negotiateStdVNCAuth() {
         if (this._sock.rQwait("auth challenge", 16)) { return false; }
 
@@ -1476,11 +1668,82 @@ export default class RFB extends EventTargetMixin {
         // TODO(directxman12): make genDES not require an Array
         const challenge = Array.prototype.slice.call(this._sock.rQshiftBytes(16));
         const response = RFB.genDES(this._rfbCredentials.password, challenge);
-        this._sock.send(response);
+        this._sock.sQpushBytes(response);
+        this._sock.flush();
         this._rfbInitState = "SecurityResult";
         return true;
     }
 
+    _negotiateARDAuth() {
+
+        if (this._rfbCredentials.username === undefined ||
+            this._rfbCredentials.password === undefined) {
+            this.dispatchEvent(new CustomEvent(
+                "credentialsrequired",
+                { detail: { types: ["username", "password"] } }));
+            return false;
+        }
+
+        if (this._rfbCredentials.ardPublicKey != undefined &&
+            this._rfbCredentials.ardCredentials != undefined) {
+            // if the async web crypto is done return the results
+            this._sock.sQpushBytes(this._rfbCredentials.ardCredentials);
+            this._sock.sQpushBytes(this._rfbCredentials.ardPublicKey);
+            this._sock.flush();
+            this._rfbCredentials.ardCredentials = null;
+            this._rfbCredentials.ardPublicKey = null;
+            this._rfbInitState = "SecurityResult";
+            return true;
+        }
+
+        if (this._sock.rQwait("read ard", 4)) { return false; }
+
+        let generator = this._sock.rQshiftBytes(2);   // DH base generator value
+
+        let keyLength = this._sock.rQshift16();
+
+        if (this._sock.rQwait("read ard keylength", keyLength*2, 4)) { return false; }
+
+        // read the server values
+        let prime = this._sock.rQshiftBytes(keyLength);  // predetermined prime modulus
+        let serverPublicKey = this._sock.rQshiftBytes(keyLength); // other party's public key
+
+        let clientKey = legacyCrypto.generateKey(
+            { name: "DH", g: generator, p: prime }, false, ["deriveBits"]);
+        this._negotiateARDAuthAsync(keyLength, serverPublicKey, clientKey);
+
+        return false;
+    }
+
+    async _negotiateARDAuthAsync(keyLength, serverPublicKey, clientKey) {
+        const clientPublicKey = legacyCrypto.exportKey("raw", clientKey.publicKey);
+        const sharedKey = legacyCrypto.deriveBits(
+            { name: "DH", public: serverPublicKey }, clientKey.privateKey, keyLength * 8);
+
+        const username = encodeUTF8(this._rfbCredentials.username).substring(0, 63);
+        const password = encodeUTF8(this._rfbCredentials.password).substring(0, 63);
+
+        const credentials = window.crypto.getRandomValues(new Uint8Array(128));
+        for (let i = 0; i < username.length; i++) {
+            credentials[i] = username.charCodeAt(i);
+        }
+        credentials[username.length] = 0;
+        for (let i = 0; i < password.length; i++) {
+            credentials[64 + i] = password.charCodeAt(i);
+        }
+        credentials[64 + password.length] = 0;
+
+        const key = await legacyCrypto.digest("MD5", sharedKey);
+        const cipher = await legacyCrypto.importKey(
+            "raw", key, { name: "AES-ECB" }, false, ["encrypt"]);
+        const encrypted = await legacyCrypto.encrypt({ name: "AES-ECB" }, cipher, credentials);
+
+        this._rfbCredentials.ardCredentials = encrypted;
+        this._rfbCredentials.ardPublicKey = clientPublicKey;
+
+        this._resumeAuthentication();
+    }
+
     _negotiateTightUnixAuth() {
         if (this._rfbCredentials.username === undefined ||
             this._rfbCredentials.password === undefined) {
@@ -1490,10 +1753,12 @@ export default class RFB extends EventTargetMixin {
             return false;
         }
 
-        this._sock.send([0, 0, 0, this._rfbCredentials.username.length]);
-        this._sock.send([0, 0, 0, this._rfbCredentials.password.length]);
-        this._sock.sendString(this._rfbCredentials.username);
-        this._sock.sendString(this._rfbCredentials.password);
+        this._sock.sQpush32(this._rfbCredentials.username.length);
+        this._sock.sQpush32(this._rfbCredentials.password.length);
+        this._sock.sQpushString(this._rfbCredentials.username);
+        this._sock.sQpushString(this._rfbCredentials.password);
+        this._sock.flush();
+
         this._rfbInitState = "SecurityResult";
         return true;
     }
@@ -1531,7 +1796,8 @@ export default class RFB extends EventTargetMixin {
                                   "vendor or signature");
             }
             Log.Debug("Selected tunnel type: " + clientSupportedTunnelTypes[0]);
-            this._sock.send([0, 0, 0, 0]);  // use NOTUNNEL
+            this._sock.sQpush32(0); // use NOTUNNEL
+            this._sock.flush();
             return false; // wait until we receive the sub auth count to continue
         } else {
             return this._fail("Server wanted tunnels, but doesn't support " +
@@ -1581,19 +1847,20 @@ export default class RFB extends EventTargetMixin {
 
         for (let authType in clientSupportedTypes) {
             if (serverSupportedTypes.indexOf(authType) != -1) {
-                this._sock.send([0, 0, 0, clientSupportedTypes[authType]]);
+                this._sock.sQpush32(clientSupportedTypes[authType]);
+                this._sock.flush();
                 Log.Debug("Selected authentication type: " + authType);
 
                 switch (authType) {
                     case 'STDVNOAUTH__':  // no auth
                         this._rfbInitState = 'SecurityResult';
                         return true;
-                    case 'STDVVNCAUTH_': // VNC auth
-                        this._rfbAuthScheme = 2;
-                        return this._initMsg();
-                    case 'TGHTULGNAUTH': // UNIX auth
-                        this._rfbAuthScheme = 129;
-                        return this._initMsg();
+                    case 'STDVVNCAUTH_':
+                        this._rfbAuthScheme = securityTypeVNCAuth;
+                        return true;
+                    case 'TGHTULGNAUTH':
+                        this._rfbAuthScheme = securityTypeUnixLogon;
+                        return true;
                     default:
                         return this._fail("Unsupported tiny auth scheme " +
                                           "(scheme: " + authType + ")");
@@ -1604,31 +1871,124 @@ export default class RFB extends EventTargetMixin {
         return this._fail("No supported sub-auth types!");
     }
 
+    _handleRSAAESCredentialsRequired(event) {
+        this.dispatchEvent(event);
+    }
+
+    _handleRSAAESServerVerification(event) {
+        this.dispatchEvent(event);
+    }
+
+    _negotiateRA2neAuth() {
+        if (this._rfbRSAAESAuthenticationState === null) {
+            this._rfbRSAAESAuthenticationState = new RSAAESAuthenticationState(this._sock, () => this._rfbCredentials);
+            this._rfbRSAAESAuthenticationState.addEventListener(
+                "serververification", this._eventHandlers.handleRSAAESServerVerification);
+            this._rfbRSAAESAuthenticationState.addEventListener(
+                "credentialsrequired", this._eventHandlers.handleRSAAESCredentialsRequired);
+        }
+        this._rfbRSAAESAuthenticationState.checkInternalEvents();
+        if (!this._rfbRSAAESAuthenticationState.hasStarted) {
+            this._rfbRSAAESAuthenticationState.negotiateRA2neAuthAsync()
+                .catch((e) => {
+                    if (e.message !== "disconnect normally") {
+                        this._fail(e.message);
+                    }
+                })
+                .then(() => {
+                    this._rfbInitState = "SecurityResult";
+                    return true;
+                }).finally(() => {
+                    this._rfbRSAAESAuthenticationState.removeEventListener(
+                        "serververification", this._eventHandlers.handleRSAAESServerVerification);
+                    this._rfbRSAAESAuthenticationState.removeEventListener(
+                        "credentialsrequired", this._eventHandlers.handleRSAAESCredentialsRequired);
+                    this._rfbRSAAESAuthenticationState = null;
+                });
+        }
+        return false;
+    }
+
+    _negotiateMSLogonIIAuth() {
+        if (this._sock.rQwait("mslogonii dh param", 24)) { return false; }
+
+        if (this._rfbCredentials.username === undefined ||
+            this._rfbCredentials.password === undefined) {
+            this.dispatchEvent(new CustomEvent(
+                "credentialsrequired",
+                { detail: { types: ["username", "password"] } }));
+            return false;
+        }
+
+        const g = this._sock.rQshiftBytes(8);
+        const p = this._sock.rQshiftBytes(8);
+        const A = this._sock.rQshiftBytes(8);
+        const dhKey = legacyCrypto.generateKey({ name: "DH", g: g, p: p }, true, ["deriveBits"]);
+        const B = legacyCrypto.exportKey("raw", dhKey.publicKey);
+        const secret = legacyCrypto.deriveBits({ name: "DH", public: A }, dhKey.privateKey, 64);
+
+        const key = legacyCrypto.importKey("raw", secret, { name: "DES-CBC" }, false, ["encrypt"]);
+        const username = encodeUTF8(this._rfbCredentials.username).substring(0, 255);
+        const password = encodeUTF8(this._rfbCredentials.password).substring(0, 63);
+        let usernameBytes = new Uint8Array(256);
+        let passwordBytes = new Uint8Array(64);
+        window.crypto.getRandomValues(usernameBytes);
+        window.crypto.getRandomValues(passwordBytes);
+        for (let i = 0; i < username.length; i++) {
+            usernameBytes[i] = username.charCodeAt(i);
+        }
+        usernameBytes[username.length] = 0;
+        for (let i = 0; i < password.length; i++) {
+            passwordBytes[i] = password.charCodeAt(i);
+        }
+        passwordBytes[password.length] = 0;
+        usernameBytes = legacyCrypto.encrypt({ name: "DES-CBC", iv: secret }, key, usernameBytes);
+        passwordBytes = legacyCrypto.encrypt({ name: "DES-CBC", iv: secret }, key, passwordBytes);
+        this._sock.sQpushBytes(B);
+        this._sock.sQpushBytes(usernameBytes);
+        this._sock.sQpushBytes(passwordBytes);
+        this._sock.flush();
+        this._rfbInitState = "SecurityResult";
+        return true;
+    }
+
     _negotiateAuthentication() {
         switch (this._rfbAuthScheme) {
-            case 1:  // no auth
+            case securityTypeNone:
                 if (this._rfbVersion >= 3.8) {
                     this._rfbInitState = 'SecurityResult';
-                    return true;
+                } else {
+                    this._rfbInitState = 'ClientInitialisation';
                 }
-                this._rfbInitState = 'ClientInitialisation';
-                return this._initMsg();
+                return true;
 
-            case 22:  // XVP auth
+            case securityTypeXVP:
                 return this._negotiateXvpAuth();
 
-            case 2:  // VNC authentication
+            case securityTypeARD:
+                return this._negotiateARDAuth();
+
+            case securityTypeVNCAuth:
                 return this._negotiateStdVNCAuth();
 
-            case 16:  // TightVNC Security Type
+            case securityTypeTight:
                 return this._negotiateTightAuth();
 
-            case 19:  // VeNCrypt Security Type
+            case securityTypeVeNCrypt:
                 return this._negotiateVeNCryptAuth();
 
-            case 129:  // TightVNC UNIX Security Type
+            case securityTypePlain:
+                return this._negotiatePlainAuth();
+
+            case securityTypeUnixLogon:
                 return this._negotiateTightUnixAuth();
 
+            case securityTypeRA2ne:
+                return this._negotiateRA2neAuth();
+
+            case securityTypeMSLogonII:
+                return this._negotiateMSLogonIIAuth();
+
             default:
                 return this._fail("Unsupported auth scheme (scheme: " +
                                   this._rfbAuthScheme + ")");
@@ -1643,13 +2003,13 @@ export default class RFB extends EventTargetMixin {
         if (status === 0) { // OK
             this._rfbInitState = 'ClientInitialisation';
             Log.Debug('Authentication OK');
-            return this._initMsg();
+            return true;
         } else {
             if (this._rfbVersion >= 3.8) {
                 this._rfbInitState = "SecurityReason";
                 this._securityContext = "security result";
                 this._securityStatus = status;
-                return this._initMsg();
+                return true;
             } else {
                 this.dispatchEvent(new CustomEvent(
                     "securityfailure",
@@ -1757,6 +2117,8 @@ export default class RFB extends EventTargetMixin {
         if (this._fbDepth == 24) {
             encs.push(encodings.encodingTight);
             encs.push(encodings.encodingTightPNG);
+            encs.push(encodings.encodingZRLE);
+            encs.push(encodings.encodingJPEG);
             encs.push(encodings.encodingHextile);
             encs.push(encodings.encodingRRE);
         }
@@ -1769,6 +2131,7 @@ export default class RFB extends EventTargetMixin {
         encs.push(encodings.pseudoEncodingDesktopSize);
         encs.push(encodings.pseudoEncodingLastRect);
         encs.push(encodings.pseudoEncodingQEMUExtendedKeyEvent);
+        encs.push(encodings.pseudoEncodingQEMULedEvent);
         encs.push(encodings.pseudoEncodingExtendedDesktopSize);
         encs.push(encodings.pseudoEncodingXvp);
         encs.push(encodings.pseudoEncodingFence);
@@ -1810,7 +2173,8 @@ export default class RFB extends EventTargetMixin {
                 return this._handleSecurityReason();
 
             case 'ClientInitialisation':
-                this._sock.send([this._shared ? 1 : 0]); // ClientInitialisation
+                this._sock.sQpush8(this._shared ? 1 : 0); // ClientInitialisation
+                this._sock.flush();
                 this._rfbInitState = 'ServerInitialisation';
                 return true;
 
@@ -1823,6 +2187,14 @@ export default class RFB extends EventTargetMixin {
         }
     }
 
+    // Resume authentication handshake after it was paused for some
+    // reason, e.g. waiting for a password from the user
+    _resumeAuthentication() {
+        // We use setTimeout() so it's run in its own context, just like
+        // it originally did via the WebSocket's event handler
+        setTimeout(this._initMsg.bind(this), 0);
+    }
+
     _handleSetColourMapMsg() {
         Log.Debug("SetColorMapEntries");
 
@@ -1984,7 +2356,7 @@ export default class RFB extends EventTargetMixin {
                         textData = textData.slice(0, -1);
                     }
 
-                    textData = textData.replace("\r\n", "\n");
+                    textData = textData.replaceAll("\r\n", "\n");
 
                     this.dispatchEvent(new CustomEvent(
                         "clipboard",
@@ -2115,19 +2487,11 @@ export default class RFB extends EventTargetMixin {
 
             default:
                 this._fail("Unexpected server message (type " + msgType + ")");
-                Log.Debug("sock.rQslice(0, 30): " + this._sock.rQslice(0, 30));
+                Log.Debug("sock.rQpeekBytes(30): " + this._sock.rQpeekBytes(30));
                 return true;
         }
     }
 
-    _onFlush() {
-        this._flushing = false;
-        // Resume processing
-        if (this._sock.rQlen > 0) {
-            this._handleMessage();
-        }
-    }
-
     _framebufferUpdate() {
         if (this._FBU.rects === 0) {
             if (this._sock.rQwait("FBU header", 3, 1)) { return false; }
@@ -2138,7 +2502,14 @@ export default class RFB extends EventTargetMixin {
             // to avoid building up an excessive queue
             if (this._display.pending()) {
                 this._flushing = true;
-                this._display.flush();
+                this._display.flush()
+                    .then(() => {
+                        this._flushing = false;
+                        // Resume processing
+                        if (!this._sock.rQwait("message", 1)) {
+                            this._handleMessage();
+                        }
+                    });
                 return false;
             }
         }
@@ -2148,13 +2519,13 @@ export default class RFB extends EventTargetMixin {
                 if (this._sock.rQwait("rect header", 12)) { return false; }
                 /* New FramebufferUpdate */
 
-                const hdr = this._sock.rQshiftBytes(12);
-                this._FBU.x        = (hdr[0] << 8) + hdr[1];
-                this._FBU.y        = (hdr[2] << 8) + hdr[3];
-                this._FBU.width    = (hdr[4] << 8) + hdr[5];
-                this._FBU.height   = (hdr[6] << 8) + hdr[7];
-                this._FBU.encoding = parseInt((hdr[8] << 24) + (hdr[9] << 16) +
-                                              (hdr[10] << 8) + hdr[11], 10);
+                this._FBU.x = this._sock.rQshift16();
+                this._FBU.y = this._sock.rQshift16();
+                this._FBU.width = this._sock.rQshift16();
+                this._FBU.height = this._sock.rQshift16();
+                this._FBU.encoding = this._sock.rQshift32();
+                /* Encodings are signed */
+                this._FBU.encoding >>= 0;
             }
 
             if (!this._handleRect()) {
@@ -2183,15 +2554,7 @@ export default class RFB extends EventTargetMixin {
                 return this._handleCursor();
 
             case encodings.pseudoEncodingQEMUExtendedKeyEvent:
-                // Old Safari doesn't support creating keyboard events
-                try {
-                    const keyboardEvent = document.createEvent("keyboardEvent");
-                    if (keyboardEvent.code !== undefined) {
-                        this._qemuExtKeyEventSupported = true;
-                    }
-                } catch (err) {
-                    // Do nothing
-                }
+                this._qemuExtKeyEventSupported = true;
                 return true;
 
             case encodings.pseudoEncodingDesktopName:
@@ -2204,6 +2567,9 @@ export default class RFB extends EventTargetMixin {
             case encodings.pseudoEncodingExtendedDesktopSize:
                 return this._handleExtendedDesktopSize();
 
+            case encodings.pseudoEncodingQEMULedEvent:
+                return this._handleLedEvent();
+
             default:
                 return this._handleDataRect();
         }
@@ -2381,6 +2747,21 @@ export default class RFB extends EventTargetMixin {
         return true;
     }
 
+    _handleLedEvent() {
+        if (this._sock.rQwait("LED Status", 1)) {
+            return false;
+        }
+
+        let data = this._sock.rQshift8();
+        // ScrollLock state can be retrieved with data & 1. This is currently not needed.
+        let numLock = data & 2 ? true : false;
+        let capsLock = data & 4 ? true : false;
+        this._remoteCapsLock = capsLock;
+        this._remoteNumLock = numLock;
+
+        return true;
+    }
+
     _handleExtendedDesktopSize() {
         if (this._sock.rQwait("ExtendedDesktopSize", 4)) {
             return false;
@@ -2396,26 +2777,18 @@ export default class RFB extends EventTargetMixin {
         const firstUpdate = !this._supportsSetDesktopSize;
         this._supportsSetDesktopSize = true;
 
-        // Normally we only apply the current resize mode after a
-        // window resize event. However there is no such trigger on the
-        // initial connect. And we don't know if the server supports
-        // resizing until we've gotten here.
-        if (firstUpdate) {
-            this._requestRemoteResize();
-        }
-
         this._sock.rQskipBytes(1);  // number-of-screens
         this._sock.rQskipBytes(3);  // padding
 
         for (let i = 0; i < numberOfScreens; i += 1) {
             // Save the id and flags of the first screen
             if (i === 0) {
-                this._screenID = this._sock.rQshiftBytes(4);    // id
-                this._sock.rQskipBytes(2);                       // x-position
-                this._sock.rQskipBytes(2);                       // y-position
-                this._sock.rQskipBytes(2);                       // width
-                this._sock.rQskipBytes(2);                       // height
-                this._screenFlags = this._sock.rQshiftBytes(4); // flags
+                this._screenID = this._sock.rQshift32();    // id
+                this._sock.rQskipBytes(2);                  // x-position
+                this._sock.rQskipBytes(2);                  // y-position
+                this._sock.rQskipBytes(2);                  // width
+                this._sock.rQskipBytes(2);                  // height
+                this._screenFlags = this._sock.rQshift32(); // flags
             } else {
                 this._sock.rQskipBytes(16);
             }
@@ -2453,6 +2826,14 @@ export default class RFB extends EventTargetMixin {
             this._resize(this._FBU.width, this._FBU.height);
         }
 
+        // Normally we only apply the current resize mode after a
+        // window resize event. However there is no such trigger on the
+        // initial connect. And we don't know if the server supports
+        // resizing until we've gotten here.
+        if (firstUpdate) {
+            this._requestRemoteResize();
+        }
+
         return true;
     }
 
@@ -2493,6 +2874,9 @@ export default class RFB extends EventTargetMixin {
         this._updateScale();
 
         this._updateContinuousUpdates();
+
+        // Keep this size until browser client size changes
+        this._saveExpectedClientSize();
     }
 
     _xvpOp(ver, op) {
@@ -2545,28 +2929,22 @@ export default class RFB extends EventTargetMixin {
 
     static genDES(password, challenge) {
         const passwordChars = password.split('').map(c => c.charCodeAt(0));
-        return (new DES(passwordChars)).encrypt(challenge);
+        const key = legacyCrypto.importKey(
+            "raw", passwordChars, { name: "DES-ECB" }, false, ["encrypt"]);
+        return legacyCrypto.encrypt({ name: "DES-ECB" }, key, challenge);
     }
 }
 
 // Class Methods
 RFB.messages = {
     keyEvent(sock, keysym, down) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
+        sock.sQpush8(4); // msg-type
+        sock.sQpush8(down);
 
-        buff[offset] = 4;  // msg-type
-        buff[offset + 1] = down;
+        sock.sQpush16(0);
 
-        buff[offset + 2] = 0;
-        buff[offset + 3] = 0;
+        sock.sQpush32(keysym);
 
-        buff[offset + 4] = (keysym >> 24);
-        buff[offset + 5] = (keysym >> 16);
-        buff[offset + 6] = (keysym >> 8);
-        buff[offset + 7] = keysym;
-
-        sock._sQlen += 8;
         sock.flush();
     },
 
@@ -2580,46 +2958,28 @@ RFB.messages = {
             return xtScanCode;
         }
 
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
+        sock.sQpush8(255); // msg-type
+        sock.sQpush8(0); // sub msg-type
 
-        buff[offset] = 255; // msg-type
-        buff[offset + 1] = 0; // sub msg-type
+        sock.sQpush16(down);
 
-        buff[offset + 2] = (down >> 8);
-        buff[offset + 3] = down;
-
-        buff[offset + 4] = (keysym >> 24);
-        buff[offset + 5] = (keysym >> 16);
-        buff[offset + 6] = (keysym >> 8);
-        buff[offset + 7] = keysym;
+        sock.sQpush32(keysym);
 
         const RFBkeycode = getRFBkeycode(keycode);
 
-        buff[offset + 8] = (RFBkeycode >> 24);
-        buff[offset + 9] = (RFBkeycode >> 16);
-        buff[offset + 10] = (RFBkeycode >> 8);
-        buff[offset + 11] = RFBkeycode;
+        sock.sQpush32(RFBkeycode);
 
-        sock._sQlen += 12;
         sock.flush();
     },
 
     pointerEvent(sock, x, y, mask) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
+        sock.sQpush8(5); // msg-type
 
-        buff[offset] = 5; // msg-type
+        sock.sQpush8(mask);
 
-        buff[offset + 1] = mask;
+        sock.sQpush16(x);
+        sock.sQpush16(y);
 
-        buff[offset + 2] = x >> 8;
-        buff[offset + 3] = x;
-
-        buff[offset + 4] = y >> 8;
-        buff[offset + 5] = y;
-
-        sock._sQlen += 6;
         sock.flush();
     },
 
@@ -2719,14 +3079,11 @@ RFB.messages = {
     },
 
     clientCutText(sock, data, extended = false) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
+        sock.sQpush8(6); // msg-type
 
-        buff[offset] = 6; // msg-type
-
-        buff[offset + 1] = 0; // padding
-        buff[offset + 2] = 0; // padding
-        buff[offset + 3] = 0; // padding
+        sock.sQpush8(0); // padding
+        sock.sQpush8(0); // padding
+        sock.sQpush8(0); // padding
 
         let length;
         if (extended) {
@@ -2735,121 +3092,63 @@ RFB.messages = {
             length = data.length;
         }
 
-        buff[offset + 4] = length >> 24;
-        buff[offset + 5] = length >> 16;
-        buff[offset + 6] = length >> 8;
-        buff[offset + 7] = length;
-
-        sock._sQlen += 8;
-
-        // We have to keep track of from where in the data we begin creating the
-        // buffer for the flush in the next iteration.
-        let dataOffset = 0;
-
-        let remaining = data.length;
-        while (remaining > 0) {
-
-            let flushSize = Math.min(remaining, (sock._sQbufferSize - sock._sQlen));
-            for (let i = 0; i < flushSize; i++) {
-                buff[sock._sQlen + i] = data[dataOffset + i];
-            }
-
-            sock._sQlen += flushSize;
-            sock.flush();
-
-            remaining -= flushSize;
-            dataOffset += flushSize;
-        }
-
+        sock.sQpush32(length);
+        sock.sQpushBytes(data);
+        sock.flush();
     },
 
     setDesktopSize(sock, width, height, id, flags) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
+        sock.sQpush8(251); // msg-type
 
-        buff[offset] = 251;              // msg-type
-        buff[offset + 1] = 0;            // padding
-        buff[offset + 2] = width >> 8;   // width
-        buff[offset + 3] = width;
-        buff[offset + 4] = height >> 8;  // height
-        buff[offset + 5] = height;
+        sock.sQpush8(0); // padding
 
-        buff[offset + 6] = 1;            // number-of-screens
-        buff[offset + 7] = 0;            // padding
+        sock.sQpush16(width);
+        sock.sQpush16(height);
+
+        sock.sQpush8(1); // number-of-screens
+
+        sock.sQpush8(0); // padding
 
         // screen array
-        buff[offset + 8] = id >> 24;     // id
-        buff[offset + 9] = id >> 16;
-        buff[offset + 10] = id >> 8;
-        buff[offset + 11] = id;
-        buff[offset + 12] = 0;           // x-position
-        buff[offset + 13] = 0;
-        buff[offset + 14] = 0;           // y-position
-        buff[offset + 15] = 0;
-        buff[offset + 16] = width >> 8;  // width
-        buff[offset + 17] = width;
-        buff[offset + 18] = height >> 8; // height
-        buff[offset + 19] = height;
-        buff[offset + 20] = flags >> 24; // flags
-        buff[offset + 21] = flags >> 16;
-        buff[offset + 22] = flags >> 8;
-        buff[offset + 23] = flags;
+        sock.sQpush32(id);
+        sock.sQpush16(0); // x-position
+        sock.sQpush16(0); // y-position
+        sock.sQpush16(width);
+        sock.sQpush16(height);
+        sock.sQpush32(flags);
 
-        sock._sQlen += 24;
         sock.flush();
     },
 
     clientFence(sock, flags, payload) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
+        sock.sQpush8(248); // msg-type
 
-        buff[offset] = 248; // msg-type
+        sock.sQpush8(0); // padding
+        sock.sQpush8(0); // padding
+        sock.sQpush8(0); // padding
 
-        buff[offset + 1] = 0; // padding
-        buff[offset + 2] = 0; // padding
-        buff[offset + 3] = 0; // padding
+        sock.sQpush32(flags);
 
-        buff[offset + 4] = flags >> 24; // flags
-        buff[offset + 5] = flags >> 16;
-        buff[offset + 6] = flags >> 8;
-        buff[offset + 7] = flags;
+        sock.sQpush8(payload.length);
+        sock.sQpushString(payload);
 
-        const n = payload.length;
-
-        buff[offset + 8] = n; // length
-
-        for (let i = 0; i < n; i++) {
-            buff[offset + 9 + i] = payload.charCodeAt(i);
-        }
-
-        sock._sQlen += 9 + n;
         sock.flush();
     },
 
     enableContinuousUpdates(sock, enable, x, y, width, height) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
+        sock.sQpush8(150); // msg-type
 
-        buff[offset] = 150;             // msg-type
-        buff[offset + 1] = enable;      // enable-flag
+        sock.sQpush8(enable);
 
-        buff[offset + 2] = x >> 8;      // x
-        buff[offset + 3] = x;
-        buff[offset + 4] = y >> 8;      // y
-        buff[offset + 5] = y;
-        buff[offset + 6] = width >> 8;  // width
-        buff[offset + 7] = width;
-        buff[offset + 8] = height >> 8; // height
-        buff[offset + 9] = height;
+        sock.sQpush16(x);
+        sock.sQpush16(y);
+        sock.sQpush16(width);
+        sock.sQpush16(height);
 
-        sock._sQlen += 10;
         sock.flush();
     },
 
     pixelFormat(sock, depth, trueColor) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
-
         let bpp;
 
         if (depth > 16) {
@@ -2862,100 +3161,69 @@ RFB.messages = {
 
         const bits = Math.floor(depth/3);
 
-        buff[offset] = 0;  // msg-type
+        sock.sQpush8(0); // msg-type
 
-        buff[offset + 1] = 0; // padding
-        buff[offset + 2] = 0; // padding
-        buff[offset + 3] = 0; // padding
+        sock.sQpush8(0); // padding
+        sock.sQpush8(0); // padding
+        sock.sQpush8(0); // padding
 
-        buff[offset + 4] = bpp;                 // bits-per-pixel
-        buff[offset + 5] = depth;               // depth
-        buff[offset + 6] = 0;                   // little-endian
-        buff[offset + 7] = trueColor ? 1 : 0;  // true-color
+        sock.sQpush8(bpp);
+        sock.sQpush8(depth);
+        sock.sQpush8(0); // little-endian
+        sock.sQpush8(trueColor ? 1 : 0);
 
-        buff[offset + 8] = 0;    // red-max
-        buff[offset + 9] = (1 << bits) - 1;  // red-max
+        sock.sQpush16((1 << bits) - 1); // red-max
+        sock.sQpush16((1 << bits) - 1); // green-max
+        sock.sQpush16((1 << bits) - 1); // blue-max
 
-        buff[offset + 10] = 0;   // green-max
-        buff[offset + 11] = (1 << bits) - 1; // green-max
+        sock.sQpush8(bits * 0); // red-shift
+        sock.sQpush8(bits * 1); // green-shift
+        sock.sQpush8(bits * 2); // blue-shift
 
-        buff[offset + 12] = 0;   // blue-max
-        buff[offset + 13] = (1 << bits) - 1; // blue-max
+        sock.sQpush8(0); // padding
+        sock.sQpush8(0); // padding
+        sock.sQpush8(0); // padding
 
-        buff[offset + 14] = bits * 2; // red-shift
-        buff[offset + 15] = bits * 1; // green-shift
-        buff[offset + 16] = bits * 0; // blue-shift
-
-        buff[offset + 17] = 0;   // padding
-        buff[offset + 18] = 0;   // padding
-        buff[offset + 19] = 0;   // padding
-
-        sock._sQlen += 20;
         sock.flush();
     },
 
     clientEncodings(sock, encodings) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
+        sock.sQpush8(2); // msg-type
 
-        buff[offset] = 2; // msg-type
-        buff[offset + 1] = 0; // padding
+        sock.sQpush8(0); // padding
 
-        buff[offset + 2] = encodings.length >> 8;
-        buff[offset + 3] = encodings.length;
-
-        let j = offset + 4;
+        sock.sQpush16(encodings.length);
         for (let i = 0; i < encodings.length; i++) {
-            const enc = encodings[i];
-            buff[j] = enc >> 24;
-            buff[j + 1] = enc >> 16;
-            buff[j + 2] = enc >> 8;
-            buff[j + 3] = enc;
-
-            j += 4;
+            sock.sQpush32(encodings[i]);
         }
 
-        sock._sQlen += j - offset;
         sock.flush();
     },
 
     fbUpdateRequest(sock, incremental, x, y, w, h) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
-
         if (typeof(x) === "undefined") { x = 0; }
         if (typeof(y) === "undefined") { y = 0; }
 
-        buff[offset] = 3;  // msg-type
-        buff[offset + 1] = incremental ? 1 : 0;
+        sock.sQpush8(3); // msg-type
 
-        buff[offset + 2] = (x >> 8) & 0xFF;
-        buff[offset + 3] = x & 0xFF;
+        sock.sQpush8(incremental ? 1 : 0);
 
-        buff[offset + 4] = (y >> 8) & 0xFF;
-        buff[offset + 5] = y & 0xFF;
+        sock.sQpush16(x);
+        sock.sQpush16(y);
+        sock.sQpush16(w);
+        sock.sQpush16(h);
 
-        buff[offset + 6] = (w >> 8) & 0xFF;
-        buff[offset + 7] = w & 0xFF;
-
-        buff[offset + 8] = (h >> 8) & 0xFF;
-        buff[offset + 9] = h & 0xFF;
-
-        sock._sQlen += 10;
         sock.flush();
     },
 
     xvpOp(sock, ver, op) {
-        const buff = sock._sQ;
-        const offset = sock._sQlen;
+        sock.sQpush8(250); // msg-type
 
-        buff[offset] = 250; // msg-type
-        buff[offset + 1] = 0; // padding
+        sock.sQpush8(0); // padding
 
-        buff[offset + 2] = ver;
-        buff[offset + 3] = op;
+        sock.sQpush8(ver);
+        sock.sQpush8(op);
 
-        sock._sQlen += 4;
         sock.flush();
     }
 };
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/util/browser.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/util/browser.js
index 155480142..bbc9f5c1e 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/util/browser.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/util/browser.js
@@ -45,15 +45,6 @@ try {
 
 export const supportsCursorURIs = _supportsCursorURIs;
 
-let _supportsImageMetadata = false;
-try {
-    new ImageData(new Uint8ClampedArray(4), 1, 1);
-    _supportsImageMetadata = true;
-} catch (ex) {
-    // ignore failure
-}
-export const supportsImageMetadata = _supportsImageMetadata;
-
 let _hasScrollbarGutter = true;
 try {
     // Create invisible container
@@ -86,35 +77,76 @@ export const hasScrollbarGutter = _hasScrollbarGutter;
  * It's better to use feature detection than platform detection.
  */
 
+/* OS */
+
 export function isMac() {
-    return navigator && !!(/mac/i).exec(navigator.platform);
+    return !!(/mac/i).exec(navigator.platform);
 }
 
 export function isWindows() {
-    return navigator && !!(/win/i).exec(navigator.platform);
+    return !!(/win/i).exec(navigator.platform);
 }
 
 export function isIOS() {
-    return navigator &&
-           (!!(/ipad/i).exec(navigator.platform) ||
+    return (!!(/ipad/i).exec(navigator.platform) ||
             !!(/iphone/i).exec(navigator.platform) ||
             !!(/ipod/i).exec(navigator.platform));
 }
 
+export function isAndroid() {
+    /* Android sets navigator.platform to Linux :/ */
+    return !!navigator.userAgent.match('Android ');
+}
+
+export function isChromeOS() {
+    /* ChromeOS sets navigator.platform to Linux :/ */
+    return !!navigator.userAgent.match(' CrOS ');
+}
+
+/* Browser */
+
 export function isSafari() {
-    return navigator && (navigator.userAgent.indexOf('Safari') !== -1 &&
-                         navigator.userAgent.indexOf('Chrome') === -1);
-}
-
-export function isIE() {
-    return navigator && !!(/trident/i).exec(navigator.userAgent);
-}
-
-export function isEdge() {
-    return navigator && !!(/edge/i).exec(navigator.userAgent);
+    return !!navigator.userAgent.match('Safari/...') &&
+           !navigator.userAgent.match('Chrome/...') &&
+           !navigator.userAgent.match('Chromium/...') &&
+           !navigator.userAgent.match('Epiphany/...');
 }
 
 export function isFirefox() {
-    return navigator && !!(/firefox/i).exec(navigator.userAgent);
+    return !!navigator.userAgent.match('Firefox/...') &&
+           !navigator.userAgent.match('Seamonkey/...');
 }
 
+export function isChrome() {
+    return !!navigator.userAgent.match('Chrome/...') &&
+           !navigator.userAgent.match('Chromium/...') &&
+           !navigator.userAgent.match('Edg/...') &&
+           !navigator.userAgent.match('OPR/...');
+}
+
+export function isChromium() {
+    return !!navigator.userAgent.match('Chromium/...');
+}
+
+export function isOpera() {
+    return !!navigator.userAgent.match('OPR/...');
+}
+
+export function isEdge() {
+    return !!navigator.userAgent.match('Edg/...');
+}
+
+/* Engine */
+
+export function isGecko() {
+    return !!navigator.userAgent.match('Gecko/...');
+}
+
+export function isWebKit() {
+    return !!navigator.userAgent.match('AppleWebKit/...') &&
+           !navigator.userAgent.match('Chrome/...');
+}
+
+export function isBlink() {
+    return !!navigator.userAgent.match('Chrome/...');
+}
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/util/cursor.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/util/cursor.js
index 4db1dab23..20e75f1b2 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/util/cursor.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/util/cursor.js
@@ -18,6 +18,10 @@ export default class Cursor {
             this._canvas.style.position = 'fixed';
             this._canvas.style.zIndex = '65535';
             this._canvas.style.pointerEvents = 'none';
+            // Safari on iOS can select the cursor image
+            // https://bugs.webkit.org/show_bug.cgi?id=249223
+            this._canvas.style.userSelect = 'none';
+            this._canvas.style.WebkitUserSelect = 'none';
             // Can't use "display" because of Firefox bug #1445997
             this._canvas.style.visibility = 'hidden';
         }
@@ -43,9 +47,6 @@ export default class Cursor {
         if (useFallback) {
             document.body.appendChild(this._canvas);
 
-            // FIXME: These don't fire properly except for mouse
-            ///       movement in IE. We want to also capture element
-            //        movement, size changes, visibility, etc.
             const options = { capture: true, passive: true };
             this._target.addEventListener('mouseover', this._eventHandlers.mouseover, options);
             this._target.addEventListener('mouseleave', this._eventHandlers.mouseleave, options);
@@ -68,7 +69,9 @@ export default class Cursor {
             this._target.removeEventListener('mousemove', this._eventHandlers.mousemove, options);
             this._target.removeEventListener('mouseup', this._eventHandlers.mouseup, options);
 
-            document.body.removeChild(this._canvas);
+            if (document.contains(this._canvas)) {
+                document.body.removeChild(this._canvas);
+            }
         }
 
         this._target = null;
@@ -90,14 +93,7 @@ export default class Cursor {
         this._canvas.width = w;
         this._canvas.height = h;
 
-        let img;
-        try {
-            // IE doesn't support this
-            img = new ImageData(new Uint8ClampedArray(rgba), w, h);
-        } catch (ex) {
-            img = ctx.createImageData(w, h);
-            img.data.set(new Uint8ClampedArray(rgba));
-        }
+        let img = new ImageData(new Uint8ClampedArray(rgba), w, h);
         ctx.clearRect(0, 0, w, h);
         ctx.putImageData(img, 0, 0);
 
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/util/events.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/util/events.js
index 39eefd459..eb09fe1e2 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/util/events.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/util/events.js
@@ -65,10 +65,6 @@ export function setCapture(target) {
 
         target.setCapture();
         document.captureElement = target;
-
-        // IE releases capture on 'click' events which might not trigger
-        target.addEventListener('mouseup', releaseCapture);
-
     } else {
         // Release any existing capture in case this method is
         // called multiple times without coordination
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/core/websock.js b/emhttp/plugins/dynamix.vm.manager/novnc/core/websock.js
index 3156aed6f..21327c31a 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/core/websock.js
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/core/websock.js
@@ -1,10 +1,10 @@
 /*
- * Websock: high-performance binary WebSockets
+ * Websock: high-performance buffering wrapper
  * Copyright (C) 2019 The noVNC Authors
  * Licensed under MPL 2.0 (see LICENSE.txt)
  *
- * Websock is similar to the standard WebSocket object but with extra
- * buffer handling.
+ * Websock is similar to the standard WebSocket / RTCDataChannel object
+ * but with extra buffer handling.
  *
  * Websock has built-in receive queue buffering; the message event
  * does not contain actual data but is simply a notification that
@@ -17,14 +17,39 @@ import * as Log from './util/logging.js';
 // this has performance issues in some versions Chromium, and
 // doesn't gain a tremendous amount of performance increase in Firefox
 // at the moment.  It may be valuable to turn it on in the future.
-// Also copyWithin() for TypedArrays is not supported in IE 11 or
-// Safari 13 (at the moment we want to support Safari 11).
-const ENABLE_COPYWITHIN = false;
 const MAX_RQ_GROW_SIZE = 40 * 1024 * 1024;  // 40 MiB
 
+// Constants pulled from RTCDataChannelState enum
+// https://developer.mozilla.org/en-US/docs/Web/API/RTCDataChannel/readyState#RTCDataChannelState_enum
+const DataChannel = {
+    CONNECTING: "connecting",
+    OPEN: "open",
+    CLOSING: "closing",
+    CLOSED: "closed"
+};
+
+const ReadyStates = {
+    CONNECTING: [WebSocket.CONNECTING, DataChannel.CONNECTING],
+    OPEN: [WebSocket.OPEN, DataChannel.OPEN],
+    CLOSING: [WebSocket.CLOSING, DataChannel.CLOSING],
+    CLOSED: [WebSocket.CLOSED, DataChannel.CLOSED],
+};
+
+// Properties a raw channel must have, WebSocket and RTCDataChannel are two examples
+const rawChannelProps = [
+    "send",
+    "close",
+    "binaryType",
+    "onerror",
+    "onmessage",
+    "onopen",
+    "protocol",
+    "readyState",
+];
+
 export default class Websock {
     constructor() {
-        this._websocket = null;  // WebSocket object
+        this._websocket = null;  // WebSocket or RTCDataChannel object
 
         this._rQi = 0;           // Receive queue index
         this._rQlen = 0;         // Next write position in the receive queue
@@ -46,27 +71,30 @@ export default class Websock {
     }
 
     // Getters and Setters
-    get sQ() {
-        return this._sQ;
-    }
 
-    get rQ() {
-        return this._rQ;
-    }
+    get readyState() {
+        let subState;
 
-    get rQi() {
-        return this._rQi;
-    }
+        if (this._websocket === null) {
+            return "unused";
+        }
 
-    set rQi(val) {
-        this._rQi = val;
+        subState = this._websocket.readyState;
+
+        if (ReadyStates.CONNECTING.includes(subState)) {
+            return "connecting";
+        } else if (ReadyStates.OPEN.includes(subState)) {
+            return "open";
+        } else if (ReadyStates.CLOSING.includes(subState)) {
+            return "closing";
+        } else if (ReadyStates.CLOSED.includes(subState)) {
+            return "closed";
+        }
+
+        return "unknown";
     }
 
     // Receive Queue
-    get rQlen() {
-        return this._rQlen - this._rQi;
-    }
-
     rQpeek8() {
         return this._rQ[this._rQi];
     }
@@ -93,42 +121,47 @@ export default class Websock {
         for (let byte = bytes - 1; byte >= 0; byte--) {
             res += this._rQ[this._rQi++] << (byte * 8);
         }
-        return res;
+        return res >>> 0;
     }
 
     rQshiftStr(len) {
-        if (typeof(len) === 'undefined') { len = this.rQlen; }
         let str = "";
         // Handle large arrays in steps to avoid long strings on the stack
         for (let i = 0; i < len; i += 4096) {
-            let part = this.rQshiftBytes(Math.min(4096, len - i));
+            let part = this.rQshiftBytes(Math.min(4096, len - i), false);
             str += String.fromCharCode.apply(null, part);
         }
         return str;
     }
 
-    rQshiftBytes(len) {
-        if (typeof(len) === 'undefined') { len = this.rQlen; }
+    rQshiftBytes(len, copy=true) {
         this._rQi += len;
-        return new Uint8Array(this._rQ.buffer, this._rQi - len, len);
+        if (copy) {
+            return this._rQ.slice(this._rQi - len, this._rQi);
+        } else {
+            return this._rQ.subarray(this._rQi - len, this._rQi);
+        }
     }
 
     rQshiftTo(target, len) {
-        if (len === undefined) { len = this.rQlen; }
         // TODO: make this just use set with views when using a ArrayBuffer to store the rQ
         target.set(new Uint8Array(this._rQ.buffer, this._rQi, len));
         this._rQi += len;
     }
 
-    rQslice(start, end = this.rQlen) {
-        return new Uint8Array(this._rQ.buffer, this._rQi + start, end - start);
+    rQpeekBytes(len, copy=true) {
+        if (copy) {
+            return this._rQ.slice(this._rQi, this._rQi + len);
+        } else {
+            return this._rQ.subarray(this._rQi, this._rQi + len);
+        }
     }
 
     // Check to see if we must wait for 'num' bytes (default to FBU.bytes)
     // to be available in the receive queue. Return true if we need to
     // wait (and possibly print a debug message), otherwise false.
     rQwait(msg, num, goback) {
-        if (this.rQlen < num) {
+        if (this._rQlen - this._rQi < num) {
             if (goback) {
                 if (this._rQi < goback) {
                     throw new Error("rQwait cannot backup " + goback + " bytes");
@@ -142,21 +175,56 @@ export default class Websock {
 
     // Send Queue
 
+    sQpush8(num) {
+        this._sQensureSpace(1);
+        this._sQ[this._sQlen++] = num;
+    }
+
+    sQpush16(num) {
+        this._sQensureSpace(2);
+        this._sQ[this._sQlen++] = (num >> 8) & 0xff;
+        this._sQ[this._sQlen++] = (num >> 0) & 0xff;
+    }
+
+    sQpush32(num) {
+        this._sQensureSpace(4);
+        this._sQ[this._sQlen++] = (num >> 24) & 0xff;
+        this._sQ[this._sQlen++] = (num >> 16) & 0xff;
+        this._sQ[this._sQlen++] = (num >>  8) & 0xff;
+        this._sQ[this._sQlen++] = (num >>  0) & 0xff;
+    }
+
+    sQpushString(str) {
+        let bytes = str.split('').map(chr => chr.charCodeAt(0));
+        this.sQpushBytes(new Uint8Array(bytes));
+    }
+
+    sQpushBytes(bytes) {
+        for (let offset = 0;offset < bytes.length;) {
+            this._sQensureSpace(1);
+
+            let chunkSize = this._sQbufferSize - this._sQlen;
+            if (chunkSize > bytes.length - offset) {
+                chunkSize = bytes.length - offset;
+            }
+
+            this._sQ.set(bytes.subarray(offset, chunkSize), this._sQlen);
+            this._sQlen += chunkSize;
+            offset += chunkSize;
+        }
+    }
+
     flush() {
-        if (this._sQlen > 0 && this._websocket.readyState === WebSocket.OPEN) {
-            this._websocket.send(this._encodeMessage());
+        if (this._sQlen > 0 && this.readyState === 'open') {
+            this._websocket.send(new Uint8Array(this._sQ.buffer, 0, this._sQlen));
             this._sQlen = 0;
         }
     }
 
-    send(arr) {
-        this._sQ.set(arr, this._sQlen);
-        this._sQlen += arr.length;
-        this.flush();
-    }
-
-    sendString(str) {
-        this.send(str.split('').map(chr => chr.charCodeAt(0)));
+    _sQensureSpace(bytes) {
+        if (this._sQbufferSize - this._sQlen < bytes) {
+            this.flush();
+        }
     }
 
     // Event Handlers
@@ -180,12 +248,25 @@ export default class Websock {
     }
 
     open(uri, protocols) {
+        this.attach(new WebSocket(uri, protocols));
+    }
+
+    attach(rawChannel) {
         this.init();
 
-        this._websocket = new WebSocket(uri, protocols);
-        this._websocket.binaryType = 'arraybuffer';
+        // Must get object and class methods to be compatible with the tests.
+        const channelProps = [...Object.keys(rawChannel), ...Object.getOwnPropertyNames(Object.getPrototypeOf(rawChannel))];
+        for (let i = 0; i < rawChannelProps.length; i++) {
+            const prop = rawChannelProps[i];
+            if (channelProps.indexOf(prop) < 0) {
+                throw new Error('Raw channel missing property: ' + prop);
+            }
+        }
 
+        this._websocket = rawChannel;
+        this._websocket.binaryType = "arraybuffer";
         this._websocket.onmessage = this._recvMessage.bind(this);
+
         this._websocket.onopen = () => {
             Log.Debug('>> WebSock.onopen');
             if (this._websocket.protocol) {
@@ -195,11 +276,13 @@ export default class Websock {
             this._eventHandlers.open();
             Log.Debug("<< WebSock.onopen");
         };
+
         this._websocket.onclose = (e) => {
             Log.Debug(">> WebSock.onclose");
             this._eventHandlers.close(e);
             Log.Debug("<< WebSock.onclose");
         };
+
         this._websocket.onerror = (e) => {
             Log.Debug(">> WebSock.onerror: " + e);
             this._eventHandlers.error(e);
@@ -209,8 +292,8 @@ export default class Websock {
 
     close() {
         if (this._websocket) {
-            if ((this._websocket.readyState === WebSocket.OPEN) ||
-                    (this._websocket.readyState === WebSocket.CONNECTING)) {
+            if (this.readyState === 'connecting' ||
+                this.readyState === 'open') {
                 Log.Info("Closing WebSocket connection");
                 this._websocket.close();
             }
@@ -220,17 +303,12 @@ export default class Websock {
     }
 
     // private methods
-    _encodeMessage() {
-        // Put in a binary arraybuffer
-        // according to the spec, you can send ArrayBufferViews with the send method
-        return new Uint8Array(this._sQ.buffer, 0, this._sQlen);
-    }
 
     // We want to move all the unread data to the start of the queue,
     // e.g. compacting.
     // The function also expands the receive que if needed, and for
     // performance reasons we combine these two actions to avoid
-    // unneccessary copying.
+    // unnecessary copying.
     _expandCompactRQ(minFit) {
         // if we're using less than 1/8th of the buffer even with the incoming bytes, compact in place
         // instead of resizing
@@ -246,7 +324,7 @@ export default class Websock {
         // we don't want to grow unboundedly
         if (this._rQbufferSize > MAX_RQ_GROW_SIZE) {
             this._rQbufferSize = MAX_RQ_GROW_SIZE;
-            if (this._rQbufferSize - this.rQlen < minFit) {
+            if (this._rQbufferSize - (this._rQlen - this._rQi) < minFit) {
                 throw new Error("Receive Queue buffer exceeded " + MAX_RQ_GROW_SIZE + " bytes, and the new message could not fit");
             }
         }
@@ -256,11 +334,7 @@ export default class Websock {
             this._rQ = new Uint8Array(this._rQbufferSize);
             this._rQ.set(new Uint8Array(oldRQbuffer, this._rQi, this._rQlen - this._rQi));
         } else {
-            if (ENABLE_COPYWITHIN) {
-                this._rQ.copyWithin(0, this._rQi, this._rQlen);
-            } else {
-                this._rQ.set(new Uint8Array(this._rQ.buffer, this._rQi, this._rQlen - this._rQi));
-            }
+            this._rQ.copyWithin(0, this._rQi, this._rQlen);
         }
 
         this._rQlen = this._rQlen - this._rQi;
@@ -268,25 +342,22 @@ export default class Websock {
     }
 
     // push arraybuffer values onto the end of the receive que
-    _DecodeMessage(data) {
-        const u8 = new Uint8Array(data);
+    _recvMessage(e) {
+        if (this._rQlen == this._rQi) {
+            // All data has now been processed, this means we
+            // can reset the receive queue.
+            this._rQlen = 0;
+            this._rQi = 0;
+        }
+        const u8 = new Uint8Array(e.data);
         if (u8.length > this._rQbufferSize - this._rQlen) {
             this._expandCompactRQ(u8.length);
         }
         this._rQ.set(u8, this._rQlen);
         this._rQlen += u8.length;
-    }
 
-    _recvMessage(e) {
-        this._DecodeMessage(e.data);
-        if (this.rQlen > 0) {
+        if (this._rQlen - this._rQi > 0) {
             this._eventHandlers.message();
-            if (this._rQlen == this._rQi) {
-                // All data has now been processed, this means we
-                // can reset the receive queue.
-                this._rQlen = 0;
-                this._rQi = 0;
-            }
         } else {
             Log.Debug("Ignoring empty message");
         }
diff --git a/emhttp/plugins/dynamix.vm.manager/novnc/package.json b/emhttp/plugins/dynamix.vm.manager/novnc/package.json
index 8fc04e50a..9fa8c312d 100644
--- a/emhttp/plugins/dynamix.vm.manager/novnc/package.json
+++ b/emhttp/plugins/dynamix.vm.manager/novnc/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@novnc/novnc",
-  "version": "1.2.0",
+  "version": "1.5.0",
   "description": "An HTML5 VNC client",
   "browser": "lib/rfb",
   "directories": {
@@ -14,14 +14,12 @@
     "VERSION",
     "docs/API.md",
     "docs/LIBRARY.md",
-    "docs/LICENSE*",
-    "core",
-    "vendor/pako"
+    "docs/LICENSE*"
   ],
   "scripts": {
     "lint": "eslint app core po/po2js po/xgettext-html tests utils",
     "test": "karma start karma.conf.js",
-    "prepublish": "node ./utils/use_require.js --as commonjs --clean"
+    "prepublish": "node ./utils/convert.js --clean"
   },
   "repository": {
     "type": "git",
@@ -29,8 +27,6 @@
   },
   "author": "Joel Martin <github@martintribe.org> (https://github.com/kanaka)",
   "contributors": [
-    "Solly Ross <sross@redhat.com> (https://github.com/directxman12)",
-    "Peter Åstrand <astrand@cendio.se> (https://github.com/astrand)",
     "Samuel Mannehed <samuel@cendio.se> (https://github.com/samhed)",
     "Pierre Ossman <ossman@cendio.se> (https://github.com/CendioOssman)"
   ],
@@ -40,42 +36,31 @@
   },
   "homepage": "https://github.com/novnc/noVNC",
   "devDependencies": {
-    "@babel/core": "*",
-    "@babel/plugin-syntax-dynamic-import": "*",
-    "@babel/plugin-transform-modules-amd": "*",
-    "@babel/plugin-transform-modules-commonjs": "*",
-    "@babel/plugin-transform-modules-systemjs": "*",
-    "@babel/plugin-transform-modules-umd": "*",
-    "@babel/preset-env": "*",
-    "@babel/cli": "*",
-    "babel-plugin-import-redirect": "*",
-    "browserify": "*",
-    "babelify": "*",
-    "core-js": "*",
-    "chai": "*",
-    "commander": "*",
-    "es-module-loader": "*",
-    "eslint": "*",
-    "fs-extra": "*",
-    "jsdom": "*",
-    "karma": "*",
-    "karma-mocha": "*",
-    "karma-chrome-launcher": "*",
-    "@chiragrupani/karma-chromium-edge-launcher": "*",
-    "karma-firefox-launcher": "*",
-    "karma-ie-launcher": "*",
-    "karma-mocha-reporter": "*",
-    "karma-safari-launcher": "*",
-    "karma-script-launcher": "*",
-    "karma-sinon-chai": "*",
-    "mocha": "*",
-    "node-getopt": "*",
-    "po2json": "*",
-    "requirejs": "*",
-    "rollup": "*",
-    "rollup-plugin-node-resolve": "*",
-    "sinon": "*",
-    "sinon-chai": "*"
+    "@babel/core": "latest",
+    "@babel/preset-env": "latest",
+    "babel-plugin-import-redirect": "latest",
+    "browserify": "latest",
+    "chai": "latest",
+    "commander": "latest",
+    "eslint": "latest",
+    "fs-extra": "latest",
+    "globals": "latest",
+    "jsdom": "latest",
+    "karma": "latest",
+    "karma-mocha": "latest",
+    "karma-chrome-launcher": "latest",
+    "@chiragrupani/karma-chromium-edge-launcher": "latest",
+    "karma-firefox-launcher": "latest",
+    "karma-ie-launcher": "latest",
+    "karma-mocha-reporter": "latest",
+    "karma-safari-launcher": "latest",
+    "karma-script-launcher": "latest",
+    "karma-sinon-chai": "latest",
+    "mocha": "latest",
+    "node-getopt": "latest",
+    "po2json": "latest",
+    "sinon": "latest",
+    "sinon-chai": "latest"
   },
   "dependencies": {},
   "keywords": [
diff --git a/emhttp/plugins/dynamix.vm.manager/vnc.html b/emhttp/plugins/dynamix.vm.manager/vnc.html
index 6e9ea184e..edfe49b40 100644
--- a/emhttp/plugins/dynamix.vm.manager/vnc.html
+++ b/emhttp/plugins/dynamix.vm.manager/vnc.html
@@ -12,13 +12,13 @@
         http://example.com/?host=HOST&port=PORT&encrypt=1
     or the fragment:
         http://example.com/#host=HOST&port=PORT&encrypt=1
+
+        1.5
     -->
     <title>noVNC</title>
-
     <base href="novnc/">
 
-    <meta charset="utf-8">
-
+    <meta charset="utf-8">   
     <!-- Always force latest IE rendering engine (even in intranet) & Chrome Frame
                 Remove this if you use the .htaccess -->
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
@@ -42,31 +42,37 @@
     -->
     <!-- Repeated last so that legacy handling will pick this -->
     <link rel="icon" sizes="16x16" type="image/png" href="app/images/icons/novnc-16x16.png">
+    <link rel="icon" type="image/x-icon" href="app/images/icons/novnc.ico">
 
     <!-- Apple iOS Safari settings -->
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
     <meta name="apple-mobile-web-app-capable" content="yes">
     <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
-    <!-- Home Screen Icons (favourites and bookmarks use the normal icons) -->
-    <link rel="apple-touch-icon" sizes="60x60" type="image/png" href="app/images/icons/novnc-60x60.png">
-    <link rel="apple-touch-icon" sizes="76x76" type="image/png" href="app/images/icons/novnc-76x76.png">
-    <link rel="apple-touch-icon" sizes="120x120" type="image/png" href="app/images/icons/novnc-120x120.png">
-    <link rel="apple-touch-icon" sizes="152x152" type="image/png" href="app/images/icons/novnc-152x152.png">
+<!-- Home Screen Icons (favourites and bookmarks use the normal icons) -->
+    <!-- @2x -->
+    <link rel="apple-touch-icon" sizes="40x40" type="image/png" href="app/images/icons/novnc-ios-40.png">
+    <link rel="apple-touch-icon" sizes="58x58" type="image/png" href="app/images/icons/novnc-ios-58.png">
+    <link rel="apple-touch-icon" sizes="80x80" type="image/png" href="app/images/icons/novnc-ios-80.png">
+    <link rel="apple-touch-icon" sizes="120x120" type="image/png" href="app/images/icons/novnc-ios-120.png">
+    <link rel="apple-touch-icon" sizes="152x152" type="image/png" href="app/images/icons/novnc-ios-152.png">
+    <link rel="apple-touch-icon" sizes="167x167" type="image/png" href="app/images/icons/novnc-ios-167.png">
+    <!-- @3x -->
+    <link rel="apple-touch-icon" sizes="60x60" type="image/png" href="app/images/icons/novnc-ios-60.png">
+    <link rel="apple-touch-icon" sizes="87x87" type="image/png" href="app/images/icons/novnc-ios-87.png">
+    <link rel="apple-touch-icon" sizes="120x120" type="image/png" href="app/images/icons/novnc-ios-120.png">
+    <link rel="apple-touch-icon" sizes="180x180" type="image/png" href="app/images/icons/novnc-ios-180.png">
 
     <!-- Stylesheets -->
     <link rel="stylesheet" href="app/styles/base.css">
+    <link rel="stylesheet" href="app/styles/input.css">
 
-    <!-- this is included as a normal file in order to catch script-loading errors as well -->
-    <script src="app/error-handler.js"></script>
+    <!-- Images that will later appear via CSS -->
+    <link rel="preload" as="image" href="app/images/info.svg">
+    <link rel="preload" as="image" href="app/images/error.svg">
+    <link rel="preload" as="image" href="app/images/warning.svg">
 
-    <!-- begin scripts -->
-    <!-- promise polyfills promises for IE11 -->
-    <script src="vendor/promise.js?ts=20200718"></script>
-    <!-- ES2015/ES6 modules polyfill -->
-    <script nomodule src="vendor/browser-es-module-loader/dist/browser-es-module-loader.js?ts=20200718"></script>
-    <!-- actual script modules -->
-    <script type="module" crossorigin="anonymous" src="app/ui.js?ts=20200718"></script>
-    <!-- end scripts -->
+    <script type="module" crossorigin="anonymous" src="app/error-handler.js"></script>
+    <script type="module" crossorigin="anonymous" src="app/ui.js"></script>
 </head>
 
 <body>
@@ -89,6 +95,8 @@
 
             <h1 class="noVNC_logo" translate="no"><span>no</span><br>VNC</h1>
 
+            <hr>
+
             <!-- Drag/Pan the viewport -->
             <input type="image" alt="Drag" src="app/images/drag.svg"
                 id="noVNC_view_drag_button" class="noVNC_button noVNC_hidden"
@@ -151,17 +159,17 @@
                 <div class="noVNC_heading">
                     <img alt="" src="app/images/clipboard.svg"> Clipboard
                 </div>
+                <p class="noVNC_subheading">
+                    Edit clipboard content in the textarea below.
+                </p>
                 <textarea id="noVNC_clipboard_text" rows=5></textarea>
-                <br>
-                <input id="noVNC_clipboard_clear_button" type="button"
-                    value="Clear" class="noVNC_submit">
             </div>
             </div>
 
             <!-- Toggle fullscreen -->
-            <input type="image" alt="Fullscreen" src="app/images/fullscreen.svg"
+            <input type="image" alt="Full Screen" src="app/images/fullscreen.svg"
                 id="noVNC_fullscreen_button" class="noVNC_button noVNC_hidden"
-                title="Fullscreen">
+                title="Full Screen">
 
             <!-- Settings -->
             <input type="image" alt="Settings" src="app/images/settings.svg"
@@ -169,10 +177,10 @@
                 title="Settings">
             <div class="noVNC_vcenter">
             <div id="noVNC_settings" class="noVNC_panel">
+                <div class="noVNC_heading">
+                    <img alt="" src="app/images/settings.svg"> Settings
+                </div>
                 <ul>
-                    <li class="noVNC_heading">
-                        <img alt="" src="app/images/settings.svg"> Settings
-                    </li>
                     <li>
                         <label><input id="noVNC_setting_shared" type="checkbox"> Shared Mode</label>
                     </li>
@@ -267,39 +275,69 @@
             </div>
         </div>
 
-        <div id="noVNC_control_bar_hint"></div>
-
     </div> <!-- End of noVNC_control_bar -->
 
+    <div id="noVNC_hint_anchor" class="noVNC_vcenter">
+        <div id="noVNC_control_bar_hint">
+        </div>
+    </div>
+
     <!-- Status Dialog -->
     <div id="noVNC_status"></div>
 
     <!-- Connect button -->
     <div class="noVNC_center">
         <div id="noVNC_connect_dlg">
-            <div class="noVNC_logo" translate="no"><span>no</span>VNC</div>
-            <div id="noVNC_connect_button"><div>
-                <img alt="" src="app/images/connect.svg"> Connect
-            </div></div>
+            <p class="noVNC_logo" translate="no"><span>no</span>VNC</p>
+            <div>
+                <button id="noVNC_connect_button">
+                    <img alt="" src="app/images/connect.svg"> Connect
+                </button>
+            </div>
         </div>
     </div>
 
+    <!-- Server Key Verification Dialog -->
+    <div class="noVNC_center noVNC_connect_layer">
+    <div id="noVNC_verify_server_dlg" class="noVNC_panel"><form>
+        <div class="noVNC_heading">
+            Server identity
+        </div>
+        <div>
+            The server has provided the following identifying information:
+        </div>
+        <div id="noVNC_fingerprint_block">
+            <b>Fingerprint:</b>
+            <span id="noVNC_fingerprint"></span>
+        </div>
+        <div>
+            Please verify that the information is correct and press
+            "Approve". Otherwise press "Reject".
+        </div>
+        <div>
+            <input id="noVNC_approve_server_button" type="submit" value="Approve" class="noVNC_submit">
+            <input id="noVNC_reject_server_button" type="button" value="Reject" class="noVNC_submit">
+        </div>
+    </form></div>
+    </div>
+
     <!-- Password Dialog -->
     <div class="noVNC_center noVNC_connect_layer">
     <div id="noVNC_credentials_dlg" class="noVNC_panel"><form>
-        <ul>
-            <li id="noVNC_username_block">
-                <label>Username:</label>
-                <input id="noVNC_username_input">
-            </li>
-            <li id="noVNC_password_block">
-                <label>Password:</label>
-                <input id="noVNC_password_input" type="password">
-            </li>
-            <li>
-                <input id="noVNC_credentials_button" type="submit" value="Send Credentials" class="noVNC_submit">
-            </li>
-        </ul>
+        <div class="noVNC_heading">
+            Credentials
+        </div>
+        <div id="noVNC_username_block">
+            <label for="noVNC_username_input">Username:</label>
+            <input id="noVNC_username_input">
+        </div>
+        <div id="noVNC_password_block">
+            <label for="noVNC_password_input">Password:</label>
+            <input id="noVNC_password_input" type="password">
+        </div>
+        <div>
+            <input id="noVNC_credentials_button" type="submit" value="Send Credentials" class="noVNC_submit">
+        </div>
     </form></div>
     </div>
 
@@ -318,7 +356,8 @@
              html attributes which attempt to disable text suggestions on the
              on-screen keyboard. Let's hope Chrome implements the ime-mode
              style for example -->
-        <textarea id="noVNC_keyboardinput" autocapitalize="off" autocomplete="off" spellcheck="false" tabindex="-1"></textarea>
+        <textarea id="noVNC_keyboardinput" autocapitalize="off"
+            autocomplete="off" spellcheck="false" tabindex="-1"></textarea>
     </div>
 
     <audio id="noVNC_bell">

From 60c5dd2902b5c3f846615a87ea35395f54b2551d Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Thu, 17 Oct 2024 13:18:13 +0100
Subject: [PATCH 066/174] Update device_list

---
 emhttp/plugins/dynamix/nchan/device_list | 26 ++++++++++++------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/emhttp/plugins/dynamix/nchan/device_list b/emhttp/plugins/dynamix/nchan/device_list
index 3aea52977..b1123cc76 100755
--- a/emhttp/plugins/dynamix/nchan/device_list
+++ b/emhttp/plugins/dynamix/nchan/device_list
@@ -119,7 +119,7 @@ function assignment(&$disk) {
 function vfs_luks($fs) {
   return str_starts_with($fs,'luks:');
 }
-function vfs_type(&$disk) {
+function vfs_type(&$disk,$online = false) {
   global $disks, $pools, $crypto;
   $fsType = _var($disk,'fsType','');
   $luks   = '';
@@ -148,13 +148,13 @@ function vfs_type(&$disk) {
   }
   return $luks.str_replace('luks:','',$fsType);
 }
-function fs_info(&$disk) {
+function fs_info(&$disk,$online = false) {
   global $display;
   $echo = [];
   if (empty(_var($disk,'fsStatus','')))
     return "<td colspan='4'></td>";
   if (_var($disk,'fsStatus')=='Mounted') {
-    $echo[] = "<td>".vfs_type($disk)."</td>";
+    $echo[] = "<td>".vfs_type($disk,$online)."</td>";
     $echo[] = "<td>".my_scale(_var($disk,'fsSize',0)*1024,$unit,-1)." $unit</td>";
     if ($display['text']%10==0) {
       $echo[] = "<td>".my_scale(_var($disk,'fsUsed',0)*1024,$unit)." $unit</td>";
@@ -169,7 +169,7 @@ function fs_info(&$disk) {
       $echo[] = "<td><div class='usage-disk'><span style='width:$free%' class='".usage_color($disk,$free,true)."'></span><span>".my_scale(_var($disk,'fsFree',0)*1024,$unit)." $unit</span></div></td>";
     }
   } else {
-    $echo[] = "<td>".vfs_type($disk)."</td><td colspan='3'>"._(_var($disk,'fsStatus'))."</td>";
+    $echo[] = "<td>".vfs_type($disk,$online)."</td><td colspan='3'>"._(_var($disk,'fsStatus'))."</td>";
   }
   return implode($echo);
 }
@@ -211,14 +211,14 @@ function array_offline(&$disk, $pool='') {
     $echo[] = "<td>".device_info($disk,false)."<br><span class='diskinfo'><em>"._('Missing')."</em></span></td>";
     $echo[] = "<td>".assignment($disk)."<em>{$disk['idSb']} - ".my_scale(_var($disk,'sizeSb',0)*1024,$unit)." $unit</em></td>";
     $echo[] = "<td colspan='4'></td>";
-    $echo[] = "<td>".vfs_type($disk)."</td>";
+    $echo[] = "<td>".vfs_type($disk,false)."</td>";
     $echo[] = "<td colspan='3'></td>";
     break;
   case 'DISK_NP_DSBL':
     $echo[] = "<td>".device_info($disk,false)."</td>";
     $echo[] = "<td>".assignment($disk)."</td>";
     $echo[] = "<td colspan='4'></td>";
-    $echo[] = "<td>".vfs_type($disk)."</td>";
+    $echo[] = "<td>".vfs_type($disk,false)."</td>";
     $echo[] = "<td colspan='3'></td>";
     break;
   case 'DISK_OK':
@@ -233,7 +233,7 @@ function array_offline(&$disk, $pool='') {
       $echo[] = "<td colspan='7'>$warning</td>";
     } else {
       $echo[] = "<td colspan='3'></td>";
-      $echo[] = "<td>".vfs_type($disk)."</td>";
+      $echo[] = "<td>".vfs_type($disk,false)."</td>";
       $echo[] = "<td colspan='3'></td>";
     }
     break;
@@ -245,7 +245,7 @@ function array_offline(&$disk, $pool='') {
       $echo[] = "<td colspan='7'>$warning</td>";
     } else {
       $echo[] = "<td colspan='3'></td>";
-      $echo[] = "<td>".vfs_type($disk)."</td>";
+      $echo[] = "<td>".vfs_type($disk,false)."</td>";
       $echo[] = "<td colspan='3'></td>";
     }
     break;
@@ -268,7 +268,7 @@ function array_online(&$disk, $fstype='') {
     $sum['count']++;
     $sum['temp'] += $disk['temp'];
   }
-  $sum['power'] += intval(_var($disk,'power',0));
+  $sum['power'] += floatval(_var($disk,'power',0));
   $sum['numReads'] += _var($disk,'numReads',0);
   $sum['numWrites'] += _var($disk,'numWrites',0);
   $sum['numErrors'] += _var($disk,'numErrors',0);
@@ -284,14 +284,14 @@ function array_online(&$disk, $fstype='') {
       $echo[] = "<td>".device_info($disk,true)."</td>";
       $echo[] = "<td><a class='static'><i class='icon-disk icon'></i><span></span></a><em>".($fstype=='zfs' ? _('Not present') : _('Not installed'))."</em></td>";
       $echo[] = "<td colspan='4'></td>";
-      $echo[] = fs_info($disk);
+      $echo[] = fs_info($disk,true);
     }
     break;
   case 'DISK_NP_DSBL':
     $echo[] = "<td>".device_info($disk,true)."</td>";
     $echo[] = "<td><a class='static'><i class='icon-disk icon'></i><span></span></a><em>"._('Not installed')."</em></td>";
     $echo[] = "<td colspan='4'></td>";
-    $echo[] = fs_info($disk);
+    $echo[] = fs_info($disk,true);
     break;
   case 'DISK_DSBL':
   default:
@@ -301,7 +301,7 @@ function array_online(&$disk, $fstype='') {
     $echo[] = "<td><span class='diskio'>".my_diskio($data[0])."</span><span class='number'>".my_number(_var($disk,'numReads',0))."</span></td>";
     $echo[] = "<td><span class='diskio'>".my_diskio($data[1])."</span><span class='number'>".my_number(_var($disk,'numWrites',0))."</span></td>";
     $echo[] = "<td>".my_number(_var($disk,'numErrors',0))."</td>";
-    $echo[] = fs_info($disk);
+    $echo[] = fs_info($disk,true);
     break;
   }
   $echo[] = "</tr>";
@@ -479,7 +479,7 @@ while (true) {
   $echo[$a][] = "<td><span class='diskio'>".my_diskio($data[0])."</span><span class='number'>".my_number(_var($Flash,'numReads',0))."</span></td>";
   $echo[$a][] = "<td><span class='diskio'>".my_diskio($data[1])."</span><span class='number'>".my_number(_var($Flash,'numWrites',0))."</span></td>";
   $echo[$a][] = "<td>".my_number(_var($Flash,'numErrors',0))."</td>";
-  $echo[$a][] = fs_info($Flash);
+  $echo[$a][] = fs_info($Flash,true);
   $echo[$a][] = "</tr>";
   $echo[$a] = implode($echo[$a]);
 

From 59518d967243893706e86ddc739ac8e7b86c8ac0 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Thu, 17 Oct 2024 13:19:38 -0700
Subject: [PATCH 067/174] Revert "fix: prevent deleting containers that are
 assigned as a network #1876"

---
 .../plugins/dynamix.docker.manager/include/DockerClient.php | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
index dc60818a2..48b203e4e 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
@@ -825,12 +825,6 @@ class DockerClient {
 		$id = $id ?: $name;
 		$info = DockerUtil::loadJSON($dockerManPaths['webui-info']);
 
-		// Check to see if the container is linked to other containers
-		$networks = array_map(function ($n) { return $n['NetworkMode']; }, $this->getDockerContainers());
-		if (in_array("container:{$name}", $networks)) {
-				return "Container currently assigned as network for another container.";
-		}
-
 		// Attempt to remove container
 		$this->getDockerJSON("/containers/$id?force=1", 'DELETE', $code);
 		if (isset($info[$name])) {

From 84bb44171931ceea9ad9109455b54abe95697b8d Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Thu, 17 Oct 2024 15:20:21 -0700
Subject: [PATCH 068/174] really should re-hash any time dirs are removed from
 PATH

---
 etc/rc.d/rc.6 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etc/rc.d/rc.6 b/etc/rc.d/rc.6
index c69dfadad..63d1e4fe1 100755
--- a/etc/rc.d/rc.6
+++ b/etc/rc.d/rc.6
@@ -241,6 +241,8 @@ while IFS= read -r LINE; do
   [[ " ${EXCLUDE_PATHS[@]} " =~ " $MOUNT_PATH " ]] && continue
   run /bin/umount -v "$MOUNT_PATH"
 done <<< "$(/bin/cat /proc/mounts)"
+# Update PATH hashes:
+hash -r
 
 # limetech - shut down the unraid driver if started
 if /bin/grep -qs 'mdState=STARTED' /proc/mdstat; then

From 35f4cb9bf0e1f63cdcc8212117d31e1323eeb87d Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Fri, 18 Oct 2024 12:25:40 +0100
Subject: [PATCH 069/174] Force scaling local.

---
 emhttp/plugins/dynamix.vm.manager/include/VMMachines.php | 3 ++-
 emhttp/plugins/dynamix.vm.manager/include/VMajax.php     | 3 ++-
 emhttp/plugins/dynamix/include/DashboardApps.php         | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
index 846cbe874..4d7b8d0ff 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
@@ -81,7 +81,8 @@ foreach ($vms as $vm) {
   if ($vmrcport > 0) {
     $wsport = $lv->domain_get_ws_port($res);
     $vmrcprotocol = $lv->domain_get_vmrc_protocol($res);
-    $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).'&autoconnect=true&host='._var($_SERVER,'HTTP_HOST');
+    if ($vmrcprotocol == "vnc") $vmrcscale = "&scale=auto"; else $vmrcscale = "";
+    $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).$vmrcscale.'&autoconnect=true&host='._var($_SERVER,'HTTP_HOST');
     if ($vmrcprotocol == "spice") $vmrcurl .= '&vmname='. urlencode($vm) .'&port=/wsproxy/'.$vmrcport.'/'; else $vmrcurl .= '&port=&path=/wsproxy/'.$wsport.'/';
     $graphics = strtoupper($vmrcprotocol).":".$vmrcport."\n";
     $virtual = true ;
diff --git a/emhttp/plugins/dynamix.vm.manager/include/VMajax.php b/emhttp/plugins/dynamix.vm.manager/include/VMajax.php
index 7e9b18735..991692a1d 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/VMajax.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/VMajax.php
@@ -133,7 +133,8 @@ case 'domain-start-console':
 		$vmrcurl  = autov('/plugins/dynamix.vm.manager/'.$protocol.'.html',true).'&autoconnect=true&host='._var($_SERVER,'HTTP_HOST');
 		if ($protocol == "spice") $vmrcurl  .= '&vmname='. urlencode($domName) .'&port=/wsproxy/'.$vmrcport.'/'; else $vmrcurl .= '&port=&path=/wsproxy/'.$wsport.'/';
 	}
-	$arrResponse['vmrcurl'] = $vmrcurl;
+	if ($protocol == "vnc") $vmrcscale = "&scale=auto"; else $vmrcscale = "";
+	$arrResponse['vmrcurl'] = $vmrcurl.$vmrcscale;
 	break;
 
 case 'domain-start-consoleRV':
diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index 36edf47a9..685bcfabc 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -96,7 +96,8 @@ if ($_POST['vms']) {
     if ($vmrcport > 0) {
       $wsport = $lv->domain_get_ws_port($res);
       $vmrcprotocol = $lv->domain_get_vmrc_protocol($res) ;
-      $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).'&autoconnect=true&host=' . $_SERVER['HTTP_HOST'] ;
+      if ($vmrcprotocol == "vnc") $vmrcscale = "&scale=auto"; else $vmrcscale = "";
+      $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).$vmrcscale.'&autoconnect=true&host=' . $_SERVER['HTTP_HOST'] ;
       if ($vmrcprotocol == "spice") $vmrcurl .= '&vmname='. urlencode($vm) . '&port=/wsproxy/'.$vmrcport.'/' ; else $vmrcurl .= '&port=&path=/wsproxy/' . $wsport . '/';
     } elseif ($vmrcport == -1 || $autoport) {
       $vmrcprotocol = $lv->domain_get_vmrc_protocol($res) ;

From ba6ae34e8b49630fb2a2d7b236c588382ea15f1e Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Fri, 18 Oct 2024 18:30:23 -0500
Subject: [PATCH 070/174] Add Update Pool button to zfs devices to update zfs
 volume to latest version.

---
 emhttp/plugins/dynamix/DeviceInfo.page        | 43 +++++++++++++++-
 .../plugins/dynamix/include/zfs_upgrade.php   | 51 +++++++++++++++++++
 2 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 emhttp/plugins/dynamix/include/zfs_upgrade.php

diff --git a/emhttp/plugins/dynamix/DeviceInfo.page b/emhttp/plugins/dynamix/DeviceInfo.page
index 92cd59bd0..dce6dc91d 100755
--- a/emhttp/plugins/dynamix/DeviceInfo.page
+++ b/emhttp/plugins/dynamix/DeviceInfo.page
@@ -111,6 +111,14 @@ function isPool($name) {
   global $pools;
   return in_array($name,$pools);
 }
+/* Check to see if a pool has already been upgraded. */
+function is_upgraded_ZFS_pool($pool_name) {
+
+	/* See if the pool is aready upgraded. */
+	$upgrade	= trim(shell_exec("/usr/sbin/zpool status ".escapeshellarg($pool_name)." | /usr/bin/grep 'Enable all features using.'") ?? "");
+
+	return ($upgrade ? false : true);
+}
 ?>
 <link type="text/css" rel="stylesheet" href="<?autov("/webGui/styles/jquery.ui.css")?>">
 <link type="text/css" rel="stylesheet" href="<?autov("/plugins/dynamix.docker.manager/styles/style-$theme.css")?>">
@@ -603,7 +611,7 @@ function eraseDisk(name) {
     text:"<?=$textErase?><p style='font-weight:bold;color:red;margin:8px 0'>_(Existing content is permanently lost)_</p>",
     html:true,
     type:'input',
-    inputPlaceholder:"<?=sprintf(_('To confirm your action type: %s'),$name)?>",
+    inputPlaceholder:"<?=sprintf(_('To confirm type: %s'),$name)?>",
     showCancelButton:true,
     closeOnConfirm:false,
     confirmButtonText:"_(Proceed)_",
@@ -631,7 +639,7 @@ function deletePool(name) {
     text:"<?=$textDelete?>",
     html:true,
     type:'input',
-    inputPlaceholder:"<?=sprintf(_('To confirm your action type: %s'),$name)?>",
+    inputPlaceholder:"<?=sprintf(_('To confirm type: %s'),$name)?>",
     showCancelButton:true,
     closeOnConfirm:false,
     confirmButtonText:"_(Proceed)_",
@@ -653,6 +661,34 @@ function deletePool(name) {
     }
   });
 }
+function upgradeZpool(name) {
+  swal({
+    title:"_(Upgrade ZFS Pool)_?",
+    text:"_(This operation cannot be reversed)_. _(After upgrading the volume may not be mountable in previous versions of Unraid)_.<p style='font-weight:bold;color:red;margin:8px 0'>_(The ZFS volume will be upgraded)_</p>",
+    html:true,
+    type:'input',
+    inputPlaceholder:"<?=sprintf(_('To confirm type: %s'),$name)?>",
+    showCancelButton:true,
+    closeOnConfirm:false,
+    confirmButtonText:"_(Proceed)_",
+    cancelButtonText:"_(Cancel)_"
+  },
+  function(confirm){
+    if (confirm == "<?=$name?>") {
+      swal.close();
+      $('#doneButton').prop('disabled',true);
+      $('#eraseButton').prop('disabled',true);
+      $('#deleteButton').prop('disabled',true);
+      $('div.spinner.fixed').show();
+      $.post("/webGui/include/zfs_upgrade.php",{name:name},function(){
+        $('div.spinner.fixed').hide();
+        refresh();
+      });
+    } else {
+      if (confirm.length) swal({title:"_(Incorrect confirmation)_",text:"_(Please try again)_!",type:'error',html:true,confirmButtonText:"_(Ok)_"});
+    }
+  });
+}
 </script>
 
 <form markdown="1" method="POST" action="/update.htm" target="progressFrame" onsubmit="setFloor()">
@@ -1090,6 +1126,9 @@ _(zfs pool status)_:
 
 &nbsp;
 : <input type="submit" id="zfs-button" value="<?=$zfs_cmd=='start' ? _('Scrub') : _('Clear')?>">
+<?if (! is_upgraded_ZFS_pool($name)):?>
+<input type="button" id="upgradeButton" value="_(Upgrade Pool)_" onclick="upgradeZpool('<?=$name?>')">
+<?endif;?>
 
 :info_zfs_scrub_help:
 
diff --git a/emhttp/plugins/dynamix/include/zfs_upgrade.php b/emhttp/plugins/dynamix/include/zfs_upgrade.php
new file mode 100644
index 000000000..0396ddb37
--- /dev/null
+++ b/emhttp/plugins/dynamix/include/zfs_upgrade.php
@@ -0,0 +1,51 @@
+<?PHP
+/* Copyright 2024, Lime Technology
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ */
+?>
+
+<?
+/* zfs_upgrade.php
+ * This script upgrades a ZFS pool passed as an argument.
+ */
+
+$docroot = $_SERVER['DOCUMENT_ROOT'];
+require_once "$docroot/webGui/include/Wrappers.php";
+ 
+/* Check to see if a pool has already been upgraded. */
+function is_upgraded_ZFS_pool($pool_name) {
+
+	/* See if the pool is aready upgraded. */
+	$upgrade	= trim(shell_exec("/usr/sbin/zpool status ".escapeshellarg($pool_name)." | /usr/bin/grep 'Enable all features using.'") ?? "");
+
+	return ($upgrade ? false : true);
+}
+
+if (isset($_POST['name'])) {
+	$poolName = $_POST['name'];
+
+	if (! is_upgraded_ZFS_pool($poolName)) {
+		/* Execute the zpool upgrade command */
+		$command = "/usr/sbin/zpool upgrade ".escapeshellarg($poolName)." 2>/dev/null";
+		exec($command, $output, $return_var);
+
+		/* Check if the command was successful */
+		if ($return_var === 0) {
+			my_logger("ZFS pool '$poolName' upgraded successfully.");
+		} else {
+			my_logger("Failed to upgrade ZFS pool '$poolName'.");
+		}
+	} else {
+		my_logger("ZFS pool '$poolName' is already upgraded.");
+	}
+} else {
+	my_logger("No pool name provided.");
+}
+
+?>

From 0ee5caf8acacf6f2b88c4d48424de832fb17c273 Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Fri, 18 Oct 2024 18:31:21 -0500
Subject: [PATCH 071/174] Add zfs update and additional btrfs scrub help text.

---
 emhttp/languages/en_US/helptext.txt | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index 33d9f9b77..02acad6d0 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -269,7 +269,14 @@ For more complete documentation, please refer to the btrfs-balance [Manpage](htt
 **Scrub** runs the *btrfs scrub* program which will read all data and metadata blocks from all
 devices and verify checksums.
 
-If *Repair corrupted blocks* is checked, *btrfs scrub* will repair corrupted blocks if there’s a correct copy available.
+*btrfs scrub* will repair corrupted blocks if there is a correct copy available.
+:end
+
+:info_zfs_scrub_help:
+**Scrub** runs the *zfs scrub* program which will read all data and metadata blocks from all
+devices and verify checksums.
+
+Click the **Upgrade Pool** button to upgrade the ZFS pool to enable the latest ZFS features.
 :end
 
 :info_scrub_cancel_help:
@@ -282,6 +289,10 @@ If *Repair corrupted blocks* is checked, *btrfs scrub* will repair corrupted blo
 The *Options* field is initialized with *--readonly* which specifies check-only.  If repair is needed, you should run
 a second Check pass, setting the *Options* to *--repair*; this will permit *btrfs check* to fix the file system.
 
+WARNING: **Do not use** *--repair* unless you are advised to do so by a developer or an experienced user,
+and then only after having accepted that no fsck successfully repair all types of filesystem corruption.
+E.g. some other software or hardware bugs can fatally damage a volume.
+
 After starting a Check, you should Refresh to monitor progress and status.  Depending on
 how large the file system is, and what errors might be present, the operation can take **a long time** to finish (hours).
 Not much info is printed in the window, but you can verify the operation is running by observing the read/write counters

From ecb8a8dac2a3169dd3b74c06c38195112de57b5e Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sat, 19 Oct 2024 16:48:09 +0100
Subject: [PATCH 072/174] Additional logging to clones and fix check boxes.

---
 emhttp/plugins/dynamix.vm.manager/VMMachines.page           | 6 ++++--
 .../plugins/dynamix.vm.manager/include/libvirt_helpers.php  | 3 +++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/VMMachines.page b/emhttp/plugins/dynamix.vm.manager/VMMachines.page
index e008d710f..1fbdbf65e 100644
--- a/emhttp/plugins/dynamix.vm.manager/VMMachines.page
+++ b/emhttp/plugins/dynamix.vm.manager/VMMachines.page
@@ -209,6 +209,8 @@ function VMClone(uuid, name){
   box.find('#target').val(name + "_clone");
   document.getElementById("Free").checked = true;
   document.getElementById("Overwrite").checked = true;
+  overwrite = box.find("#Overwrite");
+  overwrite.attr("checked:true");
   box.dialog({
     title: "_(VM Clone)_",
     height: 'auto',
@@ -549,9 +551,9 @@ _(Snapshot Name)_: <input type="text" id="targetsnap" hidden><label id="targetsn
 <table class='snapshot'>
 <tr><td>_(VM Being Cloned)_:</td><td><span id="VMBeingCloned"></span></td></tr>
 <tr><td>_(New VM)_:</td><td><input type="text" id="target" autocomplete="off" spellcheck="false" value="" onclick="this.select()" ></td></tr>
-<tr><td>_(Overwrite)_:</td><td><input type="checkbox" id="Overwrite" value="" ></td></tr>
+<tr><td>_(Overwrite)_:</td><td><input type="checkbox" id="Overwrite" value="" checked></td></tr>
 <tr hidden><td>_(Start Cloned VM)_:</td><td><input type="checkbox" id="Start" value="" ></td></tr>
 <tr hidden><td>_(Edit VM after clone)_:</td><td><input type="checkbox" id="Edit" value="" ></td></tr>
-<tr><td>_(Check free space)_:</td><td><input type="checkbox" id="Free" value="" ></td></tr>
+<tr><td>_(Check free space)_:</td><td><input type="checkbox" id="Free" value="" checked></td></tr>
 </table>
 </div>
diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
index afaa9c5d3..457de3bfb 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
@@ -1750,6 +1750,9 @@ private static $encoding = 'UTF-8';
 			$pi = pathinfo($config["disk"][$diskid]["new"]) ;
 			$isdir = is_dir($pi['dirname']) ;
 			if (is_file($config["disk"][$diskid]["new"])) $file_exists = true ;
+			write("addLog\0".htmlspecialchars("Checking from file:".$file_clone[$diskid]["source"]));
+			write("addLog\0".htmlspecialchars("Checking to file:".$config["disk"][$diskid]["new"]));
+			write("addLog\0".htmlspecialchars("File exists value:". ($file_exists ? "True" : "False")));
 			$file_clone[$diskid]["target"] = $config["disk"][$diskid]["new"] ;
 			}
 

From e36779bd4942dafc408bb6e7a76d880d91dc23d6 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sun, 20 Oct 2024 15:37:51 +0100
Subject: [PATCH 073/174] Fix Scaling.

---
 emhttp/plugins/dynamix.vm.manager/include/VMMachines.php | 2 +-
 emhttp/plugins/dynamix.vm.manager/include/VMajax.php     | 2 +-
 emhttp/plugins/dynamix/include/DashboardApps.php         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
index 4d7b8d0ff..820a53f79 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/VMMachines.php
@@ -81,7 +81,7 @@ foreach ($vms as $vm) {
   if ($vmrcport > 0) {
     $wsport = $lv->domain_get_ws_port($res);
     $vmrcprotocol = $lv->domain_get_vmrc_protocol($res);
-    if ($vmrcprotocol == "vnc") $vmrcscale = "&scale=auto"; else $vmrcscale = "";
+    if ($vmrcprotocol == "vnc") $vmrcscale = "&resize=scale"; else $vmrcscale = "";
     $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).$vmrcscale.'&autoconnect=true&host='._var($_SERVER,'HTTP_HOST');
     if ($vmrcprotocol == "spice") $vmrcurl .= '&vmname='. urlencode($vm) .'&port=/wsproxy/'.$vmrcport.'/'; else $vmrcurl .= '&port=&path=/wsproxy/'.$wsport.'/';
     $graphics = strtoupper($vmrcprotocol).":".$vmrcport."\n";
diff --git a/emhttp/plugins/dynamix.vm.manager/include/VMajax.php b/emhttp/plugins/dynamix.vm.manager/include/VMajax.php
index 991692a1d..26032267f 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/VMajax.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/VMajax.php
@@ -133,7 +133,7 @@ case 'domain-start-console':
 		$vmrcurl  = autov('/plugins/dynamix.vm.manager/'.$protocol.'.html',true).'&autoconnect=true&host='._var($_SERVER,'HTTP_HOST');
 		if ($protocol == "spice") $vmrcurl  .= '&vmname='. urlencode($domName) .'&port=/wsproxy/'.$vmrcport.'/'; else $vmrcurl .= '&port=&path=/wsproxy/'.$wsport.'/';
 	}
-	if ($protocol == "vnc") $vmrcscale = "&scale=auto"; else $vmrcscale = "";
+	if ($protocol == "vnc") $vmrcscale = "&resize=scale"; else $vmrcscale = "";
 	$arrResponse['vmrcurl'] = $vmrcurl.$vmrcscale;
 	break;
 
diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index 685bcfabc..05c913926 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -96,7 +96,7 @@ if ($_POST['vms']) {
     if ($vmrcport > 0) {
       $wsport = $lv->domain_get_ws_port($res);
       $vmrcprotocol = $lv->domain_get_vmrc_protocol($res) ;
-      if ($vmrcprotocol == "vnc") $vmrcscale = "&scale=auto"; else $vmrcscale = "";
+      if ($vmrcprotocol == "vnc") $vmrcscale = "&resize=scale"; else $vmrcscale = "";
       $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).$vmrcscale.'&autoconnect=true&host=' . $_SERVER['HTTP_HOST'] ;
       if ($vmrcprotocol == "spice") $vmrcurl .= '&vmname='. urlencode($vm) . '&port=/wsproxy/'.$vmrcport.'/' ; else $vmrcurl .= '&port=&path=/wsproxy/' . $wsport . '/';
     } elseif ($vmrcport == -1 || $autoport) {

From 242d6efd26b453981a99757ea1919dd4b2192951 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Sun, 20 Oct 2024 10:50:00 -0700
Subject: [PATCH 074/174] rc.ntpd: Fix 'update' subcommand rc.nginx: Fix
 'update' subcommand rc.libvirt: Fix 'vmlist()' function to ignore 'virsh
 list' headers rc.library_source: changes to support above

---
 etc/rc.d/rc.library.source | 4 ++--
 etc/rc.d/rc.libvirt        | 2 +-
 etc/rc.d/rc.ntpd           | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/etc/rc.d/rc.library.source b/etc/rc.d/rc.library.source
index 6efa3bc31..f127fef53 100644
--- a/etc/rc.d/rc.library.source
+++ b/etc/rc.d/rc.library.source
@@ -30,7 +30,7 @@ this(){
     grep -Pom1 "^RPCBIND_OPTS=\"\K[^\"]+" $RPC ;;
   'nginx')
     MAP=();
-    for ADDR in $(awk '$1=="listen" && $2~/^[0-9]|\[/ && $0~/http2; #.*$/{print $2}' $SERVERS 2>/dev/null); do
+    for ADDR in $(awk '$1=="listen" && $2~/^[0-9]|\[/ && !/# lo/{print $2}' $SERVERS 2>/dev/null); do
       # extract ipv4 / ipv6 address
       [[ $(ipv $ADDR) == 4 ]] && ADDR=${ADDR%:*} || ADDR=${ADDR#*[} ADDR=${ADDR%]*}
       MAP+=($ADDR)
@@ -151,7 +151,7 @@ check(){
     fi
     for ADDR in ${NET[@]/$NET}; do
       ADDR=$(unmask $ADDR)
-      if [[ "avahi show" =~ "$CALLER" ]]; then
+      if [[ "ntp avahi show" =~ "$CALLER" ]]; then
         [[ -z $(good $NET) ]] && BIND+=($NET)
       else
         [[ -z $(good $ADDR) ]] && BIND+=($ADDR) || continue
diff --git a/etc/rc.d/rc.libvirt b/etc/rc.d/rc.libvirt
index cd4ce5cef..a32c07b17 100755
--- a/etc/rc.d/rc.libvirt
+++ b/etc/rc.d/rc.libvirt
@@ -54,7 +54,7 @@ vmlist(){
   for ARG in ${@: 1}; do
     [[ $ARG == all ]] && STATE="$STATE --all" || STATE="$STATE --state-$ARG"
   done
-  virsh list --uuid $STATE | grep -v '^$'
+  virsh list --uuid $STATE | tail -n +3 | grep -v '^$'
 }
 
 waitfor(){
diff --git a/etc/rc.d/rc.ntpd b/etc/rc.d/rc.ntpd
index 7bd8993d2..827b2532f 100755
--- a/etc/rc.d/rc.ntpd
+++ b/etc/rc.d/rc.ntpd
@@ -35,7 +35,7 @@ ntpd_build(){
     [[ $IPV6 == no ]] && echo "interface ignore ipv6" >>$CONF
     # add listen interfaces
     for NET in $BIND; do
-      echo "interface listen $(show $NET) # $NET" >>$CONF
+      echo "interface listen $NET" >>$CONF
     done
   fi
   # add configured NTP servers

From 121b6aa8cc7613efab4cb13c8d02411342f201ab Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sun, 20 Oct 2024 21:02:20 +0100
Subject: [PATCH 075/174] Add noVNC scale option to template.

---
 emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
index 54c0e3c15..616cbd878 100644
--- a/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
+++ b/emhttp/plugins/dynamix.vm.manager/templates/Custom.form.php
@@ -154,7 +154,8 @@
 				$protocol = $lv->domain_get_vmrc_protocol($dom);
 				$reply = ['success' => true];
 				if ($vmrcport > 0) {
-					$reply['vmrcurl']  = autov('/plugins/dynamix.vm.manager/'.$protocol.'.html',true).'&autoconnect=true&host=' . $_SERVER['HTTP_HOST'] ;
+					if ($protocol == "vnc") $vmrcscale = "&resize=scale"; else $vmrcscale = "";
+					$reply['vmrcurl']  = autov('/plugins/dynamix.vm.manager/'.$protocol.'.html',true).'&autoconnect=true'.$vmrcscale.'&host=' . $_SERVER['HTTP_HOST'] ;
 					if ($protocol == "spice") $reply['vmrcurl']  .= '&port=/wsproxy/'.$vmrcport.'/'; else $reply['vmrcurl'] .= '&port=&path=/wsproxy/' . $wsport . '/';
 				}
 			} else {

From e289d2ad7c1d93cb1fc38eabc74ce3d92d2c0412 Mon Sep 17 00:00:00 2001
From: root <christophhummer@gmail.com>
Date: Mon, 21 Oct 2024 23:07:11 +0200
Subject: [PATCH 076/174] Initial Tailscale Docker integration

- Remove exclusion from share directory from .gitignore
- Add Unraid specific container hook script
- Add Tailscale icon
- Add helptexts for Tailscale

This integration allows users to easily make use of Tailscale in their Docker containers by just clicking a switch on the Docker page.
The Tailscale plugin itself is not needed for this integration but for the best user experience it is strongly recommended to install the Tailscale plugin from Community Applications.

How this works:
1. Configure Tailscale in the Docker template in Unraid and click Apply
2. Unraid will extract the default Entrypoint and CMD from the container
3. The hook script will be mounted in the container to /opt/unraid/tailscale-hook and the Entrypoint from the container will be modified to /opt/unraid/tailscale-hook
4. The original Entrypoint and CMD from the container, alongside with the other necessary variables for Tailscale will be passed over to the container
5. When the container starts the hook script will be executed, install dependencies (currently Alpine, Arch and Debian based containers are supported), download the newest version from Tailscale and run it
6. After the first start with Tailscale the container will halt and wait for the user to click on the link which is presented in the log from the container to add the container to your Tailnet
(alternatively one could also open up a Console from the container and issue `tailscale status` which will also present the link to authenticate the container to your Tailnet)
7. The hook script will pass over the default Entrypoint and CMD which was extracted in step 2 and the container will start as usual

These steps will be repeated after Container update, force update from the Docker page and if changes in the template are made.
If the container is only Started/Restarted the hook script will detect that Tailscale is installed and only start it, if one wants to update Tailscale inside the container simply hit `force update` on the Docker page in Unraid (with Advanced View Enabled)

The integration will show a Tailscale icon on the Docker page for each Tailscale enabled Container and show some basic information from the container (Installed Tailscale Version, Online Status, Hostname, Main Relay, IPs, Exit Node, Auth Expiry,...)
When Serve or Funnel is enabled it will also generate `Tailscale WebUI` in the drop down for the container which you can open up if Tailscale is installed from the device you are accessing Unraid.
---
 emhttp/languages/en_US/helptext.txt           | 131 +++-
 .../images/tailscale.png                      | Bin 0 -> 306720 bytes
 .../include/CreateDocker.php                  | 650 +++++++++++++++++-
 .../include/DockerClient.php                  |  51 +-
 .../include/DockerContainers.php              | 143 +++-
 .../include/Helpers.php                       | 238 +++++--
 .../javascript/docker.js                      |   3 +-
 .../scripts/update_container                  |  18 +-
 .../plugins/dynamix/include/DashboardApps.php |   6 +-
 share/docker/tailscale_container_hook         | 313 +++++++++
 10 files changed, 1484 insertions(+), 69 deletions(-)
 create mode 100755 emhttp/plugins/dynamix.docker.manager/images/tailscale.png
 create mode 100755 share/docker/tailscale_container_hook

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index c1a7ba4e5..b26d3c33b 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -271,7 +271,6 @@ devices and verify checksums.
 
 *btrfs scrub* will repair corrupted blocks if there is a correct copy available.
 :end
-
 :info_zfs_scrub_help:
 **Scrub** runs the *zfs scrub* program which will read all data and metadata blocks from all
 devices and verify checksums.
@@ -2314,6 +2313,136 @@ Generally speaking, it is recommended to leave this setting to its default value
 IMPORTANT NOTE:  If adjusting port mappings, do not modify the settings for the Container port as only the Host port can be adjusted.
 :end
 
+:docker_container_network_help:
+This allows your container to utilize the network configuration of another container. Select the appropriate container from the list.<br/>This setup can be particularly beneficial if you wish to route your container's traffic through a VPN.
+:end
+
+:docker_tailscale_help:
+Enable Tailscale to add this container as a machine on your Tailnet.
+:end
+
+:docker_tailscale_hostname_help:
+Provide the hostname for this container. It does not need to match the container name, but it must be unique on your Tailnet. Note that an HTTPS certificate will be generated for this hostname, which means it will be placed in a public ledger, so use a name that you don't mind being public.
+For more information see <a href="https://tailscale.com/kb/1153/enabling-https" target="_blank">enabling https</a>.
+:end
+
+:docker_tailscale_be_exitnode_help:
+Enable this if other machines on your Tailnet should route their Internet traffic through this container, this is most useful for containers that connect to commercial VPN services. 
+Be sure to authorize this Exit Node in your <a href="https://login.tailscale.com/admin/machines" target="_blank">Tailscale Machines Admin Panel</a>.
+For more details, see the Tailscale documentation on <a href="https://tailscale.com/kb/1103/exit-nodes" target="_blank">Exit Nodes</a>.
+:end
+
+:docker_tailscale_exitnode_ip_help:
+Optionally route this container's outgoing Internet traffic through an Exit Node on your Tailnet. Choose the Exit Node or input its Tailscale IP address.
+For more details, see <a href="https://tailscale.com/kb/1103/exit-nodes" target="_blank">Exit Nodes</a>.
+:end
+
+:docker_tailscale_lanaccess_help:
+Only applies when this container is using an Exit Node. Enable this to allow the container to access the local network.
+
+<b>WARNING:</b>&nbsp;Even with this feature enabled, systems on your LAN may not be able to access the container unless they have Tailscale installed.
+:end
+
+:docker_tailscale_userspace_networking_help:
+When enabled, this container will operate in a restricted environment. Tailscale DNS will not work, and the container will not be able to initiate connections to other Tailscale machines. However, other machines on your Tailnet will still be able to communicate with this container.
+
+When disabled, this container will have full access to your Tailnet. Tailscale DNS will work, and the container can fully communicate with other machines on the Tailnet.
+However, systems on your LAN may not be able to access the container unless they have Tailscale installed.
+:end
+
+:docker_tailscale_ssh_help:
+Tailscale SSH is similar to the Docker "Console" option in the Unraid webgui, except you connect with an SSH client and authenticate via Tailscale.
+For more details, see the <a href="https://tailscale.com/kb/1193/tailscale-ssh" target="_blank">Tailscale SSH</a> documentation..
+:end
+
+:docker_tailscale_serve_mode_help:
+Enabling <b>Serve</b> will automatically reverse proxy the primary web service from this container and make it available on your Tailnet using https with a valid certificate! 
+
+Note that when accessing the <b>Tailscale WebUI</b> url, no additional authentication layer is added beyond restricting it to your Tailnet - the container is still responsible for managing usernames/passwords that are allowed to access it. Depending on your configuration, direct access to the container may still be possible as well.
+
+For more details, see the <a href="https://tailscale.com/kb/1312/serve" target="_blank">Tailscale Serve</a> documentation.
+
+If the documentation recommends additional settings for a more complex use case, enable "Tailscale Show Advanced Settings". Support for these advanced settings is not available beyond confirming the commands are passed to Tailscale correctly.
+
+<b>Funnel</b> is similar to <b>Serve</b>, except that the web service is made available on the open Internet. Use with care as the service will likely be attacked. As with <b>Serve</b>, the container itself is responsible for handling any authentication.
+
+We recommend reading the <a href="https://tailscale.com/kb/1223/funnel" target="_blank">Tailscale Funnel</a> documentation. before enabling this feature.
+
+<b>Note:</b>&nbsp;Enabling <b>Serve</b> or <b>Funnel</b> publishes the Tailscale hostname to a public ledger.
+For more details, see the Tailscale Documentation: <a href="https://tailscale.com/kb/1153/enabling-https" target="_blank">Enabling HTTPS</a>.
+:end
+
+:docker_tailscale_serve_port_help:
+This field should specify the port for the primary web service this container offers. Note: it should specify the port in the container, not a port that was remapped on the host.
+
+The system attempted to determine the correct port automatically. If it used the wrong value then there is likely an issue with the "Web UI" field for this container, visible by switching from "Basic View" to "Advanced View" in the upper right corner of this page. 
+
+In most cases this port is all you will need to specify in order to Serve the website in this container, although additional options are available below for more complex containers.
+
+This value is passed to the `<serve_port>` portion of this command which starts serve or funnel:<br>
+`tailscale [serve|funnel] --bg --<protocol><protocol_port><path> http://localhost:`**`<serve_port>`**`<local_path>`<br>
+For more details see the <a href="https://tailscale.com/kb/1242/tailscale-serve" target="_blank">Tailscale Serve Command Line</a> documentation.
+:end
+
+:docker_tailscale_show_advanced_help:
+Here there be dragons!
+:end
+
+:docker_tailscale_serve_local_path_help:
+When not specified, this value defaults to an empty string. It is passed to the `<local_path>` portion of this command which starts serve or funnel:<br>
+`tailscale [serve|funnel] --bg --<protocol><protocol_port><path> http://localhost:<serve_port>`**`<local_path>`**<br>
+For more details see the <a href="https://tailscale.com/kb/1242/tailscale-serve" target="_blank">Tailscale Serve Command Line</a> documentation.
+:end
+
+:docker_tailscale_serve_protocol_help:
+When not specified, this value defaults to "https". It is passed to the `<protocol>` portion of this command which starts serve or funnel:<br>
+`tailscale [serve|funnel] --bg --`**`<protocol>`**`=<protocol_port><path> http://localhost:<serve_port><local_path>`<br>
+For more details see the <a href="https://tailscale.com/kb/1242/tailscale-serve" target="_blank">Tailscale Serve Command Line</a> documentation.
+:end
+
+:docker_tailscale_serve_protocol_port_help:
+When not specified, this value defaults to "=443". It is passed to the `<protocol_port>` portion of this command which starts serve or funnel:<br>
+`tailscale [serve|funnel] --bg --<protocol>`**`<protocol_port>`**`<path> http://localhost:<serve_port><local_path>`<br>
+For more details see the <a href="https://tailscale.com/kb/1242/tailscale-serve" target="_blank">Tailscale Serve Command Line</a> documentation.
+:end
+
+:docker_tailscale_serve_path_help:
+When not specified, this value defaults to an empty string. It is passed to the `<path>` portion of this command which starts serve or funnel:<br>
+`tailscale [serve|funnel] --bg --<protocol><protocol_port>`**`<path>`** `http://localhost:<serve_port><local_path>`<br>
+For more details see the <a href="https://tailscale.com/kb/1242/tailscale-serve" target="_blank">Tailscale Serve Command Line</a> documentation.
+:end
+
+:docker_tailscale_serve_webui_help:
+If <b>Serve</b> is enabled this will be an https url with a proper domain name that is accessible over your Tailnet, no port needed!
+
+If <b>Funnel</b> is enabled the same url will be available on the Internet.
+
+If they are disabled then the url will be generated from the container's main "Web UI" field, but modified to use the Tailscale IP. If the wrong port is specified here then switch from "Basic View" to "Advanced View" and review the "Web UI" field for this container.
+:end
+
+:docker_tailscale_advertise_routes_help:
+If desired, specify any routes that should be passed to the **`--advertise-routes=`** parameter when running **`tailscale up`**.
+For more details see the <a href="https://tailscale.com/kb/1019/subnets#connect-to-tailscale-as-a-subnet-router" target="_blank">Subnet routers</a> documentation.
+:end
+
+:docker_tailscale_daemon_extra_params_help:
+Specify any extra parameters to pass when starting **`tailscaled`**.
+For more details see the <a href="https://tailscale.com/kb/1278/tailscaled" target="_blank">tailscaled</a> documentation.
+:end
+
+:docker_tailscale_extra_param_help:
+Specify any extra parameters to pass when running **`tailscale up`**.
+For more details see the <a href="https://tailscale.com/kb/1080/cli#up" target="_blank">Tailscale CLI</a> documentation.
+:end
+
+:docker_tailscale_statedir_help:
+If state directory detection fails on startup, you can specify a persistent directory in the container to override automatic detection.
+:end
+
+:docker_tailscale_troubleshooting_packages_help:
+Enable this to install `ping`, `nslookup`, and `curl` into the container to help troubleshoot networking issues. Once the issues are resolved we recommend disabling this to reduce the size of the container.
+:end
+
 :docker_privileged_help:
 For containers that require the use of host-device access directly or need full exposure to host capabilities, this option will need to be selected.
 For more information, see this link: <a href="https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities" target="_blank">https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities</a>
diff --git a/emhttp/plugins/dynamix.docker.manager/images/tailscale.png b/emhttp/plugins/dynamix.docker.manager/images/tailscale.png
new file mode 100755
index 0000000000000000000000000000000000000000..fd4a4fced57e01bcc50d4c2064e3e0e1b52012e9
GIT binary patch
literal 306720
zcmX`S1yCDo(={9l#kIJ5ad&s8xD<D7aVhS_U5mR@ph$5j?(R~8yKAuIPoMjHe`Z2v
zm?RT+uiZU+&bgx0ROHZ*iI4#R0Gfilv<3hG8}{#k2oL?slL|x#`UK}Dsi1`j{qaMz
zj06BE01DC)T3$J4U7wtd6kJ&!ta4*sU^h@OZN-m<Oldw#RNu$uvKO~-?_YV+IAEHM
ze)&S<gxio2y0nzMl$Cjy>mU%q^d)bpXxXV%`g8Gep=lWZQQ?RjX3s#^ACcq1%9^p7
zD%g78_Hu=XN(!$_k@5h}#*^`hXFB(7BlJBnJ%0oM2?@zeZ?A;cH)rRd&`{WSL2qyV
z!hRr33^L&Yxdbv8!1?+4_Vw<t;PhSNT`n&#FCrjMEKmhd|NFNrn@M*k3;CNKvxS{q
z6e}z1UW<XD;lTbrEx^>pCF%8BiZwS87N9fWjR?R_6nFJ}f2ua*%s;TWh>I4{pZIWc
zf_&@?AV7uZ&Q;+cKxNNWAp|^K-jK~7r^1KAyx8pR$I>`@EnPms02)_gpWj5S8}%r<
zftT}Nc`eB0<^%v|yQ5qR#GBMej82LH#lTA?zr)*+IUl0=!;<_LFXmT}Z5i50Ck|Q`
zg7*|SWlk7bm@>`iM){WJwUIF<nY%pzQGK(<>i`d|Nme1Aan%nP$td5)-K(A}bLo3D
z*h?+7OKCeW$}mX&@?q}b!<sH5@u1Cf<t@VvsH~}4Sdv5r;gJPB<cuaS;mcL#nB;BI
zIBuK5dV451v1jHR3fbI4_5n~wRYr6UgmkI@Ac;`@t#Ctwl<vv0upd%K0_k&GGJbQy
z17l~FTyk|J&Q*sr5pJ`rG=v4bt)@G9<<B^t@QsS4LPJ9kwDRTGEM@#F87lmC=D_=q
zHv~ZXCAbk@ynj1!zw40&8s3!`;w+PEk%`8^K^aUe6GKB&Xi~ZY`vL4^2`&KvQz@fi
z&9OOd_oJgx+qautzON^XOr+B#s~a18Hq&|EJ6l>>o{s0s0e^&qgpTfgPyzV?&vsb|
zB3@TPFk7?5a<bi<31Q&ZUW|Z00P)mb?eSui%g^*n*7%#5Gdh7Ke~1Nx0asVsQfolq
zVFU*G2Xi^K!(D)>jSWKM>I5k%>GjeQ9`tGU;NW9t!>FKJb#=A7pI@x+;{_I1ims&|
zowG0*HXtWIKf*>yNvXB96)_($^6j01$C*Yzf8(~Zys;kst~`QjH*6x%yh1r*dKebK
z!MMgjb^iH}AV#JX{1;43DK>ako^(5#DgI^@6qMHPZgdxXJUr0za~7aJP}g<H+srIj
zOArLC{Dp4k*G<U^=<e=LzgZPS0F1biBS;oA&bz~Dk(JyaTEz|TVsPZcYL^ahA`}Ef
zJl-Bu57^FK`H7ZSRk7z!tHZ>OjrT;Q?x}mqHgZlj3Is*7=Py?<+6SD{Q|3;u@5$Ug
z<y2R-hr(;>^eepw;J&yo)N{y<pd=oidFwV!(6UH~Io&9Z>z?<`CoM*O<mpCnhflAj
zIoZIk+of|)vy1Lj?D93HM$_0N`4K83E7P_)q)Ma<Nq=Tp`YX)){+@N8@K#{h(@jYT
z!%w^LQ^q<iH|d9#B)iSc*@5iFB&k$y0_W%(-lkI0m(Ky3#>~2FB_&I(Gfjiy;J>~x
zklo!~6AG6cnS}D^dYmRlS+gtJ(a<z-_;2ztV*)~EX6E`5-FD$ph4pkyy28IJ8SY!M
zd9<Vp8s*IknXDcGNki(n@)wUU($Y0&VgPZp3&n`!S$86-aOiOiW=|x!c?_MX5lkxM
zLM#Yx{<W=%=DB<<bWA^Xxxa5EDk3sCHiqmAiH0%t@JLHYNPr3A<K?v%<Ihhwa&mH#
z5{wYv-4*e^kroWMqa)r_4THr0{cH4qjl$2*ZwfGVOvXx5mRvaM6C!R$-|oPb^yg?K
z%SAF-P&QR72#~G+sVVb#2^^lBMEmy{J>@@tvXGFHevh9R8Va9)OTGYf``nN1iDW7x
z0&;V6t*j(G03Ldbc}yh?v$+9f)a5M!Rjd33$9siVa5_7ut2iO#pI9dv!q5|D_TnsL
zi!ZpfwRy<yU$6n<+J$|78roe^krsu(^{P{%DevnAai_xPirO!K1cI`KN!u`@!aP4(
zn^Oh#TF5mS5(HWYMIw@Oh!0Fqz6*Y33r{$h=MY#!_AY5Ia$CmukvXDn2S|!kTjs%z
z6o)&=%5|fGm%Fim{ArXoE^6b_J^3)4^Vx<%?7N5e(u|UhezI(oLXTZgrqJk^b8-<A
za!ApPjA+>_6&piJdP|evAj*&4!rat(OUk5(5^TvL=ETE{s~g#UyPFSWC=GHSqxpV0
zDrBQZUTG8Brt=npEM-jn*0@a<e!Vd=BuPVGHFQxlFEyQ7w<!}nIv=an+zcT->4*%p
z(B<#dv5nI+XzKh13hcNF9GbBCMFaoRnFG4+*5=&B*}84=Befq=M`p2hp1fxhH(lTf
zCh1(6BDil`seYQA)HB+}sTkEp=lRpP`pPx>0s?*RF3(NYVEPi1;c34%hm{pisYRq$
zm@<`of?k~GkD4oUpR>qJ9o}zt1ow<yluDZSLMY2RNzb@O5ZM^Hdrcrc005nx#ll=c
z50(}}((=;MkIZ8b=*RN%^3z}perygMe3qWn<s%1R^Y7n5XMW2bedai)JcYx0io*pl
z7W!J&&bVzfWo!KI1I(sw^5EGm&(S;oBk`yG0*T6t^Yf&9B+DlE_E+Ts;rUBM#Ks`F
zpw16e1;>D@seFYLKLpH-Zztb4QTR#FkpQ)|wPCVE=n<yYnTymSyL88kjfpnx%82Yr
zRq|cS={)_?oQ)sdRb-22TjjW2P#jk|K5EzT!2{$L@c>$B>*kKH;#6OGXlGWiK2GXp
z0e)DXaDFon$(+u)A?WAlnys`m6jZRtF{Gl8I9;MRMviwWXgoJ!P5~U7@y64=muuM@
zDCbn0qr|imMY%>%{xhZ{wC7-VImQ)(oeR$D3eCQGA4bHoSk9k=`l9lUhJVTK$iVV^
z$IU&KGhK12;_cuVAwxi`3n^N-a-kPVCC3jV<=x_7yX{))IeS{Jeu}E1OY*m^o}ZdY
zCF4830ru8ESif_}e-Mc-MTfj6q(62C1v*_rkHjHGQ178>&J&!C;Voh4G@`o>Y-?M$
zsO!}1{n^2Y_Mdyd0N(sb)w<Kw!KbIiO5;(gIkm=|oSK8#T;BOMEw02;bn7FU6WWS^
z?@0k=LUDG7jOX=)S@`()Pd7IW=Uq?Tot?4s^P0wbdN5em)w*?F4i0f|ykziyh>3}v
zr#Jw@z7NckOvRIRR2BfQt1XyU-eL_o^|d$^^3-2W8b*g#Ea)cU+V0!B1XK+J$LiE<
z_W1?zO2|zsfB$+!L_~<gDwgkrgA5D|pku@naP|7+R#R6uAA`?k>)?O}MLs3zdg9+a
zJ@EqASXcylSi666Rb&K?aZcB7Xr6C#*}Z*G#S!#{`{7Uc?0s}JT47S@Mn7(qo{=F|
zRTUlnW*;-+zn4QTw<ssgO}X>S?ZSXUnZy>g2#Fx&gR6cleRNL>CTaGO8k}6^9-P7O
zct^}hn}=wqo~(thl8W60NvU_eM=pVVI+B8*V&33oFAxJ=Gg)@pxYX5d6L^t>XWbAT
zAIYjTjcmz<t*F0xCeA2^)ZS@WJ4={agq=}6lYZ8zFYn^(i<R4p${*ciuv!^~XLPtZ
zuDpgrFcD8e8xJ~X$?^A1;$NM>`8v#SZb?H*cFW45=pp{&OL%SuhoAfl(}5MKQ@>IK
z1RWytq;PbVKX!Qf2ST`f+n9Ath{eGbsIz?QW-V$})|mbDT9G$BeR#XNx_G*3Gyn9;
zy}CKW`=tUUExvT%J!X0*=gg+SLSwvrk2!rHH_@Vfg88r4($dnb$j@vnxym2?JU!ui
z2DGd(SJ_z7^rTXt1&&7!ZR*070>^JJkJrcL`8O9AtmqgRQioT)p$IE0E9^>&<f4AI
zdqpS3m32ow2Wd;+Tc|e7i`uU|!so>6&k#~8pZoizZcf{g*hwY+R`x;PUpCL+|9o5y
z7xcTOMSYnEidM|r+*0yHe9LyR0UI6Prn`LZ8HF{+#XW@I?R-!R+=|)TM}C1wf=e$?
z>hZEv%I)Y_WAeWasqS8T2^*5J#{R|&M=`+dh%%@Utr~F%_L7t~FwNqZBkwXxTS*iY
zWWas)4r$oAX>&));ypQ6iF9S}+*TotzUnY_j>9h7fsG8%w~QyOIdku8azRISWgK7_
zWiP=k!pcQD&q*CqoIA$y0MMYHv7lR+##^at>q)KQMCXg!=$oW3t1XW)Oqh={%cInx
zsZ#oD9&?ybKeRS!j_V1zo_G`Nv#<ulxJS~B8!D}vQBmoY{n&y2%KAp6@lB+>nPfuf
zyyGvH<2N&)utNl7<m<mAU$TQUpSY|=?Ynm)+eF(lr^Pz*fFzSPw~e>UbqTe#eP_jc
zeG2h4f?=pDda`2Kh!E2G;{{=*8;ies%IFQ-P+SWCCxE=DWdGW0;_&bgpr-l}8?;~A
z0AXLRYyI`BcRC*m#2#{`1QI`z$Z`>&e*VO|1x+S1HU`op!1RHrEcwzJ1vqsjGiiq3
z{VMMBfI;@zyu*@LEgvts6D%*nmA}5ezA%U6ev+cAqeH?qe|&8B8Cj4lVU!7f)PzmI
zV>Bx7IT2rkI;z(cGoTvQP}x{~1$dZ@{Xk;M*PAfhzpoy6UHm=Za(Apvp|0hMBa#m8
z@s}I7^?{2aBd)BxTd`Yqf0@M!#~O%Ntup7w??j@yzDNfti_aJ(wzKK8tV*2MibIWO
zeW07p;_~4trTAPbiFBX$`by~Vgypn~xo^Vn`_h?CnJs%`O@Rj$gg!DK^M>4+H*bxN
zL-3i?<;=$Ce$tO`Jl%E<m${T%<cr3<w=Wlq`Dts#I7<b=2dR!H1dv4VIk;z>GP{gu
z`BKSMe1XSZ%Q&vL)Y9`K@X-<}XYlyz3F4a;d_~w4di@4ceQGC$@GL`6hgSVWA%tA{
zlc!H&K*MDly2C>VcmDKrN@*49fL^~PQdMXFSKjKkujW4=nLZ+Hg-vbPa+?DhFp^UI
zBPlPhy$pRJalu~vanYJDi>A=}s({&gx;^|@mzzuafG`69SRP=CpVLtxinGwIoW^hU
z_QGWN8Q@l2)u5P2wJQDe+}6boxiNeAt+$>pZ2X|Cg3=WT5&c(f0C8y6-~g)mqO^c^
zYWeS{l<tR<FcdvWnL*CDVR`RMW^JYGOnR2a#qJwaQ|cz3X)haq#vF==2~}14#+l3k
zP4zR774`d{Rj%a8{Z80NQgV(0^dK!pacAM^;y#J3@BMg^)=~YTul}!x4&A9Wu`0W*
zPwJY*FXm)BI5756Sw&)QvS}72XqHz^sf|{ZIxpe!mNN}(46YghgDgrd7l@MfBbi0Y
zmU>Y;8Z0gCgN_54=@jD)Da08@ZoA6F_*Hwak&Vf*Lk5SfKdCXT>0UXR4q8#wd0@5K
zSP*J)yp}yQf0#v&4=&7c3+ZC!&>s75Iofn|$<V0OWO+pA<s=N#v+*fgSDh(GXI@9&
zpx(KIF0X*wJ^g_bx2Js&JELVtCX&r<cJ}|WH(kaj7U<#mz$Fk<0K8lt)n-8bktuWc
z;{P#_>co`2B86~ZhC?|$dx<gLxfJ+a_;pT0MTLc@F(NxVyV=m9u&y5Pr=z2T)8fYs
zr7s$xtzek_7i?-Bn<B)HE02ivLg053ZNvk`x21A^^$+;so>p)$f2O9;|88s~y1(0h
z8XAJ1Jaj7;42BDW4zuICyHvo4vZ;JaYwOX%2Q{KN*~0mw3>N;;VJ2E#{*CXLHsHQA
zG<yt+C+c5z+(iCOovonUszcFQ#z(BAmzAV-^J~mb7x^4`IMt){C6YNBR@npoqq9_O
zEFPT+YA((l5>S<;wdWN1MkQKK)iL{+iTj9FrB5pHHU~k#p62nqd<KX$YTI5mt9Vz<
z`Dj3`N|h^QowtZh<!8gJH9Q5+S#Z?GkABxG6~!<gGEY?o0lXU}k~n%}%{*7-PhDY$
zWe15PBovCLMLf2{JR>qHrdr;>oy2nQzZ&p>dTNizn(daeuT=q2hd+qOV|H&kMgpHZ
zyd=v#<hx#0HTZt9E&R(<1Vrezy%e>eA7T&;A-WHgofPXa10SAdp9a>})g|P0@q_8|
zrGBc2eX_y&lBst$t}HdInx0$rh2ucHu~X}YmP+7<EI4T8DdlqeZEa2e?Pgy|-^8TO
zs%IOzF6(L!g135!02jcX>40~VH+y?RK`RVeob$Lp>_b`oK5esV&wsD`Xe*AHIEfnW
zBf!u9r&umw1Nyky>V?h8%}p|-xa502i6^gYN(KL{t=$2E_}xzyjtjWS5~4DXcXp^c
zGYJ1^7>n~?$ykGPSPeYD6W@CF=6}}J1_+a&1ys9sB~+974=24K{s|-0kHW)HDp)w$
zyf9>U^KR<&h(a3-qj6L_;ZMsYAgqmTgk2yhC;PH=TSQ9cP()M0LQ~F$Lu>r`gxTko
zA&zNPsyIGSRd$&+p&n=WO5d4mCQo);necH*-IgaScR!B5HD7>a6$UptaM!T(MmiPC
z@B9eHUR%gzRlO2zV|$A;hKtqP#d#`D6ERcnruaooC8Fu==+&#TBD16^;Np+$(t{$w
zwF5OxOF&8HY<+xcd`-n-DGfIV>{RKLK?LNTKLhxjtT(atU)prq-Pf6xltLhp8EOrm
z(xzMe9bW^f&jTm#cc1*gjZdH68jrs|G#;{<fG0Bg#JP$Q2UN^^fEbt7jhXHTfC4h~
zh#D2npZBgBfoh+;5W?QVYsM@9ewUjf4~O#5vQ#*&qfOZ_0jP~{bA15jJCX;CYs~#V
zW!%%_3|;wdqHe1`ZUkZsX)r^z^o57fCVzQ(p`qi4Qf>lm__CA88p%W6L4s{;Gi)em
zmv3JwOdrt{$<QNn|IFI%y)qXtBYA+I5$Ke}7Pr|-YMn;FL%Z8IUHiTmjL-tB+8ma?
zGr=}njU{2+?Du&$r5ZFZD@Gdkg;+!-cj<FHr|~tGD;<4jZ1wknmC-HQ)g*8|vm&va
z6$1D9_WK)7SUxR~G7bKEikFHSQu3?XRDXElFPmn&-(|ZDQ-n2lgWgxTW;sN=oxcTs
zjFFoXS1Z)+*HuI<>NU_VU5}H(01X{U9l9so<fsgQpp~0(A6a@cR{jrHx_EyC#Xn`2
zZcRii2F4Z7rk2>id_V^-1hbejVw9Z^V#7JS;U#-}r&^a~J-R^B;}1zY{uqP=8kKp7
ztY7E<lw|%E^7VB(7=qeD3jR0aT0BKc3mPGxDo&rTJM$o4dAq#*JUs4Ihs(?5pe)eY
zBb{}ikDguofIC0Q(wu@;dB)O-V$70QPf0444Hj&acy}re;MG+Feqx)8xjd<A(Mh6H
zeX5s@HMkYU#H{uGZzE82h<bm+-FAwqXd#p%{fk9Iu|ZxjpA4K~dP)`icA(0FlIC?Y
z#lp(Eb91917<zGky6lQyaC=wk3xRHn0jy7-pkD-9Y`<kg2QN{dQGhPezI(P%?nb;_
zyvkII%fi9(DF281rn>D}p(p0#Tzm*iIX`t$suX+i<qhp;Go?7@3{Lpc!L2WXoV%DL
zq~~guDs^a^>g-Ivk*&VSQM<8vc;=j8XmCfm$&WpboG6VGtVMpjOyQ3cPF0s5V~Nk9
zE-Nol;eKmpW@#xyS`i${pw$bxtcZzi2~j1peovIwc%dwyIxjspr4-}FqIZPFuv?<I
z<W#@G;<caoio00(;%FC;aE(zyI))Ar?Lmhqq@qKr_8#FNYvA(S-h*|vP)NIIl{a|)
zH2Y~cW;p{&>!=2H*Vq3E_!yT$TNdjlM)|VZf9AcdYK;M9BaLCpEa<-xj~$ovp+Pwx
zx4Pwdgqc)P!jT6&MeXA$(`=pNK3$wOEq(m%l0Q+KS{dWz4du|#iwX;uK*`1AfS!&H
zrGQ&jm`O8^fCLH{icG9jAQKbQl+%ZF8x<BLv}wPGIYKxtArHz<O|GC?c31+z(3EZG
zh6c~eN1v|mms(T)5s{)d`dq9wcIx4y$pkvp(jgl6&wRizbhzrFpD%Jd$qWGdk{Mr8
zz@S-AqMOzcWByPqb(zA?7)~6sJN57Gmg?&nw$4NX@~aIbV;e78$d#}-R;gsN*9R5L
zzZJxmhps&l;Oe=Mf8RBUY#h+Q`K*mi<RXi$5$Dq@uvhP!yth#zQPn>8%ruhC*v^h3
zdE(7%YF_|Jjp~u=W03^&K1p{=y{L@04qmIQ8AyH4e8Q^Rh}}EPB&0k#9COo}+?1BV
zf=E-i;r0{nh`CcBgAx+%GSDF{5$KSAg;5=5LI}>p>2Zn<v=*)U0zO_`yo20xMT$Kd
zxLWoUUVt)H3dFj&eQS523oHkqyR}vR7H}rPbHiMc!Nhb&*5B17@{mH@+0#RQ!JZml
zn8m}*!i6r%QDGqaoEFZ<gJuLW4+hK%0g`|pXZ+{@+oBRM2mp=7kg(5k+b{o*?1iEQ
zkwEYU?RB4V_qEp<VCLzm?e^Py!7dt{AVd6Zz>F!ob3kVBUZD-ZqZ~8)^b|-M3lBVQ
zI}w_i&D+kxlIzm2sP6t^fyo?f6o9kno09f7zd(esfbh5)rFghz9Ce7DSe=hLs(wnF
zw<t@HZVYp@k2GY-IO>``eeS@3=xs@YEv8|pL0NUk&n(P{nBB#8fKJ|xYcJgk(XXjf
zX`K7s?sg>q5Ir&4WDNzkjEG;)aS<=__4){)amZ{$hHoQJV|>CdYa>PYyOoc&K|9?@
z;^vbm>r@dzFl_^h-A%i^&9{Lk`L*|vU$bNGn)we+P$9HWWuR%&Rdk4WL|_zfTP)2;
zetsLmG7#8J^O*4`(CBtI+Xp;<e0r>!-{p0!Ns*_2qRL~XD*r_e%YM4BM@2b3E$c1Z
zRgxj-8Oqap-JhgQAplP1G&J7cpz9E-_{9|ZbV|G#!v^{mtKYVBO#4M28y06<l?o+H
z;jEId#<#W+QHgI5u>Z!!#!L#G>c}C(bw6{S7`^Ofrk+@V00T}?H)Edyotg@~3>Pt?
zb?t)8748i4dn;?cnyS&AG0?7AAjlV`Yx5D1XK82v>xi%5^*(E2kE1{(VgAG<LD!xu
zUr^8*B-kt%+2b$B<x^D*XH|<TSguC|JAzpLlYx$Ul8=`5B_PHv($-L#%sNV44{s<E
zZ+yzK6h(Qr@N7?9AiB^|Z`EcM!Td4QJ5SlaMUZK%1OZsS$TNA11pAvde{_LwU&W3a
zR4MF+oGLZDpd4diY`-X~La#DThe8-UE1)C1>guL{HxR+U^jpd_w`)CP8h0!<f3-%+
z?xR@tuaSMc{muWNnY?lYqy-7$Y5Xe|5|$7IG0%ND1a*R(tT7J7y0SKfpU+ks1Mf<?
zvgQ@7yzQ0<Q!nkODXT+mz3l8N(+Q>iGTcd*Jbkwj658G(^f&rGfRyi=P^c=`tvEM|
zlUs&jVs5Mc(+ETxqFeP8%z=P_0D?*+6vbk20O&CH0>27~_}oQ4JUlpic*ubF)ZPU_
z3F!>OkE#G$DEqw-Rp{zeU`UK*4F|K1lzPVkBwa8b7`1F|;3o(aCPM38K4p0&^P^+e
zHqKOk4_E6#Eg!k=H*i;JL4};$kGSqoJW+|oNgYdDN{;3)nIiBk=q|CS@gCBLF1b9x
z>!2ULM;R|OS~zQTxK6@nwLlcTI>Zw%!wj_4<m|I8JoALj9d9_&Dt+=kJ&+r7h{cnu
z!W>Y4kd@pc-~Tbp!k=fit~vcV@Kbu8L^Ikx#a<%YENLB_DbN!$JZjB$j<A5)VC&-9
zeso&P0ux6|dj(zM!i(ugAlJ3i6WcCuF6pK~X7*nazQEIu<H?`WAICNyKGJUWG(wyb
z-j=K1mw4v^C!D}8f?ot90)T~?99rMV6w7ND^q58ZEjcT-ht)PI<LYcsFQLdcv{(Ea
zDs3E?2GEd``u&i-awAvzxims(K^I?C&Q^2&xtmDCMd}}W2Nfa6#R6*T91($he0<l?
z^v(p|`oeh_n<Y?ijsFcs2cShr9kRt_SQSE*$9dYqGPl;|HgN9u0LUYr4+_xYfJ4S%
zrKqOUsw{`kJ7TMx2A+bTmK~W;b|aN?`Vqr&&T($tw;<N#u#7b|xb3gR&9s4RVhW~1
zMf_!M{z&$e(0VCmELM>~LpW2s__(cKQv5sBV3xV3kw)vvPwK=Q=JGN7@cmx{4Q!hC
za#lOtMf61%%<yPJq7B$kCkG26=cV@Lk66m=#x)U_?a+9$=mtH@)03<&ES-t4RW<dA
z`h;AX-uZFsN&0Az%h-rnDfqUv?Dmw3;zA@4;UU5N&Cyg>y6$^D1mI%kZvEHlscrne
zp6C?8T4SDnt0ly7TTJKe??X=*WC~2(2yx(wrhSc=i*gQdbGuEbGf@q^f$kXP(lpC@
z6aK5H1rNTc`<l}PW#gabtC^yGKkQ#+LeH@0)b)J1Dk0({0kStUU2;{-x#o8ZYt%Qh
z*itVe(7SC`+~x0lD5Xp^0Pe;R@z!tOgX)F3U(;K~159HB4_{*`e%92?jE*9G`iO0A
zeP{z`=i)NU(dhg3+}zEa_nNFGDNG}44MQ7<5Tv84+ry)0`1%&m^EeFnScy;=@n><4
zqV(umHvF?PuXh?9vQ}z<dLbndn4Xb>C{8OShI+QbPLbC>B2mB;@i<o7fhX)42`0?z
zQ0)r+`*cHp>OAm6G<@fz5}s&H61JYrxb<3Wu08BTQr$v@y_{<K_-ipUFvOx_&mtMm
z5_dj*U)Nnw;MbFa0k%!YN;+<_MweQTJ8^;^)8SC64Jk_~O25=jVx_RM0VitOS~7f%
zN2@Z4k+)>v&fh>Jkdwz%&%0Ob=GlkEEpp>SchK^x$G<GxZ$YxZLU!j6lq>@O&kOK%
z4|JH7;CR57prSernckhBr{?DR-YgaiU*8zgUQCxO7b{!5CcuYq({FQESu&d6w(Ja5
zSixEvPg2iD<bu1ptMAM1YqrlN&-#oCal4JYb`w3|-xP{I#`{%ug*0_^#2mXTLX}+x
zZ#7In%dcM&fIFj*c38RH>(7EAj!@P9$0|&s(jJpZ`UObfk0CB}L|gJ3>KPk>FHFrq
za(lLQ$BBcq__Bp1RZV(g7>oqS)qaz=9R?(H&#b>-d=`|(5Eat|be|c4OASh64?5I|
z1XEhG)T6~eZ0aMonUcglh`Oa}gqr12QJ6HOu<R<ytD-fgIj#Om{l?)mwVxiHZXrM`
zHx~sfdwx!nc|3v<ZtK9FBd8T@F6SB~*@&aKY+&a}T`2b;hx;^^B{%Abf27mErj&y6
zM0@F?)Me?;m^4@d4>@l|vx^4toxd{m1#VjN0A*G?dprKaMc+Wvf{EXD@+o201jq1)
zA-UuBBA2M_$e?K(UWZ?(;)3H9nSnk$UC*PlY~XXqHOH5Mw{W}idiWhtsX)ZIJeHb8
znMWQ>);0{%$;ru2wN=qDTSrF~58%2p;+i)Bq7@*p4$3?uw)NDjx%Jg8eX{Fh?KEpe
z$unxDtq1NQQxK6dX)=m*1VXxR<*t)EQ&Oa$GSy$GumIqGfje#Y<fQiU^t48gNeVUJ
z!U(z!bd`_Qd_)LW+3M>HAx5oAYfi%ew*oKUI0&!_-qXM{5E*d<RldWXy7MK3yE`R{
zhF53mF1pSbreR17;CiARDtF&-^D855;UmaIf&DtRf+N>#@eY?x{h3m7OddLf!?%9>
zaVlxie-vh7yJm>5kjiO4u<ZCCGGwO3N#9WWq>R?;={1odyDj8exN;<p>+Q$`Ij&Kd
zot5{J&#lpT!zXRtYvUjG)Wa@H)UW8C)N>%7WSx8`gMcodV5fS8!7^`d;5Zz3`?)hq
zi#4Ad(w3v2-zCv;@gKz%0Wm>`Jblm^eLDXWD1_`dEQSqg^cD$xJvlpbnw~a+yh7D`
zEE_mN`z3ZgS^WfA>W@XwH#eLlqPrQ%zw_)FN&Ab7so^neD-%O)UbS&igUE%w#Gx9H
ztI>N{Q;)dpo#Lle4^**0dd5lCCIp>`av1gAcat}2JY4c8T+(ZQ|CYwYpd6|i7VUKz
z7#Vp0)RvnqtlQK?4R($(q80KZ2qio|g`GaW#An($IP7;QK{vRRViC#hFyVgdwc+My
zhMKf#jjBrt-ON_cncr5Gw$ug;N<EF#CO$N;yjgRl48cq9-ksf~x^C!{Q{V=>*cVNq
zkMn+Zct(spy~*0Q@tD+y2Mc@$(o)lN?#<Y``4(A~*#Krfjwka0DrXLIlRr7DMu+p=
z^Tp!pL@KG5S*yyP43wzk7V+GER$tlGWG+^?AStZfxAh#aJHurV<dP?q+)t%U&NWWV
zEn`a%YF_DD5YXb5F0VG^^VaLZ0XK6hT<1?VYy?9FlFt820td7y-GQsFr_nHGd+Y@b
z3)o;FXqMf6uLy^DQ1uqF=lc9iH=Wl7s?=8;dlm|6>p9EA5{lsg7#kW|QtiaV#1H|h
z`)z1goxXlufYSKGP}WM!_d$7clsw2e&<ykj<)M7;j*=#LPlyzyP}tjN@HYOcw-<!+
z;YdqUP~GUtVFuk1A$hC#`uYZ4);GJuBTX{r!v^i{T6}YLl`JnWN1u!;oa)KoUp!r|
z>woMuRf9QtdK7sw`26`ZU<R5u@Lwk<e^5_?oRXMlfL+DmcT098fSiV!S~U(RL+lG%
zHj>0r4&`UxWPIbKhUbf0wCGxnTAW6-X9FhHn<h9m80WnYRl7p7;|@dOw;FC$avBay
zb~U$@qFCw{E5xCAw^S_naCBkPkoT)ks--`EHhy3ZH~CN+qaIFibM}{Iajj%c>QH~v
zcX!UPhD0g$NiO`SCKd`lECx5J{{c~^{CBzer2%wlYi*ZpC8P381rctv#1zmOFbZ~d
z;4v;uZ&8~$LA!UN;f|S~;y15WZn%#&?r53H&S+|x(bIF)Cz<3*T@*ztzE6Ld3Vk9Z
zZ*U?g%vE^8C@g!usdh*pmZzyTXDr}Q^T;VvEQmxNGGx|&nG<BaMNSH~FnpTZHW@$Z
z>J#gc138T}f)WtI0z_Y?y<@&?dcQW>@dB`ednmwdmBw;YZI_?$G6G(+d#+C*W^NYe
z7<hPiK7gv#uR8ZHZ^k{qI)Ik0uI^5#J*2U{v(tUzEImDaZ$|1`&(6wf5XKoy=J0s7
z%C)w!frI?_;lcALTR7nLhv&C%{g%T}|HVRHURY974ZN$C(pg`2SgjPuT0#PeB9Mra
zt1%CE0|-QzafiPz<e;OYy8yqv0K`@EgbSfqBXiR2^z_ux!GYy9Z~Ac2k~0b2^ho-h
zbMb7&yBT8ih(%}q8u(BN3~?vH-0-P_Aa~yEdtOn{7Dm7=U%;D~GW1_kmhRcb4bh0I
z=}FdQhxv3ZR4kxXu*!XoYu!XA8sCB~`cu1s^TR6rs4VT^UGECq`;$*nQo7tk@EbKO
z$W1!2+^ZPBMdj4aBvR=0S)7Kv#03oN{doP{xEWbw<-Eg>vG*5vbp8^OZR57ZSYq|I
z(Zm-SJc-wj0W+#f6_XGu<E?3k8O>7o`XhTr%11`McNcIZ!sCk?5nTW`5rSyM0-CQx
z*!0GwQ>pXCx$IOcybKQMMBc>UK4nFX2vLlYBSafvS#^!X=CZWavhTI3kU}fl+(^MC
zZ+f{CF5LKDv4P%5zoEy8$)K-B%M!-#Uw6^2$j2DB#AwVXi(QG(?k~l_v)f{UE8CE+
z!N5^)PXZ{RKy#;i5In4l1u3~wMFRVOYIH1{-1GQ)@(Y0|<%2xD3%~nw)Rj;uc#AD?
z*T4W$-*vxD{_befx^d<S+7U$tqN0!|NtdC~KQl5m)`4pCUG25LP-)Lmn5+XT87+F8
zLp6fIX<F{wKIEYFjg8b$+`m&(@v!1hfgOrPlmJ(3kQ=s^dxHiAa~*?@c4yxsxO?kD
z8ahTOp|G;PUOb#YKJN4`YhLQKy$ssszkdDNdN`f0L{wgzL_sqyC0DHOV;XBnzP&dv
z6VStUY0I14W&+%NelxCnEQfohr#GDyJHt&7NTjtIXVjT`z)#&hc9niiCkbbEe2xzN
zrI4O-VkP`^J!KVOt}rRYl4#4W%-b839Hl4`lfJwK#MM{}p;R1;zdIs-s8*mS%yi8{
zR80TPOsllNTPg2gxZ=mvy;+Y&Pp-VrM0gY#<lw0ha2t}!?k+S7cjOaV)q~k6-BD}d
z7^8_CjVDtVB>`899RU>z-mP|ApgQngn!k))J9!02y%Gzw489;=If-JwGWl&rLui2i
z2UY?Puci}2Ujf<d!#x7?lpr-xzUzI<Kl#bGxEFn5ZvJ=ACnpipknw9^wa7ot00TZ$
z|ALDIJ;Kf7D)vmKW<LwLC$`D`m;ZU4L5d9^OX(cO)WV`zrM4U}lOu~9runuSxcq{e
zBD?;cRMaK~Ec;$^{*PgUo%VPvIyyRNYwHj0CN^Mgbu~#(LQqh!C@v1|CRf70vNK!x
zqp9`qgqiHjVUjTsIr#Z4AaZ!Z(ZLEjBb8!+-=@xa^oCP1wAh{TX-5samp=|6QE^Pe
z_}e*DeJ%EoPcvyp7fsdyWvVS!-Gy>yXztZerZwMDV#ug6S4{rVw;({1G$$c2wcTZz
zE}Fv#-`9DcLu4{YF_1|agqg0^OdNPGE~A_~$TtU{m&6}>1t0!vz$AoTgc{54*F6?O
z;<~#}zjB+3l1gz}urOM+?GFi7pi-(}`jQ=kka?jQ)$jL4q)QSicG{fd#4K5aB)SzN
zRNzl)pq~DuIltk<PlT>3BZqxrfWA5c$cgVi{rexO7Dx-4Mt^?7-4YYR%InV?oQ?}L
z@XkVv3*0)oIl0G32)K3%WP3s0cVj150PGdL%-!Q|KUs2`0U7pa&;bijH;JFS`v6q%
z^m@LtV?me#TyIJOposBsk46K-q9cMQ%^lzTC_VN!0z9THUXzCQmvk2|uZlwE`L%xy
z5l+0;yWsTnOQZE#U19ou;l<fmji8uV9n^c<r=eaU68c;RywtU~vu$qge7)@Hx}QxL
z-Yq2;Eb4+kL!0=?VY_sN0H3+4V8i~Ik`_=({L?mzITC<;`p_Iacfu>kq(7c`kx6M(
zRTMoNkj9af#fZ#SlsvEW*}QTF*!MD0M$RSGs4U;35g$c6e&Tu)oiz!I-LOxi0Kas6
z?V8G6rctyJGNt<@y<{OW07RrN;K<v&G3BzP>?Ow5cv@*^OH>U1I%z)<T#-nc?YDqz
zeWZ`*{bF6dj_^KfAd)J{>2~4yQoXiD8b4(Kq3p!Za9c)^d!ON%-mm4w+H&->Gh=h-
zyGZ`mC@K7yC@%W<uX3)L{l6fzZmSn^M6cO4$(O`i<R-9SYJ`8eVv-bmEf@9#L1?d3
z!++P2LCo02dc{_MQ&|zdx`hPtO26!vlP!O}Qe7cJlS6p?7O+b$`q}91F;Yo^$@=0`
z`Mf<l!BJ_+T8jr1-{1yS)t(~H;+LhRr6C7F^GMCTUV-?lPV(f=4~lHmkNQEU42X!2
zf%8x^b>j`sR-1vSkHJxxCc3+`vpD#j@~nj{0?1eWt}Eoqg#<A2{ucTfKPIggp}3z$
z<;V4{u7W%fR791}$jHD2K<#5HtZ9$qQvI&#fgu&^h9;1Uxw)PE53^+Z`kYpy)I<#u
zt0wT5i#CE4leW1WI8xM%!1!23rZSeGfV$@xJ0EczpBZ(<rkb0mC#CM*`lPEY=9frL
zcB`>bM@rzko;Yf(G<(4!QqpWg*~~%2K8Dwa0gmNQl|?~VcyDya?((tnBdXUDK|plI
zId0rKD~hxBIr=tN^q+9ZT4^V9ViU2Qg@vh3U-{eh?>i<k?R|mI%-&>(%Cg!&*$N4M
zO~sKGhL06*Z!H}Z29!C>H@)x;2V&JRh@F47y*c?0b5dd8PT$OJ13NFT>NHn?SP-!2
zNF5I3?3&!%wnue{Am_`)26vlPpVh?Sy{d6;?(2++F6Fq?p*@n_4^omiS*XTRNBCzW
zUsfL*>*WPy|Dx}Cv09he?$zd@1-j-!y**}mkB^UpL2WHFb?7NR9R_y(Qc_HNJ-vlA
z*zfvs>EHlhoLT45PQ~(wi4jQI;-a>osHo@o`1ms;5<-~J`}xwsMN{^IV|SwT@aNSb
zdttJ=n!2B_-gPJbs!7XtC#fG`nvy5eq`A1{!Ou|za7_(b%Nk9@Dk5_~>`yBE3{dUO
zxw+9~ij{a(p1T+nm{d;*OO!11Z#mFar|M=9Z1t(79F&|(Vv9mlW3@{}##A!srgA*0
zYI?gC9mAx*@w>I~!zULO2D`!PjnT!^(A|CUX*zMV<6EOlES3CrUia%^<)VCUO8(+&
z(>RTrm%iiye_BrNgn^?Ag_ci3AT|X3mAZ!0eo%W8{+~>ia7S7E^PlF44lxk|uRc<v
zNFSLy4fbf+DSas;__QVU2fEGz^K(qVS35g93_(7;*&MG%;q7kxL~#e*nxA23zTq!P
zTh>;5HZa)DU^BTnIIu<oKy|HqC=K*I`%co=EE49A)9GB+9&eOiaX*XwDKTNJ;8iiw
zjk5K7Dd9jI);sMF&{Gcwkdu>Z4@IcR?ENPRY`wl3sun64@)4kt05Wk)0(wk18ljkO
zoP5IoOzx|FnLzlXBpMBIjH-)X6jkGyK;RIyy7R4F)j>W>9Z&AzTglER9B-7aOqiD5
zgdZr_??Z`joO^98Wq(iVAx}H<!7-?&o17bt%$`NDA~&$6YP#=ad70U%X^`pP_PliQ
zPAn1pm6<0N)>R=v72z#vOE}FyT=S0Er&TfP-JW;R49!nAwAY0DmGeQ4M8lwG>1kxw
z5}ePF<MgwdS2zviEA?vQ&{Vie+e3{7#oC?WE&u=IF29;)+%>RmzkOOgJ2-$mpW#Cu
z`k^?st-HgSonT_Ikn4VNadCrO5c>gltdI+E0_`o&dwXF}fc*plwZdniobPY;K@Bzm
zH+x7-W=qi@KH25IF1fS^Ibsx|6Xj0TiG1ubnIVU#4!pR!!h~L%fOZ#XY~9`6_m-BI
zM@=|Yp{E%)E3*rFb~|ow-E^0m4RNt9oRaRB0^U3@CIfmmzw(~`{Q2|sqVDHUFtE$`
z@`XbAZVglhi})M9Xx4A^2z}H|#Z0^s9`lV!mRK!US;2B4_;oHke-i$?ER4)|vT<w~
z8@m`HzHbC8;sUW*gW!%LIkWseKB<&|be4n<L?5iX!nlm-_sSk+>5Ek*KPqvj)g@r(
zeF-%vW7-|TJlP+6Uk<D97;qdrCVN7CP@WyAm!e22pJ(p8P#^qUtk#k<R=6PhJ-qMM
zdOCtY#pEztS7pscx!i6!{(H!0dZEeU)sFs;#_t4DbU+Jt$B!^Vvc{v|w%K;Xl72O%
zS(3;4fZ;(24%|EBNMHv%tJiE>QYZ}mpJf9bk`!UW0$xqQ0Jz@cGrdNH56;y?In&`c
zXc&6B?`H!yz*qfZIg{4g0g~4aU3I53X9B5>oIa5+$Vfp#0s@tQR_KE2FJizS2N_MF
z+q-0;0X$Dh`jfYAV5`)>ktvGy%x)92z=`$lQxf&}_6BeG_CfW5XJd&rjS#@hf2Nv|
zTn2GNvXl6PgnlQ;F?5@f&!sqd6_p49eib4>m4_)dx8@^D=xJ^j28WHjp?e$bqKW_b
z!%bZjObnskRq<LLmq;4WwA<HaR+F*L&d>#W!ZD$FibXe&GWd@oW|aPX6^&!^j&fm+
z<JNC?G@&X+RSIUyuKk+0C~r8yI5IIuo<~T9d|60BD20K8@k^ytG%5>w43(jMRoZuB
zuR>mdbR1+bD$yJvuD(M8-5re}YG=_d5zNg|_a5t<1$W;#zR*4%89sTAji?ggY=_07
zY^DuKVrmJRJJ~HO9l6S}CZ*YPnP5VGcfGlSbkCdqYeA&oTTa@`|FxpbifizRAPN1C
z9kIVk^d%!ac-xsX?`RBS&3(7pYazSUx^#iQem*{7UY`aHt<hi>TxH%bAeEdXz+6Fj
zp!~eNCHvnqIr3S4oPe{-%Vi95QJigfm}gu^21&)VmpG)K^>6TS@A{fQH0!^~pLF@z
zH`xS2y-;`1Jr(M)DaU6s9_b4Cq5KgFrkD*r=s%}~n(w&@lhxJ&U$zpUGMLyqcJ+OP
zQmX7ie^UyQa%mT~?}2t`g{xcyVU(yTI`0A!f{KT{<x^F(q_1UG#WONIj`%fx`(y1|
zhySIY*-#@y!{0fI#U}E=DXvfwE*}#9_Cw!WL9CH~Hm0FlZhbS1x155fCWvDwwNn>e
z#a_B8#mtr=N?U+`4TLxFC708rdoTOOku;IJ<@ce&o01GdzhR<XuYAUu&9y&ft%GK!
zX6}$Ce9s=q549mNccE5TNE>xsspZi>ZiifvpA;<B^sglWSzj}1^FV^vb#+hXfFIMR
z<RVYYfp3&&f4|TDLP3}vIfVLvOpJ|}pto=QTwK(veNpt@z5}6H_3ROEDM-LsmcXXx
zJ|;6$>}d~M@inlb71)}{^V8{b0UziB@W)BV15m$vi3ca{I{Lb{M#RCj=)saP(W5S>
z_NEQkfO3}x26|5yUY%azd%ykGE$e$yx!>{TU`7`hN7lHYDvHx-lS*n_&UN7*N9y6A
z!3?d8++qU1=>FuVF?pLH$dp#tw8z1gsf*JEEAN*!b<^uqw;IHzHx#S^()TRT3_e77
z=+Ii&@8=MAGz5=*x45<CQ?YtVCr!oM)Y2IuV4UmxiHuQ`g0OxO8>=CR!l`PRMeK8$
z+8q_T@GQ(x@Eff4#<)4}8Z#XW(4@}0(PLksEIHp}eOh~C{Rbw8IR&9J^zzDS{AFlI
z%+L{o0C@fB>azGfBf-`*Yx#W7^I4-!!YlK(@Hqi`gj9EXJLBYsso`CY3IX>rV<V%V
zP(y^bzkjYtr&li{8L%fXU+nEpQ%9L|CcvaHU0IzS7?jAH;-o15^bv4HO{7wr3fSr8
z0C!7h*!7!njDDD{p@z=k4JhW>Z>fn(?|?&^L@HW@x{RN;HlH7TyG|0|g5cN}7X0Us
zls}KIvj?k<*O+~NPNtVmyV2?Qi0Ex*yAgIPw%<*c&5b2eXl<6&J(rPK{b7kN5rb`p
zY&sQCc4N;4`dA*aJ)^k%@wW_0F0Itpo7v4+PIyX;(i06|{BZ{28&`VbEl;Ub1AXev
zfe#s^$?{FcV~fV=`=fJKaju@N-x)%+j6-q{+Q`}_a}z#ykI)fKgv6%JtGU*Us}xZ2
zBauM>clR*=0{SnQ|MNJ~|7FIajm~%+y%n|uVdM_NLAv>4E}`zL6kVG`XyN<4a(Ate
z{ifze_yfh^JXniRnt=!KfWI~kbM^nMa`1nku;PAp77KO@IxU60Z%Y2V=COANHzy6^
z!9-7C)|z-B*VlgYCE-Sw7h4Ac%b_&FJk%jq-_jxnowx2@Ui6ove5_F7%H1c59?+)J
z2UAd5O8d>lMZ#7v^dIYJHBDh;WTb7I9vL1_$<+ZJ-4Li=a*Y6BL-EHll&nRoOoC0-
z;E9&laVwfY4xdOb7)$D0@helpjE<JSNz`f~R2<vYm(n20RO%_FfMx1Ax@wBU)9*g#
zOwvMU*+=YBOn=Vha4vNXHM8YwuWWRtW6RW@+_jAu#4C|4^Dk*K99Q1Cf~f*K<UF*G
z<+jSR4bR2GG~12A8^|_}PpMt_{XL*4Ct#T%vz$(Bs!YaKAL~%I_-}FbkNyvo^ss<z
z?zN0uKHh7Qf3j&L7xe|3fWgnt?cqQJdFkhizBWjWTrn25y1%!#9&~kletqqP{{!{a
zoaI#S<7fanySj|3_lx@wVJD5gk9JF@Gwnl30)F#cn!kKhP26#hoN6$iOT-o@C}=Nj
zzkC^oI_M?3+(!R~Y;O@*dqP(mPA&rL_lq7ML<-tW1MJv8x3zd)vXQny@Bs4RZQPj>
zF(37%k7>k`2{#+oU<s&*$8FYI^GQpSIUn35n8K1>n29$R=nt(9?cAudgy5onjip-X
z>u}@9!Z9R76{T=HOrcv@>E}sS4SY_IQ>1jVkgy29F(&>!!T(*hV17?Ygeq>bWBp`S
zke7CtA>C>3Kw%+5@<_1BwZVJjR%`QIDLy&rVB)5XVr)E`oA25qd->*55$>8PGna#n
zI@t4gi7goNV_*x9gGI}@J#y>nKclYL+{U)p0o39l(kq5-iIQA)t@6qxekX86ZcTdG
z7bsE(0WUs1VL&@T;Drs+AymfvSmZ48{%o_42*Aq5CS^0*qa;QNT>PL>7^zJn%FiFv
zQ^$@%Mn3rMQWNyiP)Gu-$}sE<$MV|z0ZJ7tFDo9om)f8MpzIo;b$)){Ie!akt@rTu
zW+)HK`a=7oZFoXNOlW0&1+>)zG4($uXLQAg6fb;CU#~i#BW@<+P?ea);t%3ORXL_*
zI}2=#-GGz#N|T|LD~uw*CGoW?iJA;N94f%6xXP1)zY!)XUpU$)h*OeNM31m$X5@w%
zZ$Br8jT$43D&v^3f4ugvM^p?~!*Qb4MV~H74kbW#op)_kiB^nQ*p3uVJK>*Xn*5!V
z%`cZO24N{P%MPwz@U!o3=9pSfn5jCCE1{HhhPSx=h=}*D&6X3>3vM%HV%Ld*DUsFT
zU3)iX0N<K;E=~E-^m?PHPM(O~uh~SfzYy3$tuvxs^CoH)|C)SUt>O480UZ)GK_vRG
zM<={OuOO9Q=X<~dF(G&1ApC=oL)?bPy3gDBFa;-VK!~Z;)9|_hId~iDcZZTz7;zYX
ziBaK2xS7sE^8cNCD3zJ~N|rEupmN#V%+u1{UEAU~Tb>`lc=-!TS&Fx&zk?b(N`8Nb
zks0lQY-i6<q6S+~r@g%I-~0o$rp>Lc62koY1?u=j0%-5<=8fn9RH&$^^yT$J@3Y(m
z{Wv)}VH~)8d_fm?f|AtFQ-5FL&d+-YSnnW21qvh+X6$aoOgQGNjHJju#V`U4Qp3Lq
zhi6GR635iSAbM{jIKki^%cjDaTIN)GeU7lTF}u=H!|KkF01SOz9>%1RiO4=7xO&C7
z%uj;iOggfDpXwQV1+kYb5{-F+F}+z>FV+0ysO4tsZLunzqhDRU7;cyaNZ0agy`NIw
zk28A^uj_Ls+JVQMCB}!+@dqlTWk;Pp1#)lM`POp}b=J(M{YDvO6AUmP;2*G=uDK$z
z=e}?4<6^=-{VF5ePz5-5FCAJkl@$=0!*lBGQFOYlc<mO4uz)a_J^$D4O~$6j|G^Rn
zadaR{?-f@~`PX5w;GM1&X;GzngIRLC!QgtHqsPE26aSa>z_upt4eJBwih}Zp2OXi>
zp}hrAVnhV6Xv<wCTddw%gcbxPAsxNF+kBpGN`0?)zRM>8TA}7y3bP(u)XhUW0j_~t
z1PT=*m_Ky+e&+Uj{%Ds%p)_fy2^srPFQMD2uz4s9;AVKCeb4BKpth!l-}<9<Sz{wt
zOH-4Uk)dItKH15PVY|ZoanlW{gk4ip_wSpI;_V%}saZKsI5j)p7fo&n3o1kg#86S2
z4#LmJgbH~$h0zO2QCfB|B>Pq{vI~M-k?&|y%p^M?b+%#h^G_e|3}6W}{;c>DC)K+D
z6$+VZexmbZYQwq3L@(J%7M$ttrA+@nFTmm#+;6PFg)QPt&g54QvV9TeB$zZY#itVZ
z6;UVKsmJa_){w7V+$w}tPx9?Y;(ITuoNKVXR^2!IMu?n9ZL}U4zmcek6;jQLnAsGn
ztqM-1mkX)rv7A}ySeV|{=hTYo{tt?$Q2i?$Ifnc?IEZpIVSc#3jsQ3_ft8IFLlhcT
zF{t!I6ttnoPmT(I?=JW=qTlSNDwUDGeirnW`4!Zs15=+PsVHrzt^M};bh~Dv)Z6`4
z2Zsw&g+k^=<r)&eM(S^3gNPKFD?ydq+*=rRd3hP(1y%aCU)%*t&(9q~F5w)Z#C~&g
zGyA=ttLu)6sw&elD)0EO-I{{ePvx3=MEWol(7XTlKQZ_q%cX<Y36V!qe=PLbDKtZG
zgrV*0jX)b^uqRxV(&Q_t6{#F<E8JZ{{r0?-OKYMDb`;?(fayH}PDTNcpdlyn5B4CC
z!;GXd#Y?a!c{>hXYFA7j3%SW4&qIGV%nMx9I7?+}fhs>LcakbOX#bu3sqiW=hjnTn
zFT-UtpOt#AV2o{MeaGu_08Np;K5X-082wE0n7Sy#h=d4NCt}@oZfO(>aEI+vv0uhr
zU!d>HST1@LUH(KR%(D04l!A_|bEL(NIOniWe6#e&E?K3Jz`>5ra#V6bcaU5}pn=x^
z$JAE_Rk^)yZ;%iKL<H&XmXL0dE(MhC7Nk>PBaL)-gOqe5AtJE>N$KwHuFbnR=Xd_|
z&NC7-4j=Blp1ZDC5A}Kp{3C_4isEoAX4<xk7MyJyk-x7CF!$)qiDpK<6|Ar2)4Lun
zw}tKuCN&z>j#&w$3;f1&TRK=?&Ouxp7#Ju9XIM*5?^{#ZTwfyl7SQQnh3o5OC$nP2
z3RO{ILjWZ+O>F_<jVL=@#I!4naX@X{MD-CuQ|${^{<t=BaXP3&&5^9Ixx1^75T0O$
z!VIB7?FOQ7wUr}_&(5Z2<)ll-l$@Iwrol)$dI(83dWep4OGL;8t%*`+RM@f6VzhO~
z7Kw`Zed>f2q?pfDxR{xqQ(LX92ccSczxLE`e$N!sO7l7=CX90caiQy5bbK<cgps|(
zN4cPHPvu&9$eAyaZ1wQ#6yz+e2@Mt2(!a$oXnA)b7*C$(q>3B4aSs}9DfP4oEvJnT
zj!wwA*f>e~N~GU}P0u(slKoMou2-uo)~UOFRWtRPL5@3ayVO76A)v2HN#Uvj)Z+hk
zpOH)QzeS&mX{vtgZu_qG#3=7~qM`}jKEJ{t`xQxgM%tb7;N2H4$olHj)aWUR$<VzW
z&<-|c<N&>Ck+PCf{}`^y1zxdep{oxb18>cAJXZ41!qK6~05&Iti<;pE=_wXg-bHyW
z(qC7^l)iO@p8l*xRTTk0(83}??ZWg&XF<(r*>c)8aj`Qr%$}YFV5LYy{kdzzrt$i>
zqtAC!KD1fyB3p@4D5zh)_>1^$G68l^r$IZj`mFP{Nn_$|7@2|ld>G=Gb5ifqL1gLV
zm$Bpt`@i%s##6Uf1a6%|qS@!$BCB8+afdNI!B2+9AWuQ^2{0^qv4V3YzooKe82-if
z$^6!EFF!qJzIHt_>yw!<V=ZA$($#*B%)fj{?9wOFmGH&Uj>GhQyrVUhJXpl+x4rq^
z@6n0s%9=l9PaA4z{ZC!)rQ`TZ782g(te;BACw>w<PW8j6@l-8fS{E<&j8_$ehm-uX
ze02X`0WcX|5^aX{-p3p&XFk8Daq9YI+bLSRsDC`ArI&H*_Iam66l}$pe57g-2LVgZ
zakC%vHc9;7cbX6v^;$i*#>dC=D2{f{$RP%{wu1<EpcG#>2E`-3>-h0$@4(ZoT)@9y
z0W4X*&?jShULI23L{N~4coHbR@U_8cT0w=J9<TM;+26VeVPRTx6TxJ2_P4i-o0^&&
zKyd*A&a#CAc5u*7lNzVNN1`9-*G><i6N4CAsD??p%eCW<*>ihfZZ;od(RDH?`geD2
zTAE^;21Jo>xgp+WF;E4QM&~5kwBnvTxuRP$U8BF|Vo5c;6MO|JsyQAV<i?zato5nI
zIeh36kV$m9wqT_8;!x%=7}x0b<W^3JY}l2+%QlH4<f!~w!O0zgX-zn8e=KBT>GblN
zUuaY*uz{jdFJE{wdTP>JE_cw{EhKPCfP~eC{%^TyblUjRm5eas_;+KRl~)6ii={O3
zawMoBgR;$%zU{+r`QwkuNAQo>IUYU?-m5N||3)x!oa75zLb&EqX6U7B%_|ZNk*l*k
z+q)@i9>@M>pKrz*m?(a|3kSMaN`}Z;S~@!4A!_F4=G@5&Bt``<_b{4P1tApz7IY*M
zTW#Gh*uz(a(GD=F#hT4kL`KiraGn;AqCSXew}7z-($A~Db+kXGCuL<j+qbuAkRgz+
zM7HY?7jNf$<4GvEQvVc>jjipC#gDbw`!C@9d>qkJ=V6MZ$@;7`S!^3;P^L-GC5nx8
z80976t5sW{X(7LC%C6DgGE+vC9(l&Gyzes!{TkONrq5{wj;&a1btY~#scE`yKk?Tk
zJ~t(*t@J?B++I~nW~xu%?7Ovc&spOw;r>cT?dQ<Ky;k6^Vf?~U0W-~cv1Yh$byKr)
zuTU~q4{LP%{fTGqT0wTpfFp?{As_yQj|G2C_|JNN2}?rcTjpsi?3xp2-lq@YBu)v#
z_;*PF8XWn~wqw%;f_pQ|!kpm^yhC#DAO>_cos(hM)>LL%TBd0Jx=&*2lr>$@pZ=f@
zN_}13KLE_W0~R@Un;6G8=pP}?jg7Fu3}ItPb9HqG;6W529QvU?eXuzo6ZP%~prPtO
zv4a(RV2yoib@t;i*Ow-qdFkz_PsxVBSS!<6048A%us61`u^Ap7j@Be%vR`D6mlk>{
zwd}uTweW10m6dhaP3U^=$YQG;!tw}(0Rdy%{qI$mikY0ujDCkpv5c`cYv#B3&4Sq|
zdw)Z82ac#EP6NE}?_$igU~4F}>ee==95?7}1a~pfOh-0&URHk{sBPmNEEU_}h9^T2
zig~YCnRzv6H4~)9<xF>Kv_wkXx#$^HSK^4j{?+U=b>Sto{M^eYKON-Fc9uP(?ul<Y
zypDmF4uRFGkh=@lo}`SFm})Igd0yPl`Q9hgjr_N@J#u|0k`I3l+H%R;T9Myg^R&o^
z<bE-?`lQd#oL%ph{`Z|<lWL(dMf#3#fJm-~vvaM8h{$?)c=$D_g<&%ncsXmyp7eR~
zM_7Tb-mpR~s$Q{2S?|nMXwlMJQd5Z$u?75qJ<UE~-`6xZE2t#uUKg3mnkzjgjqDx+
z8*_w0kp|ZTXa-9J6v;rs<RJ72VvzHTF%vCn_c1vH`xRt3S~Y-ZRQ{$v+~Co7m(CY*
zPYzP<aHF5vU=V3J%e{5O{1nEiyu5kweoC^HdQb&rbYIq@wcFv0%LYTTUgJ$X(`bW`
zRGf}`&8t@BwQtgt#{4|3JT-3v0Vf2Nv^+X-lMWq98zhyX-7&8wXXxKfu%qERErU3&
zvT9RoA`}ov_bE;>McR@k)%T~-Y!V&OfQD3@eq6Sd%vbU~45?(z+;o&36G>zBW$7i+
z)hpzO@#(*W0M4%PPf;{h<lE|Bq6mvr@Q^yX*rQ07y0$ZO3p&%{f8ZHac^T8tL}REj
z<+AW{S=mQaF(rz8K!&VuX;B3BK}bG8s(1i-5N{_Co^>-a$oqH%{SuUKPN_`5%93J0
zpb%w#oW-x@B9J};d|H6CR7H0JpcY6p1;N_~-XVprt1W90#j4(GCIqp8Y#gZm>dIin
zuWj?}Me78&g^C&(B3+5l-9Z-_@|zgNbmo;Lc4irA_^ynlk(zj6ID(~MsT?iuF&hEr
z*}w>qyds_<BYUac$#92S^4i+Rj##40xNmA(Rvr4w?7i`8`gH8+Ja-w1@sVnY(u)Qr
z2A0DS&n2dv@@6*@*1TqdE7xVapL&|uyuM%b->4DRNI5m1uCo#6iD2bz9X(C7khkoS
zE-baqH8yA~7_ic1M&+^}+5g!lOTX}tY;BkS9Z4UyUH7EjZOXd8+xm%$*K$fPC*E~=
z>fNtaLqEgY#+<!;-SiEG2{6{-NF!HZ!a?{ei3=YX92}+1+r3|hxB;3k$O49tW&mzJ
zoMd3hltOvVi~m<_vMRyvfE1k-8%mF;X*$Xs1uVRd@#PVNg|BWd4uEsPzcP?tEKAeV
zDW9*7P3t7p1pKzO&<Hg*&u+Ya+FFo?OU>+jEP<{Bd&{GbrT@aYT=^VQ9<fDxm0nh>
z)NY$u`>4%-*;Cd}{XMOpwIumGSHo2&4|zJ9YK%x@Lg-Mo`>R|#CPg-Uo`n{)$XU9t
zuQ0nP+)Fc=jO6uu&D~O9-Ap@Gv(EFDI)7}fROFmwuS`)H0lm>L3)8|XOHL?0E$&Be
zm}%mf*$?|_XW9e#J<7HG*#QUh-@W;(40#bnY#&DQk|q{TPE9ovrrmpO|6OZ6#CHNj
zxvln+7xU=J@`6Hxn-<u|>SZ)v$4*(pPe8ZDe~a_(k~X(vse&$tA5vXz$C>;WRIo4;
z=n~+k-JNc!&bC3@;HRU?0oW)%K|ArK5KQrM1yKl}=X9eR>xE_!W9tP7n$|MfSNV$;
z*447XIrli<P0qlJQw}mS8@fssuZ99VkI!uXj~N$gmX^Nm-ClhBS{uS)G&{YLw(nk+
z{<u%e04Mq{L`~5|k`qEn<^+^9T55uL>nS(%F@Dmk!oPbv-F=j-eN2jIdtFhFL>oC+
z7`y*A#GiZ>($Z30nUyMFrRNo)Mb>$D7>)9=fpt#Isv^HRNqNB5PV#5gZ;r-r=uLBJ
z=`6g3r39yC9D9zZYGzz-CasuGH<h};q+~VM-PUnZE<#?wiueSU2}QUyk9hN64CMm>
zZkd90pU~?1_<k#!bFm_YjhR{D8-!1QU-a$-pFQHf4ZQV(X4M`q31)j(C_M{oxrzQf
z3HnpvdGQ&2jqMjvbd-m!?Nf&yj0Xh9*wr=BD@cXl8R3S3cV9>POYbLspTwsQKxyLB
zq(g@Q@wt<|{ZfXIy9At&(gj{oRkaK@B(rWpE)UeP2N{4PZQ`G&L9e^}@wkEre@$7h
z*VT*M`Yjn;ZuAQ=KAPe=#bHqEFcULFQtf=F$CMi%70%w~wd?E4LP#1iW9H`E6JP6I
zlA--bpHoU)M8r}n!#jgGRHrDvW{XpGLp(8uG>GmK>}6uSyJpb_wWsW-H`BEu$~(Cx
zNb=lUd?~g|J9XTacc0&>vu^CMM-;D{O2R*tm%RHt#+`rksgIY-qP@<JF4Tdn@hH@x
zX02c#d+3(`s2mU*GS|lcsZvmCAjFF<h=XI@b409bUwWW|3GVNe8x<prS49p<!5jcD
zq2RTL>gekacCXlDW&tCz4CMk<;g5w+Q<q>SoT7q)B?ogqx(6Ds*ZLA)LFT8YmjMCp
z-1Nccgq(~la3Q+mum!1%b8-IHVHqhCb*X<6;r1fIJ18V2ViEiwQZll4(}X(O+PM!7
zYY;%AU54;&9bVlaqj^7K;<`v`Oabf@umS_E?$voc+=-8X<R>}V^O-_8ZdFR%4EL-~
z^v71BsNXILU6F1v7bNhSUp;tH@52<mB{?E)U#wBo)P?E?HMDD5g!D#8z<-e&tc~S`
z7_F!%ok;hv7lw=SQx}=gB!_!oI0QQt$W_8V^vRk~32AiTNVl-CnkIL8C|Z8NY*yjb
zYGpF(`q87td`eO7n^yB|!bY(-VL`zAbu771Us_FC(6Qqiop%vkUwWtFvQNUhV7+y)
zu64ZQZ<m7OwLI(j=Vg^kGvW-IQ1ljC|NEa{jAkt8XgdUh#;SGi=070AJ+M3zTIqRA
zdr41Kqz)L#OM{}*x3!{xK3oV=>>TKJ!IFmv1I6J(b{g8dt0%j%xAz~)^<aivSU!S)
z^#(9<ibJ5BfLPetMq+=!4^(Mb-%m$BKtED6t=4-Xu~gLq2q#m#GTTo<{o7w(56lqp
zk^?9s@YqOiGmbJb!?r47xD{z%vfCWe5m<OVE2zN=25N2cPw+S8#c<SPVgtiz4=ycn
ztNScNU#GMN^NOWEh<P@@+1K9~nn-Pwz80}U&Z7wJJ*+dOxNdn*&aiGOrPs0fc2QWB
z^IDg!oLlc&0oP%6mfhYl`AzZ6Ir?L0+#yN$XDTjoUV>+M<vNL4bga2E*_vydqt4MU
z@cP(B(Jkg3x@EhoIYX}2sdHR@3mzL<Vji>%j}F#w<%C-o-O9K&DX?q^+n#W=M7tJY
z;bdqn5PmjG<eu||QrGts<X3h;8TGEeceDvTkoon2@HC+n_{3nsJE1(8j0Y3ECvAe)
zoz-n%51Mgtb4Lt0v*t;C)F4}y{}KwA3AK)8-ay=_r_>8#b_Rrs6+eDxgR^Y}VoV>4
z2Ds!E2ha-28cMv%^6T>;+)-QO$K2b)oLeFE)&9q_DmN&x0|r}aZ&9;i9+}+A_!_Sx
zL%6{dapdNCFd?FG^O5Qr%SS8-Mean$La}i9nD%7pgZP&%S32c9ips^x+$ht0Gu$UE
z6~=m|Ye|0G3FTXgnYE0Yf3a)U-sX%BX=OzcQb-#(<LJmX60TXty&ur;jbxJ_Ej+2R
z`7MAoO~AXxP#{6brW%>?Qz-qFQkAXPsQFfvgZx_BQS5OENe&Kch_}Kjb_i^nB0HDH
zcm^KlmuI5KHX)*H8cWQO|3~p^PYCbOcG~*iOia!3(1Rtqu^r8UByyj+4AmPXC%sQx
zA=gnTpa&We-ot`O#KJoqz*10IP;aQJ;uPiQ{{rm>$IMw>9S{riE^s*^^D{FYw(xb^
zaR7w>1~x1=A;pE9MAzCwcP;_0Mlc4hAfV*%LE=tt2W`UT0@6a`%+wTGdOIL?0_t}4
zORmR173pG6m15Av&K|~*HVR(V9;7TSU0wKj7ix*9%YYYZ9>P*IJ+43YxA|o3?;*Zf
z@B5kXIvE-z{<_ZOiBX@;KYC*CE^b9)-P+rLj9ePPe*f0(K=TooC;zp3zaUcu14T{)
zcR@%jdwSGmOi;YE+CWp70Y)|+K>*FTPe)%-HaSvBFvi~Z-r?hkK!F9np+kbu*z;6k
zza+LgM@1Pc3>+SbtCVuHB1~SqIAR^e4?Wbq$qc25m%4qDRaIm7?gnN>r8!|nci*n4
zKR!1#$NH85Yb!uh|8k~H(%AEvMO8Yn;}0&}nBVmF^^*RZ2SS=?ujI&sDhvG7_0QL;
zO>NBxXe;J@d<oh2a_FHe*nRx~<VuV8*Js~Gi!QI*?=SkK*CKxP;;%v)9vn1pdWTOr
zEL>ebeC_NAdWvT8o*7Yb!M|~8{DtMGw{o^`-Dc3j6k|FHKMeVTHp2}lLyKOUtSSpM
zd7wlAn)KY(79)Zk0N)3AA)0hr_KxnRuhNx1KS1XawnAiHA8ky}q$O);#ez-jD(ERH
z-iN>}QYTb#=MfM#|6oTT$g6pXqe~Sbq$KEA)`d$=3CVVj$<a?jbe~B|Ra(%djg<7s
zt=NAV6tbCTc~ct|@_FVRrtP7jbdPWISIelig018ASGg>`FG=sd_K8Y<Gx~m36|UCR
z#3H;-(be8dZxj38tf-m$&-styj^Fx~*WZPhl0_yCdNX;H$9meGw`nx4C2nvC-8&d<
z1WpW{KFfp|TUl$4MN`{HP<f%jp9|$TcMH|tKEEY)cfG_9wAnml-%`DL0MN+Yqmdp?
zKD6U#@G%zum*hy$4YWZWyy4}NPLF&-Hl^lNlQM(^G8O1{pQaS)w|I0`(8nAD->;o^
zgP(v&4y;RqU?#sJ$%L2xHLs0o!AM%(&3bXIP3W-NLi=T`^Tel7%Qu_H5qS9xuXIOJ
z4*qW`A=b?43*?2sD{vC%5P_ZB`xH_qi?aB~1tFY{pv&?4XzY9@Z8wRI`J_MZZxM>`
zcFixuQf?;P85zspGR&MMi*GMUE&3ovU(%V<)GR-Cs&kSFtUB#9=OR>#Dd9n_NM<ml
zHKX&;C0bX}rSIQAds4GyBGoP{lGei+oxN%uC!*<|D6w3!Dn&B>GLZy5#27P&t$xw&
z=W!8c;QHG>sY40}*_q<}*qmLpXOcZgnSEl!VY3GEDHax`jiWaG>m{2Xq*&J{mW8hV
zM^N|&Q)lYNx{q-LvS*C@u-wFg0uW4Zc-(EezXe-KTe4EYnH^smSUHS={@9TUy-ym!
zUuo(3+Cvv?@IeZwC>ZK~)?RsCmZ@14g}%D?*mf`Gt=#zRbsu?0#>0jI0s%<)vj<W*
zB?J(e8F_elNg-OG)c_pIl)()=$QFhi>PyeW(ICDIy6Fer$DaO;!QO$`Wuc`d!q!q~
zM%lPjkmAXNMR*?~QN^|s5Bc#zGWBB$IqtW1lo3|GfBw2hnIbh0zMj`w!_EBInV$*E
zWF#NwdnUt(B=I}ftTsASPh@BlrCbh8mW(zREmb7W#`5`aMZKEVy4Kr3CtUY)Mye^w
z)*-#|eM2W@3*1K9-d8<pM@HeA@1R5S%2cJ|=OIS*e=Uu*v$SFQeK0<h6nt{&X{+y}
zn<kcTFe5lIt`fq;7irzgFdU+vUX|v^{s@649P}99j8N$F2l_K)K1|FfLl51a$+wQS
zXSzZ6Nv=Uq>L;D&i2+coN!Lj&ZB6*_bZ>84>K`*apNzquX^al;?pqC-tTGS_&SZa)
z-w$4bBAJ2^Cr3wWOdlYU0r=v~IK`>sIdm=X<W*38?P~(0LcBeY#IIg8oo)_OPlMdP
zv_uJcQ1w@US^IFu3jv!;Rd-_l^z<)6Az+Wq0uoPqIbq-dM(?x{x4dl0+1VJBHzN!z
zDwb!s?MWfO^rBxrTlJ?Nb0b7*bFFZXVGzvU6#9597||8{F3d*ioa!+oKl<a<<lEj^
z4cX~Qy418>-B50%0BWH^PD#pM!5__3Z~a?&h#$S_Qd#R_?HwXQKzhR@H6qH{X6UV&
zr5Kl_QY!sDCt6m4Pa959NAj~*q*tIfi!nh_Q_G!rgIdL0uBZ2}#~YKBQ4`F{dLl}w
zCHXkvVujjkL4hV4zj%A@u08?Ca8{6{=In2F`6;YDcIQdow-VMt9y9_(G>lxEyHSyB
zg3h>)Uc_FY-;39cAHKN?HO5(;1|Np#e+xKJKsSDiKG7dx!G&L8-QJi6BHUvv=E6+2
zq<2b6?*D*}58?sHtHKarv$9nIbm*PVQ}3Jy#Df8ABU;Gon%i1YP)NwBm7OY9UHsD9
zl-k}psows+Hn2YWr5r9g!ceszlGr{0(!*OY?1~vE?6++df)3e|-vIDf<URC!o=z%)
zRsQLXk|bQ+bo`*iBkhCk-0O~j;htGVO~mGRmL=m0fp+ra4owB9^O_?AL%8(`-%AUK
zr_m~2_)~s1a4R`}FJamJ%mf>S)&6q*71}s;$=CRJ&E)RThK>1y+2GZco&AeZ+fUe?
zVPOpyx6lof*@kByYMWYGN>Tm9Nu@BhThh}P=H}<G8+o1#bl(=^{{2KAd>QM6#K>p@
z<A=~7P$_4Lpykonep8X7`C_lo8+^l4oFsMO#;wFP&4^Kx{zXTW-Z*RFo3ux%MQpG(
zV#Ic5A#Ro7wrvP^4>4TZRB$|W&6wDO$YSd!+AJ(}Cg?6|syP2OZmZ3X%j{t!y46OE
zjTy7l`OT#{{D^1&Jf3+~lcnk%i{pN#3nkqZwbc8*c(-PHZ`t|Tz(!jI!UYsk7yXd?
z%MON#g2lFf9#K1nOLp+wn;n*a2@LL8TU$%b^gQ2Q7R5k$q#a?zL4tK4DOoVOH8(vy
z{Xj|PAd5T$sqC5mpTr^+3O3p7^E*JPP0W4yv0FLj2Q_+Y<DRy2kcxWhOEj!?TH0e|
z@=PIjUocuB7~uPj!Qrji?|zLFl0<g9FgFC%EPCb_3%3$9yV@R<1Nm8CsCea1G#n&C
zMT+S4EM&fvGnL)6Cu-Tx#AGn6)oBdcN6iI1g}myddwof0GD($l)jbCsRTEzlm}Gf>
zIt_;Gr8pu`OktZCTt@@y6eg|`H;TKQ8YREO4+>+w%S$dgD#|7fdrO6H=;z_TMfg1f
zJc%9in2W27KBRqDU>@!X)v-`UuHH)AEO-_+6o&J$N*<^4D#&_v#LrvjCk{^oK~f7%
zZuHm0D*kqF%N<+Kekpg3iUy^IQ~S-8iEc#}fgX!eiyadlyy;8*yVoU)qUc(Owm*>X
z|9kYQ;Q_13KxK7zJ3pVHNDdCtmpR7okke0}J~3U^NA`AgNj(l+?-~Vhf<ysP;9MJ2
zAJQ{C{MOmUg)Wj@v<%V%{KX;r-(KY1<s{p7o|iUK{5`};#>Tz|>5E@j_|Kwwk3aBZ
zh5^!euH*T|1+9(>`t1nL*x8wLZC%}a1Z*2UBGpHQ=GB_7QvY}Wu8fEf-=!e&&Pry8
z0d>zKxHYHd2_s`xd~6AFn$?S0+{4pX8P!?!zU}ndjWg37_&o9!bj8Xl;ajr|Ie0Za
z5#Kl`qZvL3FvY--$3vv*eow#qCC|u0Xa0t*o;RYy`Fr~`rl*{VdyXQEw?|s`1;<oW
zLxL@*XqN=tvdQA=JkvKxRVI713Ht4GZmhO|<xk@|{wer0l&0@uUbV@LB!2xm0fYW>
zqc|Je)vz)?^@J)vN!P~6)Hr?Bg^Zth>PO|pW8)=gE}Z|?sO~xb_WMdI4CyHcL0-(u
zAh~vEJ9Jy}pYSUc`rd;FI@4-&J0o$9EvDvd9A_Qq_8%9(*!Z{{>nRpo2`Df@X!46&
zW@fa16yYxLR<*Y3MRpr|Gn&>`S5vd=w|)mfT?3}a$Dop5S}y_2VD<8npu4-f4ju8=
z-?v;%fBb9uk4q<8@$mhNnLyLzFf{lr7}1A>oV@$MljE@%fY}(!^;(Lt*-$#t7B+>n
zjaAe?pYsgEOx^(^fYnFNtG*7y`@gj1{{3|6=rl;h8rN1i9A5@;SR-*!7EuOoe*X&b
z6YrzuZxjj<Q6^kW8cA~7jXFEZ4VDwiO{tWsk)Ft*sr*TRiIzMEBfidiCZ3=woJD(9
z`8zH`<(ExAspadcRdx$nQCn>jfemdYO>15^`y4$+N|({~;RTEC{3gd=0x~1aw5M@-
zFuA1$x6iUGuJ_cmv}R**e0!f`p0a(yYjwLK7ndDy3X?MPds!6mja;6k953&^B7V;D
zG?8uu>>G|f$#f$DJt;ByH_q4y_uLx^Q(WIPa-VyPpvl@rQP{gf{X=qEo~Hla4DvAO
zpTlxOI3bO{qyhKteMc#5m3`(7Wr{iKXW%!I$@twZ{TCRa8XFo45q^hCIADYQ78TfM
zA?D#5AliRhx$!+Do_mNn6=Ewf!HYC}JvR{@3`C#VizkD`5|>65M3LREd^~`}wT!Ew
zu~D<cs<c>`dk6EpzK*W#M@!2Y7eqy!*u;mY<1xx01w9K|fp{)<oKVw7Xoy$}YfXXw
zATo^);j;=MfuPAm>F#$LvM2(T-^bo&y(7QTf9>&gOJD@k0c{IQKh9dT_X+WuJep{*
z(U3FR*km43Dy=({lNr4{3)-?&x()J1q^F#CRS<dn7}k$=lN=Kw>W-^d`~lCC6azwJ
zRe!xbW<OEP)%{8krSzJO+k{;axqIL!l4OVYY90C2v^F(siG0z^%OW*hQL7x`&VCb7
zM9-y4je6tWFB0BQSC(+Q?JA>I4@G;LmPe<*#tL5zUHN$uT&38wlEAC^82`!k4;i1A
z=OOmwKG0V)E{pn{xAHGCe{st1K7v$L*0x+#&y|)g>|Fpa(w7x&9s=p>B{+v)krA6H
zP4_nUa`{9>69EST!C->(`f#a(siI!wo8A8Ra<7{%WHD`&KmqdrrWt%lRek*j))%4M
z%gesDC%vF*-0jc(Ko=7x3NPMr(s~-yLDnX@K0iNy@X1=iyR4Wvx{)@LZp-4a_b@@y
z)_LtZ3<>S;9;+F<{^X_FFIhoGS;Q1(ruPjxh6+^`uXH6s`!&hRxEsIg(MvBhMePnJ
z6z^BRd87%Qk<p(BVm7fJeY`Byz>TM*B&X{^J0+CfLw8NI<yqj_`0V>E-3;$tuu_@J
zx@ZEkR`{)D)AuUp89iNryrhA%rIkI6zjkSAfws2Cf&yszd74%myGlZ(%AW);9)&vj
z<-U<rFw?Myxm9_xe#gJ9-_*vpUH&(}2xx<It$%o5yCm9(@#iaq^ztb)vgEtO4<9B(
zz3$fkWDabcbQ-+WcwG9HfvV2!&Pa%iy}Z0U5%?*9g-zdhs2T8BJ_8^c5dj<EGXf{K
zPYYuS!}9N6x88?aFKm)ZV6sPNhv$mkzxKAawJrAm`yCw}oykf!T5>j&l3@$A5-VFE
zKYc$2#C2-LS~k|!BuaEEnU4fGdY^f6yyfY3cVc+)h^Q%q8eb-6`myr!)fb!I{^cPv
zaka~jQT%bl`O32E-*7&nqMRcf!6P*FK@X=H4$gffzZ@Tlm@KToR>IEHgeU#0q1-Jw
z90gZaYHNLLgx~E)d{ig?BlS8C`pxrT`{TD1v=l!~*7KKBSPIJGnG$_}OH+{hT%W$~
zu<$>UFmA0PkR<P#JhG4XevCG3K&sKSA8li+OkNF35Hd=!_)U&uGT|TIkKPsQP4VU?
zcmvfqo+i?RE*Kf}2g%{u(E?l?@1FVp4)Q<kOW+~<w*toLFHl563MvrI6;Z5FX=X@#
z@i;&x0P#TG4TjNXAqD85B>-QTnx6hTDvQu_vN1@@;)e<W<J*7`?Pj-lE@W4jVPWz-
zoO9xkituO4TW+XJ1)>jtc|HKF7-&qy&z3u%AW(oE`<PK>p}P8ftCx0=NU3)7(trWp
zKE^q?zy<3<bo$Pn_E<K`PnwfO?6+^N@HHYT3%9Uw%qEe|*DpIbn)4_Ihd*0!2*RWs
zS!!Kf^8J@1uW3^HI&$BAs-dlTCi7%SsUGiKV=Uo~XC{V{-^KAK2Im)?3=Yty<}S{P
zNEmz|@o2&)u><d>nG`Q(^+#8<;unQG4Xj+$2~&0PEMpV-`P)scW1niYX7=Z#?7=q)
zXMJlsOnLe&Ka$Hnua4gS_Hz5!E%v!apaZH__`g=LZIK-2`j8W7dR(#Z(Z`ha+gdIG
zPP^s!EcwyUl(kFH`o6wS1eIs~8pG^H%jb)POt14~GBUDl3vMl7HH-^+Q75%DHI<Aw
z1Q4EHum-@>J5~rSxBX}yTW+}$+I~p7<dc?`Hks;<B-?cj6jdiz&4AWFXku<&faQvE
z)tknSzO!Vf;ipGkQaonDeGT82{vrB2`VrQrCanHg&E8xLc+&S23Qp5w1Nu2Fw1DR-
z+i~>YK0%yo%?Y`*Kf7b_5sL9=yU>23)UMr)gQfSy;>)5m#X7&qG4(n@`g5xN#x@|V
z2#2A1XPtR&Lo2}X%@>YTyJNX-ff)0Ba;1oEo2^|%?VWC9*P~+BZp^LSP~G>J4VZYk
zH{!_G1475YKMBq7#E!XaF?hC4dI;?8`5i7)y+wr!o-tlt@I0JI<zu{C{C^&(;8FQk
zWp+LN+e;6DyFm-K<7KUY++hojbR~R90#K>-6&Jq%%=o6p#zwcBbJp??g<?9n*q&iY
zC-iTW@nhPq_fk_hi58fM5G5of0mp^`Vh3E>J#q_^(tra<xya2f*VNoxDUc?ceEcX6
zQHzC1LjHokE5ROJ^lQf$Aq(ISXX7Rg4L8I4gA{xgZoIpx_YnU(Yh3X>t54<9*cvxd
zc#uELCMUn2`1}8T7RGp3sEpO$B~g|M!<#`RD@NC)^SCNtmf@&<j$NqH5Y75=p@H!W
z=gy#mq(_>aML~3cIyI^B$eGK_^f{TF^oV1+jC5JfOZ8gIx!oDUlS)458{uP#Xj-p?
zKf7aW8X{;8?@XYw4&PU@|Dqnkt5!TkE=r%-SDD>haU}3IalHtXWQYB!3iY}qXMGz-
z^CL9TqDHO%`{ZgBC9cW2{3B&W7uvK2<=VE3WpYrpaQ_$QjdQk3)T`#jOjG8|`{|?d
zuKMARX9rLOkt++=jg6Jz%^T3;ih@?xuieL1WGZe%E|pm6_<T<rT+H(wLG9s1o}brq
zKA0DFKi}1KzK7p2aFi#A4L+N88h&BbI<QA<m~tX4EF4d-oY4c$G(sNl*Nn`}84tf(
zsZ3ANvggO3rde?lo&9=Zvb|Uc*t8||vBLx1pD*AVK5eT=(KHdoZ8nWodHoKNU$Xi0
zut+fX>fC=wF_Vy^D7!>FmqE-w;;ft&i>TU=-Sg`1;Fr&FN90aNo@;78_)$PU$^5?F
zPdUSrC9!lZC}B1{-YqWnEK;ayc{V2ec44ip8FS{>2}YopoSLstAWOWvd(&6F8M7DP
zgPmg7h-?lvbMA6`jM%DZ>brfxhe}+3eM63&cHOjGSSsJ$ILW(}5NSZ~vh8HENoV@L
z^V37e{NLl<x_B=ba6f(kMTTeML*Y}(-$u8PeIBY;zgcxBc;_J+3I(dEJWXi|bbTcy
z%&Br#u8-XHfjv+Kk`IX1CYV(A4-R%f(Cj@tih;=togWu+YgcJ{Wh<RGE{nv*@ts=`
zyJz`UgID<w3;SD34JSSI9Xr>Gp!EU6`}*?>c#)a|)#E3sbYh*IOpIufxN8XMeS;M1
zj^h(wa`>m@deR_#wk^D9Ws?WDc{EeBnev}V4ZezTR;Y@HIq@YsA3D}mN2Ht%+H}`J
zGw;I5=<}PQdXozuYII4WtohrT30AqAtpA**4_5!79r&*ChOBXb<zvQUt_)q5E%@-T
zO?C4onnbppi+n)q+Db&uP=0lv65-wZ6i<B;^^s;t%IbC|627X3lu3Gv4u1k3*>Ar0
zpQg~^KnOB1v@U-S*Js&>4{l_7pG!ktP*pu1e9i{$@OdY>Z+*?+(`mw~`BetK{uVh4
zY+3t&Vy6CExQOSaN{6FA-4D6y*+$qjDT99dd94!RE7UA|#3-GCvP7^S1Os6-X{fxy
zkp8P=h2=iuT_Zbz^l@+*z&Q36LLuPX-yO~GD;F1E?@-XA<`yu-;2Moshxe-_YN(I-
zy%BDh!$tpdUTs24wfEb=kc!Yw!O;XJ?rC(ugi_*TRKH8zmi4rL&DiLeGD#6}(jg_v
zgx!h8;YRw}m9|?c^_Oz_CKHO8_PK5i@r+8-9o}Akh_q1LR3R-hjKmp#p-VCIF?2lQ
zNrR1b9|3e#wVHaS7*8<HL|4H)MD%<o_*L~sYBGGn-(K*e6+q`vmO%KU;ZRrWBDe4e
zT9-Jg-!gdB9Z_B2v0#Vt)q|>9{lD`FzTY!xK7s#nTHv{r4kU#8VTU-vZ`z8t$;ocV
zTcG}SufKkaKp*)bzl=N5*C!9O(qwoL4YowYpJg`7&VRr$G>q&+fKT_3mEJVfmB%Ir
z<jc1&u?l+j!<oE8FnrsAnPEx2?ZUCV$+DJT@wDpL!^;e8Z%T_>l=r=EN4?80o<|*w
zVdr!3-4cKDNirBkAeX_=f@eg_*7&;EBVk&$F=z7=_FG+h6Y;aM;iliptX~}SYy>A(
z(-Q9_jrQ%X?Z(1}<<!*vYB$T)u_Zea@<mI*2^Gg<D+n#J7<ZEg%Jj`vlrr6_SOv?N
zw%u>nPTg>a@B;9hl3lk$lU4=yBI;Tj=XBCqQ3Yo|#YeDanmIHgW!}VHuTmHDW6uA3
z20u)a+IT%2#`Fl}`@K8gd)p`Qw%r40fW*41tLQ!Oz1xi(R(PfhNdg`C8ldyz{3P)K
zHtOtvj#UqInh$iYNstrYtJiwoUB6l&47&l-Ezvl=Bwt3zv$I~@Ypc5QJuE{z72<Hq
zSa2L4L->V+Y7%>T92(>1=H}e;N!d`4Pj9nyF%SzoIt_phV~qS@@Agc*?LJmWg+@{v
zDV6)eM16%%!Ggp$_<75vL1;Icwp91DR_bGxGlP)54}?<wzp|;5&0Icxp*ilG=4P<>
zkW3TEkaZzr4HZmrG3LM)D7F0iGLdV7k=BKYN#|!_qYO3l!&1cxOZ`;y)x6<`K_o*e
zfp09--{y5|q$f9RWkcpwH|>}KLme-@L9edJzJRAReJnJ@tYk<)hI5ccKQTP1UTclw
zndC^Y?(a9uuzJhG$Y7lhv7+p)G~Naq0TFi!v|W<F+B$6hIgp|cu};T$c=s2c-4=w3
zdk!5ypFP94zRM&5$8iBgCFqC0u>Tka5K>@@fyjOUH=Y4)iX2_6?A_HyW*<<zF+)J<
z$<VchEiD;3J2{!`JU7ESJ^qZ@Hof=JaHKu-f;r3mWB@q&`X4yh*-?acO01u_0}A6u
z1QpQNs{y&!ReHNXvt$<=`pq;8yZz<xy!1V@4<_bgJV}+|W<vxVnPWqgaxtvJGUJ%b
z)jfmT((o^So74x)W^6XJ7@5CSf4%<e^5zIpXNcELuT-^6dpS963o>|Hec<x_l?QIE
z^~~>6W9$Mdnt5dwYFOOK2GzLSZ{1GT8b=;VoRYfPM0;E|p$VL`zU5Ax3~Mo$>`TKo
zXB)PC3H>PL<D@@(_-oj<<`HNn_AAIfk(Fw!Gc_{v340{0A^L{XFUcJGYmXLU7QB=Z
zYpgX7m3erZSRC8iX3*hF#^3+flHSjR+?OrfGmfP2*p`1PgI-^srHZBxZpd>F;tU`Z
zI*BSb6c$@ut^XmuP*_@8$`*mbb(RuyegfM|K-1q<%3gPgD!+99bzMRe(G`XGJBWG>
zY@mVu!5*yBWLz0cg~&dD4xp;BkuehrZ`1+mTz~^RI6A5VTBo|9;Z-p}Btif1V2TB_
zkpJL?#hpgO+AJ@ebtgEJ!@Mhgw4883$Put93s9k-Nl>Hw1E&~?k}ERgZcZ7O{n&;F
zN@H+@y2%ex*N~Qd=O8=J)7f8O{A||8%8)X%dMzv5n^9zNUgM=muQOuR^iBE6u24ww
z+;`Hx7aS?H#v4qs-e2DYth#h^oaj%;XiF3Dxf_Wx74Jq0RdU|({p#h&+l&icesz+6
z6ltHjTGwDmT(>(rKG>O2`|8IBQZ$n3edgr;7uqq_CP)38U0!TS{A`cw+;2PmvE07f
zK_l;V+^dZLOR#1^zEF1ab|{tFp{-!s)}<|>R0?Lr4z%4)<>EdyVEJB;<;4fkU^Z#6
zyiEOL=js|XY>{{8t$(n;4}J%hV1V%T0^($DE)DQo#Gf<uwqJhk0*c~;U$2j{=$+ax
zj{px3kFT+@&#!pz*B2y{$$@omydDOken;GJ*>EVhZ7S5vU)dcXUVz=f1O~1Wpnlx-
zL>8NGcBg)@9CUV8*VWhmP|URShO-4s3c!pBaHjq~d_sTBTGC7Bpn=5#kjDhKht+TK
zW!nvwEv~DPu%*qLX2thXBXM`1`MCc=U`Vuxq4l(dB;gRw3`hKqexV{L3u73GlpXrU
z#l4^&JJ7q)&sfIy&JdeVkjDwzox)cs_B45}nLK4R$7x`oTUh|#OM+T2L6U^{gtDhh
zGe$N*R_nBg@>uaFwJuC((PUj}Rm1iOmX7|;TDj8Dqm$3+wmMo_5xz}S6pG829B5K<
zF5I*Dz37VnMdEaoK4&scLQKm$h5EJdCZanjy90721{<#;x2*r0%i0!2w>~_q707Ns
zF6N`#l%2(@pbDnOLPatM0gtu>Sc!~vEU93dv07D6Bd~|kLyCdtqIimc)!rH~PT&#5
zf!H}XyqkLG8RIh<@8!KW^T9*h&BKGq$(h;kSy#i9haUw#LKINyuiCz-Ey@|*1f}pn
zi3F_UkuA|J59-_QTc9ky3mm6!R9G!(Xk*?yiU@w5iT#`bhhUe)H+8uukYFrMXE#<l
z`&i6|h>{lj&B<5myj2F$FXYl%5DVt_x4~2l2y3}CmGpS|bW1dXc1Et$R^iK7&A}mk
z^!rKH#t31!h<nWh?r_Vv;9ZM=0gH9H#^q?K!!Qwg&W)#(gnaISj`k++9a~d6!;6^S
znv2Wr57(i%8WR1DTy@-dxA~2)-)PLlj*<3-(FnUJ<{*1#Hjx<v8SPPDjN?a1w#6?i
z!J(3I>ChpS*JO9Ev_~4~@uK|0pZ*j*l5_ZXVte>n(Djhfq2d5MKYpe05*z!OjQZVx
zE%g479PDN@T7KgE(U$r+q%957#GJ<#5bpy|oN^>?!I(eZ4i3Hm9!K^8o@yn<+u&{_
zyw&Q?9j;vXbzS+kuL@)lV2Gwn9<@vlmMkRaRD|2z(Ea$bI;f-L=)WF&HO7FzQzF`U
zair|wd>}2hqVnvup&TR)NoLy2=#xwWBOyg7GNxM(B-;))=*EPcAMUGxO?@cOiIhbQ
zl^>!+&_t{)<xh}Oo-I`SdQ?~vj=R3Nxcn?uJ?eRgj$95aMAKpQR~)UqtQg*PP>;OP
zGVJ+RSg!TwbA1*Tq4zJWrO{@%YnpokQlukuM3b@laK9RnxWAfHhiw!^($Z8v%VA}u
z6O6D=ldLQ1k&^F@s;OQQ>UR12$bMV83Xea@+R9s@3iY0`ljv>{dwU1HY^2BbZ?tj$
z*ChVVie($}*w+lW=UeD#-Sm&8$pinH;HteJ;*ESi*ZMF$-#-bwx8qnkTG$zb9@Ov8
z-9#6^UouUoyVb?h<5UG32c@nRd(iSSLB=*Rp?Z6}yGhmVJT#C+VAJJsduiXS5r?EU
zeYag#evFm9dIOgA+-t}d^Gw&Pu;-27I;6|XfdQr3mKIiV5yHrB-->yIm)ww3wXuZ6
zLO@)&TYG5mV2FOCw$zV!1RmACB_jVTcV|rg#J~r~{oODkBdu!q&k(Ty<-a&v)V;m1
zrzk%ODlJbL;NA9$2y?4nk=6_4GZu5oNJlXc!!=ZbpMG3IH{4!}VVH>&?=uL8^`gsK
z$L_95p`S>;c#@fSJ!L`_!zQ0}Iu@QoxAL1NFGW$a=TAOk8I}GHF;WH1mN!9Cl8Hq4
z(Tb*qo>8MgXZ&=<!e}rZ`N^@PL|CWrhwAvqVB5p|jtJPZX?tF_mm>Q#GxDQZ-wTs$
z!dzHlQoLvX8<PJ!;2o=%XUqDiE!X5WHi~d&NXwM<IDpR|>>d3sA1WLvnPUlEYzQRk
zrL!6U%u7H@cx+*{1walvPtRQpLoQ~`wsNZ*xq>h$A4Ip~)ex}HVR>-lrC{R#QcnPh
zV2=f(XtN~(56L3%hXDWbgT+3^d%*rfx5dTdRw@L;@sb-S+?;YfUOLS`_K~Lo7axnv
z^5ZA8Zc2QH^hj^eJ(Z-odT=-etK$2zSRpe#vPgyLT!$(Yg4(DaZ!@uP*`hV8a(E)7
zGklIE`+ZiCrjcLH;Io@Q+Q%hE;W<f;!8|tV%r#@tKMkk-tH4Y4rrICZKXN{}>Ww~~
z$a#w{L9MFjxpS*#Wkf*976C9^#1FPw^Z0ha;UXh-V`y0SC$jS8Gis8K_t{7sThf^t
zv)a({FRP(K3m;@?w{UD;d&{`M1nKy5yl6U={wtl}dz;rkdq}(^TS1>-L?%EwsJa?-
z;o)hWIJmfCGsN`BP*De|n%VoCiuD;1jy!-be7Bse66!_0Z`s6GnI~J(b0XHawu<}{
zdnWm31~Z>O^wNMJHZe9np3v-m@(oC)YjrWoN=wHKi!Ho9f7S-oFQa%IEYU9XZx>NT
zOSZQO#1!Q0{X2XR`5?tsS{^wqotKdu__b9X33k-&zxxo=(7(uQ(Bb!4-1L~#9d!9&
z+92FyoXAqX50TojSg8GD3UfL}<Aae)cc=+o)t_?yl&5<%!?p5!uk{z1yKlsiPyawA
zHP!E=x(TjCVR{HTzV2P}r^JJB(W$(#wo!c$?JrZQ&-Ke*ui{rcdqQa(WFHkqdS+kc
z5oWqkSP{)umOgCa?$DaYj2{($zSq@OZ#(h+pM|;pq3w;~znJvBU^o;-z9xRpX-Pk^
z@8te=c~lfT`pTL|8w<rRAb1u*L#~>nlQgAscjfpwAT~aE2GrJf$A^b1(z(OOKnNvP
zM}iEkY8g83FRwZCPXGPuRf1sMvXM$eL<BZ&{ff(kGH54M0}jT3FGHc#D-x^{AW8X1
zT;2?|yKKo+izlI%d>gY$D@Y^Ns5wMN6pkPX6I<qx=j5=%W5Rj)osHu$_CUUmbFLqT
z#uE>YNRPjb5-|wO;d#!GZnrl!>3$4N3T&A|=`F$aXF*@WV+&{*N8h|U4nAdVizO=>
zQX%5{yoRRnJle&GD|p16&4Z%|c}DivXQ~5L%dfe1c5mL<JF&L@Ix1v_<x0S0;!LPs
z!RS~8f6{YgpX^a3Z{b>M3&Jid%W0;*{4fm|JLS<m376jPH~V$XZyAeWBRAede=oTv
zze0Y{{?Cl^1pXF8c%jOxU9@TI#Vz%M_v@p3Q}27!v(?Mk&o|J+%#60nm39L=R54KP
zOMd>{$B;4v_XV#4^_Ya?68+NcGKi^!mz%JJJJ9=)3AsV8&?l&LEHCuU`q&;P*Fmtg
zJm&}0FZSn368iF+J+ERGx}M`_Jat9+2zf{>>b1Q80?qaH)h8c7-GnE`g%i1coh0^U
z;Mb0_3sma%jZ0G)!?x+IMQlw^@^N`vnU>9};uJ2D{~Iw%X>0cLWh2iBw}EXTEzbzG
ze0Ndyq4(!g2J&ae)PXjF74yM0No=&!hfom@q~+L1#H-ben*fy0d@%W$)@FWDv*YXG
z@BQOhms^wb9|aR{0&Z(1CT0(Yd0;V0AJ`r*=YNXqy(Z^vom8pf^@@gll(TPFQ=Ygi
zi^+sK(Zu|wj~ttX(!#ljA5tm(&GCQ7^#SF1YO}D{Yn_7)NE2tu(4+0KHc||flPT*u
zBs*RbtVD3(_X*HkuL0XP#4V+4FRRIk!+IeBfsq2`%xPDz%foCD@7o4(J83p5zk9iv
z@;yR{y2Lp=A#i^);5V)TRz-dy03P}trb96PJuKUQ5X??a2KUK-FD;!)m1KsT0d+TK
z);56YOt=L|O2gp{dcE~wtA1r@L;+}o+BgKp67R?x+z+K7<}kuT+4*z+5XZw%nY@p=
zM!iU^23Kilj3dh%ZbcJ8(nN~%g=V)so`jbqx-neq<8qraj~F-vCEqP;JSMe;6(yLw
z>qxK(PqMP!Q4v44k#Z-}<MB2)elt_qGKo73wWR3}pGDDU+=*f`j_J51xS_n_?qckG
z9YZnQ5-m=hDHNz9dQ6Ebd{44Sur}OfLVoNATRY8y$*8UF-fPVNp^J;thOZLT5d^y^
zc_YH6Jx4f3Y>?qCnCS2j^5pVG(d3-POa-m~C5!v??l!Z_L^~z4dm=mx@mdbD`&e+<
z^Z{_r1vP!q9AyW*()B!s4deD7aS(rk$<SXgz<veaVcn0qZD4Q0Mf`GeIJfX8NVj)r
z5HR*#{l2aHj|+ef;TIJ}eYoEiqi^lqCZ=FjZ7nT?rY4*{`s(&%@ByI!ixVr(<Wr!T
zw-w2p(4LvOf32>bY2onRw-kX5DFu<zf|L549Wft^B?Ol{?xog17F>kZ*Jo2abwoax
z?vd-RvMi<i>L*VI<wMP7droPEd`GI~FH1NQd>dl4m7ji_*an!&-u)S;Nu`yqPLJ{o
zEJ;(28@QG7wzugRPOv?Z*u12LR+DOnaKy+XbM?mH*?(BfX`W)BfK7x+0D8+?{i=`0
z>5`4&dkJdaOIf6Tpb~2lhE$oHSLgiZaS^xLN`FFmCnh71z4p<^sHy|S%oUZa%BF;U
zCDL1iKl)*J^#4D5tBD=Zu<sc1?dfI&&w`-s?E~vwx&KI3xPC;dBNW!v)op{5?)H{o
z{Czq2#l+Q>*Q!m24H*J*ZvT{ni%TFtgr-NlVk9lymp)9dhNgP*kv8$Itn42E*HzFq
zaQ(opov0oMGv2V+k{bYsnbh~D<V}Wz1SfA+=i%g7*M8&$KR32e(1TPIzZk+MA=?px
zFE8^522I7M;<>pi!#6%0ISXwzuNV@;7O&~o;c3)g>&pHP;sk2GbxbYW+}MqVrC$W#
zcjKif&A4u^O~3o0-ek{UMk$V#O4Ek}V-gwoRAQ9V@j)SRufsE@)S^jpN2jmF#$&vy
z??RVjBEI5;b#!V)%6Q3Y$s{1{c7<Vj|Iw-)a@L|~?L*=J_lfMzz1k%>`ll11JsfPe
zFnVkdS^P@>llci0zR`Bs*_JlAaqF85%2-Ix1DguVqa9-;?(K~Z;t-%nkzxfkwY9Yg
z2?{=f0LWp?GyI|uUfux1=e?pJLKk~{>$$-Jbs3tYn*(;ifLnUmpOyY}5bGQ;;$9J8
zY=dc}wfLMa7PhoMzMcso6ia=?Cg#Q_BFOVpX+}%7PIZRGzTz359Ye#h$v7e^VYEMG
z!W_a({Nc}#JnA9_pI+Dsp)2i6l$ee9WE8?7?WR=vp*ro3q362{DK57y$X{DsX%Wn;
z`%$heRLv_lhhANnZl_;wAR`z5$!X}T`=ceBxc9m;Y6gh<K3lFGb+-1*c#3oEGZpG~
z2Ah7Oy-H|?++;gvSpWMLFZ^#^`2;R#iFbQ1aClJ0$<AI5Z)ewQ@!%xDNPz51nqV2Y
zfByUfVuxw~cxQ>Ac-#st;ru*aTr{`>IBWoP#^P2rd~maJh&=1(O}&0!+*|dvP;s=6
zm_&ECMlbh+LfgNtkG%i*@#7hg=C!<0Q>z8nT7!~=NFkU?EczNFgP<V=wYJ#Gk(tcL
zN>D77XP@0S>nzzR{Kt#1bNmQ2s20w;m}<DV?fjbY5&Ks$G3pel530Q(I8xpzhzk&W
zj;Fbd;msqS#kKhck(?>%8XFavexXmIh>XtyC=j_0L!EZHNFrgpDSAT+M=w;_rddWf
z$)mAQ3{0mwWYKsQ9TOaKS#%vLGLqX;>ogIl(j`-je)5<l8;=yMl6%Q|?loLRhmvi&
z)wIa0vopn!dcX4S=bft09U@d7NxbTEtL1xor`;L%q#?%I=C=N;R*e^EMMaMuSRTCE
zFF?tffjtlt^bzi@(9yj<g>~PLns842Pnq;fP{o9sXsTAp*~^PH7WP}FyX}xKokE9;
zl$?A8-0m)+oWsc2R%38!3L=Y~9b6bJqv41RSZF8^KxTTR_ZIS?goKE>?G+amhjp(^
zuCK3ud$0aO<vZX<3TF;}&YYdOFH#$$|6)1X96|(vEv@6CiV1!&<uQhswv*Kp1c?~h
zRcPD&4oX!GTdkAJbf+|&N0(8jRe5Pkum9~Ss>qop(Ity_e1GDZD{^pqyMZ~xtg17b
z;22eYMlOxcm9w_maeiPm(nIp4E3Pt|-s+>opA3|Q2a{5xC!`9U;X0jE88KN?6w`^u
zVcr;a2#)qiv|cwR{EVz!CPbNxc1Nl7_WC}v44gOoDubcL3nP!SVc(Ny(>xV3WaNwT
zr>2j1D}Thi!vFFD?uEbxVoFbrd+TSyc6m^x$|m{H^pA2dsvX|rKe<ntk`n;${c3Ld
zo+yOk&RcZAH%+O)o@W)XUYwnsO*c$Ff1X)<w|8*x0b&QP4g)2o94Mpg9UP2!XP2+{
zT}Zc&JJ=i7=I`>iCOa2F13;^Tonqtw@W}1`eWeUhC>szpsJoRE`g{uxydx3=<au>4
zRhbWB4wzNLyFY)1ngSAAcQo~*l#5iyy*C@ih<<Ne5czAX7hn2tH1unv?ebsF$)JyZ
zTQthB|4SziVKXFD&WTKWI%;&Y>R`T+!+5EKidpRkGxcgXbUI(-`Til}vg+LWV&IN#
z-W_A8GTxI*n@&)xJ?=e5lCX9ikI3vd`SAq3$7q`TH_q-IM>d^r6O}()4i4{r&Bow8
z2))q}4JwM@+dCEB8m5(JuG8%LblWB^_3v71LE}H59RF7Evl}tf+rhmoh$I5$|6}Sc
z<EqZS_wNJJph$O!GziiuodN<PT}q3Dgmi~=BV7Ut(%m7_-Hmj2bI5b=GxMGQ{d;{z
z=E3-6Haph3)_YwG8cz;O1hh=E%h~4A;MSQCx0>`3WFbN(=ST2D;19-ys?p}==D^@>
z;Jk96{b%Dd{{)aB0SIQf-fnJ_@rK{K=aS{`vx%~3;gKe7e4l{noVf!f1nNr-RiRd3
zuLc)(Ats#3Xnz7%Ko_uVPK;vSICE2l`n&2BMVZvNUT9SAhnqzy+)FyI8AGe*B4R?g
zwk+~ro$MUH-jXSNGMA6rsB$`=CH>K7@)QR+XPR`$N_;XIfU4-0wG{Nk`7>l}caD}&
z7qXye&zG3s%JR!=e$YXBIn~*l)ZgF4B_ya|$MMp=h!G{mnR9nnDt>;*LaT^4bK#A)
zZ$QM*vrfjnPLAOl2aj@E@h~UdE-`iK2VwhZ(m|=yR=S;UcKy)G^&wtUwdBL1oVX?9
zN`iUAa9F-!o44h^=n=@Iw*IXHiK4+y5uk}!Ff(q&u08K}(--s*5-bz|!SRz{LV}CS
zMJS^VbmSmCK*3_xu|xzDqQ8MB1PV=mm0&)t59P6L#sB{K+00XmaO0(omG&T)J7_tz
zp4B4g=Y==udX@r(U;`wmCkNS(UBH*BPG%Hb{v7`pVU}XyQMlb^>v<RD-uw`imG1n2
zud?&*$Mcn03(1V*vqCpMqbeG^=Xr5wn<l>z6mQeE=W~pFCDA$x6bN6lr9YRTsHhk?
z)RK*LsM5fX9*UvMUa=ZU#^)ldh!EVzpD&feVwGicF5GrJzgB71+(qx$5h?N~xM91G
zraGD%HtvHuZO<WF9h|mfkO;0lJ5u02rJ`h!eZl1wsf^n4b~wCbJaf(^P^ja-cbgq*
zO9AkKw{E2qc%Y!eamT0cC2+?Asn=zNO@@iW&R`^i5*N+@*KlrMIewGUeQ*ef-NUZ6
z6Pl*?X6WxhV?kq4!E4Yuvq4y#=NWM1Ynt=2_W{9ouhww)$@d8Sr*b@czbxyB@w2pL
z*T8v(^uP(<-=GMD3;{BUK7MFHS7J{<tDtbO_R+r8{WmWM4m55ee+(QkDS!Wz+k*mp
zh&JL&0VWrLXFAcJ-#4h@q0qyg4YH$-a*;|17q`+Op{T4YEq}BK$svd`=N7vsK`MIA
z9ih_@Q$((3mLt|5kyf5DF@%s}J=ox|N<(Tl5r|8&*X=f+6-G8|=cVizP8DV4i;?ST
z8_|@qXf^H8f5GWmU&o#(uS`22wa8j~rfasPSXvVQaqCQ#hwmn_T3@<-)W~(vK;P4^
z*@&ah!<u-dE^c6Gi2jhh)3$@I7w;Qf(qj;W%X@DwHx*(-)>)v+oc~Huwa2z?=l#ou
zkgVxK*y7OCl%cqTwXrh>3k0y4I1oT9^OXLk24l%<_9}P5jD+Q<FwnFF5!;_rNU;ud
z5Vg`JF{Bz%mgh%8*f>3nU1DZN!vGSVI^b$o%~3xE)P~Y5pkra{UV`$iH&Dkx+2W%4
zzFG8F!7eqwkTf~MOM^DPElyP)xz|~7@mBhrxTHIMxb>r(@B1QFW^o_0f6678cce#w
zHPh*83bE<2W{%{`X}HwAtVbLd?>;ehJ9L3?^xiJ2j<CIQ&==hQZC|@i>)zp1=rK2m
zZGGKna!?^(g?X|QUZ_Wzz;tH3#rVZ+S}J=@+b2?L=Hv7NpQFg!U6@g+LgJI=bQou{
z;99{N=x;M%m-|;z3ex*m7p1r#Nq~d;Foo4jWbRw98*>0+EE%#A5}jRp_-@*)NJwpt
z6)Dw0%0S^Z4CqV95TF|AH+kL99b%mRZQB402I6nPWECr+sjG*E5kL%@?>U{(4i0#2
zb~nL)3<$(C7NT7UeI<#OH8(T!)KU$&MZ6o|c_;P>{}Ry1&hEF^1qFg=)@Q6lFZ|7*
zbO=)8>Wy;W5LIaTb>@D*M<J<;K&~=gmmBX1CvKkTq06QI6dUJ1BsOoy=Jzd5Y$8z3
z<g&a~3ro&Cr`9BWpFQnUuf@^}d19Z4M3k%$esiY#@-+P%haq;7)*dw>84QQij*eAN
z<cjA}9@Wr*%W{aedjiWi1ufa>gDMgK^$aCB8F{IGr_WmEJ(2ayZrp73r!}P1oj&_7
z1ljnv_<6203=KHg3sDz6CcClUj*slr|H&CMFM9XqstN9DUEom>{BvGj5-Y=i#ja7&
zWO_6;-d-V`i|v(w9&ufbQbZNdfF;k*(7(ZHfH$fyA?$K21`3MVSu7cJdLNo5=MxW}
zUSQtZgKF0Qu%I=>bKneq3hWNV8}7AFmVo>T{AMT)i7z4NUxA-n0cZu^dzA0&#M{!^
zSbfXTRmfx1e(Mo5f;8y+p__k(%coe;Pv4r$c-=EF(m7(Jc)bzv?!AsczV;$Pl_F&V
z3-%qMTm^5W$l1_EPn7faNsFiXba<(+*T?sJ*>QXFoYm)s7a;=x7Exg9bFxJC&U*3a
zw$y<;-g^4unj@Nc3-KOB%__0usbi<?;nBc!dinG-W1HH9Cq7Ypo3(y0qUBb}G&mt&
zWx@=Voi~JUKe2!IVry^1>k{@T*k&_>lOh3lnqkXCr3Uw?kTW0}G0>cWCu0M^K;RV>
z%B_uP=-eG;)hcB-XevAE5_w3^$XGo;f476Off4k@_Ow$;<8lXpf|I~Y7L@qr8sK_H
zK0AOi!898~L&Iqhsek*rg$k6YTga|g>k^oP)2s|YAS4>p0RGsl$IHSi8|ZDX*5?V5
zsGfQpdY~rhK!#levfkdJO$oR07nUX@4m;CrNx?90);YaZ#kV20m|1B72hm^9@AV{f
z)j!+2?xbD2e^b2Xpu8C0s2J}q&P}tW*lKi)vR84Z{NP~M?s&GE(AnR|#QLsi^(j;O
zC%W=T8Z-Oqbywv!=eoTL%<5<KVqX!Q*-m|rw87R={@-hh`JmbR?l^OZ;4Vk)5cGLy
zlLQvj@mtJ2+`_J4x5}bBSGSmeqtpuSSp~irBBT+Hg6WHZ2@t~3{`xCN0n&eee-E4p
z*a>zJRVzhJZnKQ3syvV5RUg|Ds;j4EWQ4kvV%|R!#<V!MPDV#q<-`MH0t){ip2H;|
zY%v1Ls(ou)n+NN6lL)ib$wVx(j+jrrn(WidI|__MI{UsFK}A05dykeGi|Rj$?pg6P
z>Xc<1#Z~1GVg<R{&&uA+-ZeiZHA@qBx*HOuxHw#CbMa>x^^u2_h15D!*?Gy7c1w4&
z8+-ZMKWovLPxaZbdz`L+_M67Ks;inbG-Y~kWfQhI6EFoWq?sFF@&CLYXA&Rh(sFW1
z*FjG-rL~&L%=_k?qdGLwMYj^p&@C_?AHC1QY-GhXRQT^b2mfi1@ee}{vn6=wbj0UG
z-=kH(a9@HgGQj?Nh?I^tnfydic^uRZ5PqfUsVUl~_cD+kkV3=TGODlwv+7UGZeI}5
zO*6)81VXb9{Mpg`GiZ8eBST&-qltm|*`~@AaHen7UC%a^;AXDiF^4zBJQf3l#uuQb
zf3GJl0)h??WmF4L@4V9JM9c5d3_$Bjg@gRWkOL&hX*7AINx@@)1v9}V!-dZ}<PBwA
zf{;I!ehv*`fD$BcO|_MLA>B9K(SqRVS~7#l1Lgi$?2B_eOIe1|IUV_h+QcE=Ty}=M
z-@_iAEgMO}UM8t(F&r5-=l$Coy>*gokwR=xy|Q|=li>IhLK@^t=`M!3yd3D(1Bbi(
zVPmAx4-(O^;u4WVu6dna5q4TRjv?*-56{O*R=vp`?=Ajq<AMh?408f8@RMw5c$~TI
z@d!%9+pyw2LUs25GQYQQE<CtE189>M!1%4WfY<#kAW|*>4+-zAaB^~5m8KafQbMca
zSwiTjjg+}Or2`XuO%I=@h}Z#3{t(2B^z>N~IScT&f2Z=<A_Y66nu1@*yXv><Bu|16
z#lQ;wJ-XT}9xSHPq{)0r9Pg8xMw}zLnpm?~!K^YM8(RW37UHRu-Wbp0IDizQG4i8P
zj|CKybjmQD;?VFR(#maBbYzpjN=D<pI^M833XiP^SP1H7&0pUMJ)OS}IE-r=<#H<j
z^u!4Vk(*9OVU?qeW{&<^_|c~_1z}rW+UUlP3DYa;R5A)95jiilX~U*h6}i)-f!wk>
zb}@Y<%*rKJ4n(`!t6YZF82p{D<HKVMIg3lE9_@s&i0OSERNfa&<expld7Z%WE7;u4
z?%4~lpzzP!b3D-xww?38Es6n4SuqqmZao<tnu^*wtAA0i8T9G<oI#nZr>8#X{O$Zy
z1S;?|E$A+ej<g^-`9l=wC~m?25Wdx7al4H9M>dL5-f2%2yea4F>qr2vs?S0c1FMfz
zRr2*K-wx8Fcktg3ING)V<A=Z<7iJ1~TW67coP(1S{O5<->b4GE?C1zN;3C%{{N$m5
zpp-(_dVcx`P;1*mbRn_fHjZC6XgEVMoKT=|CmHbaczfwSH|PfErDa4Ug+Nha>0E}H
zdMUqHMm<eVvpMg<6@6=Olx)m_sh53EOHh*Q=OWZ)nM^0bEGRO|pl;-c7lH|KFmezi
zX=SW1x%S7Xu3kkPr=eHTufYvpQhwgYLE&^QcipJ`wZ2cUBf4MFN!woU$7?B3Qn8bi
z2p3#WHtH^F3I(?oRG76M{$1Q0{Jh^agTO{~Hs>GA0rsh_)dTGTo-T+yxE!_0xa8!I
zrOF`m0IT~Y9PnZQ%M~!>dA0m=q6)~H*BSzV{X)1Z>Cw8=dTdEC=0UMiD$&NeCrtw2
zPgP#Io(2SNArr2p_^(t3nYCE43kzuhhm1uJkt0~*mG><SvL5%86_)}*DsLv=-?OG|
z8EH68Uf{W{xv-Di64|qdMBLYl0QI&W$iy~ZYUFL?SbW1MMMso~Aa|Fp6fQJ7b+c)Y
z_rdv1ou}sf%vb52yJ^*h23I#%UANgQ)_SIEHoplu=WPO0hx3lBo_&&gIi*U<5U;W}
z=5*aE?(tb2RRq1AynTKmoxyD#y~d>VTy~4@Pd0mcB$0)Bym7<v8}}|H|A+r*U0$kY
zhQfH4MfJ(=aiP<lr%SLcz|=f~IG<hLJ^5|KPd+4V@()`M&q^eu64cdSfZl}01rQCk
zc-_0Xe*RpBWlKIu;4L;!ccjEe<rt)rB9K264zOHH&0OGoRla5qAZUa+XH*=*?^F>o
zzy-LEop7(+-@g?(=8>3n2_$RBlvAk*8j~UO${MlL@jx!=^#N(t?e(7!)bT$1BHuKz
zN0aAbR-77l;f_pVr@4o*rSr<&?-I+?ca9$HId~8z=92JIJooZuowKoR@p4|^GSRs^
z5#YY2RZ87-m~<q`Lp}*}OlvYIEt->Re$JdNN#?olLJpcAw>f45T;w^e0QKQ@!5xwD
z)~a5$P|-YpEDX76p@vG9c9u6~^!v<lz4AE2RUEfpuZujl=N)sVxh|d;>siWUM*AiM
z#8710wSSNA|9*N))r0CnH(wYG%ZDle#+du=)cy9B>i$J;s+m1_5#S@LxJl(*+QRkp
z^?L!&Wa{otHa9R4531rx^2iob^hnfT7g~kDzU$t%#QoFkhX_F@`cngKg5-l%lZ|m@
z(QiQ41<>9X<ll>tYCy#RX0m-CI0Q|G)h#VH&S-m}6Ke9y-@?5HLv{7XSq~QOx0w<q
zk9e_g_K_*sKdd?PQ~G?0Wx#$2>yGJ>O`!G1w(0J9G#OF|40CGx$DN(i;&c*5>NBOX
z>4|2;TPv)lq9XHfq^vV-J6+u^LrzZ?E=OA^8af<EO4FX~B{T|EGNfBjjTd<i1v%R8
zEIY1v$`?4E(5I;XbVz$s_GfAAyJW5Pb*1E@q9KE3hR+#qeT()<amCpmYdq6Xj;ZIP
z3R^EM=*9!nhK2vD5$Ia}8&MP8nKyV<LTwLe=tVKtT1$49>b<TGVGSTT28A)5>1sAY
z%;v_%xW+~y$Zr?nE)S9E9mmj>&y3)%!+-!&(YmIl4iFhWta;x>L3~8-$3;!okWUC!
zZi?qWy9Tja7(2@#Ta<_yf(A;s*M0h%4N$^`OA)%xpFe#nbOSFtauzTYHvsE=^S99%
zAWR1c+rVKH=n?>(JUTvJ&dYgNzT#1~DXgI$aL?m~UQ+0Mslt9Tb|>W75~Ycy{}a#8
zXDin~l8Y+fp-b7v>e<9OtC#}zYx_BIA<X%A%7|(>B^(rO!<>a~ukjaDw?;}wg&y@`
z-0K?j;kEqyv$4U@${#ppmq$eRa&UetkgS&~GLhvE3zV9UkupY&Y~F${yTi~I$|~7U
z<f=GpS3x(@5lLrbUaIb75E!@5-~E1pL6n5*@!gkiOTo?+^QbFJYaDA!zYG%%3b&n(
znV_<=Y4~@Q2Y@}LM}~DZ{(E<_3qGie<)CTb4IdH0R>y}$Zf8A2G65b?&%KAs1}t68
zAPF=T9-u@^{@Wge*l=L7_Pyu(W~8i|RmnOi*B3v24A)^@+18%(*aL+c_TzC0Q)lN|
zFEA_|0*DRy;({79PfvhFg2LAWc$FfK_m?+a?m+0T3&W)$3np@-7Y%xoCO!AY?Pob%
zriausho=lnY|@j`9tn^tg0UyL`dMoodv;6TF+cb{>O<eEbf%p{#~u6eO-wg6H*I%a
z|CcI@T?@Of!^%hhh@J+$`I?AI@xvg!)})b+7&|he@jIwH9-V5x>A8kIdet|iN*a7j
zZySX%hB>VI7r7f;IP#*bf}y$@Nb>TsOPwfteM5V!`MqzLWRNioU+TF1t2Mf(|0|5a
z_iZaCw3bX4Bc@RF_Iwz2=qPwk{+s;w-_QI_ab_!S1Tl@k^ry3{tLyK^#t+0`%&AhB
zgwN>QQI~<Wktte*zp<C^ho8PSj)J04K6X%By9D!hfz4g!yyl8g89a^7`OvSJ<yx7K
z)N%o0S3uKwv#uCDJsIO6=KG*{O`*Z|;TP|qI4WJ4#?pWfVFN9lG1<j+qWCr<HTjxP
z6?K1X5OeDnd1DnVAyXzae$qg~w-B6(U#hV$PB~`ZjgMyO<|3f;ZVnHyslJkTjKDi9
zBmQtdIoxmSlax=_n@>zVOP@iMQLt?NH<&t^HC|5NzR${pwYQtCmCJVXWHI}Z;XuBA
zxW7fFNny|P*#4hZ>n(iRfj5Dk&&ZOkSwl!8EDqCx-1I$L4qR#=6AVjowh3GWg6whQ
zg%RGl(`x@6_xX_jZc;&Ls=xQ>gsZ(REQjjq)>GUq1KxGV0|DJlI1u2=p^fkxU@S?r
zATf*vPF}Z9Aod;}dI+Eb`w^d0uY03Vy6yneklFZ+I~Zdu>~+VV^2ldlaj~z`e0Uvn
ziUI8#Q4Dy>D1BB{uLlzYY;9~-^*g|r;-GssTlZUcbvn^^W>S~A0n}f)P`*iZYYE3F
zxlFr-4SH$}KWEyDr4f3yxSB^x{Bg$l$=BmoD6j5qtJGE{ZuSMg;{V|IEq6s8-K#Rd
zW?FzI$bzfKsv}5eP$&aI2$5%13M})q{dB8vh#u&NAy1A#^VFT@T>vKp(UCQd?@Dc=
z8$l?gYqopGYD~zRZjHG&DN`Al^}zjJ5SN|Ki2?OC*!z9-jhXTr4@CJIAKFY64ut}G
zvCla2xAJc`$4$Li%IqxB?xR1?W|~xs=u6l9pEo}fFb8q@$gox>Xre(WEC&REXjzn4
zDC%_~8bGEX0VDbVvGs~F3JCv_f7V<;h*ScJ-mw2jiV3e^4-=>KdzAFlVte-ILmmdR
zAy21%{{{_@ERY#cJscK=>HYaDu4}6@qPL>~*#%w$2*9lJ-cmUEu8uCtG$hi0<RycS
zAZcgrAF+=@J%6)<kQu7K*K`QbjdoG9S#-owp?-l5p--)<BSy*P_?O1%HyH-r;*>R8
z#Vb~sssz77A1OA9S?6m!WyISv<u%Xh3hh9b4w!2vNFro>5rTdaD$EpuH=}32)mpQf
zF25lA-K{Z6ky`zfMyBR7C#i0>)&1&x2WMl|WqsXeztF&$vz~Z64>F26m9`zTo2nh|
z@i*DSdJ8<`q6-#URjpA6!OUmYd=I0pWy@6X=yLGaKYP>L_#beV;&-c!t<7B=7-CyF
zTLiCveddn`UU5_Qt)LzVnl?cX9VU<)6F_Z&?3?)i^97h9lWm_n<`)o<{~%st@FlVA
zEUV!M4}L6L^I0p<CB?w2a&fw$VDPToz|iohxU{q%i0M`bZGb}9ew6Rty!hVwCI7<W
z?88!yIOlPd|M>3%JX6JYDd7~U^+|as$q0JyJAIz*m3jC^`fak9Z)xaEy)pN3u07%6
zd|&S%a7wGdEyQ<ncCC~pY`e)@ee|NWOxgaugHRmHUg~(*bANrob&=lfFsSRPQ_(o?
zK#pnLO#TZ8NrLqr4H)#d%TWLN%6e+IMPiW^0J8H6U9|cmT|zDoev1>a6N~0#_RE`X
zcTDzC@y!0mwG4Y+>rG&P)?fw=jWj9gx^3R{?rpGJmo_NLz21<Yw+8_fc6Yjqy#$Cf
z+pV)}eV4WY_@BRka)CE9gFcc2l0Q(^XBCP45Uq@~G{9yKWH59Py;7cW4T^pQw^e<^
z(|8Ivm_J}*8!I8EE0`^j{QIH6`Dn2%Aqxz5vU^kX57m}pW%Hn=&SRh-XTe4kES8Hg
zhPtIdsx5aGRctFGSE(BEdEqCm)Y4N?5o#-JC8zb#iiCri9huNql#XSWOvy-G0kl?a
zxDmz;_M9r&y_}@j50aD!@317YEoa}oIF7j6t?H~DT8oduA`w35P&#;tC++KU&e)$)
z<UFG8J5?C%Iw!y0u2N<)RBzDpWAs^w*(vgll=~mA??}%ej`AGScSLdORv&9V+l7w|
z&-b5b{*JimieoYuV`L5)-ZgnpyUbkaG*Qdg&56`lFb%h$L`Ul^|KIUm3L~%e^OjnJ
zLq%$2-9X`Ow^?Go<NCcA1{*xN0pm+N(Va2YZUPE)fHNYnj?w|(tMvMHRBdPidbmcL
zdrcYydPtp~2v~XnA)z=hCNC{BQxmejyqx8BvWmP!QUtPkPk_rKYzG+wH>&+#me^v3
z>bE(dACl_G^St!KSNnW<^!DdG++imrj^rH6LR&q!FVmGIUS7vA2`S3+>9nIB-fk#0
zGDQWh?@GzPuXZ5GeHB%5RAfvT{+CyBK9{M`@!0m)y02^n<7}L)idKM$ZNgvw=jopw
z6gp|Hg3P=|dD918$P->tGzssIU!AC$8BsHgrc<Qyx)Rsdt>l^tZXF;lG4JlI32^pY
ztT;t_zkSAwx5VBpC+lQ8KQQ{HThGJuWd_EBrk6RzzoF)Q1;Jgr06Z@e{q^=3cCl>O
z`8#?xVi?`0Hc`_X8m3wLKmjrMx(f0kYwLrO0_H}AI(R3O*TeNzu_+^%0hkE+?B!KL
zkEj?av#AkWbNIAEy!}8LB33sh<&uO0v07vXNjR<6ci>o$3jsiEN~BEA-Qj!WthxEW
z*Hq6F%`n);j0eT#ZVhL4%=8=(cXGHTa#J2~sc!JL^dcUkv79uGTv0!99`OI_`aR~^
z%1de4F;QP6TCcl4>VfMdERTh`d8%JnF^*blw-(1)VWfk{OoUL&8{*%&bg9yfWW{QI
zy~+0rO`Ce`41A`{Q%VKz^d#oF1wV3RRSkEtei+yDcj+Q(ekZnkzaD`eVDcwqPN@-X
zE5~-$Fl%&%)wa$gXSNDY@Q@%_mBRR&nnt{@sZw9#pYLzz?JX$d^rXTyeh!Zf#Zb={
zKC1Bf*9#&l79Jf{{x3H2#ye(TWDohS^0ELC6iq~BD!DU3yQiR@ko02^NWu%J5cf~{
z`v(WTpcy_MknF-0=)<_L<BdC~8mMWX%GFWh>)QPJ83w9^hLD+5=|Z4`K%#+jM|ig}
z0yT()CLIMqnNe4Da?ZvRtge4UK_rhcqn#F$+c#E5tokndp;=tx#ktQfyJ<g6P06A4
zuAn{S)M_TH4em%hM<2oOU<wsxS1^f{tEV3D=k2o%p&fa*D`ytAoSX3^yxje@it3lK
z7s{kDPi*4@{tCnzZfiyU&{9-1Qb3yHDaaY6dLunF$1%$`AHtPbDQWX~c{8`5Ll)uP
z+j^wA3VBFVa7Swz_B$rkA5q+%{>Iu_4g29CQi(s6sOe-`(p0C2mq^e<NrUjtgoxN<
z1@51gwYP}XBlUICjnD6kL$UWeZrQrbfNn0@zkK~~r6DilUy1Wr1UlH>I`!qkoyz-s
zlq1Etbf)t?53s@jk>)N)R?5OU_-q%^Mw&jJ19zE8a5+Mv;l2Y-sup1r^GYHHk$$x$
z{-ET*?C7krf3&@w?*<xWqJIYW0jS**3=~9&eyLwYMEL#ayS8!;h!en&fhlm4H2VW?
z9!MY9B*8=5X72-;-_bn%D{w?>J2=_R-<_-WKsu3Tp7mv%UvF!IpWb}vrM~?5P^F9h
zsUK7o5&zfQr<N&im#^LF7TQbSUxwuM%X=`R>Q5*154U^>lbwI5+^DaNA!}%IIf!dc
z$(6vkD(oQ3a`K63M=B3BUQ)KwPWUK&YonUDe@!sWTtCN@lgc5yYL$oUmu(V5-jnp)
z99>k;O5?4X?2*q#N4Rl=yN=F}J&HO$Uj4gj$gn0jY6*1q$CwW}<e=A%ov{B5G}PV%
zfeKip+3q%|fYDSWy~zUxlF&myTY!kum4QY_ee!g5)d(k`@?%a|8B*Y>A@5T>p8lh!
zp#`VAm#4=ok^w*HfdfxO=*+{^6d{NJnAM9x^VbGISmqWNy8yTfAQpC39@U8MoTCf3
z3vAsKE}fj{745ENXqB=xaX1DQ<C9zTkzjA7+t<wY#QFNrzBcNeVLI~!x~pPj<FUdo
zY=`4^JUS<3RIgU0OxuY4-!{c%M^y4&nz!NPRq?0i>dI(H-*2n#ruq`^B)IPu&=x@-
zRz7tuV>?P0<SVd-Cx~UA45-kfcSn5imsHjfJl!@m&JpA8EDq~kPj`ydwIo)rc#pv=
zpB#((b+h!xn{Ep48VYm$JUqro9+WD&X4*RWQu)JRg1xwXJlU~<MTzIG^n6VP#l%KJ
zGE3ZV@$VeYK#b&Vta5xb_g_`ayZhL1a`FU_Jce+r^!-aP7$_MM4Md8A!$YHby{Wa6
zI=9<P>kE)V0^<?1KM{fu0I7He2nDDX0LYJ*(2&DAo*nH`i<B?FK0bhj2&t8bUI`21
z?=pbFg5L^WLkmGSB<N5A5ol9Ob29-1uwJ>K%}zJ2m`XChffTg_Y2EE8z%!yP-fwbn
z&<yhWlxB^Oj!z-j1CuzzOp1Dg2oaq@jN{eB4c<$C#S~B3MZ*dag8-zo&si0hDHbxJ
z@eVYk4s$;Xe+F58n-^G#JuG)tRAhQq>7~kGGi0srcQn%@a}d)=e=U1mtfUBi+)Zd2
z0#il&fg^qSYLDV!bs{xsCFQ;bBUdw8DC;F1FYP^Dr5$aX{8T7H^~E@~;QMxN$=mqc
zM>KV4A=CXLAG2|+aBF8@yg2U*M3%RSQ^Up9#H;(vVe?<Msr2=KX%eiJAF9ddSW$DC
zbM0a9sq$yzeJ?-&+#!Gx(g6>4b$xwutYntGvvYU%s>t92ZTA=LS5~~O+#X%6@T<Vt
z*%_BGyA(W8pb1g6uz)qOKchgSU=Dj+y0Gp2ONa_Ee-WmHUCM&Ayy4sapEMLq7A_aZ
zluruXOg4XC=<a3aaOdG*8-3AD2qNFKF*QeVL`dkLXJY9@vubgD?NZ^F(EA?P*;G`p
z^&H4|^}oBa%yY71mKo|t!q{?gljVGV(QmzcH%7izdJ;A+ufIh6r2dnDD~fKl1od=~
zY2Qv=&Fs}TLE72B98XrCG}>drcsW?O<rn$?pogMblFItzq<aWA)-C7up=&w>;#l{I
z5GC*&Yw<(`*})<8sL%iPeP)IO-!x#Q;hlI=s$R!Icw9<T_fV-UdfOP*xe5+EKm*r@
zenu`XEU+RhfL>TuAhrQX7ziA?UYE1x{a~^7K<0Q3g}RU|@?t>x%jlm8sVkvQF^Fo6
z=9y&L;oKb0N}i1vV-HHdhh1LQpuF6M-;_%?P^!z_hp03>zc&1pZ-pl5{7ZtU*b@CS
zKM(G>agD~&n$(IS-0KJ)JcOJoXbTKVHg&tnFWFLj5*fB}i8Sc6i;`KM&_^lc*V9;J
z4&&*fL_&*MPMqnE$VX2cWmR`y7Zho3kH1cFt*8*`v7%%WY^RqIfN-gCP_b1Ar*}k@
zar|Ypy?j->#{5@aKa=~O3v2WVzW);j{fD1Ylqa}1jfgS#{AD<rS6HtNSdEQ0JBfSd
zYWAfLD5Cz$#AO$%7@>Tw|L(n31*r0;hZqI3v)NYYd1azE*868PfKYeh12e~0Zdc)c
ze#wf51qC`yp0~V)UPi9K<QUBQ)K^d`yTJ&+6tVv4-h~GwVvqs#5{Y!cy)nUDAY}ml
z9FPNUrKq&Dy9U4l@6-WjF?n=_ET%u*+=^1Z%qz*GAs<9nF(LN?*)qp>u$0d{)O3J8
zqbEo^oDbiR1j%tvXZ}Dxt@Dgl?!2NyijbiEY-qu8FKwMmhKY9q)dtEwHaU@pPHVYt
zl|X!QV9ocU!-{OZq>d`)toK#e=bZ1k&l$h33(At-QLrf}yfjNgYQL<ZO_>*dDECwo
zF2AR^68@mAhb*KX`%``f|4B`0gVcu*$P1yGbL`9V`*`X)vEv1Y3bGB^AiSyWjS(5Q
zh?|cA5{onEzx-aLeq_@Zq<uwdM0&u^%5v+*^G^!}sHR=Oi56_wziN{A)(Lw-U+vU)
z$W3#bx9;=>p^qhRDj1?C1`sG@cvTTutfZtQs{r8Rru56AAVBX2z1+gU-+>E#!E17R
z0x1Kz9T<&vOi|Fr!F%U{k$f*mAJ+j=b!j&Gy1mjLD5rjowJ+It%3EQh*wX8G<_cUW
zSX#*^1llh{9BRJ4pCCq#_4pkU5f`A~^VdvOknoHZnPrRE2lqW2-gv}&dEYg^fnT$s
zs{@Qv41@blH)L|XSuuH@>+&k80z(R~x0zt}o8qq--v}!OC@JqGnHeFDbNKRWCX+*=
zs`wG+=vVmBQE+-2wCsPZ#}F-*7-gGKImJg*b&fKe+{ZfHc{qH+yWbD3?We9%@Zw7q
zQ`?uyG_NTW;rJTygU+U1n5-=*Z{r3(Pb5R9Q#Ha%lN_!bwUfY!mP~cle+p~EmzWPQ
znia!2r}2ot2M2NBVuZ^O|8%sLNmQ<9f?fx8@aRl!#=Od#1yK>)J5*<35&aSOQOF9J
zuh?b6C}c5T#--8Xyd5~cmg%t_98&vi_Dx(GwtDFY3HfsZ%W?p#1D4Qjg6i%mDIycG
zQd*}}`uFGE1Dt7cGr!q_!-GUK=J~s_|I~ho7!izN_{wPG=p=``@O6FDCk%;e#ptcG
zA5GY*lRMeBwP4M|JPK~3vLM&Zg{hkw`*3B-ddj}u-b)8el?o@G?qf2%C3nZfXlNj1
zC{d1lNTd=uW+J;x@e4%V9KAPMLS6Tb=K-~e>91c-tlP@_bE<kP2}-3l1eo7A(k@3z
zBuYEPz6fAdPDGgH+Ig`P^oR&Cw@x$iFR}7bCurzNmi-qHY7@l_^@Dl9H>CNGmUbxB
zV^q=ot6PE;=gM~<Je`3!RB{C>7RWnxB26wQh`?V2{z{u`&r`l~TW4LegdE}C76Pxa
zwSJR*xM3I^i$<6L+VCs&YGAo%afo{fRC({?(aR|q%GQ@*Rum$kU&!1juT$mHqW(@M
z8ZXj(FH|C27if0D3XZfK^saFl@cFoPr+aFN<w#VeUln~2m#o7*i*|@VSpMW*bI@Po
zQ3VTW@{xTi%0mKY8fA~wF7lb68A|`w*Tzw~OC_7s5@@KW+)Gp~#HzDm27F1bM27LW
zO!sZHjiH5!IsOc(CR?q<NEi9DGoj@PQ!=3^wqY8XkuB&B+xxo5nf<!QOJjx0t<3~?
zLNv%QtHLKK@Bs3=VH?br_Tl36ZzJr12oB(bv2c~}3lQ#WYQmfTCJ|&gKzeA_&2s$}
zUMyYb<DH>`0JpB0lep+9N-hOll(zdwDw)f}U44Kj0`&?{9&uDR9KQHf3<huS0-wUG
zwliu@9PaXClvO9(2QGifR}9E>FF9Gq->ps(ScPt*G2q-zB1?`B|Gm*1laU+x%#E0U
zScKd{e2gnsFwIvZ&nc_>i+*61(ZBkcikynJBE!jz##=g1r7kUgkF2d;DX79-)-M9N
z^KjWuQZWZl*OhDHb0cXDBrf>^$39m2S5MKpyrWif*kL84PvD~YuETgzelWm}593Wq
z{=-Nuf<I&t_L*&#p?r<}V{C3(`gI5e-5^@#&hLjxm++ioRYD_~j~#RJ6X`~ggDm(>
z{{`M2Ez6n7px8hGe@j{$p_&X~=~qx&8fogBmE%%yNMEbFgWJx=*4FeT@i`D@H$WD{
zNf`x5{ZFwvz$J6=HQ;<=Akn~#MT4tFR7PFZ)GQIih^v5e0qSp>^t*Oo{nZUOoi+VY
zKmebkGf|*}`mFG?yIO(4y?czrIS$E?DZcZZ5FZM<KMS%U5}xqORQ^+WtbJ4mdWMfm
z1Ah;Wh{69+TzHBn(H`n4*G^&-wJTn(YW3^fzg;FjrKV}$2vSKYJ?FM!80&9Arcl?%
zRA!Ikx`{r1$Y2(?m)~bEPp@0UVnm;185$XqO?}rK(;M_s$I`07D#*fCmh1FwRjeWn
zF<z)bZW=2&l4J;Nt8~2)*=wwXj)BB?XgL`11KI5DM3p&RS_7+WUxPY^>xRAw%-l(2
zebbVvq?z~@4_7YI|DpLj!fW8+HeB<;OFyE2h+~+{q`Olfn7i2BwVn9VERZ>jECvP?
z6#x&KIZQK<j{s-D^73*VWDhV?XdNemuH*Vz07Bh(f{LT6D??)gg6l4T_I<&H7}*jb
z`@j?Jr|QLBYvoPuS0!&JnFmY>0up-%w$66rfE(3M$Q7<EEh^)JTp+R`*5dZZD!xCJ
z)e(d$9n~HKz6JfnXq)N6<^soYtuJs8yv`XnWFwZ9#m(}S#W!&2d?o)}3tI@h|2EIq
zq(oC3U3Qu+?quipy!l73GP0_9Vf@ux;PcT@2->Fd*NWWuNfc_~o{av`_%u9~3E%nA
z?<VW3LE(&3Otf8EpZ%=ksLpOWOD%u$MN9jsYK;vuEL$|Ps@AU}RQ&ow;7gA5@ipS0
z#uoiP;z@{zt+6ehe_Y_H0c%x6b;9M}_1D@ny%zWO>A-Ah$>LwzMX;)+nFmC7&->u8
zAAAZ_YMT;N6K58PKO!j9m9qns^I;mESBDf`YaH(;2@AHq(Lf+hiBEn0sWkkaN~<+x
zSPcPUS`aG4Xj~e^*(?xX3KH_!Tm^_85N-t}P>TTO(^t1+M^}X_pP_sK#eOC(fd!dD
zi{!O2AxU>lA~?}s#i@dEB31GovIL61un6NCm1)^Oew^cN9MA12m3Ea)%YpEfmwPVu
zxEM$I%`~g*Ok#c^RK~7@Q90DaK5rT}ym))p6Jz4)wPb!sDauLHJFq{n8bwpcIcs8j
z^|_%z3;94^Xg(S#+(%y=Rq0dtNG7$|4JvJxZ3FsKq-|O;SqdG&7f9&1Wu#)Y1f(hc
z7%XBuNh!ZbH4=Nw=((PAc{T1VKMX9oo5d(rXcaM!<@^qnbFMT$n%>f`s}E|t%)McW
z*ZE3W@iOMvw{AR%l^-FXXgMpH2#=^7n=al=wEN8*&R%qsm(R$LYJYaq5p9XSqb5YM
zXIo#((^E$FUuy;P7?IPiA2eb<I;N%(ctM{%^Ey-Ym}}K#A;Uq*N*Tj4dgmL}M)=Pr
zx)!m3xr62ry((*K47~iP6P0r7+b?&{;HxDQe8`Csd=UEIH>=$?CEj{93_1QQ^Vg_6
z>k`27Pl8sEGNYWyzN}WLdH`+jwYt}d<Zk+v!QYQE!Zv>3Su^H^xLod&=(l>MH(eb9
zy9L1DaHqe45287+RtYmGl~q@-Z+n02rCO)#m$_DN`oQ(mAKM_3@_5zF1wE~r9w|^_
zne=0>FBX;bvh;0ItpUcUJgtENOqrock#fAch6U%lEo+%2zG_<bkzW3@4+IfmRJV^1
zWv+)h<)FS_z6HJ{6t!?M$yE8w)A%74_u!gD_Ip+!x@-Ys#*6mzd~`Y&>Am*2*gl*C
z7xgKV7&OTa_2<=sbo6B3us<}i-9(@8+}9@|ccZ9FwMDzO2?j|htCoadcF*1F5cN)d
zyLpQjSs(11Bz2BYy}|97qOKO;g5u8fpe0f!ZPdDHIG9HP`|mT0kA%TL=WpH^Pd>&%
z0v)1caz@|WqJ{o(FZJSb0oIqIYnW3Z{*u>k#Ll+ST^SPs9;3CgI0icty?~5>qLOau
zbSJ3O`9ho8aK%QCt`v?uZOgUd)zvR9uPz^&fk5qz;{FPW=sC)7C~MjihH;VWqIB6F
zBsIZI(^SaWsH+xoMMKrWg=N>*`#&`(;RER<5?kR9B(RR$PY=O=byDAVX$*SGZPSWN
ztFEu`-tZYGzR+n>zIjK&aG)X6EzepMnrw%6Zz|4!vpay4%^oE0Y0Mz|BQKdh|3wky
zAQFRQyKCWTFd6anNo-WpP{^wu@5pjKUM8WKj@Q{SSUolCcLbz)RFiZ{%!^$Qk+8uV
z^SkkrrIXURkYNhgR6wLRUE^9S_+Zv+OYDhZu-*Pv*i9>H+5Ux_1C7ojEu2vhj}}9U
zz$B?x$%-0Jok^QLZ)?2opeLk0FfiHd{>U5V&c1Mj;PNF=_2hZ`=YUxQw!SCJ!&R-V
zhFC$84+mMFsCW>(G`h-`VCE4Nw72dbi>|CKJnj-HwH3^3-dv46Nr>o*!8hT1A!TPY
z+q6mpds4`s#wtNnA$8*Q!+d<Kq{D)u*@~3lD%nr5g2J$sRWmfjbF>+kbgEFvsYVRn
z`d1KNs*B`HN!oLiah*CQACfoIsoA6Xv>vqYAA9$$uC19OX^3WsS+1OEg*P*@k(~Nv
zDz%t)eW+i#dQwoIgoJ+F!t3>2szwKSJ=(n*{Ur7g6K2~m$AUq}J0z~R(-`N$B_C$u
z-<BuzWiu_{oyVRwml<9^nHv@^*%X~>1RKozq4J+aG;D$&<D50v-;E`A?(R2IQqtP@
z#vR?TZ;S5TqSL_X1nGWW986kx4mmto>*lvAy}1JmsJtq0CeFd|Enbup$w$cfaJegj
zjCO7ebm)>rb=TF^K_CNWTtJeV*t^ie0qLua+6raW<afLLmYKTIggH|}ZCYUomGRe;
zyUOKb$2;zad-DMw-^k-ltEGx^lnbi_QKg3l#Ct+3<p{kh3%OV9BNRD1t!V`6NIy%M
zyG9mb?b;)MuvH13@5L~7tiIr2irv@UDdZP>i?z<SG)JzXC?(|1)Ze9cvha09Lr~^b
zy;7YXlAB-d1cEBcp6Qq6Cd^22VoAc7nY3^#Hk~>3r>nWGxr1-<gx+ZFNQHZjFr7ys
zYnbRCYqM_tDW^RrYWRhCRD5r6f!@jea-X2RO}5X4(MIrL^n|@@A9@77E&YE_@Mwl}
ztheRC1#*29n4e;!u1@FsrE)eLcq}!kG9nD(Jp+*z0>sec1o```_jmoRcM7g5Xpoi2
zpWiFbXEhByrI$R;9>dQuThmolb8|$m$tv&+g?5MAh-4B$f{)k)NuR)2T`*S;g$GZB
z#$RYsn^61ZA*+&aD`rPqwYQ;Hcr+$0$9XL~nZ$~<#I{y1BFLyhC+tcm`FxChqh_bE
zo@u<1tKC4_QvX?oNT{U2j!w!@^1)Cuw<;UW8$(?{#3*gu(fgPskoT?p$HayKzw?jx
zS#NOLp_KbQ1Tl4$O0Up!Y>4i9%dHyAy)5Z^3nN#IlYVE3vQ$edo)+Zy((w`@R;4Qy
zg!HySX%rdl-&P@Og$@=w_R2@y2Fu4<iRr8fpytf|ci)X+Q^4$k;TzKNuC?*by<IdU
z0SVDMsvBlfuSd9eYgDdPXHeR0j`fkBJoXBXU>`R@K}$X&<S+2@)uuZnc|>i%NlGaL
z+sVsBQL|ZUi2z-WsNAy2i|*hTAOqwP4`)^2>fv7k-jIR<y~)Cdq6>UYza%+v!Or#P
zvnYN^%X!<se_LRM6OF7RSUw`rkfhme!>fs&X`n%7cF_r(rN6~^|C~@zH>Q_2uS`GV
z&l6rWAw21Mq^i97`uBNXL%hbWEMt4{RY<T6VsPeHF~Ucv7N$ayW{qOcLZ-{(FX!)`
zwv1m^>R+ZDCdG+pc&l&cdfZZ4X0pDm_-ui^-yMy;^SX2-YE0zWg%xwE5d{X@QKd11
zpxZ@EE`$STCq#9<N_pPtpZC^W)aedW2>#xliR^%F=bZ<Q(tKn2(4Ovu5u^-JxmA=9
zAzsfsZsQX@dJf?i5ut}Tu5~>Ifs>Yw6p-OR@?V~{xW0UKzsc9ycI0&><Z-i;N1GuU
zeBq|#0n9$^CBQUDFK*KM;^G%s0@6E>_-2DrEmlJ5+x(DuFpT>%p(?ou`No!pU9Rjp
z)l_#t6*R!J4b}Q?14>U)|FNf#Kf2+G7NHE;xrPjDO}2IZ3pe+-(D=h0g;E0(3{I&r
zE!_xmw&u63Sy4y}1(Wnug0I-;<&rCM^om#N#9`Zl&a=UaWE+pZI|p-(`QdAv1xP$L
zHk0@^;%d`wUnSD#wUeg;V_cVTOdCn$on;P{PqJEt?($(6;XY1$D*jWi%Jx5B0K<yq
z=IOXFa#?}}ZX(Gdy2?ItG-)NJ@K}bP$-n=;v60>%yt};@ry{+X%D`m^ri-D&zN@On
zgBSOq`jVDhckSlBWvyRkKF%fJa$tpT$s<nKnKD?EfHr$mAfWa3@6qv|AuPoUcDu9&
z8t&Qx4>q!A{{BUV0Q34M7B<#%lp$^quy{y5z-nWjGD76p(>DL65D!Jm*Xh!$nKLt3
zvGUaA5<laf6LzDac053}i{GNZfAqeHXs_XyXiSd~x~zNNGwrevp{;#_ikR`g+ap-{
zq0%FTle%;bV+ehlD&e#pW_9mV&y|XTRq2UL%H8m-aYVizGBA*l^r;ZZ;ftwGc)V-9
zXAM&iPj5<iHAJ<_nMnIa<wP}cM^5*L2&Z$00^z8W<hg30iq;GKwOzg3+{}yTMEzF1
zrc|@+Ppw6da8~KOw?51VrCt7fN^__TeNyB2&qjp58qRlnUjLqBP&R6=@6*{UbH8VR
zA&Hgiv0(yt<BM%zjb2q*DG5pmAgW6P{4^R`_vbphHJOohuwWL-kW=2L9Td`oOK<L2
zKuVf^wdi^j)=<(93K*cB$zCM$YDCyA8&QSA3)<$b7JaLwp1nPt^mGb`@<b4Ihy)V{
z>vx-~U9_2KmWEVxqUjaiUrwC2$SVC9H(FeCh~rq|WCy*yWu2qkPbS$%B}=?~;}w3`
z47v+NvmRd(cr1jIbd@!r!>lS)FXV4zQ+Zp6(F%h`D(zg;mg|76M%jbqLwEUGj)Cf+
z$mEO443z^Z>I)^?FLz_?2@FOPNy;(EDnf~9qCsB8Y}p#RukcdwoSHXZj9+2gF&I1F
z<rTn}s!+4Ll{6Q=xx~7?yJ7Qv-cKtGreV`W-dD~rJ9Tvh8XZ=`F!k0YLtr)!`eXG3
zwlqNa%abCjd@MSAbak|J1vfjCJ=4O#{@u9ra9In1+w*agJOH4j-i9;zm`Uzo%dMHR
zpdh=TAb;t|&{>Mg9ZFB;>G%`X@tAnQ<y>)BZcg$MS?Uh;YwO>hoV76o4_K#CZ&h!p
z0x(wSFms~ue8U8}3%Ocep!hsDcZ};p%Z$zs$>@)xEF>7)zcRY;^&~I}<Q$=;k*ZKT
zk9jRj*?3>1Y0F3<d7}npH1MPGc>Iig+K|9(jcDWfheTqon<8swO*H?<ItFE(-6#u-
zG5tiAlaw5rMn-6z0{M!9Te&UdnjcvLl$#fSuDjGEJ3JpOreD;n(+M10r&x>VFe^kA
z4`*<EVpYpIX)3I_1s2cFz1w?8_P<vH{_i7l7|!aZvLU~7>(Y@ed!mA+Evw|g8pDF4
z;Fm>r5OZwLRe!R2vBcGdkOit&<Zu1qi}yXo!$$g<AfC@EFl(}DHb`8&UA?<&BE~|Y
z^ZDa$=z3HLYBdP?HcR}_+ON7fux#}V9b%96aNk8ip!(E?_<g^rm0gl3aWrz;2*1S}
zEC0ic+Di5+SHvE*bCs26&F{G=!+?zz2O5hknPbnaiDq^z0c*XHiDQ599aHLh2STn}
zh|zC4p&O|51Gk73W<lry=DfKh-gOp+0`Dc_dRpk%lC>9Yp<wV%+<E}d8b*uaT#)#w
zSM*73%ley-P4k|dPKlk&dDz+EWzth@Onf`3<*#O^PBIHd;4yMH{82c95@o^@GT+*7
z-pbb9z3X?Pu1@x+rI3LTi)L^i-FtZ-r0IedFdm;tK<TFh?`AVjNvlqPmg3@3k)j81
zG{NS|vN___Ni>pc@P@VM7Hen~Ye07kOK0@Y@2(yAD5J`&s{<QK0K@)k>8SDA15_oL
z!4BN8-zivJrmFoM7?#v-{&9gmSUSt(?XPw0NEr+tD_e@fS1I%){e9ikRnP77J&SRv
z-5U~NSoXRUgCgkcd!IC4uQxI;TBoj8AbpQ(N)tycxT6&*q}{OdjE_qdmiSvag7=#*
zWusg&W|M~IrhtDJ<5AD0h}t?%?Q{zYjx?3r`;CCnIT}rNheVg{I@JX;`o=P!bz|1*
z;kjO^O^KgbGfDGCESleOy?gbr)2NpczS!Oq-bwqB#8wO-Vfu`mE_c@G+5DT@I^R_e
z{P#|LwC#qeUt@OzchRHag#Hbfwz_(`7ON#U!>Q$wCz!f4JtQC~B$NYSTgxNfP=EhN
z1qGp$qF#!?21uKDhp+YeaXozZQKChqLPmtWqwgy!D<46)lNA?0Nx?!ey`k;>^5&Vq
zh1)B_&Atjp=@k(T10G*A@vlBlM@N>w1S1jPWM8%}3)kb0UWVCA;e4_PenbEEAh)Eq
zfVi*<!9aW6?~wD@dc|%%8!PD>DO2Gj%S=1E5yPWUPl?eLyAA%S=^{MnL`#hTLg66N
z)OblK$+%jkJe6wrCpLpoA~P(ZQ8e$_Y~1zaRq{R4^G{_V;r9mpSj^QTk30MES&AK4
z5_3JcGRoyQm|%m*y4#)Q2~ImHQg&9lMT)v#J|ar7#St6M<Y=tFJA57@-R*s@1}?k*
z`@s}WkN8du@jF{XE-i-uCWUxosl1iCh2v+-_Q(f59fnGDMfCn$?G8jHC-Apb%z_Q)
z3jp?W0U#X?sRQ!(I535#fH(tB-RzP*@DKdpTFrysNo!F-0kAc1E+{DYlrx&Szkhh=
zJjVYd!7T&{)4Sj2bD5$<FA@!B?|bswK6Y&ggpTi1)Tpi6yh;^L98(paG4mHrbi7a>
zz82gAI+vBn%NRi<s(Gozmc$16--a6INp@CuG4d|o{r3}#VkK_XiY06+#Cxzsa318&
zeWM$nmGGkOGyfdSGx;%{XI~UGu{7m{*SZjDkgag*%vcs5<4vMN`Kx6cnrQv6OwtK`
zYxe&yPQjbLSca$C4`6@@tlfM#69(oEV$$f~jvBorF4{c126mw!nT1SDml_%pNSAv7
zp~R4L_h_lru%E1--;41(|CeB3VhM&&i6CS(l%!v+c)Wa!@(3hfNyA&ac6iNRFmnTP
zwjlM;DZ7>6v}hz<n^I3}@^#5Srx?gW%-VzH#v3&uKE2ORv;18I?2U-%r1MEyM%jxX
z$7~<mD<q_u7<)1BuFggybFr(GK77G8x(J3<-+Wc4EFauWItyeDt%stg&z6cuE$~|<
zvbI>2o~W1o{mp!Vb?pPK)#2e>vs;4vJPtzC`5}9!3=Su0+@ChDxJy%dhlJsJn|m7v
ztsB`nYE5Xo@_>}Z6`dWAKwi>m48^dU`-=Ic`o9ZhY54yZtTj}+yOl?1CG%aPQ}@(o
zXjDM~;@oZ9z?Q=mxS0Sf%1!>{BR44y#0|_8edT@`4z9RAXK13ZI|u0iJn!Y><LJM*
zlycs{=BU@i@9fM06c;EUe8gBIBH@eb>XTM`R}VNLte7FmOlDYqwQW)uHTH3GyvZF1
zC{%HI)=7av_(M)b`=O+JAMpn8f0Qv3L<K(IH@FoS$Hl6V=|Xy&$S`wKOx#FHcc1x4
z;>G~q)IHf}OpTVaRt;Hpy8y#L#{3Iu<^@CUd~}z%k|m*=KwGr7b^mq@OH2KvEV|>t
zCl{BEH4~m8=*v-r>}9<%8O9XFB&X`v#Wx#9jJ1*-x}R~4Mjk$~YpXPrE2nxyT5ojB
zfx92v{`Vic51~Pp?FaA#;fE3h4D7iI!G|9eE%^nqcdUOdY4w31BxwR#vOWq^-hw05
zn4V4nS~9eWUsImJbApqAO%lHVms-{9S!-L{#4q|pAdLdF()VVQs_8xT#amo4+j_lA
zZ@2Rm*#0XSDXB$wWonmz)Rk=_GWy4gX@4K;pFu*@0<j3*3q($PT2;8{*$W^?eL|4@
zNxW`lde0^JE8EmWVLsMrsw7Q0W{Kg8{GH{XO2cXQd2FzWu+*%*gr&pt1KTe(4P@R{
zed$uROnlG#Z#PM88+YsM2J|RrgmV<1^pkTL2av~J2Pujs^%8y*@|v})GhDq*iy#vz
zq_MDyDSu;Rb-oXcGIqSP9hu#=xf?ynoSXk=jat7CqG(gVNXYm+4xxNb%Mqug*!fyA
z2Mpf#wcfW!h*~u;!h<t3&4Z=AQHv@OQBgynN;Z3ea*_xAvn6YMxUZYDnHJ<XIBtNk
z8LR#@O%4IY;_=STKrlJ@d)s?4hy}=5H|(_m?*V2vANgJp*X|)xAAj)L+os2?L}qx&
zh+Bmae^iHeJ4=AiE{fSbpY>Ipee7VKCvt?h_BCC%I*Ww8ux_p{nTyo}xke3c6y{QZ
zc+SI^*AyRqK!50mLWdFGEXS1x+=^wEYvt?g*^WY8tZzE$anirQ?1cX8ghA9QHyX9$
z0Bd`!hy5Q*o>qm9oIVBU3WUnhk-qkb65*1RJzA(FZsgyLyPUoe&GzyvXffZ=8ylb7
zHMJ*PH5eL~Qi_(3ZmR!$T0kJqPG9s=9_ir=+rRH3%RKxRyU0=nD&<5?r1$90HJJWN
zX2qQlDHZwtJr+b=UD|@33|Y*-?f2s#NkpF$7xKs}Abb3cAmh`*Y?;r;o{l|jv_Lv~
z1x(;ReEJmjwf#G2R(*EV{7B{a(N2Fw?&#DM1B59~ST;6$-{UPhDvI>##ZvsvbG{z0
zHrEOIK>6M1Bvwt@paq7FfMs_I7XoEAY9j^)O*uh?$cn@-gTB4!bOm9|+Xhyj!aVg3
ze2zaTb}Z`(Aw-XMKBz%Dyb93d<~`2~i7pEy*gw=f3>5WjhkTVVq)41P`u}M9?r^H#
z|Nlca*+s|>Awt<46tbfvS=l99_BaaJJ0vrbBH4Q!dvDp<dpq{wIIrLB{rUbb{&015
z&c*#Y_kBN~kM&e=FBj&()DREOyJ$DYNpqa!hngrQGH{#o(KXCJVt#e=8c~YRHuvH4
zLV@<V8xw|NyqigB5egTg{RQgBZEPGv`x&AeXVKuKKhFOTV7o#pufE_N$V!Z!;$D0S
z|LsMWWv~zR<K9J2cY139*}&D<*aq|}BNH>Ts#*vI5itw^85&nm(9|3SE-bRc99M2+
zgZ537G%@UExMEdZ+54lACl^m}S+(N57PevH(^g@$3kOmxZCQ;gf<#1i{#9S^=)s=L
z1^#{m`->e^rqvRZoz9|q5!6gzxMS)6ye;rFT-4C<^PakI9R97)g15qX-yb$SSM=Yp
z7yFsO>h|zL@IBj|+~n3Q_41F2fq@axiZmNG#?^;;rOAIE?{?PNp0*_nJQwWOeK=XZ
zv%C{z7e#RT<yH*$O__yT7mD&RG`>YM%Zh;{%{Lde=x8@7pP>avxTtc@8B!Fcud1rS
z9Iz%Cqg!WM##hDsIw)F|2PInI#3r8X3Wa&QF7W`XDI6z-U!-W}rcaq1c<!|v65-5;
z3pQi|M+&YS5_?>jqNW7WY}aw-uaHS`an>uq;|G{@22WOh0~`WxnB^C6o)(U~0OV)I
zStWloOl~**0T)-jlkofsZ?K_CiQ*$>Q-jHFMBTxtqyUpfskzJ)3(liE7A0mJH2rvD
zs|BAL@h=r|!)-a8sVvrY^YE;gRWY}p)8H##yK%{JnH8oqt<XYar%NTQ$Pcra-uEx@
z4?8iQXnOs?F}#88w-qcpQdY&6=j3n>H<OZ>eTBwSvq*PhZJNSP=r!Y!_`f7luJ>4C
z{JLl-nAW@*wO%}1%xGz>`R>2OcP(vyoeARks)<W|lT3sygccLjZ%Bn<k+{&W|5of^
z^nYi*?$*`PbwE<R2<b5mG&hWOO;)LnkZjKI)82#4|IsOrmw{PA)7#s7`;HH)jShA-
z??wC+0A}YW=zzLdSQS8U@fJYWNe%<n`(3a4^ml|HBGF!&dCo1$o*-zUh00yLBuZ0V
zIB+_+zBP1>qg8l;a^VOl_4flCN!OG^B5$%2FVAUEy%h_=)AldRr|a7M*xSG=HS5V!
zA>`<FFCb7rTTnzPpYfs&-D}CAC$3&G$t62AIuY{NdN=7eC2>`N6#mc2(7W2<c413u
z@W8Ggm)sIjewC7TyhXn>RFgypzKfN{JvQcYdK{t8QwEcsGuFQ;_*kmCv9n9@kK?bb
zJK@enefgv1gQB)!7q-|SAJJ+maWk~@K{W%^m4DTLs}}rUIS+~Zbs#5ZQINoambT!-
zPY$k!{X>02Z;r6e)!$c~Z!yDh{C|wxH8M1;dSQK4RD?)H)_@NktS_5z=88O^iCT5_
z@*;sf0M;wXG*G9(U~q5Bo|WNyNotic3^QxuPXZJaoXsBX9J0O4<V;@K^ymLn7k&At
zg5nxy_^r1_&QVE&Z|}2-I-0F({Cn|PiIrA<=yTKkuzb8bRE}>#Rzwpy^psx;5-8+x
zkQ(0adhpDOni%1N2wMvDm<ThiAbR6zJ+oQ(f<>_@jP<L6W~#C=`ZrqrcUF-+EgAcD
zVLIU=mc>n$X~j1J4~yEuGQ$f$GwMAt{}x4~7jZ{Rcvvg%erR2ShI4~LNCHL8MW){K
zuX=?gd=AaB^cSpVO%gY`R3zk)Opwt3!8^C1#Zi<XhEw+n!T=zKR4bCgi+B!wA{R5Y
z%)x%ZOz&XlYnW&`BpV-dRx$+cz?KEd?4b~!Lv_!bHaZiZCNZGWx&?Hl4=lvsvS6I-
z{_KdOINn!l1KN7yXjW#mq5M4MVFxDq<ois6>#1X-sS{R?__5bnALGWI^|pj4Byy6i
zMJz>7)etAE=y+0<-v2}A_4ShMBax%dzZ_@gUo=nF`6cn5JjYR^Q45kjdrHS&JvDD|
zN1<7*(O`3BWB>bEPf|oEPwx=*u-|KgAQ=sl68}Iq=VLYepOHDIQw@fui@r9^lwGMt
zmP=ngIf)0WM01=>E-LL*knL#`O580Xk?mHX&mO}DymX=waV}L*`x&Germs(==x)z#
zPURfw!lX17j;6p~7Z4NrUk`rOhX-$7b>(xYX!jsQY)KfxvuE<Yy*4cz^wWQ3<Dbs5
zd;*`dw2TZISdH7x*PBzSAosk%1z<k8CHx6J0KbO$1EDFUcuL>Pt7~=V+J=1pOf<TS
z@19B+UraL>zUja5v&r0x=`_v&%XW60uT0#(9bx;fctUbqILGY8A4g++zUe!~+If_7
zM%`Ocl&gzt!Cl<2C^e&wd%;T^?&bfngGSa$O4>tL;QX4Ej}5*y`?SkWD2Zo1T%BFP
zsx*#G*Pd)4f!g)1|MoZ*{`I#CDt*PmS-Dl%KJftu?KZ1qs}Y~6o@sXUW43rtp0FqH
zw^nbIy@?)r7{TIt{opfZLde*dExcgR2v0#{(9YSwnD#{leM@+#y84&@fjOI_sKV5t
z|5nKX9Blq!Y?9c*PGq!iirpVa_`M!s3%~)$A?K8la~;4OvhM5U)qPXjdw?ES?$U3r
z_6pg#!pCZXA`&OFzFtPQfJpXH=k2;v3`YKyK+^NX9GAcgrW@?vJc$}YoPENhI1Vd`
zs+?6<XDSX)D8|?tsc6_l6PI-8GXlx<1)F33Dbe0o#5D_h)afpG@`zTNqLn4n%PxuE
zig&Ugeu^{U1_6KJ#&1D+N`H&91YsOvkzb2SS)K1{k5#R*4Q^w8&r{Y=Do*H-F16m_
zW^K|5(S3>E_XL$CqIF;N4cd<=KCqXqJS>zajC<iJFnKol`R{WF5vM*jI4O9geWXAD
zal1tM%4@H6etbUGA@tbk`4UM<vyIK4)t<096va?kdGS>(K|X?F@x5BKfu;Y$7@>qS
zLAg_${VvII<31Ijp}0D|0EmCKilX@=vk?qV{6H)yUT>XEX#+N(O1r}w2<N%>WHh*F
z#L_gca2($siXMN#1n+9M9hMlEzH1u+0ofAFM9OPJ8_l@Ujt~AY-JLJ$$Dj1Kiu!5y
z0MB3kQK?2bovhyRD8U_z$Lg%ryqOji-LU}GJ^PG2b$!s()A-0Pcg%RhqG4Ja29GGb
z6wr(KJGp+{Pc_e($6lM|uHgEN<fA{FA0EfvXp5N3k;!8{_-?x877}!n6BW+iZ1Yg9
zj;Y%1nMjBsD$MWHF3P#ISKQDe(4-m9&X<=&y-Zk>nRBtrd71C8dGv$RdM5ZLvy^g*
zLdFZY!{;#DWxWCq=ch?9Vk0SRftn;Xz)(o@|GG%{-qo$ScZU3o(BjuU*n1-lC`!Sk
z9!ha11&aTn)l9%Hovw9$>)x;b2+r5lhKnf<4c~xw>-YFO${@nNk=OVAPiODlBz>-{
z2#)>)OBF@!f3N)+gX$@^X#3)>H9gyWujwBX!G4!P<ZH*jXSOUf$?;)(Kkrz6+GYE~
zMkHKSG9kxhYiMaI_jfb;H1wW4q3N~Ccv%On_3RVl4N4l$iaSGcH`(JZe9N@{&MR3b
zsxaIX^uc3hFNjsJ*8KOvK}w?N(zNcUducbFp!pLYhb2BtE8o|7S~7FR>1?QV&0nRq
zy>rPq7C+$TQmU~I`?aX2X9~rZTOLdaKNZxs=#mA$MTM+d>VpgHwKTK2I6cUv$b3_&
zYe`IbpPtP8z)PS^&ij_wkC9bh(KIvB3{z*(Cg<{I3*jc4@-P}orv}LuoGrzgG@_UW
zTE#s&%p<LH=G&08P6w1SkNm9)sPqVBbFxpqWarnO*OLS^!7TN0nb#=@itZAZNqfGQ
zjF;{Mdgda-KlhVUO{)zTTn{ML1+7!z%(7!5VHb;ZRwph;Y~%O`2YWATuR2<jM95g*
z^gh$;2Mp%oOn6bBT5!5caO)iG#oq*-ed3N5*Ls_t*oP@ItRFc<{3X6RUz%71=QHr2
zq3g^O3}mvPorA(cI=%O%q@spj-{%3t-N3NiIEM`7s@hsLkm~~bYTj7baGoc@iUC-s
z<5GKMCZ&nFBtzt&taBF7obS&b8YvOOuAg5<XH(&Yh?BI7-DG!7D|-KjPU1Cnz|5L&
zU4PxJDbAm{ZuFW2$-W_(91Vmy)%85Gs9{{1x=bH_ytoIRD!8GVlZ*2~B%HGveZ-37
z{xA8S*2L182Y<x9@dZY97pF;&!God^2e<i$K7X^ScpL6LL02N<7@-eQic4M@osmJ0
zmOsPNTpBN4(K3B9)*?$WE@@;H)693j=8fqKN_F&D>22`R4IT1`*g=W9ox0s;jvm@u
zL#A#f>FutZ{7a&s_w~L7^S=I9z1`ZHMxBf1YTC8R!~~DbZTf3#$@)P7R+&Sgw3WA^
zp&wDu-X|!Jw^(Mj{f%_<?5+S1Wf8P|`1-hh!+kP*@4E~=`PZmgsl1HSMxWXJ_W)Ii
zkB{G9IpM|h7=DQPMgL|;Q$YV2CVrjIJxpyc6M57ga4pv7Hq@Q5Cka{J@|>EPY&&sl
zdBzkkA9tx=`57Vm)Z$N3sd>X|u|tr4+hpPVX=!Oq9G>yI_+>-FA)*6Wk+TFPpif&D
zj=w8t>#kgbl^F{B%H!QU_9}bH{|`(a$gVCaC6EI;_$%%Swhp8TN27WsPHwLUMZW`b
zxYAIdr{+&M=o1JtnaBtdP8;x^dhG$342xX3p@4U=`yO`u509T>Q{yU`sk$6XlkL5c
z_;SY*r-=8dsWB?{0~ILV#uBSZJoR>=6fyij*M-Xp)*zgn9!BlWfZ#59jYQTv6AMdU
zHfJUZNq(w$xq5yaU*aU!R^->%Ox@eTgPp{VhQ5b1Pzep{KKzjnv4>f)(&j_&g{tqa
zc<<bNxcaFs#uQ{mH#IfkfW-#t{W2XT_gkl_eJcGb^&*#|H`10)!nXl%48{ayx#k{~
z9(_9qs1z8Nm_S`!p=TACz1{7_`PVGjjqxXY;pj@CQViooVIzb>5%+V`NP8a84n#$l
z(jbmTEHTzT94SQ*u7SX28Y<zknWdxaa1d1}Mp!><hCOvVEkYDU@1UxxlV3L@7l?tu
z!-Z=A!DVj@`GNsDrKO*8<KvfDjxkq7j$ntk2FBY)(^ND=zI89Z2Ahurq8qqT!3&T^
z1nV&_tOQIKDQpXXzbkERZ8o4EF`{idUta!BP-L(CipIZbXS#9*V7xP6&YCv>rHVlS
ztjFFA$X^*uy}j+dM+yVa%4Y6@r2)c1c*;u=8$+db3vX|)$g|#3Pd2O*V!9-idu}0u
z6B|09^6MHs{?D)0xB}ruSsXE(!J6s?oW(or@};4;BbwcsBx|c5<4(D!ZA@=`U4@lr
ziE?^SQxu0Yaw@)<=&gV9ek@4qg7y4v+Rxtu%i+B&f|B!7^!aLG*9KF|>7y&1w#GD=
zw)e96)oxV$!z&<Z{84OcGA(;oR7k5N=*Lc}VZnY!t`=%}<C!!XN)I#@JPb%X5^d1I
z#+%KeSdO;<EXN?zQ_>1zRSHrn9rtHt!?Gewe*5`j3di}bo{!cItyR*xpYH@akXYfA
z13`&+%vQjs)ZY8XK3iv%lDMI8KU++aG<>G+!(~9gektAwA<~!vBJ%5;EF@2SY<+8b
z#W@JbB<8!~;b0;JH~b7e$9(^x(bX|J((nQ~-U>~cAW&`af;=0*)+W^(1C1DeB4CD8
z9_NFZ2n>-*@7DfpZg1Px17SJ9ob@ADdrdV$tck)wjdg_>;$+fCDp?}u1T$p3U*Ph1
z*BcXOuGQ~>OVkE{UUaqNg;1q`u!BsKHDL~2b}2(a{K(9higAU*RN!2Z1+Il@86TmS
z3Fad^lJn6=TFF)?+mCnd_gKXFnzB87xQ#C<;oMh+>n3=~fM*#;7%Hbr^pN$3upJMr
z#C;c337;qq<>P9U<U4~e(=V#CT!<skNimjTncYK4{tt2q2UDvj-Y^D#`Ttq~_(Vs6
zfmn)QL5V)DD{qfxRCk{qN-DEJ*r`*^S}Mh@bds#2gZu2DM-bdci{c?pOH6<HJ~t$&
z|8fYryt+p8Rx$>D&((O+Sn9sLv|!4t+!*J=YVZy3Bw$jvuhW!X3Jaz6IXVx6^G~#z
z9b#JhIW&saqBs{Dtw^0kr(pm;cebV63iaE!jP#|5Y3t^oG@=ltGZU_^SP_Ao)P|ab
zbSTBH^w<1bVYGZ7WcyB>$X^y#d;Z_Xnmek)g;44#^BZ8c2ZS*by>Kpn)d%7Va2w-7
z5+9e@%xz`yBr0nE2BE8);DCdUHbx!}Vm`WsoUk1NbP3R$bgo88v)+2+t`cdQ`5>wB
za8}B*dL27E3%?2<MI>Lhr!HFW#pts<V{(ocEju)SpOx)m*Sy(Enpyd@)2}N>*VOP?
z9ocV;gnoipSL$z0o@tAR6BYp<n%1fR3JH-s{PewE`)S1OJ4JWgRMTQZNAJvc=%!l{
z#y&E<)7|mUn3uy&)6#jiErHuj!P)bAnXyd<v7&xLmFFQB7#depS{g5+b-_I7$*?_5
zYp$zLZDJs0XR1oyeQq$_Wv<@Ob#{<1h&moez*zl~Vq^b-)28sf64wj8d8Cb}*WSF0
z;aqiksP%K{cpJec<iGU8XI?EI4SC9-lGUKoE;OErANmF}94pxZH^$U_hUl}4jDBsF
zQz!^*`n~ld6m-QvL}<Yt>Pq|BW^9wJo4cEFBcj*05AjE%UGtZSaB&ST<iy`+69tua
z;hFfN?=T}Sk55G*BpH-60C}LUkUm69&jDNl4h<kZ50(*yc{Vt&*~kg>fO`QjrR8q@
z1t96)2Bh@J%E}sNOFUW+2bjxqa7V%BKee!x6Z-Xw4dn9x>hBPpI(4lrizlpELT}e_
z4qIBn1ARLxr<;8}{qqtbo~B0qc))x5(~g@BnJqj|?pG_7d<@QzT_>LZ@jG0mSt`<?
zcZB5m?83Kv%Hmr+C@)<?Cx8EGeR610?3lx+YrLcN@|oZX-4tT@#lqLuG!eVqT1~s{
z3>zumJwgJLBzthFzK!IYnEGg|FTI6U5fXzRlLD@5M$WXh2Mzod14*bK^@^TcwB6(x
zF20*j!s2(vhCR|^S)8ATwVVW>HZe=w95#$8<jhd~P%7Ngv(+$`v|Z9jxnU=re$L2l
zK(v1BJuwGwEHJ2ins{fm^wx{51OY?iRvxk$@JJzNOp;}23kAFt1gfKEy$R{b2=(S!
znh9jw_A9#>yMCy$go!<^B7uh8MXgfK_D;RU#U~s*@_2i#Mfmmd)y~FEvIN%Pt2*hB
z9NTgdi$aa?ZH$c#=@sJ00*VdY#TE+LM)2On;8JUPok>NlnP8%z`!WZj8s<Iwd(JVg
z*Ka90@b`-iHoC&N9f2HgY4YyFJlDNpReCG2M|T>kO@j_G;dKN14(5E*R{|KMCbqs1
zI&OP^a*L`UsmIcYR#D^eRfy2EROC6}R%jKq!NA4E<>l6EjcHQuKKkPiMJV=U%H8Sl
zdqoJn>(dYW?9_kptLf2>cGwMj{7ki@7T_fR)@MJIH7ZTd$dn@V@HqhsLyv_{5~tH^
zUtR)s`NmMT14+D4@ggObSPNTg%6qVIb1^UcHIG~BBwSAS6Y_*{UOM1psJk^1N=O<U
zt&j+X9&bKX-+%Ll8vkQej!Q&=p#-rk<>30q1VO*wYA$>hQNQj#YGmS~!1t)LbNo%E
z9qRFQCP?>BQP!B7jvG<^k~asEU+rJL3!VG!>|1+NiUP)tzSRs~zu}W26NxEXk(1JI
zDbC89g71lqzB^1BSO^SJd0h{_#&rAk;z>cu**OKGaohxP+nz&!JCbgnqW{BsG!Qta
zL7#G^s$5P5cpLaX@6ed5vE*W0$e&=TK2t7#7&upfl(5h0??H)oFWOMN7>eL)|D+^a
zcT&VqXIt=j3IwGzF$X_sVL#kJtFRSW#>kea4c?W79J1731T(&?fQ|la^5d$>>Ra`(
z&xn-9r_neuO!)Q!E69W%&-N29Q@%DQlTT37Ykz?3{j2i?%pm%$B&lj$KN=wd8F!US
zyry{b)#$q!yKf&hrtk_nR6C;!!1=?oSNMWY!Fz=p1}H}cG6G;`$M-*9Tx^zFTh_q$
zH5z|z2pA(U7YM|ZdjI+JPAp@9SPn=8W^Brx0aeWtmWB5e#uJ{!qnEE+Tv>auckTVi
z)KZg}LL?u__VD&wz1HlNqZFdg9G3nTl#5oyC25_*CT14eWPIF%_nk=H{6gd>hV1Er
zbQog)G;EA|+7-&$%?MwMy--L}Z(3d)akJ7Z<qz`?>T@E~|2_(<AaYtvNwdIEljM-Q
zMd0uVDQF1i4U)`-3PjFwsz&a|I`~k(@MxZ(L~MPux@;@yE+MnVLzGk!t{D!qlnCZb
z!(_SwcZ7dhEhbJo2f;lwJCn{0(!X4v91q`l>ieXvghy?AclR{{0^Qxh@)@Vf4cJ$@
zKKNCk5&D&}&F4(MWn^|%i#nYhN~G(8cc6u_<#wvFzil@JtGnNs|9tLYi3OF=>?}F?
z3B}VFx*|f}RLX4#FNq;5tnZ)+H@`0**6up>+es88b0|1Kgtc&>_`@T*FQ`0XUdIF#
zCs$BNT1&^p<n1tec-_F}m$dHoYr15ohOOm}i$L6>6`$IrN$#od#%@-6Vxt?j&cwj8
z>^Y<8r&(K(d;BFe0|J7xaTw6QyskIC$l?KQgb_vXBZQOFf_FVL7(Oc#?dayVO58XG
z=&LtClj`#*`NV`c6WI4g!9Mq@H(sgV^W3}0AI&@82xh^OQbxK8lO6^ZlSm3u8^b71
zJEUKX@0QR74veV9@PFsJ^$khcDR|xKpB3e(W|(kj;)Me1v1(Y<c<8P73d}xsRhPey
z2W7Qz?xT}_TRq-j{A2wIrH89*ocmAeBH&_5w+YPd4KuYB3~v}@`#INb@hHfMH+L%a
z5H{<*2cuyA*O3W-av)VqC@Ea=lG`u5-3I5=?UX_t!b#02zRiR#<O2!?^FmoJ^G@>8
z4Kl=`n92MW+{f2)=IVjXfwutQql18X?Pq9R<W{cL;!)RxN|ZG^n)zQZB86`@Tqv7d
zzWv=QNNHbiXgFi^xjdtoi$nCwTr$#IX|jAL%`u6C0)wLvmP;v%5U`_UY#-W|x)f5q
zbxj(kd1y=n>19B!DM>2`S%+0_bc&I^j|8+asbHUL!FggK5IoSSffkdbH@Q-~nzSST
za=0DGBQFp3pu1mFx_WVb1MLlNqcadjguK~EHIQ0+(O>PVP3x08<cgE&?&qfoILG4)
z->(B}<U8^Upu-<Zy~hu<*C4O)=T;3<q>?)@Q^2{M%9*vZpJvk%${58CDfjJc3bb*~
zp9NQt)dlL~wRbOxT2$go)_dvU4?5yjQ+UA%KN#F)Y)i`jY0VK4ct3@I)0sfG{BdLa
z$05!P4Vr4+oA<`|Q75Zj-o9>Z$*_-h#rJ>k2{c<3cKC<nM%XnchrQ!tBx=)m$T5>1
zXh)XJF^q1lskF27x%0hc0fxk^C!Ng)P(0PO95ngyku131V2AKs_IU~Kxk?7N+gIZ5
z?k7I?mR@(zc?BF<cLgl#X$-#Ur)RFKj7E7df(qhgfgS)l5~C13&};G5Lce1wSzAvp
zAqZu(nrov}Q@_kNfZU+CZSwFJ!_9_w*!;ZKCM-_-^mVPC6<(BeI#k8WyveZkdfsF?
zyBF=Y6pmJIM(p-z0u*NnAx=M^ZBlXg?AD&mZC}$_u^k8BqXP_S|M%NwMHZSi_+1lz
zdKfyz(11%{!|B=f!;xpd$MciELL8*4?shvb^j#){lMc01kyg?bS}bRE|3Ez}xKhuD
z>DZ}8XLudk93zd@b8}r?mXd1td%!o)qJeBPJ>8(g!^4`ny?_u5u=^vcs^oAo3H?E~
zMasaMy|;JD&F~=LOu(P&(EdHX1q!8yr}0i#QnmrY%h`;UaC+~?Y|qzOh98Kcp4d^@
zIV+<XG?U4gg_7BSq8kawKJui|^5=dSCcgK$K9=|vNiv>L6q_E|cfUC2u?*AL4~cF#
zsBn#<4`$SO68cCb@9%;Ib9J$O=Ixy0ehdD}<V)7nABylfwkaBvc;sw+Oe0?1rmn57
zmwrindCfy(dVl31tt#G}A{-?idCz_KUlXV}gc$6I>zBGMiblkZR$uG<ooxT-eF0B)
zu~B#~yX^b6xMJzU0ZO;-i?7>(u7oXg()i{bsXM%i)E^A;B=daD+`a>(-e{zEk|zW4
zg%duue9kxxK}E{Z5oON3@p_zb5m8niRO`O?F$BEe02jLxCjJX$9EtFi0RE!C+D+wO
zAh5k*(ABS#A?p*eF!rLeT*L3Wu==)1FR~9YWP);-vOLo|qFVAD$2btDgH~dS3lz6g
zSo)=^vva$%aYBk6q7S35KkdtRAog{p7iU%>{6oZr^`%}ZdU0>F#+XjAn4Mkg@jG?}
zUETDMO&|pXnJfS%SQHcxfHl&I+5cMydH^8B|24i<{U7=QY<dDO@^z~M-&Y&f)cjFf
zGpzRBnaa3fiE?<!6B2Ti6iUXFl^M85TfreI(;X2i$ds09^NBtwjg(|*vYED#T>f49
zFY0R?wxk!9Y#a%+d2-z_uVg>!-xKY|yD{+`@qwLpUr$;zNX3<COz;QXi2qD;d$o=4
z-cW~p@SBjt@rG@C{rS40Ud<;5&L4Q5O#f_VmkVFgRthFUFqBp~h%?P6Au)Gm5s)t}
zrk3khG?R$b2|?{cjv+1Cif89vad}pz7EMV%{gTPkVpUqFB}pGtq~O^u7bTLYm6EFR
zy|@W<ZDA`mlc)^TMQuCu`hKG_%O$n@EP_RmY7dX!wfj&otnJ-`Nkmh{#Ftplq~Qia
zEO0YAU5sf+d!EzgkE(9bIsf$~#8@+BO4`U2*v(*|85I1@S}tfF8gDrHbsth3cVl<N
z_9#js$qTKqYqAbe(Cze$blHb`r4JN_10JCK?m`E`@WbRSUd5hKdBTkACFjC~-Fh2m
zKtX#G(o2OxiCz|LLTl)ajVtBZ_181Zl;^<KU-%-wCXaV+@3h|K4;ZNaX7rJhpWiI-
zW0S*1U5!q>Wb_hqz~tCATT#BTt#V*GQ`FV9G#Xbd9M1<c<*+-=H{jg3EU>)72wW11
zm`i(h+?Jb8Y74M9@~ru@bygi%AdGKM?Ov9>=-cDu#4~)AW`blnQ*|d*!-yoc=GTQJ
z<rR7a^vUkbdOPo+q98RB6T7gqd(ukKJmaV)FF#GCkv>Y8e5%4@90=dn!X-Y>?O0Gv
zaTO_f%Tvy4KQ&2bi$$%v0k3#l2KJXU-<x)!8u^-DbuQ^2e@!m#xUkY46}Rz4aa*po
zn_gt~O<4=?n(~iE#bHV$wx=3b`ZW_RLk%kJn=TmovTa3g+rFun#LmfL_hv(-71Oer
z3o{Tcmd(gm2WNrYj?+Gbe&W^R_Stdr@;VR0Y^lw9tW^TZhkD+l4n({0O{)rI2qfj6
zQu-12QM^npl)DiEViC;E++Pt?DbI~s5Zg#kEZvSpidZjvKx@lY1m1;)=XQ*qMHA#-
zOMdE&zKD_?j76@5SI_<(9+!eZ<8d9+<22fELV^1?`q4Wiwl;iY+e8}}0)fQRtN7&^
zh)^gT-}0(9JO_Ga5KsrFC%d09kg`UJd$kDx5U^0s4FjV5I-u*_1w!dIA6Y@zXQ20j
zb&uMtfSCtaj<tUpW3h6re1n+&;E&a#G#juROxJLIrbJP{9Lczq$cm)z*ph}<;mL(`
zZxBtzJWv=IByi3=QqDRMG>~3-SsYWwXyAy;KX`vS>-K9py9XBM4n}0RXva*96Te+P
zQV`3$N6+@|Su!=P{`Qfj-PDUMK7;#=RMj^)Lx}GJ($G$zhx&96q6I$S3U{do_`Ug+
z;`a0%wz(6=n*!X_mgW;mp#>F#PcFp8>TIHyEq#A1GARZlAEme%@<~Z;kX9=$?8j$p
zXY=>C4O<ofJ=|0meO6O+GGtuXthIMZtE?Qnz)z6r+Id(w{T-t$8z-1O$e%Z0A$x)G
zE`x&GkQ~7o+k4;m`M@}btUu#BN#FAK3z0`pF27$t*c)8UIg37QNQM-#?ijW5c%jGF
zHsXzS7jog3cXwx`NZcvv8K5d$2pB!v&zLFIjoaZA!$*_S5NUmbGB%Xy<P`C-<TofR
zKONU#qtIf6bj|5{DG<8XyaVZjFhH*{)ih%qIIEXROG^>euL^8nuHM1gCW&|E-j>bI
z%(U5*AAp<Rb^0zdrPrR3(RiDMu+t6)H%S?i<*`eL_IN{*lvFK3K2v6)c1#U7fQxm9
zgC~oxEFh~%_|34Xs`I{C?IiQ#zyO#4wZ^oEmjvRi+>@K7l9`LNM`0gG&UHS2AJ9=*
zZdJXmGby@Y(Og1dYxYXqS<*WEJF0XP2bV#gUYvZGWvDdkj58?2H&5_aj5%k%b+SUc
z=vF9udB6%m;*$yLnV<zn|7bY&1}N<l?BomQ`H8b4ss+9bKhPh1{_P!<RNB)%)Gj#j
zP4Sa%ZCOaJHKSO4C#NFMV>5-g=~2A&SRnO%Sa&*m9fR7S`TZh)FmDOkSwV>ZYwln{
z1OlK-WPuSqR%lggd%B6~D5AVoE4+hP$Cx19u8Y~vHnKox%D)ryljh+SWhR;yx#KMe
zTc)l0lDZ}6&Kb)Q;n~?xp`)YYz6^>Y;aSq5L&aqy8tJyf019atX*<C#O>|Pf*9azD
z`m+rsr5~NZdvFI!p&`*jI8MEFM+bBb<|+5Gk}$9#j~BwAugaD2mW9D+B@TF+X8kpP
z>w)wI;D3=HdoOwYBWNWel{oV9x^WyW^>r53bDh>t4As5AK5ZVyT9SMSKJB|>jk=jL
z#Z%8fn^CkdjU1)Bd4rz>s(WIQ^@VJ^Y+hR850NhU`!S7r>5umori`ih=l;+-CgOQF
zi%V2JxuGH$-?TZ@pmxUpoL5laXA4$M@+Mr*oVkNHjqGC-?Xl?$|5IDOXc|54?0-)=
zv)u<<HT+qp2uzBD6^(4eLV6#Ll};k-W!kfqqwh0Bnm18JJ-e)9<~~<izkR^UyQo<E
z)S=IUb*`mJ<bCYxwCa~H$Mf#Vc87{Jg&b_-WPR<-g!d$?BJ>9tio8Ed&oMc|&zEVy
zjKL_VG8Nj{d3UxPA1%ZXSxRHGt=wJci4Dpc<Oj{0&|0$E!`Q<waBA$uB@VO9IsMX3
z@xj&#rlV(c;>Y~V(_r&8X^35m8ry<lu?R)8<heOsL_u^1aOP-KS8g=mwHR*+F2nn{
z-zs;*)sY$)(occvv$xg|_x3s(ukPDy<$~x(&`Y|)exw*C<<dhRyMpUgCe;s3RfC#2
zYk#k!AF51)i0QLsjIYVfdXH}%|McybhMfWG+~z{ZXq+5&19tw#o@oh`oYPZNya1uI
z)IVrh4?p(WfzkF?m(1-U;mncP0D3Z4)jI98=Hrn?vTuLk^;j{256`nGt52lvaud&8
ze`4a*S=8y@r9d67M*lGRJ==TLDY@P7riixtGLEs0ZQr9+dJ(+vFFxTrwg<}lXZ=sv
zhB)V0b4u6mg*hKp`rgmu=gIT<()8d+!Cm|8I2`}6w1xb*TlWplu=Dbzp5hkklcb_}
zlS=!UEAVV+>o}s}q$E<K`g8IV4OC}+oX?}Lg3_^*ekrpqzWk4LqPFw7xH3w3!YyMM
zF^^S$e37C=JJ{zUE>14KXj+5mRJS1qHb~4tRQmWLF}LSz;LYd#Lf>N>4Dw5lIF=#<
zD&a?AFZRqq8;H58H;-2w#v1h2;OFhV&^Hkgi_0MtWQJYAynl!diV(;1e{Ri4nnGy2
z9WUg0d5AF1U_HN%V)6Lee;**G<Y(h^4#rW4+b;U?*-;f*9Z06Fj!xw9csTkrUG97A
z_t~01P|}LC=a{UQna1NQUG9(7A({r?qd*q&;Czq+LD5JDBBuekq6LHxz#`i0y$4dA
zieD9kmGFZU0sy)2;DBl>?_a&&CCia_Jv=E)ncHI@WEI>JQZ7pyddqd!jGa~GJ>Ok%
zKA$Le>`>vqBqlZuE=`yLVq>Mr!t^uotts~I5XJkS^(_^JQQ-|fl(g3)WMgZJH6^vP
zTVMJ}zs{m`Wi1`u6kH||k{!{kHO@F6gFJHl)miTKq}zQaw(PjBs6u;#4<tbnQ7}sr
zxyvjwg<T%Kl(?N$hY{D&dh1fM89+8)_RFNU^cW#2bW4KKxEi&?*)~&ZLjL=Moa8S>
z?4y)Za&nlBeGW@IuvnN)Mn^#2rwr+-H14J%z6Y4Ci526|XQ=5z2RQT+4Hp-OQL<<h
zclDnw3hHyVYi*VOy<9;@BPGf)1__ebLk!D|RP%t}2~1Jj;w+a8Lj6uUQd{il<;#7v
zUAgdsUhp9Vd7NFn4UwteVzIO2<6C+QbLkJ?Rjg4=n03&h1h<|5KU)jL*AIPOLP(}u
zI`pg@yw#?C_rRT@V0^1QV_*$r+5QgwxqEu?@S!`49XU~DMaB87H-K3By|rd9viN%d
z&TR&a&A?>(_;4Z=S59JT>Ri8Y{Nf>1=f%mgWpCUMD^Fi9(WK1nrTw6GKlvc_&sMtr
zG^}`^MO0~dw%%ho(-_+o;#(!Vz6%r&b2Y^)_R)Xg66a1Nt^AbeOg$IE8M9Z7d;5hT
zPmMwp3r&1ngD_fjBbx-Dc#;>kLGdZTFh@lB$y}dmJIF(M=gIb}J=kzwe5{H4TUrO0
zZ2+!v)yr`pND-p2*O`y#OEKn6-#9&p87cVsW1^FVBK(6-Lkxj$YsL2FpU=so51;*=
z)GCtP#L5<b^PHQU#9>V*97RFdtI+Ha8+mlpb9f)TWKR6yv%+|YhkFHHes%ox_mhV(
zq%Vr2lt{EIH88oVKzMheR#5l1AO*_lUA=V1Cg%bQzHF~D19~Rq*Nah3Pk-c>^aQ;&
z7q)VyXVQ24B@A(I>$nf_RL&8ZNfY~zR^XE-n;38Qn8HhB!xv3xZq%lHmGCc(wozhE
zMxT{mwIQ%opBWbhgHsNk(&r-t>~BE*@MmssWO7npTQ}iw7EG-BhvT?){2y*Y9=u{x
z&g=Ha1ai;I!|1+y(`(Lhn@{id#}AyeYpn;{{DNd<m0fo%>ztJwk@nopakMHMa+*rI
zjn66Tas4aT-kY*4pQv4aWH$9SpnTn)^a2mDiOV_Ai>LojX+81g^<ORxZ@Pubv@8(9
zd#@7j5t&*Be6-B#?8Yn%=2wLZ{hk%pYZfiunAP^aUxmY)U)wuES1*wAKF&_XK%aHk
zjB2~rH}-*0FZ%J#@glo`Kh<>!#ijZ2!j&cY<+rfzr;AAwQIJ(nbS&5|QGb)h^HCYX
z36Rb~9)?k30g=^b&<^eHl1uxqg>jFtNMLu8s_9THu0{N?8O(sJhc0#x0NGCjUa0c@
z=|v7c!(5tSUCoSw5UwYjhy5ix4S-s>nvpTc|H^(Dew;KqSJ8JU=;z)pWfF&I><3SU
zXc{4nq3Jyv4$DXFO`|jFmE<nRxd*f$lD<gGv7H`JsMp*uitboC22?lbnWb3)xVU?C
zR3>-G(TeNO7uF26)4r4fOwni@#K!k$(Dl!p8XHzl<u$sbyq86&#1eC){UrIK0-F|H
zi*StjuznvcLE);J6vS87i-#39vSpbRc;~+LfZQkM?YVya<gQ13xolh7a`vcVmE6|2
zIR8}Z#qxF4ucFkLWwnHRL`sDHbkz*mBn_y-GI+(EPQfM#I4scnl-%k49*=pv-@r|+
zLf;k%feurR;jFlB<aUD5-RXUM%kE;)KSZSU#0PtI4a77r=qAjPm*C}TdS)vt_O~H8
zGj<OgIYUE3mCFbhto<r{v(xJpS^_&FUT<_IS@=k&?=RMdJe$co5~)E$mS}j5`-H%s
zx)8)&k$$98#9kZ%?S6DR-HEJ=TXDv=RmsoEy=YFX;K&F_I?PD-jF0GIswj*?pwCTF
z5cMHqu)h~dpVH$?k%m#6uVNM#A;<oLt(rf8s|E*-FLJIhKQ9k_hjvmBTtj$yz1rK`
z6HAJ~%>+K$@vYd?2D!tK(El-UHx(BEP(hpt?A@27xHFv2c;-w}QnX=Kg*cWjlyNuw
z)heb%Q`M>yI2l8T<fR)sZ=`7`-pft8Eoj@b-j+GBJaF>`n-qF@?O4>CB;&bB6i(2j
z0s<A=#?>9$)xWgCaw*CYJA9Yi-md$G(n-0Yug%nS>QEB*&uNhqCQ~E}GxOs5I!|ZM
zN=y5x8hK;crIK1{?B9l}d+lwj*0Rwnc&Q`!gYmOJ^!_}lSlvWLYP=#;NQcT0nk=5x
z1|5)<Z_YLgE(BVsh5h}fU6*bc<uT)4<iEnLK`!j^No5kW+Dou-cJ^{v3@L2VUV_=W
zVNZRD{xGQ>>|xasHQEQ687K*MO$-g0p51B*M@RepwN<T_>=<rHIYUYlND`W?VW5^}
zgo73ftvwU>GS$Z+m2Khkc=4z8l8`{Ca?DL<ITof0gM^#lW59$huowIS-CfCOWZcm@
zliu$`p-{-*;KAf|U;Eip@;mg6#^Z-nqaa4mxZs5!7!^a{4<u@2ut5-OQ~i=Z43yD8
zVhrwc;AOScrfqYs=I<%tPjy-8KRGe+Zx$g63eVzQSl1PAJG+}g=4EM3rMc$+|Fr<6
z<{lB8`QJ`+2JWi7sxW`|`eV!VNOekkOo^S&O2^1~j{@uIR%?jK@OD_Lrj9mI)%C1B
zu{%X4xdiUdociU>!VAY_)~*%$tShqIH2}nT5r-A6){~+1r%pf=au2g@P0?(T)1Fim
zj!Mg3FZ$hA(HJT%N8<WaD@qV!Ioa7EnnBaWYkB59(kG;|Ys(+65<h*$qgIh5Xz<>o
z_39h~ay$D_V0eZo5+Hy;EH(uY7KS4Fwydy0$mXbgaP79&HiG{s07yx$c$XH0m;UF=
z#V1WBl5>p}#@+A^_SL6ikag|dONY6d(2UFN4-DQSkffOCN@xBdOGnS-{`nfjA`4yD
zdX}1|@fo3mopvwE;Gmeh4WZm!i}!w@L9|YACo<VA@VDMq$XDDr;=-#GjX~f&tweGd
zmJhHS0)7NoEavM^fo0&>R`d`^`*zRH=()MM@nG3QM8K&6#x_t&*5u{+ul{D6U;p7s
zmNLYAvm~rQhk2u0>y`BT459>?MLKdKyCc~-%)5YIjo;VI4Su=&Wt)f_GK$j5V%ej>
zp+V66vfB5Hr`Wa-q(~iBqg>{VEzd)z&bq2xeEFFA#Y0<pi*7bOA|o<htbv0~&rh>F
zNp646xSVRbetSfE$x51e34{oGuCLX*sXv|WAf|zBPUSXHpL>`(8g8Jzl}FV6`(cc0
z+b>96p*pw9<>a@j?i?(VAv+h`(b*PODfGjctU`kJyEt^q_wlmma*rhj?y(PBLWysT
zprDpTgf#Pl7IvA=^rCXjWUD9{n$WD>a>fQ6@6m(B%^q|UfrNJT*5)_{5Ql{+P+>m=
z<URukRJfb%MuZ-?{lnl6tMI7P)ip%oamy+M9`wX4GtwX8i5JZIOjzTIy{ue@y9AE_
zJY5Ql)WXiSVze6Hl)pl0f*k;?!npI`BLL7G3V)ED-~^^t0U4inWo<1f3<G=4KpyNT
znu61}N8m|I2&*^VW02$cB`r0`klv-c!avIO?Dg`dV!zXnP$ap~JT2?E{nTf}lPA81
zGqDPpZ4-ug7Dc#XkCje|KHnQwRbdmkDPhC|Mn<2j`7Q-M%Ja3|Qk*`!zxw`|D3q+6
z9l!DB4FSz+Vg-ezAg|%m1DA+ct!2@R#T;_r17Ptz>iJI8+N{;}QYXs6nnL$}WJV5!
zrTw9Jjrc3L*Fr{XxoSG^eY>jdR;sDSh9{A1zPHcuTR7Cr;=j@=AlRVk1Au$Tp05Z3
z5>*l#R1D_?6_MT&ywAHjV`406an7V0*_+}XdDWBjB<6M^DIP7O2^Z;D`U$)D9S+gc
zhXdrLSdSDm3pwH0dUo`p=oSy#A^2DG<+JD|H52448tUjnXs@F;+At$G(Bm$L?pF|-
z+HDJHF97=KzIwcgDP8_qm|g6$J7rT2;O#E|k&VwFmuJ2{cWoe}7D%GR*$;qV7{oC+
z5(4KfUgN2k3{aor`M=1&0kRhz-JbGnq8-p$TrY&1ct<?~1Vl^hcKPx4N|78(*&BmF
zWn{^Lku8?RwD}AQbMscj=Ctg~MDu~tp2YG@@CrR*dXDgy;#0NSmLvbpb2OK2TJY=S
z6Qdhw%*F1=z1-S4-WYNh3N)TnV;wS?m^=~N?VN}gB&rj<`Q-<w<~)wp%^&C~9C}cB
z*{ARs8%o;^?Z-$eBZ{;>3S?C|GTZUn+)7yvODZ#{uS9clr@l7}Pg1ZLO+2Y!oN#*>
z`%9d!6d!tJ!YC+(^Br?7;J-&om6xY(;fg^ZF?zb8TC$#jV7x3o)=qZnoNb$yI>M_x
zJ!uKfy=AnNK{4M`@)SGQi?lqoJUdl^?7`0fF9p986~SdgN%>^-b<AOv-U7UUZ)%?j
zY92S+PRfAhG_e-}II`#KNv3|o)eKuZ;NUxs>hhF;%HvKK|2v|ZA;vFI{bwn9vUW@T
zni75-|C{0Xz(kLex!_0ys{)1!faZKH+?uKePz+Vu8pH5=$sB-eyI8|O1&j;RRTLV=
z|Iqj3#xl#dZdQD;Ah`~O4i%1gNrtUR+a0`(H_1NIoB;wC-e?J8dN%3P?;0;wIhm?S
zrLs~VJSqN?;yV^lQWU#AK%9>=5~Qr~Bb>VDI4_c4fPrVG-<l+*j`L9qb4PB~0ByUK
zEeikdgsE@by6v{Pgftf9Y)aBEqs$PT87uUnQNrVk;v3&_VCCbAtx?%i)?DA;XfYV*
z|6LB`xX5XHv8GQC-_rZ_sI0|LMFZ^+snX7t6MuU^GZh@Q!NDLC1AZSH9ThdWcUstq
z=<Vo1Yq`w3qB5M0rMj+898hmD&LeMpi5TgFB(TxsDQJ~Ltt<p>-f;sjbXQMs74b}p
zWvXrq6RmVlix?_)SvC<d-?5Q>0^cZJIc47=UCk(wM8JXa7V$aTcb{Ml!4k|Gci~lk
zzy(v!eZ~)hHw16xOxh}eEdiT9I{FKy2vbvejz`@TxMc^q9k}Qx;`w)%)ZIzD7ykHb
zrey5IP?qilw>p)tPVzy{Hx%Ra<PBV@A7zRJ;tEuPS|JxBcry=vb)Y8F-U?Nkuum0q
zr+?Wmw_iD~{Tp;VPMjpDqhmeu=fk5-+T*x!gXwphhl<)aU90WlvHwKVV$7T@WOn~m
z2LLWCP+?k?EORSVuRG%6u;w5ya$uEYi;YzDbU?%AAj3CyP}!Lyyk%9qqOHd}XD;03
zUPbBN-GI4I&|jVE%K(bqc_1U%If+8N9XM@5w2T;ueA8Z!XB^mcs8o|#sTglUCeEM`
zr}n>t(S~Y=6AegX?A#6->QAe!;#f58pni4dr1i^I@iVNe-*OdLYGEkhQIPQ-HFPyP
zhmhr8JuW10gmA^KEXFk)J=+p=S+QILA``JL=u`+g?Vj}pensb`hzb%@;ba&LOhf6~
z+1|cdU-T;1LqBn*a{zZdUY^cYf%Q4igsgwU>!8n3k5lS#8(XMe9+Hm?Z87h`4&NG6
zaXRS5Z{{EnJx(wpR*B~^${C7znI^s|DKw%xr*Xc1@*<kH^Chd9LH@JzUEi&HLO7^A
zwIl0118LoikM>Z7iv98UdHXdDVgvrDzKhrQ$@n~qeGQwIW!)6w`1Gh0R6Dd!!bEtD
zyPtH#RxJClg4n&~u!PioQ4PPE#$1}>bh%^MS+1Sp-W6xK$&pSnIJr-xq^0ppx(835
z)_~NnTUgNZ^u%LP4Oj&R?t+)s%G9N9Rwk7%+hDf3#ts|~zb_#t{oc3gsV|?6SC3D$
zNbn9&zcerwgJwJR;+jubM4$k9meVM58kvU>|GqHx(5rRFIlZi0p~t5h4aeRCV#PUp
zutmP2H)_{R{4(M&YWl{<eJGYWz=<xRGky!0X0%k@&Onlh!+^*iG{X~9Q_W!OoScZl
z8jWh*B4J>13KQ^!*n^}FkagmFD6IhN+atsg*Q4dHLn9sf9oo@+cs)SAs*=E`K8#b{
zTK&6zn_K>^cgi9gO;70TO?C>>a(wzlSQnR7o&!^msVb>KS!J=r#~8IwKOM*o?dh(^
zP#UCA%ke}KA}a7%qZq?O#suf|&XadyPE^G`aEm?Jeb2hMS+eUjU)>O66l3RW;ciIa
zQ`lC%s62{H=k)wI7GE0#XAJ+|=|wa57pW6XSMQAeb;;)E&D!whvA3B})WLG=pYYRB
zbaY`JFDl#w18{KfRR~OY+F{SExHv{R>_qK(m5gSrh;A_2z3YG@yGvRH{iycH-%YP!
zMke+?3QRFqh^7BhL61wI&9HM=^wo=bzA7Hm?HAhlxnMYEVv8?~){qMuYu#c=hk`r9
z=SGpxIW^W?M#bdqxAil`)*51rb&A5Bv`;=WKaXVg!f}#E3?z4u!+^@YUP?yh*ysJk
z>?hhwKe(alE8QDYYDx=C^|@M+Vs>WKrECimPc=T)d|3}1g|)l6)fyEqHt1wsntkQ-
zIZ$($B_Mv37vPiR-(mKh|E)zZUZ>$AC3ehlpU!FQda@ep=kzAg4?)2UA{j+&@HpI#
zz2QI4l}KVv+@~ss=J0D>c9z0)8}@M<>$APrPYLq`dn!wo!?MDDbtw~P5{T28<U5@I
zsm!UKSkJT@K_&2ga%K-f$F3(ZwzPh@<l|<Naq7V`e}eYY&2v5HT9JM#%-~OQ1TzkR
zfg%)YX`yJ_b2K-vZ?+Gbn4>ZYg2d&!clh6lfS`DthD#u5t-IRY{b^FFTDvUh*;ZuV
zasIww^;9dO+p#~_;Ti<!sy-u=yE`;T)ED24#xg*;{>xW7{ogFA(6i)Z<z`iZvEG_V
z`xnZ?V_s0jtRa2@qo#WkeD)tkD-oebn_a>`B<t6V(`Z&aFTW1tYJiV`Wdb|X8ld{u
z!Pu|E_N(jyj9D>oHQ_j7_(>1wz4v_c>Dyo`-1}6%jI>Ygzh|HRs_;FW{4_jj$UWG`
zyR9+2R3#-WmL&cz^+Au2Hd)mtKCYCpHm<id&I*HyPjMBx#a>w(87@EU+fXITA6cCt
zU<nsBlj63*q$ps%7kDKE2%lJ_-ovn7_V};w)UZsyyWH{h{<U7up?lxFp=dmk1=rA-
z^7hC}CLQG46vaQ5Vai_%ZJ+(^v!PkC;chRZ?><QmD&3x_pj1s3ayZQYD{TB~9Egit
z?7gD*?*O`}?*PsuniSUX1*$4ZUxRDZ{maXheeI=>UBa70MW^<(Oeia(bhbYuW{myb
z4oN@3N+ix;=2S&09ykMc(G`;?gS-t15jH?*2nZg)EEI4$B<*LMYfQI>d9;oV%|57L
zx=8))AO&rm+=dFH5!hatxg*S;KVwMBuli!LR#6ZR5r3Ng$EbEJRSY;AxL_dJ76%4o
zzQAVffbWr6Z~M1e2&U8jFtZzvi#;KGIEEJU<OWsqhVIkto~GesmVsBDp$`bSDh{nu
zjGR`AErp0x$S>pCBB8On-yBvmo1&gRnZxtMg%M@GO!OIto^%b!$KpTQw&qZfN~vn6
zV)#irMkhaV)<t}2I`zhLR@pZcAkhEl@c)uB9yk4nOQPkr%MP67mIR<h{tx|nm!!@0
zIfCW$61at|(p;y?^A}prwqwuZFKoMm|8@UZZrk;Kh;^Ys*s9>sT85fn7PSB~ejhsB
zgFkfx-M;bJGy8bihz4(6Z1Q0g!mt}z_xIj$LfO4dTRTr*3{vV43LvB)gPi8V(GF7w
zC;2EAJB;5NRG9+m_bIhvF<>!yBLaQiV4SX#hMIq<U0sTm@3E)+8AOgjwZuSXsB=+9
z1Z(t>RR(7AeMuP^yIo-~z@!2&6IjlUE_^`&ZeRRT9QG5?ZJ8zfq5dhNXT3A4t?`<F
zKO`u3%lfY<nudLd`IMXg9raTpDssN}M+T|#0yTe1YDwcH=h|hB97(cW$?CZxva8mA
z6xR!-#re}Oc1ZW8OU0ep1=Y=;q&kbTIp%@vCXF&$Z$5X&;VZTyMjlg#*F1e3!7Weh
z{?aC8rpA>9kP>zVo+=6DChe)=5m@<(zt2|eO6F+!4@(X>2Y=*r@uB-gTXC&jyq`&1
z?!MCeT_bUs5NVpqHQ}5iy6!be7s(F|e`12PcXxMP>)ahF&)qPHO3Yk?FX>)=CB$%+
zB<W<LI@N}$i9p<=_>sI?vIGfVDM$dVIk@>)AH3NdF~q#rjX@l)-V=eV%)A`4#7vJ{
zVw63-B04`s1UO~vk8FK`=B{78${_vVL=8vM(zi%r0FH<vtVu-mVctnC^Hl)P$z=m6
z))FapAM)O-=XP$ja!dg_0oYSrU6}vLL{uR`4p@HRB-_8$3}w_;?$~p5p?p5j-i^EC
zshYmES+VxKZ(~xVbPgKn{Wo22od=TFr$$cfYR5{@pKqQh68OU@V`=ZG`RQ0yhCjE$
z!<CySv{2$wVPp4$u)cbJ0WlTR_dsE(gVy%CEFm{tE!`&iwEd9zH6G5`hZfk)_{q41
z%Ald9v82sYhNE*$Zun;2hbZD{?w0`%o7dVHI@(^_;bg_HA>Jv}uv1Wvx;utMg@?Xu
z%;?2yT$l1Oo}~HHwJ;(3D6s9$mO}%3hDgFUMLgH=gX#^0poOfKlf96WVj6Um3!kha
zDv8#fzAH-g@6DX?t?-!eAJ2xDgZMPe@u@AxLWN~_7m1}dO;7xdC6&~_>`WYcgg9wC
znAs`X{aG}++`PsFvaxc|Po^%RojGizRVlg^J_Cmk=OY<W%NY($h$9t&ul)#_N(q7c
zeq30Gb_l{`K&n?$!_m=hW&e++uMCT_`@SZnJEcaDl$Oqs21QU>x&)Q(5Euywkq+q+
zrAwq^=pm#YK$@Xbq+x(z?)UchUjI+?W#*chbDy)%-fOMBcH<z>TLu89!mu#OWYkr2
z2Qy~*uO!e3IUGC@J+VsgiUweJ##?2Vj*YJpc5YsrCD;wfi~O=-+4RS74dtLf5FuRh
z$_hvewB_bz%iH_|x_4uE6{tK~x-~#O!Lma=)uViV^acbN{3WmqQumsm9Vjc+(7T59
zQ3t#2FUacE&ZB@j6Ztdib&*U(8RH@yW|9}rKgf6#q@3ArJk1)GiYh^MOa2z3vrgkn
zoG~TpUkvmd>Nn>Zb8)U25Yvw)v|`=cUnOo-agWIwDeO4dO)w}h3+r5WGdQZO*e6&s
z+BBaTA{vPHJNpr$cvM{zr_PlgzMV1gQkbd;I1$F+o-;yBIG3!+@0Ky>Ox&`8ZWF1+
zq3$criKo(8T@OhDMnWorjS<+F`c<_bwlh?-UpV}hXl=8n=e?8w{IP|(YewPuSghN~
zlvB@^0<d#DU>(M|zk&iF;HvgASbYeQ0Ayz`9A)A+pxc)$PS@y7N}%~Un!=Q|7qG1>
z&WBxd4KnY*?YG0xQ8$nQ*x-fL!IU)MIy;Ke5OV8*W`C~qyUe|DTL%I$#uZ$5=#g<l
z^B^Vw<F^F4Gq~+Wj4hGfwmo(D?XwPFaqWdwC6LiMqgXCL#mRaC=oGA4ym)lw4K}&A
zE$e_*FIT7&yZ;@64m8NOI>Vuws^G-+kI_F>{I}1&CFKy-f-&6!d_;Xe;+uT1?698?
zl=qW`d;Le6_gqcaXX?aEOKtJZhu#&Ddtu2g<3kgRS~u@0V{dJ3Ut|V8Q$%XT)|3+r
z_tr@qFA&YAd}oWjn^Ylx_B+YCU;Qr9H$Ztp`LU$>rQfv7L18N>dk?(%^Y&e=><#kW
zdm-&zu&-w^?v@)G)@#_-eq)G`?W6pPnanE}?ANeZuai|Q5(@a-{F?P6o_+t$Sw&B`
zhmZ<3t^)ZP^7mdoaLtf4s^jkFFLwgGMb{WT3%u0TO;|<l{2YauyL1R+JQR5_Zesux
zI29Y+5gRreh2jI#XuF)pFUv0|8Ze;WBlu(Xc#a_#ea2Qnr3sL6IHc{>T|Ub1y+srZ
zv&E1#?%1?x#f0|yHhzI_t8v17)j`YxF@S*Zr4MVz@~klcrS?Ex?V8`lU0(!_a`Ze7
z3gz{AjJ9T{N(zolj4lnLA&Vg#cMy}!93OXrdmc-0<FhX2nm~1ExNLA<I&GZfY`TwB
z2ypW^AZBQu+xwFu+cpjsuL-R+?W;JGaenjA9L*87b1eBN_o$ljV0Oif{hAdHKg3-*
z#T_0?bJl5=<%<;9aMfX}X$Sfw_ZEj%ERE+W3PQ<8-YP1=ir)S8M9*{~JWLghkJqIW
z(R}e<Z_Jr%UJ4Wmt>_}0>I`ahwlLLRD6^lu4eO1+dE&Kb?Ko}(xhGHX5;tPZ1x6jj
zZtoM%aJkU{4Q}yU!2FcsnxmPi-Ol>_HuCO!WYe{q!VhnGpwm|VB!7#o7Z`F@2UmMU
z5LKh@JSRH?IO^ulOL10EOKl(*msx?ay^<N&7ljk(XD?4rTfgOo=Oel=)5p~OqR=~a
zN39s+hdO8&?ggyDRN?Tpb7O5FKP2)6oXZ$g2e!ii%jjsZBwv}_+Tvn(t<$(zh0($P
zqM;rW-TZZp;mB}LdQVkPfXQ<IKEF%Y)c%Ichd+C_b=JDrH6770jK*HddY{KMc;1~(
z6?1X0*G>-vg_%h=#keluR44r;4sB$;H^}bflI8x3?GPu_V2`Y|(VIBX`1m@+e5;Sq
zruogWU3JMAL!%O__e%PRT1z&S+x5oqgRdq%b+$?)Jf4${{!%3EuRW3w-IBWq+0brB
zNNL?V5k5=sed8fp$d$%VVTQ)XLDP+&7Ms_dTn2+vQbG<QxJj>L(BOiN7ehX=ooAxp
zB$$i8t2<jr5|`RNLd?T2G{C~nckmr&<2TD#Qme?|=~7@79%Tj?k8mm6mN@$Tg89yg
zqQeyy@J)sTb<vKCt^<HDbi?Ax4&}HC-3xTWtnGG8!>%U#0AnjaZ7Xj~_Pssrcwq=|
z=a;?~X>E)l1NhWW9qN<%ZI!_I{d4iqUopSpX1P-S@qTyFU3J7vcy%)0Us*eKCb4N;
zyTtXwZ<{3M7C&P6<7lzcRBUjDxJhQz9+(mJa0|TRT@T&YnmkIB(H13I8;BFN`w{!1
zoQl1GjF8CX{0UZI-%&UtOG(-^_OEv%qH9FDfaK!(piQU1yJTT!+Ug?*>mSZsQ1dEr
zXoToM_ejX>>?%Y25FdS(zY`MMS5fmFGvB5GsX9PoOjMWn{=f1&V}|c0wVqUcjNX}|
zuh_k+sseWD(fK*QcE4C1*GJHR#S1XiqrZtnbignT<BUM5zI^o&4`w;t?s~TEZ!@S`
z9-j2Mb2|py4*+m{9O%0C`51CHy$uzr-9yf6NC1T&;|gTm$*fXA<4G5(HLHMDR$xdy
zb~%x-^92|vntofs?)+4uUOfty18oC+t4efXLi8kedqlC@f5FN&$k%s3bsDtvS#fQu
zgxdpay#(AGe{b_Lt|>%KCS)33_B!pv@rFfpo69_Uo~Tola6h*yRQ8WB4Qad{V>VBl
z$1YY>yxJe^$R{F&f4P#(61ytm51uO>z41G@u^^pJD6sgCe>u`YH=~s}BiL0f>MOa4
z^N$XCPnI3X&X}<sx;`p{)RUz_GNDi@Jw);=9kiilLQ7Psjr^h$bQiMXkS`?hats;Z
zpd?XyZ{EnDZQk2fs-lfyyH#`zeoSrEp&5u>Lt<}fIHJhB10^07-LccJx7Y@mp$gFx
zm@yjq{_<xxy!m*17?u}@dX?+%X$a3p!S4g`)NyLI?fkNBSUF&azI9wQL*p8M_xs5#
zoVS3UA_NqVB!Fa84I~ZZ{#@JgU{$&<n3x6hGavJ)3dT+v%*m16KF|k982~N)P%)@r
zKKtff2r|u$>2Mf<8_;0t1LhQ`yOR%l?x&18sKoY%MMt_Z3N|qWw3t)-S)Av}g`K#O
zK6*}^p?a#OK`tamul|guz}FB0Ng;|C0%-0J%tS<dczjmaPt3%<`G`vt9$X11b2I_P
zzX-4>@xng0Lol7hz5&VZ_X%Uzj@zW!WU3rzsN~&7Iw|yCG%_q^LFN<eaE22<bKMIK
zenit91UhO8ei@+^%L@M5hLB_tKA>Kt1GriyVO3+!CnYh6jfX21y@m!?N?O(v5b+No
zlibgqe6PsI+eO~ItC*m@%Zc^B)OcKf?KcYTd-e8<E=T+p*dH@l@2Jaz8G0Q=3;^f4
zx+J>!J<zGq>jcsKMH%32NQ#i_RUhDjf@Y5H&euB<pcokKKEvXLDVj0hlSwriG0bJ|
z&dWZjIc^PZ+Q~mE!|0+9B=z%%eUkvC*(})ImQ(`bb}QfY1;B%WN8KQEb8=n=FnKHH
zPq{XIU3Nt*9vZ>RtU%UULp6*cB2DV@HdsR(UCU0RK*wPd8Sz2s?O1$DaRuHs;i+Rs
z_xUPqPj9;YlC{Ej>^Sn58jO^`6V0U}RIN*C&+4L89&|Hza8RUVeN4;jrDM}N2|Jqn
z-u10nhnI<!zFQ~ZEVOf`c_F_DhG(h@C&gyoewIS^bJEUd{Q~bB%tP~!j6UVv={S@j
z`@S=uZ&q-(0s*nj=WHx9y(weq4rpHc7Wtf_GIQ+uF`LoPrxE__CmHHiYwyj8rj^5D
z#w#Nj8`Hkp{7iiBHMd@o!E%SY5Py1v&v6QAvb%<zZVvSUtS7+PI2_eHdunxHc8z+2
z5&eS7%YyCVnCqfJphP!MUZx8g6^zrUdy)SL6D8bvYC_7Yy2Cv`@1MWpodatZISvd|
z0O~I3$597;u>bD-G5PWV)SiDl&=t#eXhbI-gJ#PwX`s8c$ZHf>yMdm-XfTGbu^vUY
zyV+6OXtl8+BH|{Oi;~6P2N!fyq9G%t7*B--fncN;^6Ed){3KGSZz;L;C#A@z8D#5C
z83gbQMETG!X4zh2$)WHFG=1H3p?f%=o@<3Z@guF>wTH-Ekg}dW4c~XL8=OEGTZy|b
zN=A*;-a|Qv1z^R@BNQ+2Vmd1&SD)%RalNEzqeyoqKVt1nbY>c=)k&Nm!t8U%vn$BL
zRCgSAY{uLz<=LLla~~$UGom>f<S(T^@%a7e9Po$@Y9KR~H9OOYP@Iw@p49zLOY`~Y
zwocPJ^y=!xd5S_{SXhO{yYM!Z)!@1zlx!btll`v-#tXaJ=FJJ%9;XBjw8}#Ps+jR{
z2pBCBT)SZJ+Z2GePNzq~{vQI?;eX)#7-2T6iT?f#=Hnwt-3#Q_Kch@=s^WF~Hgs#u
z={oBAnXC+u=r-BO4eX`4ngWZ9;I{zl>tRA{RtAl12skH_7x?RR9uuFSIL2^0II=tq
zW^gs_n1j*DqM{+?p1t$))TTwje*<0~a?mG%h`rx5=%=OM!kc=Et-{T*aC9Y}Ki)R)
zJODD%cH0o`I*4E1=KpB{u#CqZ;5xq^Q=xRC*2}l$h|#eL$9L(T;rAhxt@^}Y#v|42
zAilWf66_L_LW`?obARC;+<2((V)R&w`pwos>BCndD1!GYiS>0F^hzsoPqg_wA|oF)
zd9+9NyL4k#*fy!?xislbvAQn72J{vg2g~bfBTw;w3h2)dW%1^Vkuk2vvEQ7+ML!lX
zJUq2eOu-wdnU6)N>9zmZE32cT!A8lRr*!4r{P!vQiE>!PdPUG*;d48-k?VxTLzLU-
zTT-?Qq%Kr}Zv))q>44QAL@K^_@j_I7A5>}~TwXR07#!{cEKY$bU0uZ_pbP`xKsTto
zF?bk3p-J_L$?KXU?pd^kSEeU;8G_FW7O1zce>!!6-toUP`WL}x&4IS+TRY^{+Sn=>
zQ~GUfhEI=EXf3Wzx1MouSk}z)jBF+A>gs|I!2k;7Rqg#U>}}!as-z`dw)!Lk`dW^Y
zSun7l(VLNp#hBTkGkJ9&%lsfZvEXc@lO>}0sbqVfb9w8cf6gI0#cHy-2xU;D_md3w
za0c(u8f`=C+o#9}yp>puo2m}%qE5=2b5Xo#mqZm?iCjHTeFga;&bz`622MsKb=-l!
zhX+-1bj@$Fn8q}d%2FJ-4AB7#b)S#GlU`Lj(hPIy6OsxyTEq;z>PcZo>IUb{@9z`#
zg-aP-K0^4xgLtA;PYpCDObcpxqik)|7KaT!JtXG_Gu|%ex&zR0;gW`y258y<)_aWW
z&X)Q^&$qs#Z_SbTz?|DU5(&PJ=PCS~5WKy<uZi(dG)Q>!pGpM)o{mdJ8R2qI$p@!L
zr;h>u^?(duaO!X$R^>49dL4L!Nh=wI`Qc)gw+CT+ehBnI2KX&IKt(n1YX__YSBnxy
zq~ab^)kWuM2I&3dPms~18UQCB+HtJkh3KmG_OII3S+oDh&#nCsS-hhZ{Zz%egh&cG
zNBSLZ=t`?K4`-~Dj?bNQ;E_x*erd^rkHg@W8#P1z%Z9J{Fe3B8%ZLs8t}+N0b9p0^
zN$ZrA=!^Q08$WHdJr8$j%Dtoo+Ab}Ok$a@Z!~-W$NsesZ4v}-tr|ECpD_P_jb-{RA
zxb=?cT7+JS8o4u|@2rw)n^=Asu!Xqt$T(V+szoHTem>AL{h*r=%Oa=zw|+Qdn2qQ}
zrdit-E>a>IB4JYzXQL)MT4u2-M$ks^K4^=oscj8P{F+U%9l|!Ag{nE9f}5d%wUT^L
z?vVMn3AAr~GC526&aWFzCUF822GhixiR-UkPF^g4{+;o)ZXVj+YD_$Xdgnj{kYzJm
zTs|GAkF5i*OsCtnb;!Y#4d!5hU3I%=m{Iyfid8^yEB=2eiYf3q0%o%<#<70dR=*qq
zpUux(-SXti9v!Hx+tDztn4uFJ+1ukg@|9x-#T1jE&2~)m7%rvSlzZ5mbO1>V7TF}5
z$>^u0Ir&#{r*pT_eowd*%HlYCbI!HJb2g1a3vTriZxw(2$A=}sr1yY8fstt^n6K;`
zV=Z1PLhw5$BSE)PR1uWhjWmcrFnD4i$NVNjc`KwVO#xRoxW@<LPy~)_8M=7G$u>Q8
z?!+0SD=STIW{&sDK|f*vU3^kZ8qr6Te^RLaIjS!Ug>~GkW+c=+!6v*Z%@P%s`ItOh
zxYBxFtDL8L;?NYc;p>OCyH#45Dgm<+w;>?qRFh`l!=Af1Fuj`p_ajh%=mR>Af%632
zqYpsTD<De4^`ocGi(tiEpw#YMjmb3?cE1du0j|0MvAb)kbNznk;4?c73>WJADAYWX
zWeA>#_!pj|hTsb)_y_Qp3#<7tyE*FvZOid$5f{c>(b3@ikLI@ac6+uw$ZM)K&zEzf
zJ6<bCSM+ukv$>+*h$?a7%09Vh;<bu}QzmDXvXK4k{%vBfU|pAgO}pBp)zDRbB%7fl
zf{@ANIKTGSTfupbTTIvWD@*<dnbB{p{O9BqxQ5p5gxrPx?P<;ebtP|T7zgveIG(xS
z5zuVbdbK~`*3l1ZD2{oQHpNT@YzxVeCpP>UVW3Js?#7r*M?CTqCw_!mps11294!A#
zvitikuA3Q;9&9>tnYk;mpFxJAnfR@5^4T}ix7crA&~B>}-WSAU-Gp-8a$u&e5j0WV
zEBPUxknz$d`M!`<U?>IHAvsP^y8yWkRvN%z$Kos@e<TjA0nxdDD^`;Th#J4fBu!?Y
zx`p16&4TC;%x5gQ5zO}(9=keb1G^Xx%#3DGza$NSG`Vy9!kWOKFm}`FShO}YejQXD
z{|yNPazO=3Ms!4GO)J<<d50ai;M&BwMdIMTdmV()BpYR$D42=BHm;%<S3y=tpS%+}
z?<S()*H~C_Ai+d_Xb7ezDIKm?Elr642g;PfURS~UB?J1qjm%H`HlUw=;6!H$nA-7V
z&qzkpoAx`+g)1=yJvnjvavwo%mpbrV^MQL5)W<RfX~^RNqa;IyNiFS1hT(pQFnpS;
zkCUy>JbUlco2T0Y7IbER9nD@=d`f^XJTi?@o1sXNxflM!UWQ?ye3=RIO7vR_Oq=bO
zVZcP6%v0>l6q^y<ZYzzGe7MNhe%R&(B>;xPkamCh6POAH0_`lAcP8)8*gHF}fvICo
zIDc$IFLO`{A??pFj`gpuSy+<pFljg24*-fb3^XLjCf`x<7d(g#eGA6ct05prvHnP*
zSqAv{Ul;uC>k#>Pps)5W7EPe5i*9PV2L$}7sl||pf@r7g!EGL>BuQfqW~Dj-<Luqz
zmsETIR{3Tv3Q|4%@quW4v}P0X=oK_tI)8jz@Qt)KTLq6tTJfjs$941qOsahzo<7w2
zN~$%R6)q4`h1X-XbzwqT;?~M9-sYM-6JTK%9eh&rZt2t!E256<9>qRhMeL>)=iDR3
zcy7*cJwi*DKxZ^@Yx@1Hj4BF*q$I3a?pmw^vB`xaLNfei!U(Uk?pYA2d9X*@s+aS9
zSxtfat#jW^IO;mE?*XU#ITwu?aVNQpfj?eATPzucC2JhsyU&CMxAtTaJ3Oq5FbVZ=
zsU|W)Z~&8z1lJ`GQ3<lY(JGZ9laP==obcypNH3rZy)#f17ZP{<1?~NteU?vBc$R-N
z(Fg3TS{+eS-&~nuT2R{6Yrt(Km|UYbb8FVDTo9t2-ggv>AfU|!K=0PHCN}&rK8e4e
zn~`5p2|oKMFlz=_XJFjyU^}VfKco}gwBy&t>e6Jk;w*U%R@V*=dn<65E-37@b9f~{
z|8v<@&LRCeNGKS2<}A4Z+RAyc7LZbq$6)pQdDK7ok`$pzU66qDF%r^J`PH>{9`^%h
zr>;t>Jz`rvLXVYy6B*f;p%sI+9SG~UskgTFcOESIARm)%&uA22(BbK8QKM{F`U<Dc
zkT4#h%n<sdv48+l5<_$FaI{PH6*n%@V72eLu}9CNVm7`Fg_|f1p&u`KmxOfb4Y8jg
zvdw<*RW>FfV#f+|o4*y=uUotNGz^lY?E)(AFS7d|cDE-#R_RuM#;ba<w4un#;ByZi
zVUlFu<f||UcMF)AzJyT&t>a2{6n}NmkWt|JI`g2XZUUJDq{g}p!aXg|j(B+2@T}JX
z%WLC2R|L>o2_&%PLPp_1kAaKJy$jenbb%Iuq6KsBvBSINV~Cw0f^`Qv{wf<5*RNXv
zP^18E-!U-s92M0?urSCq#%RJ#1{%T9zKt5{46*obO=gM;3Uv4X((kh>XO8QJOkm@!
z_EapE7T=B=WgF}bM6`x?iEe#bGA89<={{CAZg^MxWK;F)SUGiiL{Wvu3$EWBVwLXJ
z4@$JU?F~ZHoljypCmKHdTAKM;H{#7$RMqXPBg<Vok^V=xoy=-4MC3%OkrZ#=EPm8c
ztQB=qBx9MYU9EK^o5$T>DOPbb6pU9FcQ*}XytR>F`xL(Sl_+hQP@8<7+d?qRoO;V}
zd(U4sL|cbmzwfK3DSm@&ox&%W)zB|=c<B6xK6nI1y7Qk$K*4p8<Oz%u0ROHK8?;j&
zBiiZqleHVFAAS}CP@RDn*}pLvL5fbtF#MyEo0`Wv^(}WnBPGX>@nDLR@w6JaH<$>|
z{*?egrH42)mjYMf8q&09g1Mt6^CW8PC<QSnklKe1N_PQG27oR@EOg>H;|&-Fv}#VG
zqti#YfDI_-VSa9|$5j*jE-pq>GCS__?>P@obhKmreJcy9ohRZMGWQ)3XGlIuPliI;
zKb?Wa{I6z)bpzchaEjw6pPUqx+KJ(Piv7s>Le-)yj*tXTnyr3_s+Qpo<hhY#J`s~V
z`Q>L<J4J$JXCMB(RQaQuX3y`;dCt~5kI0!OqU=8pec5M}fz}+68{L)LM`($Zm3pcN
z@v2F4`<;IruI<5Y-Hv4yW=fo9FC;INOlC2>x1TjYbV{^i<P#~=7b{Dh@NpeZZ#UoM
z*ALUQ99sE3q#iwa4{+Q`00$tmuuMs^{ViPqd6XjWS#;Do^aL`{B8(Y_D2?F@eZR3f
zgN1|`4Rw$KY(EGTqps3^gSDEt>wHOw98^w9?H%Up=i*;gD4v%VGDEHZka}QyAGYi=
zp@bW8+gUR2{5}66Cr44gZMUi_3>>Kz6J07NCr86!ixMOz>Fzu#J9@t#J%%vye6*qA
zOpb6*UHI^zH_S%hm9m^Udvpa0Th~3Er=j0o{})xt|M-kZ@LuzCTF#26;z<M&v)JL-
zk%uqU3HP1QFC@f#`Y}I6hk|L(i!&&fEj0(qJ)gOS`DRI<qBWfpL_Iw`MCYh+dJdJI
zoR+6^87wlKnjJnX)6F}Te;f9@kIiWQwEvfNEyDiOTkawwj?p$xj&kBhKYQm$KXUN=
z#~CFd$E_n00DFt+^_XLu2Mu=7cG>j*w$#-C?Dz^KENq`0W}*ORbbfwrzrQQWrX1)!
z=<iqil{TnG{~U3Wa4j_Q<|N;4_t^}%ev<zVKI|oiZ!f_4-;$kPAmg+o<D0P-t=~{n
zjnbb%(|Hu%!jWD9&Z+;~aH&YH^uKqvSK6vS%!NRzZqT(!pIttC)Lt^%W7fw}l|yze
zv6&Z7yRq=U#t$xc6CT>GSd7Bz4-A!(Eo@S%$b~<-e?_{RF)CegzI79~ii^wTVY}T9
z8WZs)%EOY47ZSa;P5fHzDm#b`{dqnXQg2wx()F;`NNaXQU;9t;A1>X-tj~0(BGn7}
z-k`)&e)xq|LC7QB)!t^Z2L!>=16beaM32+xY9EhZZ^|DSRuL+NNwkGQr%Ya0+sVZc
z*+<l<4E@M7;iXGl`j*s=K-CcI*tH2`F0z-nF*Q3@0mDE3h5_u6;9*WDrvdU4fY?~X
zq|Ou(geH3*DmwYFBm2{KuiB?8nLHTO27jCU7;=6S2F6SHD3GxAP*}1=a{O&&O$5vj
zr(Fj<YX^(Gaf>C-w*)?x*)g%*pOK4DR{gQ;ni<_}PPxF^Lz4z>>6LClwfyfzEwpi`
z?M>W7WXBPqs)dD{l<(MIXHa7CR$6yg;J?gFT{|-U;?5DPBvZspqjA0E@AR=G>&<=6
z%^3kRG6Ojk*omrrW^b@92IO=iKDJt`^5WUbS(E-Kj_B6}zzPPT8_GI>+u@@~rRf~b
zA65Q!;+Tuzjq$}CR*Uo0tKvLFPM?G#FSn;I>1(x5?Jmb=3;SugtrmHZ-1qfTT*NLk
z)XE=C+E8ziBJhHgF_&n==uq>F#FR$?dhabyiMoSN0E(?=QU4YZK%>#wYmke9D;nUz
z1{(^9g87U0z}96lZz&Hz7pP;WZNRJ?D3$62exqRLyY1ctW_t&#`Aq19fBczSGv*-s
zQ8K8t1vxm=nprgF?zTE*%}Mi6ECS>#hZ7h)kylGs3Sfzb#x8L1V!Q47?tJ*r7@J4=
z$5f=T_LJY-c<~XwgsFckjAFt_o}}YYXjO!LGQUg<X{NvZ8kA9KRP;8N)68~8ReNin
z?Ghid%8%|XUijIRX23aSXY#sRaWx^QR-{&NGQ7$#X^<$r-DI_W)X@vnTiaJWmDV6*
ze%WM=`?(NPz3MtwUN@=j&2%MG$aZX4k!a5>?&`TzDD0svXl}!j-RgVV+tSeTFb1P$
zk@S4VB?53?Gm+uk^VC2K)01RTSe1Zz=LcYZ$a$5oe^V6wl`RT|IMl!P6XV7}d4OU4
zZ&y@kXz>l$L-(f6T=m*Y6zIOHbz6ttAb@se%$E_a(Vcp^HE6<h89K${^V0J>m?qi`
zmJ0YB3zNOy+T7fvQ0*Jp(mSH|1*@c{#VTjXY}XD;8Y-<TFdbs&0RNGyDoE-yqbDAL
zL?k!IdbQUO9>2)?ZGqBcRCsu$OXs@ak;>$V7N>6Vu+tNV?s>v$BeS5<Bd<iirA(O?
z!T4O`ZDpLNq59WqX#X^4syE>L^F*;O!CT5*dDrxBx1s@aYpKQeR~Coo2#ZHIwN-a+
znoDt%$rk&!jAW%2*iA+aJBny7m5>J*bKcsC(!9dv@2W8f(+WKqo#Q@1hB^_RH@K(R
zt;`iKq_aemh$|^%#^78gH|^j8K6?RMx7xBsZz0qs6Aw@b9N%cbh-D=mCS|t{c%8vb
z1l;<ee{WX~01!Pa4-v!|?qnb53p@Y)f#D%&9;E@k(_FTYfUCHbd+dfNxGOn@I{f1m
z%z#&0SU`}EPk%7-*)=Kq;njN?1%+=K32Z(f9t8^S!Lc%Aa3hE_$A4Bo5ZL3&FC-qk
zwH&IT>XUdPt+YNyVLW9%LZ&m)skB_{vfxQwUcH@Zi!+iUNqAx$Z|AsJXGP9YPiL7O
zf_EFHmFOK#x{G8I;{o2y+zTG3MOW4Cq$O<2ztm1_>G=DlxS~pr<YOb<i-pLIr7byw
z8J4DV!P{~}DaNmlviK&Wp8LGx682KML#YTUR-Ke{k^%-mR}Q_y^XaZXZ$u;Qb9Mxd
zZj;fA{bPLqFIelylQC_<$UzFlngUgII^GBKYQNpIf_x<9vD3e!ICMD6Bo^y1L+^wj
zj**{dL~lC_Z-5uqFg#>L9O7P`-#C0&HXZm5Aw=hTXQ4`jO#!=|4HVQy@nKQ*(R+pI
zLtnX-L*Mn}=vL6VF?9C8NA&Gn3`CZ*C|-5!u5_Q9&HU9#!DQ$L_FqPkz^3kM&$YRU
z1}a`69Bpptp{xiTaY?xObB=HJGCwD~6m#6`SJ?NoHW(4ME5FB)i&{^d@U^a9D@gzC
zOLM%EqHvuutgL(RP2IC6IC)!Oe$TgXfd%HtLH_$U7X!I~Ynh8v8W+!deuFs!#6U)r
zM@8C$ve#b)4z0MTL;K=xiVm^uU~UXZk&<5aXo{1f7=G6o;zytLJ>I18G>k7guEJW(
zGe7^kAaBCY!A{FR`PUk-k1{zZ;13#{3jW=y<mO0QQ5Fi=qT5W7Mt2AdMGOFX@%-HQ
zjvh%uQ|vCe{JT#B_u&;j@_@WK<<skVqG00G=xE7ovZ`69KmeoQw`sFNm6QrPsg$kH
zJ997jnBQYCz=KeYjJ>g(|H^KyT~|yUMw1cyPMZDoT*VkyS=d7?(oh@AhZF;egfz8<
z5H7L%z6&NIL)vsK(%0<wspf<V#C{rHtH==+_3VpKP$Pz`>80;EWbnzz)beCtk=P*;
z*DCrxN^Yxia;B?hSNOb&s(epE{**}WikYL0%v`d>=ZE?b_xktG#OL-j!{zY}H=Gt{
z=7wjv#4L}^>3$g$p9KYzV^l&}*FYZrW+evT1_CF8X3-VxD(EO0XwmBX4Y_>j+61u^
z-TXAz-9XDer@~Os-~|Mt4=kbW%+eBg#`5by+{|hm(6ig3xpuqMYK=c}`|p=|i^sq9
zYCQma&|oaOWh_v9{8Y8wT<Bx;=1>aHQZVW`)VP8!O*l>TYHY`A|2E`F_LlbN6-IAC
z%9(5IU-Fq%VNxdLVs<nc;UnC!7w=Yhx^tAx3Gj91<`l8MKV@kV-d$Ltpr;t^<EDRI
z4#T^(%cF*|I_oB8)bwv@u{L81B|6%D`#^E0U+|t(`a|zA6^BzwS!l6M9gbJiqx`p3
zG!OOD(CQCJyb>@Gf;TEz8(Z<8aQ34_I4T{oZ{pU2RA2KB{@~ntC3fC#Yrbc(>EHRW
zFD%f`ro^8V(c^!cgC+pFr2~t)`n)|o_4dS0AlFuD_~~ui(7s_pppddcBp$zZo$i(!
z99BEkaSHRqv3jIGaHEHYRe_?1FyS|?c9;tDsoI);cu?p+hDZUp{PtMmSopz#&~-^4
zd@Bp&EnrpXFS*~Hyr3rX;&So8;%}f2ZjU)TqWtSCM@_}e6ym!M+BZz!9rscw+Z)Gx
zPsSwQ6<GR>QCcW-%ETBP@!`Wf`b3nDo1a|16%{v^prI8eeXJ*Kq0d6&c4r#qUZb&G
zw62PW>{O=>6Qd0ics$T4C%~oC)UE3r?tmY^E)?CtsWI_a7Nt_8hZ5uv)nqQ-tuD60
z<E=V=drX5O7P=e=vOS9)66C^WZGGBfov^^k0mA4U!xb8hHRyUye!j9U#wvS#2AgPP
z>YTDtB<D+>E9sEVL{~aoJ*dR`*m>lpB^UG!^6BvG3DjFI4<_x^Aqt=dcl)5us~Q&s
zohw{`BxG%36lEOneX0*iy6<+B4Qty_?16uHO3{Kb7CnwZd+n?2e#J#sBs}6PI0*ii
zbVy6yIJTH4TjV@YA;Ywpog#;^t_=SXpJO-qj|sye-ws+!Zk|yeH}i^}83x#=LW58b
zZoWO%tEL4NCP5(+)x0qTg42Z-Ez+M0RHZUr&P%<<2~PWXXAo&8XIsSYzF<hVI&^y-
zA&&1vI+4NnDU|+CCEIhbgPowE1y2*xZg^^FknAj>+(%QiUz!q+&p|HBS*6sndDg5)
zx9WJ>s6DS|+}=*aBQbQjOA!g|*A29Dv1iRiN`tV&&`uQ1@eEN?pG@x+n_KA@{!jQH
zycH>xwUdc$T&I3*n7Rk&*a&lrSKo%Y%GM0T_RTaU77K*BGm7O58sPQ`-VT^DV0tSc
z&V=tq)G@t59$656lbmgy#>@i-d2MvUDcoELN&>tZbGg3q2N}5~^!PbRhdSygeie9M
z1Kd>oxyJk14~?I4k3OmK@YTo6e5qPGZ#e+^V4mbeqYm}MY%W2@XusKGU8z-|^&d>*
z^BbTJFEBSLoxD>P5AxXE+beT!GP4w*=Xw|2HuJ9k;35l5Zqlr(csSOtgT_?9Nt;vc
zM1&b1?^=@#ESMQFs@PJqC%h&<#OZqQl-1Q3{r2;u{ZbhD%ya~&NZC6h6AO`U$(Owz
z`A@Xzf0en1hxmIc?8+qjSJ<8Sca*Ez=<M6MN>>+`2H|ryUD+pXXL$Io(;FQ#1*>^_
zej!u~=r4{X63voV99m<XMR?{!L?muW4wMxbCk_Qy%I*$@@1=eJnf9cz`BcK!39Tjn
zm*2(yWI=oXp&gO{7}Rq8a(xBnzE`7gzPtr11k9=GMiw(;MFSAnXJU{H08;->DxU{4
zvn|{YJG1v*hs$2dpqgavufhKGEM7q40siB(mHRFy5VQzrN;(a5&mzcIH$z_Kc8$V8
zA<n;)E;$6XMz9Y`pTPDgP(H%cDW5-H=FMbVa)6;UVjsdS4%04;OxED;cbwY_>$dIY
zC`_U=PC#8s(i2qS5h1*jMXn`i*tsjx1;~svzY{l9ucGMC?w@1s!btxx7I3%u7yY?X
z@g<s3GD()!H}}v}khv-mkHUU;j(`1*ZZH-@c}ls3)%tgm&SVKGU)Mj!#N6cb-&AFO
zIRkCeK*peQ!>7~%8Ixvr25#yiN)kG#q06a%IW?ym{M~zju8is4n4$qPjqH~L7H2hz
z^*Diep!aQ9l)S47I(!pW=C`ybjp3K$MXX8#Eg2RFI0emy_)$LU%J<c83vf3IbTR_S
zr*~FDUqXRxUtG*Z^Ju^im20UE*DiQ}gG4q8$U$#R-M6W{2Qcz)WkRznCWMBD(M=YH
zXOQg!{!#!*41}+`m0-?>h9IEnqryd5LY!-pnZtHP5yTIi_*MYwMzTjEK_ClEXhO#+
z%3pDEP<K@((>L*O)5+4jA-8jujOM%dEZGK@RjCf**%=xJJJiSF!+V(<p4!uF2cNqO
zQZg%Cd;JOT9lCX^?`4!#h9=<^5)<jToB!l0TQ5)76l{F#h3}#HW9yENmONB)luq-L
z7aR3&_X+RXh)~gZOq1d&dB#R<*4%$;#dj;DN_SXub+Y-Nq+Km}SEcncu$W`_RkICA
zD&9UcGs*oO-y3Re$7bc@G*1&`ic#zXO5sfCC_5ATPk+iMw9#OJe^PXBO9u@$$Jc<c
zYT+!fjpoF-R5PP@XnJ|?1<Cb5!z~=1>2bwNoVY!PV`H)}`tjNN;YWEWV`xyxg_SA#
zDtJ5?Ipr+*6{H8-ma9vJKs9gDMc{MLcX)lvb4ay!W*t1n3PR<`$L}5sp1jDgaj0!i
z<22<-*njY1E?IR>W5bMG&xLJ(EvHiKf#;SBiR#QFS0c@(G;27)pIwJ}ER4|5!1A`z
zeHSLn>Vf2pGLwWOepq7ko63$ra_@Ej)HUI>nu<51k2^Br+#1&n`JRi~xCb5Cq+w~^
z$U5(dNl5Ep&&N9gUDK<?rin@3q#t7o^2_?`3c|^<5<MZM+><Nz^$U|(P=41Jw9436
zW-2zimk}oq0i^_V>9d1AY~ML2X;66NJPxV^SS};c2M0drjV0o~X;B7#>5y$C@dc=p
z8;9C0-UCTN4crC=v;{gu0Qkzl`VbvEoP`1&UAwgaj2OC&{fyxOl29ichO;OCrv*Tj
z!~juxpkxWY!ajWnw%J91M;G)Tn0|W;p6M+=KIiOF2e7QAnF`=l?Cp|dxyQKCsWh?>
z@JMC7%Bb5;@JZ1{`b$c4ozeSOgf9`S+NlJ}_@Z8{v3xPs#~KbD7IX#+Ml?8|T|%{b
z?Y@krMJuhD))@VM(^ol9lz4Fcl$K<?ow)?-Gq*|NViq@Z%G9G`ZYr%qk=1%kqUMia
zZ8k4c{|b&GBBNMqd$9qF-wcau=8`%KmB(VUt@bT((!4VrZ{K77D4B#-T89;72j7c<
zR&Lq?^fY6zTB&imQ>)v$Q7D@ez2?#<a<Hm(!W>F4)N(vLJ4)F7c@0?{KwT-59dcvf
zZ!wT}cNC+8XU4Ixnb)6T(>CkS`Is6cC9s@feiCel7Mlx-1`7TPq7W}KP=M<`JXOJQ
z>z<W{s)6f`k80oIVS2`^j90DT&I6Aq2#SJ7v@Nc5(OL2!1Eo#K9f0?{)|6;?k!>Ji
zbDY28t6WaOgYf+r5!U^k4EzPw_N=Ho4scG%RH**@8LkhhZYO%$&ToHJ<EdHN)En}I
zF%HL&1zYprh@5eqNCd~*72C@^p}hE9VRc_ZggRKqQd*q4;`%36Jdxtk>!&JY{VJv8
zA;cb072(PaN53?3gk=jJh3R^HZasc)rJF7~kdnv&A+~=ySpDW<O!CcR`szgY|I%ZH
zKJvwRJ<_u(ut{ze1f(z7F&cNiAAo(TiWtD`#EPzs`4l<lw4sgOV5CR@jv6p>ehuhf
z;=_Y}oTe_&G?=s0Nxt{(FpA>L@zY8UtQPB!%h}P5H4AvqH7=|^dbHHa^ZOBqhEIar
zGB`krD(Nqn^ez2M`asNX?+OW{@FN_VDLxMte(wJCMT%~b!GPTt+iz7Ol<gXb$4lxC
z&3aA6_)5ipnY}XhaXk{)g@30WN_0hpj?*Fxurd$mLX*ghhs%At5eE29nq%7!KVu4*
z@Ob67U&ZZh?8CmHsaAh;gr6}pZZ?1AT_viw5U<0nfM|6OhD2~?r^x^E;`Og$7o{qE
z^Bn6b$3Vb+mH*~sg+I%Rd%muHLeXf_9bo%M)x-SfMuAnhJ41A}l6tMh$xFJ5hiIq8
z?Q|3ck181^m^XT!3ZvpdYNvxfh|fN*5tiD59#`?m8lV+Uj_89*(AhAi#Vb?5Cui~4
zYHw-P>WXCqx(HjBJb^I5s4!e`P_Z>|z>awv0Rv~$-ea)<h2jdoVc2og<JziAR~-_|
zhrZ^nSPQzk-r$We!Kx~5F8cTCJvYbio#!=?^G1hgLx7C<$7dN%enHXQ%ICvUzTZ}e
zt)B+E@0xH4Uq(l#d<lE-W_)E}Q~AHilYV9bksxZ;4-U<r@wM)0554Oq=(J~P+pW~%
zuhH4}xQqKjEk$b-+f6R_Dm0>E_2+gTk)ldUJmPJfq>EIxhm|$D;K4M)cSft+G^syi
zRZ3xvnCDGlVpq^tA;aWvyW{3RrNtxg2$fBLefaCE-Il>xPUAg+ZQ5V|%Pueb0Odzl
zy<=tC$g&E5)it=|UT+B&V7-8Ez04qdtS&F3FzDxo*NK%@7RoRCC=)pJWky3n0H<~g
zgFc)39r8_Z>qCsf%EWZ`3DW*@@L%l#L%T_4Q{9yfK{Me`G{f)TTjqzoA%o)sEnsa2
z^Sa14L(?RsCSdDbR|T*$o!+@N-D;}-_iqROoOh0hK7aQTq(4Cg`Mk4ayJ;1h$7u>v
zhFhG|e{WsmB38$W-`SS$@*eiGhNlPR{1Gt-HOhS#*jr^Yqj4DC7ad9!Vx+{wLBJkQ
z^e9r5G=#8I%+i{hZ>UCxw7urdZKP0h*0xuVFZIxa3KFHXH5bl>b42YrM`~<B<2fD2
zDWU%5qdlp)=1Z=ZtTfmra@#{sNph=bza5jom~gx9joE$G-}+L%+b1)|pFKv-e(sZm
z<zdvUvfC$3)+!-s{xbGvB?l;QoMG?CMb#ki?=M_QqQ8!NDvj{BNUcG(SVv%72j4-K
zlIeN~ZOkL8f9KZ?YO^or=V(`&u7ydLKfs)jpg;$Ha>cL?*<iZ%iv+c;`|;>!Kdxml
zRot&~UbBL;Usjs*fp7gFqYUL?5+dF?lgZD^`wu+MAa0m^Di)p_y_@i#)1X&NAV_J<
zJNv5di|D`L@cwQeQic1V$wz}ir=^Fp@NsSQf@0&<s0RD7uC}(chYi$w2JgAv)wjSR
zn}Wc69nK1pYwPzN&s{Nsp{~{8ADG${mL-y(kQe+m?m~U~%tIh|9VPi)?vwRIoT1}*
zk)(0zHhl_YF^~iFK*uVQ88@;%#e6q&Ug`Nt_<+AURU#rn)ePdm+q|!_?8xI)^qm_Z
zno--y!m~U2DcsNLVpo3j3H=VAKaQ?h{kw$FQ6lWwf0<PeQL`J_qm5NjF&U^MXb74E
z9Yxp@3G0xf`jZU`b!rTn?J&^F*@j#YphANKpOVTCnJ_QE)Pemr4?O}t023Gzu!4hq
zzX%L|h{-*m2YjS9Aq*$a^KsGjLzH3%|0_6VW&jZ?)_YRNP>@dVk`v(gjJ#iOT2=gz
z<Cd&vYDynOt#0aRmO&c0qJlrSKuM18tG#6gpQ@_P6GQhWvzv+K!EDcHUI$pwnV(qG
zg{gkP_2lQ;elY9S^KK5C26z5H96DoKZ$0fV;`G%9uc)7E)&EDQEADA4glM7D+?q?<
zuL>of0_DpYt6@PO2G1psoWL8Y#GP_l=w7S(q#9(XZl}ItQ$Hcic)i>NM<xTW;klDy
zk3Vmed&3O2WWf-Lz>O}Am!%IWzm>F(PPI(P6AdlQj5Mj1<<gE4Y)*u4-tpW!Sp!AU
zkETJD$UBx*U1Qm$a$}TU%f+K>dbL7sl*4s5^9_)=Xvcu+PiJl?%p!THgv*e7n7wT@
z^yiHm!zdZ1%3>X!3^JUfZ9*ES$o4LfMvA;9fM}Z2zBxf!^ulKz&AI9W5GKIt)!kLE
z&)qCmv1>C)X;t;*Z3pHYPyc#gGCtbB#hjR`4kOeb0x#)2s&S~FH=OkeG+Gmy?u+tD
zr?DXZB~oJZV@mM&zbj&%`*96*RAbVe_q<K8i8cltgFPy)`mo3-`Eap(KTL17300Bd
zO8(Tp?Y4R)S?!vdq@7zqtttEd4TQgoebPN=*8I(bOUCVjw+w7ec=}D}0bLmm3s)Vu
zc>O;w1%Ki1Kl*Fz6r(1?xtpqq?Q72d+DW$#Rq^Ms5y~^wzJ3!m6T(+FhmOFRJobKc
zer>Ydvos+sS_d7vi+8EnK;8*F&wQ>>2RSFxTDe)98v`6VGErAaS?G<ZA;U(x_hM*Y
zw3L*zXlp#|-Lad%b2Q8sGn?(Rw&8##2tWqh0drSh(fV{><JuUdw-ru=qipTgk+&;i
zz`+Igu<NlK$+^uED1CSZem?SQ&Tkz;aOZFU7oj3aq7<_bjSUh06#_rnK5M!E2C8j^
zA>=CvicGxiY(nzcJCK~aOZ+V>&a3o%pe@iYg$TQwh});Y+n9STP$qX!Y_U~<D5x8t
zP5v@GtR{AkMLR;njBC-DXg`fv?k_G@v?!rSz{iNNA)!Gbo@wd$dp{QRF!<Jloo{1%
zu>bo=ZRM_s(LT0S@<b&!280mXbF4%92J8plUi9~orZ*UM|KgtODQ6mNG<nUa8~e15
zos&VD{tqRuWyWr|)YrO<yYLgXAwM&b5aybhN3Uz=gXaYrSL>-T{K47$4P=<!jBcv^
z_ze`&`8N%q<U0z0wCXg&ocepndj8)S*n0|eRB$gA$i2nD;^^)zSA%_W#~Y}o7Q8P-
z?KLf!n%Qhn2%OY83Y%IrJBEfNWez-Z20Mc+F;a^t`~X3WObhOzpOw`(EMycN>-!u{
zK;NAg1N#ya7=n9&?0lR0OoM9ebaNRTt|2Aya}g|F$n8(SuA%XrGgpx2{2#RhdXwiz
zM^m-d;v|n)=!7WKK4cA30>Xykx=J4K@V>+MZGY_dtUVtGlB}7iBzeD2Br{O{d3+V+
zH`R}a;tvje#d=~l*6*FZ5N_xW!wzC}_9mF&p?7DrGBhTAZC3Rr#~yD{VLv-GhCB0)
zb}>?>PE{1$@ygAXoj=f)G(t&F@*>vKnJFdcEzwX9RMV1yA2zNf?5P!}tVaLG23_fN
z>f=Sse!WK&y%582J?pY2N~l>qX!-jB3()c(h5eM8ua<q{3FiZjgpj)Ew(zWOP@8;^
zn@Y@jZO1E!A#x$Wgp+rFM=|}?oUp+taC2ieu)L4ZR+g44d;rq!t|<kruAMoqjw(q9
z-9*gKdvYe%p@X(@QKslQPyhj-tvcWP(E{c-B>jBiF<nsBRbb+rVtN`Kwcw4o0N!r`
z%%wm8W!|X6Kb>hz>6BG6VNY}^XyFbHQheREynjS#2`ck4M;$=gcz1t)*i0q#Y_5`o
zalt7ub?q=I{Hepw9w7tqA&-E(FL(ZG<gUEJ1aA{b4%s32%MHRM<14S=NqFBv^)0#P
zWyPcVid&2Bt8sOFbOj@b(OMdA%{NFV0g4WXWOvC5Q9q|0Ll|rO$?CbOjb*(~Km5y=
zFKKzo)8~bJ{dFDOYl+jfU8TYv&PA&)%tW<igz~%attiL%+0r9dHew`ppLi%r_-dp)
z8_`X7w*Dq)YIt2*rXLOt_*Tj9g9+BN9hhJ$5bR1TeZa)!>1psZ1(FA&qV()$!M_U@
zo%s-D%w7jd67}Nv6?iaE3gG?L-aWM4NYo1e+0hmOwt{{~3SN&ptbNQnwVF@$ZvICZ
zAPS+mKqp|5knb$kA{%5k))RyS$Pf<*nH;XG3ICcAMj_3915pD&lMxUT4Vo*2@WO?4
zK~c)(tpXJlsCN3cQ~vNDwZ~iiP~*wwhDI7WZZf_-;rf5ofkDcjUMXMnaX$P-L|P&7
zNM$fL$EOEgzo9|>StnhoCR~MkV?skdhfHX$e3kcBy!0s~--OU0cQc)Z2LCXZml1Ma
zfZM4a+#M-IP<73Hb3uG#<5@|4|B>5~VS20V_zY$C4Hu(L+K)8tNf=(Br`(FUr96FX
za_1++g9VX$4+q>ObWMWlXa<KKq>R5$eA}3?*;`lib?9CS`F@F7GP7sR8ZuiAW09YI
z;zo2%h;ccwUWd-bbxP*_=wx)#I2A6l^3h9eqQW!;58?*)B<og!JSj5(K2oV|pl}8l
zbvS#4`tkrX1!9lD&JM7=CFcfa2)|kFcS^S5-<XtcpVs_R6Iq?w2UIoy<}x5m16-dw
zmw@^I$@t$kEsAQ&?STwmuOlI-d5E=?xeV3~^5l??e%DLRqNm1bJO0<f(WWc5F)E}H
z%Fy}8KT$?pD+Wu-Rn4!mIQ**;#NAFO5!0C`&a8`+G*ZFCY+W{#p8s-xtfcX_=Y8CG
zSV5}0h)g3j`Iue9f4}@m<gWD*ZlQh0mJv6dkPvrsgd569fT~>QYsI;FU_CN#9D+Cg
zk(!2zekfzLxX|FK-nUo&ZbQ25Pi&`fMRA@Qwa$l}2c*5xtD6NjrSGpnt`_%CsnEtX
zcCwZ<BOsoD3L`j_Izc)kuM}J)vj>)z6o8pqvtzd-A2jG0vdDS@x2!2c9wltUJ2itD
zFW|_dDn-MMJrLl?!1cT}HIPsG#l6e>oK=1E|3}yZvWr`cI@*qAQ&n%a7EEPRUB0+A
zRsORQbSuU*MMQ1?>k>2(C|;sXtrlPX2Uc=!^+tlQ#<)X$^@w`<kiOb|0{jnWLsrcV
zg4FEeH8&x}(I4%8O}6aeNpRYE6ZI;d`+bO6YN=BF5<io$wmWgMSg!3hL6ee#5#%`0
z5K#&~#~&tL^y$C%F-?_^_6VySvr^~H#E(;|t5}WcQ_YXVfws4`R|<=)-Z2W;s4Z{v
z#^LwBx>|eqIA@Dhw(fBouTK1c$*FF~w@r86`#X|KP3pJQ@9p~QWtFh<C5#1VfI268
zidzQ^MQ0IP08I9~sIA>|^lV@{8KjqO!|Fl-^j?t+Yq-@6G7jXzWUJdOCD9*%_e%gA
z4S#<nbezA_^b+9Dr1*yU7f>?*f!>?AV`OV-S<qzSJX($ggo#+dclrhJV`{dD@3*o8
zq<0tVqrDIQshN(7FwEtus=>$uU6M$b4$G7k_Tod|*d~garyAG0a0?~XUgON7LUxZ*
zYH6*li*hVYS>=&tXMO%X>xm7#RlM*&l*jC^UUNN|(Bf&*=6;jK(~EwhqTIbPbDPSD
zV=mHIMPK;Y=tWr`-z3NJggXm|h+}gu*~5+I%9Nb~a!-zkfU}6K_OKg!fO2wC%B{lp
zepjLiPCZ|yrXZ3z<v=Q#aIz`wC``+6ziK@>h1D>uM=+mu7il7$#xL-Wx9HnhA>NnR
z*DoA7-+l$bSNf?K;GNSk#OJe})xKi@s14Zy$d0GY3k}rcH<1_4XP|QL1Mu`q-3ADj
z4+C4bSE0ZkQS&?4?gen<wt~l8e^djmICzsaFN4yFD2H_j(^SU^EFj>OSFi?}X2Jg%
zrlq}U*5DselYKJ|x)|g{|EYWFr8aL=k>>qR<h2Jn`4^w|o~x=Z2PrnWL2^eObWa2l
z*=1X_!wL?o3LLzl1iETAL+0^T-qi62iX@bu5>5UqEjB%qW!#WbcnfFeookNc>9GwK
z_@!5;HfX9=7>I|Pn}V&{@qB#2agGh4BJ!sr&w9?1d@2K%&Se^S*Y$qAkg<UC??X-d
zef@f@5AE$ivpVZ)JNv)itL!Y*93DvXtTZK=pXG3Mm=S$VPD)6a=4()R)*X@b@$o4Y
z@jXPOwEEK(X<zC1Tf-yu&vElMxu&i%U9f5P{fq6ZCfDD6fD$HZ{D*4hApHIJQN380
zv3R`2o?;K|KgDCKYyLg?6DyKC0}Qg$MWAObhIWqZ0+QymaH8-VxcYKrL99YI!n4=~
zQ*41o!o);xFJFu~{~YJpEA8!rH?=&&#FhO1y$U^tcENn=w$<3pGv=j5;4_R>{+Xzz
z5ahEvo+7ct&($J3eyXZ)03$aRNlBGfG05UYosuORJeNdcY=}Az&TCJtR8}UOcqWpy
zPV$GB=7C^k8E4eo?33i5kGqf4(321$n0*g|EnqM~Z5MeNo+INPU762{pb2NeBO;x7
z?xtkiG&NeYn(d^c`2)Vb^zsLG5YCSb_nDy$b=63OV3#`U*H(%AuI|wdLT}-((+tc*
zR)%*za48a<|Hso?M@7}WVZ(Iy&@Iv_(jh34DlI8UigXJ|jWkGyfYKqUbP2-HAq^su
z14BtS%)l_`JJ0WX-}f)pn#G(o>zuRqzVGY4!jV<p9PYejz+$IjSL5bPJ6QL{XmQg>
z;n#)$hEax0z88b8AU>j0Pof>#hWq!!j)JU?sC53DM{jKfv6Rb;OTi3c<68Eum#2R`
zzoY93#tD;;c{d=LEO}bcdb`E}dn9o#R>zSzCNvMOaiGBeSjBP_z4HlrG0q5FDUIGc
z3;ixTR(l`hgaPMgK#ijD^3Up+#CX_Gw&qKc{{&G=mF&7tn|h%B+W!r_TlS#~7Y-a?
z*d*A4s;V|DxDJPAgZ_c9si{F^Q-ncPRWfJ%Z|Db4B&CVk5bs!`^-I=Izm9!qa7&_=
z*B>`_Zohmp5+01xSN~_ETBX9|iie3p%ri9|VqO1ZgLB~>9-zu0nWm^?pDOSr;Wv>8
z{gfzP0dl}B`k|`|{ohOdq|oMGEG_I{299~h4>N&qEXAwn$8XC*;4yUjKhM_13A%LZ
zGa)g}vu)3ar|jyJvZhsH4?Pug3kFA?WOCf_6*!j~38nW8rq2Jwmql}1d){j1Zl6+|
zC?Dt$gKn@bNhincf6x$WP(t^oOa48=%1!IcX8-z8=lk0$PM}BTNB0&=>TU_W!@7ci
z%@omDZM{PPp(x-sr*(_;%OYALNoEe(euJ#<!UX~D7LE~Rjx~;@HyD>CcM~AO11tdI
zfL0G^tC%CnIsJ>P<)oIx(}E><B(!q1g3b3Oc#F$D+A$Dv4qR@oKORgXx=|0QPo0~K
z-J8u*Lq{Fu_;0}7f&2Hn=~SbcDZA6F&cc}@U6SwvS>~FwyQ+mpkQc7_Eb_vwe8fqK
zPmH_X5G7|@Xg>VHZD{-JMnfT;;x|!7uCI#5HHYC-i_|wg`<*W+$url6EL^kG#N;OO
zx=c7Sub<K+mEHc-fT^<WZ)Dg;3*4<5GEJHoZUo%3$-0~Ssdpxhw3_1EqvTiml=z)|
z=iJ(==62VmWGZ&RNwDmP<9@)f*#>vR_xPGGG}KRuMmEf>NYHlQK;dtZ$8f?l!L0$|
zUtY}jtlhBxj-Vq)%v08taA>M9<ehyin{1{X@4#t4a0l+2DA5z>+>~7vkP3>b=T;(u
z)?kYtpshTuPn099crm+Os8)>&4P@37IRa;c0sY--8*-t)MC|nqMadL%&hS%!;Xlb!
z7Od;;Mr=g)VZr40UB8az>y^OHG7czOd>AyBW3aRoZ_Z#KdJ?uYx-}Or7Zy=%h@)=G
znT1);6d(RBP1gJGqq?E5tImTomX6Hz%_dDpdMr&*2g9fA{~qFHf0+_o4p5n|OPXy>
z4TGMFe?=2TFCJI>WuUdajxPEQmNJyu8b05}5RcVw7ncm_TsR4<)LOyLdhes?gEvx{
znk?_gw8{f>aj-bX&O#hhtqW4eP1qZSnB$}pjS@enJ2{*@UazM4R60Z@7-C)zN1ohB
zq4xt!0|vKwlIT#BAsRHw)YI_So%u-EJ)rh==h=^^95P6cM|<IX4)Y*oLprJ_D;4@G
z&%GZF-qUknZ_cG+L}mxL_XjYkwF*0s7hA>$^r?*8Qh+)vQZ!*GAI1{%=nVY7YIB(r
zkC=_;Hx`9Aw82Hem8)rs^v83kvL0x~bm2umH0?IzH<X@weSMpq`Ijm;C|u7R{Yv$z
zAn&hxt3~Mde6YR;i7{Z?^g9cFoff7-xk^U2tW8CBAjl;7(Fn!Ib?>pttzaFesX;1)
zh?M*r*3)UG^-5#Q^!Z?AUI`-Gwmub_A<Bp5BasWf^mW9#--KjcEjYyBT*fEA2i1pj
z@*`ZOicZ_&Yn=Z<$E`$nNJ6sXA;={fqJNxq9Fz~JJKvvY-rTJg4XgE%^Io<WU<Iu+
z+X|yNc_vI<)k$nmNYQQ~Usqc6AH+CJM{nQ1pJpFjRCFSBL7Kc^y8gVuXJ-DX>=ijm
zX2GfYVhmsOnrR)ZH)DpHc`=<HR7=~yVNPr2{K{WxAi=N0zMz^)T?#n-%Mt&^B2TB}
z;|nxg0=OGWzSthm@$B6W1Tk1}ng)g5Dx63v>Dr+;M*cAZ4gfWplvM*m=?=O(OhDn+
zeXa8F4^W4nLRpON$QK(OGjxm-GB~lZ6#r45xhOs%ul8YWfBOILT(cG?3{KZ?m{fSV
zKz)b-#WVQz%`iVGd`E}H$ud*qsH}-T*D19wZPvdp^}+iV$4iRK=Or#{)Q7coPZrc;
zFP=k6sv*u#RBf)Dzd15$><Q!q6BV&{y8k>Lh{U-&$IpJul8t759FnZZv!W`&_xCWc
zVl{F$zpOu9@1$UXDcwF>{3K=(*t^`XDB-nEvGE!<%^ltzIvDn`dO~pf3SaYVkJ;#9
z4lx6yQR+oiBn(VP;G{%Too{N+X!#ivQ$a#pUNr6oVqR^$!MMRSQ+v2pGe-MX$XLL$
zNF7bt1)3>X#A#r(QGc3BzM<uNp}x<?p<g%pVTqt$1MFr=s8wvlv!?6@j(~el-~0T8
zVsAd_bRWsli8YJ)k;i_m46^ho{6~OllUkelyuP36Z+YImcvS#Qxkf_ms(Rd8&a1W*
zE^qsRYg2%5J~nqhD=HJtl>y?bg2@TLz)klEflv`6L4kVS?eq7bu)#?>=M=<TWvwL$
zn`9)}c~|MKb9?_%khOMuO&YW<y?OFNR4rV!*WLl!5Tn%ea7wtJ%;d-~_j^cNBY|Bu
z-$?-b(?ae0)ClhMnqVgb!fY)Qan2Kom&OkbQWg|D8jJJq*=Rc2P4T_zu#UOWAIFL3
ztQbfl-{=fJElw)8FF^^lj)qL#H#)1ZqmTcxw~1PJWZvtwwd;6ousba7XO5r2eAS|Z
zlUDn#VCef$p0y$mCV5pIDU)Yj6LIR+R;5QK{4?+_5CLSOVF9R_yN7<g0Ux09-Ox<B
z_`DnHVCQkmBnF#0kdFEq1--jzP6o-om6&-nEEsg^H%jKgJS{*o6S8k{u<9pa;}Rl0
zKrfx^5tyj$&axG}9;Z`s@MF@=MD`DCAmJ{pCNC-VKT+wmCGcZ^;@8R(uxT~udh-$t
z4w6}LZ#4m@p|P=`X(f1DqlUW@qvd%X6H1qB+%Li1?=P%+4?RtxOcGywCgJsTPW;{<
z$!{luk2)c@{pK$?tEzRrAibUhHG)}rn;Rs#C)=uFw;~^i2c-_x(=91{j2`hpo>g0C
z(_W}@V2@Qp=!gzDs50#}V)0LlaFfF0=+hMUo>=fi>$u%3_Rj*Bw72XdtE8klTimNn
z9I6Y>UKG3TksS4{MKik^*6w<LwW#n^IdjgE8e}tC^{*g3dFK?)iq)fs`oWB%znBNa
zN4t`MIyj<JKf89lAl9+-_0kSVhz8A?wmSTAb;&WWylB~(!u{;fCS@|n$y2V%bP@SV
z%oe;KSUCr5I@ymLS$jYpY$XB!eg??|e_O`_r2Rk}Z_0D{auQhEPA+Ss;iMo88~qv<
zNEdQJjOG)n*|PHKI@EeEaPIL9l)Ha~vTV520+MKN)%Q1s$5dctw#BS>AtPYlu>y`^
zDyhh=1RE_xnclRJl4%e!|D~aeYNnW|bJ*x1%CUVxv1Pu1Q>jlz{c?hVMOt&ZT6QkD
z@!iV*^92}X58xe5Q_&G#ZC!luqoKBoOo)J|sG$}o@yZQPorv9}^lKEZBVW`h(kL_0
z?CJ7OVusX(6wCdz?~u<AlK;|1Fm6=-`+a<Uff#u1sOvRh<809KLEO%KE_@>{!A<82
zpJ}4@%<^9sYulzqU{q}Zy&lI5Sx@PY=llILH{qoDQ(=_~EyTlDkO!K4?$H2h#X#1=
zT|f>P$h4}1e*4J18{9hw4eyYgD4`R08ViS0&xD!G;pRCbCFtt(TCXxP4%#jRb{OwT
z?LwIW`U1)d3=}V4FZ6uk%S83yA`u{WWjEHURPv7VHRXSf3LQJZc#cf7==5R<is2)g
zH1WK4NX1nWIiwKQQw=Im?d}*p`Omy7F5t+W+__1&G+<|X!__cJb!J=7S-f7QuNu&}
zpa;JWe)Fsy7p;r^mK-WGXDdSx;WcHnyl|jr>@Q-@mop#`8(5LpM<hpwM|EPh^2etm
zJg}_#Skdf?WJId`CApB*XQ%G@#b2gmPXv(6zRw#Zhd;B#uzqO!6_HGyQHnQ&YfoS$
zM^nhLX-Y$O-<sHlGT_6Lp<r;`G8Ear`W>;6o1LI;(A4=Y-Jq8yY#w$_X7ECj(buS0
z1zL*PV@ObF()gjj&fBWgLnPn4x+C7m?*5_DsYVk$)RN2mb-clC9JWNR^b{(MgkqLF
z3VZ)^XK9_>vc*>HhKl~QDf4+DiIibcZ<ROp5=ECfB7ho{M*gNIru;@X4CqcD5KGEw
zaY5E<*4KX^XWb;iRO*9$?>pCa2}}WS^=bfCFyF1#O^x3Fk?vg0pb)4p-rtbT(Q7$+
zk$>9!H)AIR0o;BEOt{#lPf$JH;=`aK03<kl8dCpZn0V334^|ftYLKk=FsTmrP2op5
zlTTl15}Y^)Lf*x%Bs4Emv$E&gl}S>sN^ujD&SNzb=JfU1GsyEoR#{vN<9Cn4SZK9c
zTs&NO@>xYdVjQ1k`YL8}NearC{!(pzF0BCnUXw_zN%8dlV~ZjVgC{t}&JPT5nqk>1
z_w#+0O=ut_ywTvxM+RSvvdg@-`C8+pZ<}I*Pn||~L77}yXpt-AmhM}RL*rY_crERk
zw_Mfo9?CA(+JnGxd&ET0<CR+`N>%dtkmamES5S|96K*a^asz_;mR&&%!r92=C2=$?
z<UD#6G`1`<J@=@-xR>uS1QRlrtm)+(|9nI6j!;<#ZI}Ulj)7agrhx63ZTe)+ufdO0
zUR=VX18%qfGXM#i5gXt-;c)%Q1I!I6gcD6k4H2|R&4KwQcjYHwZJi_v?|d$=pIZ&;
zU9<n7B@X7V!@I&-!YKM<xsxRRM=ppSxIeuwf5+B)wshV<W&*Mt<(X=jw?K~(P^U_r
z8k+bp%cImQCg*6(xnY2@++$fk>H$A4cZ6NXLoJi9wQ>}!EZth^-8LL}_Lxzc*BPWG
z=5^LNqIci1%UchrD^C8EXw%<D(d`qat&_ftT-FsBkt|q=DI}?8s<Vs=MTDhCWXnYf
zqu&&E-_8skNphQ&@)ZPHkdpnIB;mOrJ;&>6OA82dgzZDtB4JNmQ330wCuVkCjIM?1
zI6@7!8Txsg59Ib_x05Y6qg$SsY-e-&gg=*`?}~M%l-7TxF4$kR=47>!94E%}(CSp>
z5%cMOgsDn@*ZWJB4K&K<r-JM$Ab?&vo=80LaEKA7IQQ^lUE}C9&ifrMR@H(1Zz&E?
zSO+aCU@O_s5VGgk7pCk8Z6MU~67aZUDbVNp$*GTt;f+C20^QL0Qx8(*f%06tK33m0
zOwIxX_!Me~R)%6;$-QB|Vd2v_N%lJ-M|#}id@;;{8iVM2e4FkD0B-43N*1(>QU&b$
zpm=gsv=r1_gK6F%d$P7WE1V#cp9e~o5-XsSsZ&-o8Q@}`Xu>kUC;B0uW`0f1B=*i(
z8BchC*h?-#IzQ?6$OE#3w-6%jJx)#kCQpk-D_gypI?)o&k9lN$f8V@#!7R>GVo>Pe
z<m6+hSY7R6p!R?^v5v*P1cH@_nd&;Qqw1r@<0)}Vs6{lUrW?wJZLKdY-(c*1bKGmd
zqmZCYqZ)`Ll{Zo&g3tz*Cu~H~q>=8q8>=l{T4(z}Qr9NybK`N5qI`)ro5>|(dUyuZ
zBlukZtn9OO+}&RM+126r7dBA&@s1j!75OKJyfXmhjo`Qhy;-b&20Xb7<;b%>^iA65
zdfT!V2N_((#^7&8YDD~A-6Y*?GPlV`ULUotK|5D7JaQ935(DB1U?5g@<8kI2ghE6C
zyhSLg9kZ`RtBJ^_*47Q>0?wH1!OEx`U7P<oPJwcU3&hrQ&!_g??_~3Vsn#BtmeYv`
z{fVcButl8>JPw#TQ>X;e_Fz=hySgMGsRne>@rwb8e$D3ktrntA9V;Z%snRs5prmB?
zHeY_*=N`?-B+Ey^11*u_f9c;BBNd1SneoyqX2%R{$zHORAIwJD771dd@DNpDJ=vkq
zW@eDT$qz1`d)+Z^k%Z&m@SO4ar9fCx+=FgTd!?}+rmk)t$zkH;7fA#K$%b0Bq*~LK
zZet7{Pihe_NpDg#PdcB56U($t!H1^bPlfaqsDSEGFoomRbfk71Z?)a@o@OA<p?RF1
zHLtkza|`jCTANNb6S<;);=?f^&bqRx_v<7U%9Mr&Xy6)`Dh<Tq8AD@H1mvzK9Kk6e
z=s2)aJoQEtct<RqgQ)zSLji{m=H0U18Z)2E_REhLZytSts^A=_blS#*+kRbpu;O-W
z-2}Fv`wT^@7`anrYqN9ZIbglw41V1S4HcGG7<6(VKF~E=a5*DKT}OZJ+YD2`o4<nq
z&a+<V9Wi=auH;YsFg5y<$#zNvcirDLcyNCkmF6`4n$=t7!4uHH=j6Df>*LL2gmJ{|
z=h)8+p)sD)IpWkK?yVb#exqEyT)loVdLC?`=0Xsz+Sj=7A`<n@4ywsX@lEHtlrG=0
zm6$_`j43_u<@?!X5&~x`@eaHfH20i#D+b=nZDs6gJ}nOZs6)t7WdvzXhgcMQcJE~(
z#dYz$=%63eZ4c=)Ox}-tuOiXAFO?}B`%0KV-#>yBQhR0SNOE|2UqB%2vr>vHnXmK*
z-%!~hNGea*4(zTBo<!R)`G7VnGOVS?v`l9B_XekMjcPl&jUhA=FB*b1lo~@;JD`7N
zX(Vd&R#JAn;f%3eYLGmz1Z~P_p^Cr954dY=!q&Ta0W*^=Xyd}nD0&=paJZ;M1M}zb
zU%Kr`Q)ZY5CdM)q(EF`{^mkiCn_O+CTf1@S1QyQs1BuB0z2i`r=9vp7YR!MNLEiAL
z7ChFiCPyv(bsB<&r+zmHM$gZ`M5!tgmCEXPsw{qyWA)8O5}L{EKs(K5;~B($>P7&p
zOClI42XVhnohH<f7;{{fV1$Tl&6Ru$2(!#4A_0<psCdq9>Hb8lCK$yd-Z-{%p5%yR
zUH9wYamYM6-53J3q`P2rKmi{QS6bI`N0K~D7At0Jjx}71MuHWhRhmVd|L)B@B7Ip@
zQ*Mv6mwi|&jZ41XC!Q&*h)5f?#}TcceeaTt-x+*skKd;j`Q#Wx%t`P{wki5;#CT2a
zX}9fjNrULKei4BWuF9ylNMXw=tAQmF8`~#&oMybx{!gC4Vgtd?)jShE?t6XJR%r}Q
zn?1h9d=IFMANLY1=EwQ?%I8x`UG;hfq6E8$33q@Pf>Y9KozpFJ)SCUSIie~%fsMVG
zRf4ME9l}!-aZfl`fT>020R#v|NK61zl4l&744>Y?<FmvZ8_jgl)dT+hKq!nuDT@iM
zJjPZ6)&C=c^#1|s#nb%QfH`71-_J<pe1JjBYQ~}CvJD&WP@MNlV;t`d4RYe(<bBBS
zCG7b2Om0US=*e7TC}K3+KrbO>uNfu2r<<Hur7Tr|_A@8fssFWSY0^30ljqjpqK>|$
z1VB6dh^sz+w#&g~`f2yjv)7vrDc=}k%H;aguKSe-4*k#_U)?Y;`@8b>YOCzn(%|<M
zx%v5flv-r|MDU;QpMnZZQ86*K0=_x1bS9<XfURiL9=q5AJlD^nwa`O6TZkqtjxtMX
z?eh4Ws^s2}e5FT5y;?@^BV;KK4^_(XU<>=U!fm$2k;Li?thkYLI@;>`+?5)S9xzWP
zztZaqRqSajMPMkL$bu`h2153&Z<bSU=h2)3>kWk51eKJ}Qgl>mI4tIgR&8Hk;Rd78
zu>2)Tmy*}(Qm)wnim5l*JwjKR)hbkKyx64^5D8kY?&Ys`K^z^X(e*DBguP|mL!z^N
z@n7lFZ~eW__E_TAe>*Z#zpdQm7JP+!DZ^5!^x75vZT?CYR2YKo7rGT*aeO@p`}`&m
z@>XWEU~$@L^v{*!iwJ;s9|CBc!xmh32Y^t0Z;#;M$`&t1m_AUXzX|^~3n<pz{O{WU
zQNg?UKPVOa7vy0PW0FY9+xqWu?nsu~Y;D=-Gi--S1O(7dZ3pL>-mPqVrl)alg4T@f
zMw6VnViu_uV$t_0l`d^j!N{E!ThX2_2(XH|_Z!L_%F5OD9-Qy~XSb3v?$Ea~rIQeS
z7dokEq2<S`D_PiAa1imSJ0cy5{njwxSV(r8N>NnmLb_;dy_~8ynmEm7E^=nvIfv&!
ztjqjKU*xm;dESPaYG<9rzr2*Xxl+RyMz|~PY!W^FDk<UGL~;08Yxtk~P4JmQ%CHN_
zt*ufUyi|med2VY__}nUpS?Te&WzS!|Fs7Hdm#Rh-8GDn=F)AnwPBB(v(nZc;w>4(`
z5ffbyh*pZ7nZM%5KzOvehQH18jQeRfgwP<Gvp&|PXb5TWn+Jqf)gDz4@<f*TrkYfc
ziA|7Zr5KiCK8*d}Ij;pyfDu4G*kmZNttqGO`?2>xeY)yI<mr&D>P5&@;L#~m2ouwB
z$g&}&I7rDSW%Eh-R4g)30i?I@tP5lUf$Rv}4Qb`H3UrRQwb&x9EhEx{(WKYDRCi{6
zFdIp!kh}#9i~=n;krMgmL5#^mhB%GTK6$0eEw6u8R3+XBHQrTX2=I!If#WR#`WMBy
zr`&iE;<31q_3J;m&v#>!m4SgMwPn!!4HX>9!?k>UM@P;O^#-w)uo}+R8t`U(F?;2)
z)be7TP9}U}5PHw6H?rCIHC__Ro_1Wk^6{&mX@5>T^Q?-NxNVLkO<xKIi9L@FRefeH
zbbu!vxin+#qp8XDAaff(3GntNTse6ke3`JzT1I~t{1p<$?xnm4<vd-C{8vMEtl97<
z8yk2_6l`4t9`%%3rgs%yWpM^>VM;b#=6W&q5F2|DJpRdGk`dAY-aPFgb!~68DP^@5
zP0#0lr_|GP&~$??JiGSkyQD2P59Z73B7a5(U}0AJX9gD^Zf(lN+M0W`T<q7vbpC@e
zCkp@v#l%y1?zO_E@=-E6CS8g+DGxabmc##@4YdGjzP)x&EYu)eXfC`*aSm`nK{05V
z#cwh_t;}Ml#4G^?NWSd&G3cC<ICmWI@!r%Aggrue&*uZkfOrnW>_8WlXeZ^inbA2p
z2Qc>Jy-80(a`7=~9DwacC?P9^#_bCd#)3Izte&uH!I17w4y6O7)<2%|gOKx|eJOtr
zc-L3(=m$sn|M`U9-sRtR?SKx4A#ljMJVNOWt=kh_%l(l7%+tV6M?bJl2n(mYzLc)D
z{qtn2l+b89P#nPvV|Y|KBst6&9xF^7UG1V>MU)sN8rxbgLhA;zLri+dFTAj!N&js-
zbfTm<Yk3jpe;sWiew$&39hd*}j**u3k?rI7+m_)$x}s+;8-F9%G-SF>v9A>(v0q@v
zJk~$F&Bvg#lwX}lP>`H1tO{?HhWzEQxlpz9$+(md-<ADE=hS4AqJKfcM;2ijszTXr
zr!VqQ3WN1D*2aUqZOyYAl5nNa4ZE&JQJz5LbP;|Im`BnCIncYy`NAa-)jxrQ&`K5z
zEq0<Uhl74KR(YI~{;fF*W~^o}at2q7>xhObNS_`*1odz8R#4D#=ajr2tjTiD;ZWhr
z5z4hS+SV`7l_}USXe@ccXg_R;&@JNrnfS#kCy7&N3IGT*L}Vx5kHJI<p5hgd=w?sm
z#phNZf^oo@ugnbEjv`bbJjDkT{J@M-UvjXM-v>49yl$;a(|#SFw!GyO>Dxhq1#1eZ
zi@WKI0t2bV1e}lqK`cMBS;C)vBI%0pV5bQo!#2jl`{Xd1DE}lAZ_adkP*M+T*m&rf
z=M7`-+R0M01*-sa=^u{ttYnVx8d+uD#ES)4e6?l1aKbsAXBhr`-m?O0>kKm-lglAF
z#+MFRQ#cV+fx4#awv?`toW4p=^*^Y(S}vfET4W;~%XxG3<T>jD#hDku{A*x#Ne0T7
z{7$p2h<$T2`F1)vk@ugF;s|7Z$mE=#l|frN#j`Iitox?~nskI+_4!#C+l7~~O5JeF
zCKWyZ)T?w(da;yU;kZ^AsnT_a`2{rg)xexLg?v}&-51PKC|@Ek2BfH))V`ixYV{~0
zQpae^tSRTy{z1psIzLkY9xF8sDTn>&hbfy&o<hk0a5%)=Rp}oI9jzzF9QMy0eA!c`
zKB@-c*uBec$Pdvg=Iy$1<rl%ZV*lt7yr;?)S+Ys#cI}%W$vyd*J(wp00=!>dW3Hi;
zAp%=I9iE<;J6oQ!$x?sLds(GF5Hm{4QbL56#S)uL0>K8$-@T)=;(*&t<w!#WkhHH1
zFT_YtkAMg_Dp*HV6<ko?U}|vC@%c|JtB5~QRO|(z@#hQa`yCYRpJ|NK*Gg;g{G_}#
z=f@M0jG70o_dnIiv4rqZO%<j5K|dVkKo}o<sL>>Pk>Nr-LV8HC{cqDn`K)ld^PW??
zMz6C@+L7T7!`sVe+IS@I244MZF+uzaPvm2FEmIJDbA%|ADZ+ds=IPAbq!zsyj#$R3
zZ+%b~yZ^~|x)PNPfJ9%hem$XksO*q2uNh8(jS|j(gTc4##e%yV#549W5Y@2W-78x_
zw(Uym@MR0Hf=-C5?2BI(*9tEgr#*I6Tg`-7&@PBXrC~d*4E=>i2f%p&@bDD)i~_C!
zBy^NPx+rnv%!2kX<#+AORS^j}pZ60noEGNxihp{Yd>G18U`H7cE1v$M_&4E26shG)
z`0q+o!JaZc2DpO*CArV%(8=6$NP4k$gOxXrR@Y$iyD=fBkLJ5xIP0Jz4mtmcK~Yv^
zcCQt$|JI_iGCSu_JTOXWKoN29HO_wk<m3=+$@Cmx0{OM6{fsQpk3d6*6?Z<+!x&WK
zzx$t%=&R<B6CsmCzpRvO{Pd(KEn<RP;h&$X)C?kCP?4DYzHPtdT(6hIGx<pN4v!o4
zO7j4>;=Q?Ca|Dw&eSC0_w476K9kYesC=0Ht+Yp{}Sm{lF-D7xDdQ@_Woi$E)9m&-K
z=5aj1D>K;o-yA02X>P2M#U-y`qgzrcwxDpLFZIyB(hlrxBQ+bv90ABj-vRVxt@y5s
z!HjL`X}sF6j~}uhalQ&}CZrwYGNfy>h<zX)K4Jd%GeSImOWy0RS4b4z3&tEA@0pRO
z&0d#fGirUp^bYoo|I7v|+m5GeSb-wSf4whYm>ZKt*H#EHSAV+&?O2$qg<+)p<6DHp
zQ1))Z+s|^(9EELR!!QB4Ug(qy0(26w0&eElC5o%$PLf?6If8_>4zF&GrBocNfTKZP
zz-7xR5;*Z+tyzZ`v~^4Kw+<8uvY<?^WEb8-b<l(`hx`Lkj<Kf!!P5yd3J&)5PB&TN
z;@c|UO7e>D*10sU<8I{(Mi*}50B-G_HFp%l;q{w+nEdb33=MU!jV*7j74IM1#p`l2
zX9|(u{0YH6T!@-tq?nshpvRiCTWi1*p}$JnOY_OwXbrX4pZo*Inyht*lrx+<j4Bql
z`f#OS#H+Y9-lgy*16e4}=X>jqPXs&KX67{S2wIDZlmx<F^59*ydH##RjTRl`_<573
zpfhxmluKymNX&P`jFwK}(HDpAmJkSv*Ova{$gGZ#eq*l=45(_UUVwO3;O#bf+VWMy
zpp}tDT_X36%@gbxV;eI38Jd{(XQcRqIZsQz>28<G+j!>5?mHif?1w$%r#xI=RCkMs
zVn((~jymw8E%A4sV8q{o@!Mx=4<Ue6H~_Y{>fre+UVt|q1{HZ`hfcqtN7mYk3S~(e
zVKl@tUPv+eAe2vFX8Q~yu>;z%R&10TtI?M~S{y&`fqf}ZyE8ee!9w9m-^j=}0UN=?
zXuqR?wiPhf_}R^%v+jOOfUZQKc4xoNu}p4Gw77SGmhLr3vN)ln$DOS*erY-spPcgS
zqi)_)J+O2v`U5RnpTA#v90dB;7wbmkgBlbNk>_GQqWY*=Zl(Op9`@7`=BQgtaUEGA
z1Yuw3vhpZeax=NYy3{&(jDj6>-sQ6nd5HuR!^#A3xlUfqSj~5J0LPbhe{WSg#Ju3c
zR}y;C0@w|~abcRTak(_dVkKw;+p86>lYhm^Qhz2lpizGOFrL-d-^d|2A7b|D(+XX<
z(Hh>j5AmgfxorQ&Voe`QO*^|(J`tq2sfz6>93l<NeB<K%XovbirY~;S8&XA|!jV5j
zwD`E`OM6TVrd5oWjbY20uUI*YN4r_+ChncG9mGG|?ER(c9vsEykwubGF{$&BR!fI#
zG;urmyZC|WTHczk%7xIYFSzj%8*_0h^c388I-Yzsu}nK^OO5PjGD(k;UWGd>Yi3fm
zFXjoA9t-`Jp{KZaI<OcdYDZBdE>a&)`P=@L`|sS087q;7&@nPzi?OA3&u+2R+krLU
zdJOt%@6S4HKaxWiP5D?GEwd#V>zsfq?Ynk-0>4eSB<SgZHrssR{dv6#d$M1H7(*5Z
zXrX0(<t(Iv=J~(|68JX_wU%df<<Ru+UgGG1?iV0yAD(H!I-jFG4g`L?pD3R=%j*Qx
zCh4}QJVS@8LqTaBn~GmFKug{K=8L?0#qI<&zF{%t;J5td9w7ilY(Sp~-0T-u*%U=D
zudHBySh**Bd&izLUN+@Vgx~Fiy-XS@^-a)bPM@H>+%6TXDrYjGU#x8LBy-Uv%_zds
zSnt#YLPnaw*ALm6Xrsudgrq#mP}IhOKa+mQaD`3a>Y^=W^44@rM)2V;+<CLRLY$I*
zB5S-cU7k3cnaAai1-Sc$%ih!TSzO+y@AfO8wp#l^gwJ;GZRm`uH1<XMh?doOk=A|a
z@zK9iJi!8Qr_jwO*($qdGp7cQtZ}$eIa;j4eD2>g+&C9(W)=1H6Y`AwMwKV;+uBS%
z%qFbj>yLk(c%2GFYwe;`6m|J3zKgL=qD-hRKkGyQa1H=WsX7;yJ%uBN0s{(KBv@|I
ztu4NY0lwPxB!>MUa-c76cMZ1S`Tl*JNry?KtunTuj-zWpre!_HTYxmGc20Q^I7dU9
zXKSTDNN?Tiqyfg0YC)1s3hJ0a&Ifc1b3+}QmIO}P^{pvmt(}c*p^XSy8VB{Up!sZ3
z_g**k_!PCAm$eCo+I(F>x)&c(o3ENtxwiZ!pryn>Il%anK`8b?d(Dek?)}S~mnPAR
zl<}fi9rCm{vmKG7vCH=_`3DwkOg8Ch*L|_FiESgeM@}o^kJn1gJxP3}doStuOg<g9
znml2kqStp!HH<6r)K_sE?DZ5d=DTY-N9)QiL`B@&Bzu|W5|sZntU0-`;iOIe@xPv2
z^Ud`Uncy$Bd~Mhb^s7X^`TF|M-|m;Nzyi_LzkG>yrmNk;Q^IG&hWulVY<ztT9`+LH
zHH*f-(5}5G?4<(*wVAp8J6=i1X94|Sj&$9_q!&^=?gZ(d2t>GoTp(-^cf)^rPD}b>
z<le4@+<m=;1jlfTZhhDcF}F?l^)0dY1mSLVj1mTE7mPmTV?>vqw6!1S0vt|CACE`T
z$N8+G_`nk|ON<ba;FW-<P$AJNTq2uK0Gyuk`Cwd=ZpeTr)rZ%Ox<00lbpHQEGs0J}
zwvnvthu+NH4v3T;9||D0>ejBcTBGwxzuddc1pI<eI3D*5af}Be(me*!HPNE^@b3nx
zuW!G<{+;`*Vrcab?-^N#2oQfdu~aESG2a8ogaPn#q!q~tgP>ot`MRfUb|v^WH7p(4
z*DoFFyt{K0z^tiYotqm<RnrFj{hDn!RsG7bzbe(jfvE6iApwu4%yWU{A-%eEy*<O#
zPlA@uc~a4VMQMUV#NSPhj@qqs%ekIUe|{3REeju<GZVX1PN`hn<>IPHU{#SIY)>X)
z>Yfbv9%V4L@w$HA(su8M5&=$RFR74Hm@r+%c!I8og<S6TPaH+6e&SL_;=YWOqW;73
zEL|_3pp7o+Bjc}<4_f$qma_<$6QdSYaqU<`BVPyMKDgZJwf9;p%L~)Sb*g_Z?L7TJ
zv~E(4)gnX@7N*hsI7aq#q`u|!jOuWlkC78r1$3+kSt$KrMML|L;7E*CrnQwEAorlR
z+ktLA8<5#pj`+K!%;Zq-YV+0ZS)3(5h4LHBB;{Ba`WYrB-J=E!vXsOuor+^h<S<4c
z4Cft}le6^F%BZc)&bN2<Mb#S$zXQ^rwze>e{Wzeg5Z#Z0Ev-yTD0XHle0fr<W8FcD
z*HQjPi4Fn#6L`0_4m#vq78loX$QwfwPoXCOp9Cg8_8)#xrDg3r$g`x!DpVG{k7eJu
z@OWE{&GrlL@0eKz!*4n#gV=>_3T=-(SK$y29psAZ11)l23t?5wTGbt<rr)o_oQFP^
z_qg&;t9RoTgfQIyz`GE}h;5vp$jp%c{gm0_K-nfpuB`0mRWqXo4k-k0z@8L4>Fw8E
zGMy)!mHWmhI_s2oGhhC%F8~U!@-6??${@jD)J&@8%w|Ojl-`6VwBFQl>^cTlDFDDd
z@biz&DWd2K4r?Uq(=s}0leBVr{F2EAZ_n+0is7T4Y1D`HimAe1Zp066cJ33>p>y%}
z^xmAyUp+Wc?^D@2JXJQ*QqB<lYZ=P?;Q{b(An5oGXV&+B&q!Gt5{l{}{CoHsA0xw{
z`4;I>KR1~`dgr3!TWOW)6%7P_JHhb3AV*H0Lt8ugf?!B|idnpzwraM7=l!+pfKWJ*
zSO_Nh6iD6xd=(K9l%aCTy4VE$F&~~b<ydxm9lXK>b-p_Y(k}|Y5N`mwalo(g-2mTZ
zD&RA&S@r8KBAFC+`aB@XA5WRghYj;QmLrig0`Q;(V3S~^PSyOo_{+fWI(Y#j6_qQ;
z*A1_0n<KDHH7h6U>K=?eq1=BXWfrY)$~_xbE-xs>|K5*_cdC`hu=~%=L-Dn>*<wL^
z!tjHcdeRmv4;Gg@yQ!FWT?3<JkPkhIxF3Z1@#+jzpm&r}I%`b<&zr)m?ye+MLf(bz
zDbi`uHm((HH_9t7EnclNnp!l+UXeTu%h)KAU^Mp)&zq7pIBbkp=WF}*8)nkMwhF98
zpq`__9^PS!2wx5rd81~>lS@Cly7oztG<Zr8Z()z0P9Y^0E%+xQ3H5mAy<L!O)qv|Y
zsIMDSN9g|Tzs#;t0ygj!Zw2%zKU^y#u{t_B!0jXhq#quh^bo=>INWS`6p2E}F|EO5
z2T2{N_G3Ce5p}grmVq~+Xfzavpgh@|6B>dL&ndpaoX3@j#x))TrhqsG3IWfepeRuA
z55o*6+<HvV{&I=|#_?(M)-*m|qH6gv+>JaErUnm@fZ+!0j2IuAL!S;V@|!22Fu=vl
zWSR-eQ{k{0A38y?XF9_KycZDgXG8;FF7Km60RIg}kn@qZN`b<$vLNo*zJ^P!cXoUR
zhB=X3j=X2*zS{2xTyX@m={1FKVsigxKCLs%AI4%QkjMRq5+Gys;k**4>o(N5ACE;4
z=;(RS8^PZjr_%8DsMO=z;AMBkbHQc@S;lW2JSK+^*90{ytz*1-j2A6UIPcFtzGo)&
zr(L(+ss80V@o07*zB1d$mo)m0pDS!Q8P1$pBtu^>(<0@CV~N~7Ja!0&8hDk&C0IV!
zSo{?<{>EHh=4@AV<zBJ#dLvV;`y+lM(}y$~sL@z77oWb>)qv_rVHUy~^T*HpKq0qb
zJe`ci;ymu-u3guVsbVO4zdh3V1km0F#>dG+!3LMuhwBtp_aOeg*Tkg`&C@z>AQSil
z*Llp9{|TsH(T)Evq+#%IT)SU4223=X<O@hcTFG9u8-4y2FOC7c(6Aq!10I-j=zEJe
zpj5nTF1ONhT+LLB(ec_J$zjXj2~Pr)c|fCaG^32n4IQnA;GTaX9sK)r{M+hACYMXl
zSAl*f+p5<{lm~N;ANN`kFXVD~4agaXe!3w~0JdC`fU>67w2SL^p<<vv?0MSsjpsPd
z*klQo>j;0DlL~e0*q1meHFAayoHFL(o{MUWc5?>CSgE?uAXZ1kdh5Xmk{_M}6Gi+r
zLpqU7v3g-A?OE}$qqCtZ(^49A!<iix7l^lARXYl9=GMaOMJL8MM!kzdWZS!{IzNM^
zgHdX%lfNspRa%_TlFsGcXI!rBdB0ya2*bjhtI|mm=#LgxKT6Fzrz0X%+gyw+$_FRj
zT73WlugJ1=#q7q*8Kqb@I^=lk^T<V)^W$qsGYXTFm`cs8;u`umw<E0TzS5Rj-^b>>
znv|B|qZKBVmUY0ywBb?x3!UTB8cgUME!RCgSUB&2x?M(}1E|Kg=hrhdz$<@4E~&0@
zel;-sGH57rp&vTCux7Rtbj_gvh=~;-VEK<+kRBFArf0+qx>TMoed%B0_}d&mZ%*D_
z<FQKsj&KJuWHAQ|5*AADdkI&fCD4?$!pd{=RFf*9IkjwPKixXgXUqUp5IntZXeaZP
z3n)9I0Tj;o4{mn%r=FwGd@7j)60eeNAq%YVr)~pZZkBrfx7OiPNHO|jSxi<YFwjLY
zJP3|A44^N|gj<&mBeuMMfD`igjng*J4s~?Ew%$URz8d@!e2ck*W(*)|6-_Aw6-MSa
zAw(n#eXV~#)3aC6O8#Roeg5e%Z2Ov-sA#iFG$%w~VRz0|ga>Qzz?ddeuwXI#TkI=h
z`N#Jt`8?Fgh(qhFluiucdYsF~Elb5rk0;+ri0cHXf86-j9$4RsOwkTB*u_gabw3-(
zFYk30mtjGR7EY*t+`X4edza?+h&Oz{+6Ai{^ck@==yjw)t{+R8WE34e4tC#wbm;9q
zO!|4EcDE=@9@!&$VbwX)ENymKZ0mMsNXD=H8IT?(Z5{Qp4YJ%$A1x0EeE<32PX!qU
zR*8mnVIHaCQL-x~v}vN6?`U({k{7ojhTG(JRn;-}Cvmlhc6Z9JF;+^QO)+nRx)9!L
zKdQN35Z{@qZo)Rv38!#jbQu!*E`&U+^mGIT_tf%*4%%*KN4i_hi6Z3e6wbJk0cCaY
z`*$LuVg>S<Ridx}AJ7%HyNxpY{B_f0*@Z1RlpMevT*$nTM;<Gk@8|SG-EPPe0jcHU
zk*bGPzr%H5=)Nq#TRtxdt8B~LOs9PIG(eFZJGab9UIYyIh-kO>CAO}&5Y3vE6wxi8
z-Sd?ffnvbDLpgo`A@=-}5SM}8$1im0)p%=R+8c<tjVpShcn@?BZqoPg=eQdobNi3y
zREhX}>x8(~>r(Lb%pc-=$2Pr7Ok-P9In$=VesLFDEZL-5j3?Xz|42^9DH==Ck5!}h
zQgz`?rQPReH25V~qzr+YC{3l-P`}t={KR3`0@8sWi!OMgOd6uV&CNB|hZstZG|RZD
z@ih%`V%#Q9UifvK@Y>(WzNcw<gc7rAsJe4CF)p_PZe#AM1JsE3#Dc)dB+9<&RD7^#
z2>Og)v|w*wZ4IDI1;lD=II-B30#Za`>^Si&hCYj$G<6P%ojiFXE+Yqc>vVNtkVq)%
zLO`@Y@w<bj=eVxSoVNJbP<pFxgHRGSl{%A$^C%-Qa;+Q&n3$NH#H&c6{SV%-hMf>M
zj-$zc{%dN~ipm6Iv^wDKCKKn$F~GU~mf=Rat|nwPP0Rqr;o{rRT5unK!U#$mzaAWe
z<Om3IKy!dWFQ)(tE3ox$1E|c<^>BB`pnT=?jH~DLRm)~~eQ`X0wzbKEAWXyGLq8m(
z_jCsC6rF!$e!g{NI+b@vBh1>*;GSJ~O;R8~DK-Or^p7C%2F=yCYO};;t)1hq&xAYz
zNweN6$WnjAvCMHDnx(lPU09R#r*zD*<SRZ;_)NDY?GXiq7RiB1MHz4C!b`HhRgDg1
zp)cPLp#NMQ!SJmh4qlUdSr(DKfewiUU-@ZLu+-kc+Cro_oMXCnnE2*)4xjPYQLT+^
z@#HIYCJ?{Xj0w{_SH<>NGeEcqoX>p8C~4au!wAFmUk7YmMW+V-Y~9o#RT0)L6=HC6
z9(qj5M{$tEFw72YjKq0l>53kn(nJ8t78vCp-~3DE(HaP7-`9XC_|i~<(~%X8Rpf;l
zSdEW-qwvkWLx-ILXCplM{~G$5e1Gv_b4TmCIG<_gns$<n{Ydn`zZ?x#89r#(&)~ga
zF3fGAsX6|lu@~!u`xE%v5Ytfki9;zRHVmOKF#O+hr_mKF2%nTg;FB(352^2-6zCUe
zUj0_XoHrPL+QHzCLGNK=c+w*PWYHPW!3<yzJ2wl?O44D0h2Q03?SY?yFc|Dv`PWri
z7Aa=+Y0ep6;90#vZyw{X24-tM`bMLBdZ7c404;vm*JEVessZ_Q^`RLRkEt4jIO3(M
zBK_LoX;yb+t)HF~xng~yqw?Zl8KKiWRh1hYk$qCv5L&+%*jwqj@cpnbpG4(>cJa%w
zRK2ZxmoB7n5EYtTbniqDyC(fdhazZ+L1H6Ait{V2+X~GngsEG=+2$@<_}-t=`U%(3
zt}GgO4CBzuam344{NF1~4QEVd-ZpD{&672qU@wGicpsD&>#;un-6Q?#K$8{nEIDr-
z%C8tF^tk?wEcjF?Fp~^XS^bGvjI!+9><paT{j8HY75b~Z=TX<<T~A*;cb&Wm?f&2C
zlBHV^4N<0q6buhQ()6AlO4YOsqj&7=(0mJ<@Pbi*FDonHX0u@(+J-C&jeg7PA2D89
z+Xn;)FXi373%I$z4l3TZg3H<54u$#w6>*0#T7L6$nx`}w-l>ysdv|KrfP)4y44{eh
zxZ=h@?KYG@zlKU?kmEf7emVYVYwHe$?F@o)ewq~rS@CU2PE^&>F?$@qQ1gLWIxp2Y
z#lB8Ds<)=*vt;37(am$bmZa8a&*s#+e@Qp8$p_JdjZxDH(dR3jDR`I{2ur^#RLNao
zzyAp*ndDhr-}26zY>Mm$ET2fyXqxQTSSk?)`ZdR_5E1odr4(VTIOiY|2m=!~orAGy
zd|K+0_!nuoV-ZIsL&>v+`nF2=P0Fcr?Rwanc>Wz#PZbNL&YHB9YR<ym3otWf5)!ie
z_S~M;q$Q<(A72|2C&oJyDZnxn=bm};KpVpT2y=;!;En(sj+4WHEZuy>^oErT+W$p#
z<Hx-KcFo5_=b3V|J20Q(NkG~LTtd1rxa^Mt?bBa%GNA(=(qHec*zB;Yw7J6AXnNVA
zoWO$NR;C}|(=9-pmJEdfdO34U2&n%|59eQ6*PS@|RIxf7jY~cG!3qC=vQW(W3G@p^
z0Qz5j2;p@#Qmn$F>isYSfnS*Ek8#K%YO~<j{nQKAosBxCV|d+n=xcof4D~{TZbcFR
zs=`$!#W^b`k(_aY+q<scwdA%&SqWc)_AlF6DF}Pec`B3++NzYnsLj<SeM^LOF_zk}
zf80BD_`HxEb>!pRUn3Eww2O6Sshp7x&uG7?gpAc7g2Gw7xH|s;I+iUrmcDl~--xmk
zR1CP;M!j~@vuWZ}#);<Uqw;do$#9%w6Y2GJ?6fG%7+Qk}SY7qjWz7QD28P~#FZK|W
z8FW%_UJx-qengO4E*gCyvSp%r0^;Y(tE+1qn01bmKd(Hd*R1L2m9pP?KTEyt(XeHS
zkcSROln@k`_gn3J<=6fiyXjr`<I&8lZr<08+OGMoAKJ$ViBtH}+*_3{02{3H34ysw
z4kqBO(h35+CUoulA$<~uUmext%X|W&P~o-20PE9(bLG8+E~FNhSQJkT^f4NGxkthA
z6Hsz@_h6fxvQYizl7K25ltSi(PiZVc+<$<2PFTo)VVSHlpLPA}XU~*9tGgy-Cj;E=
zAfm<L!{_MhTytA3T{krDI&d_H9z(DMy(HZ!=fJ(LcsV<RuglN#845y;E}TtX?tDKR
zX{&m`1<sCvzS>ZJpd3ThZQE=<vhGPm4d#KVgYomAi4M5GiGZO?s<5Y~Vg#d-+I(0B
zdzl_Gty+J$!^6#-jA{qpD^GHrxDt^{)KS@-jgU`@dWtF*6CIKtRON{Y`bL+~a%{x6
z=HQ>>Kl9>zV{naST#<T2I6jl|eKFrnL;r5iTpY)|Ug@c-2&3`Ew)L0gg&12UGuKc4
zQoQBfAMq;hRC1m3d&lBa68EYDgza*F8;K<aF6T0wlBy<Zc$s}v<84|nB60WV>i-W#
z=rB?E6~AqXc*_#IcD64J;Zdh^>>f7OQ(%@g)$ovjzo?`vR-t>zSYTFWWCB1kzaE>t
zZMGs!A^$z#MtnHZiIW}_bjuTZx+-?Em1RYN0fte~AfI@vpVuCL5051E-9I3V-j@<E
zmI-tAv&bLe7q2VF0<wKjZcGehvv&yYih-|&#$B%lQMR^P1s;AIV(5oX<RCr)hGUT<
zk{^E{bWb<=qCv#31_|}?i2$!l`g8G6@$W~zpmlSKon-05v)J<iZ@R_<()Egp$#PkD
zNmGWjJBM>%`-<SW^Ey6IT=Vkfq|Gp(=rrixh!p*tf6XtAv@OEJj+J-xx#s!VD=P#(
zQ*R8EbOTy>Gmu>P@7I)A7ZL|F$P@;vza<a>d>(Rv_hHVt*<6%9eoj)mnvjwmJ*$GO
zhvbV=*5D4#=DsbxlfuK7%%Og`S4i2Q`UPX0^*c$G;(jgNG<S(z2k){2-P-2-2CC)Z
z62rk<uilc#Os#&@Qjf8ibI?PhkhKM@NyR0m^Ii$Onk;~BpCL|7$<XV|Y+qM;*N0Zn
zIBaRgYh-BA<o=V)K8BoeGMzZ3xSeZRHn2PL5vC{od3QCrZXtJGg_}wKGvClZ9B2|T
zU}^on0=E^&?cToX$!voAma<014=rkVFSY9qYmBtK)j<(=^A(^y(0kMO53X-}fC3_b
zau$0Mx4=SUnakL=ao%(4!I#Ce5r>fgT@?L2vxOF!EPw-gMhxzju2zQ+bQXvcC2z@b
zM<!+8Z?Ym<61-}sSHbNPt^}0t#)1?ayLu|{mn|KcblY4CSWBUpWxXhT7HhRs6U;)#
zZ*W@82xhvD|Ia0rZ=|3`f}8EP=3746JbqYB8Vzp0dqrF()7wpdF%T?=o&Xx7P|m@v
zNw5Zd`Kw%}RR$nilhvN3?sjTiV8vzypVV%EVt(eV<Rh>WOt}k%ExStp*J$C?fpt8-
z_2tQ7E1++GnpNjHm>v;;!=CP9vOG0F+KHfI8#6h3CR`b2&w25I-Qf}cJql)B6;7kH
z5|;hV(ti$5V)*#`hb3IQPEV(zT^s$Jg$Cp=TFn{bzO^_s$gSOvmEa_Yk?ARHhk7Th
z@Oml7W?Mqf2jcpXG1B<j7J0PnViR%ATJ4vAcYS+DvrMwfh&_}8SmL*4LN>#O30MLS
zRQVHbq6ynqyDU-+x{b2($oAfnCS9jSV~fH`)Y8feNINGZ&YAMRJP9^P5mhgD>W$IO
z2L}(cFZCuz+0el03E(TgzBTt8kv@1lrezxgyzg$2j!G6MXtrq&c#3eD$~#Q0xFuf)
zd}YUi+k-!P3l6s>9=Lfq9vXB#lC(PR*KP$Xz*e+ad3ct|yWkttWWA{{wM!k715JRH
zPlKE6b5{Frh7!k1XUZq>KLkqqZeUF4f-+(-9{^8RR7@N|D9x)@l~nTX4RDU0$BRzd
zY#MYNTO2i#D=}>b2DY)GJ+|<yLf6p1mknrY`$qEyRG=W#E9kryE9ufKa%ju@eg85P
z?2F(0SaF9F)G4wj2a300)ye1SJjbdofZbgwi_piz_N-2~A@0hD{+#^$O_osUr%O9n
zYQ5vC*PpSTk>GzES-@2s4yS6fSKv##(^66KzLbDRPhfqP;L8u5Ud$oY6qXhbtg{`y
zQ8{>8pU@SFEakDr{+nBEj}_6Xk#<uA334Ku&WRc+-MKp=RSBE;@e7x0DD4o5*d|3E
zp~?exR{ZN;*WxNIQ)@-gjYunAB?a}64Sm_T{4PQ|H(6Rh=sw|=^2FPay+XcQ*Lxuo
zafk9@N2gw4x3zcm!tRz}8|RZ&(sCg9=5z|g=dhrU{0k5({;NIC%}L~eiX{2eyg}f7
zc4j@0I^{kEzOju-tjF@Lz(EOfZS9E%fKhrKifI_IMnJng<ijM-pLSg7#H>dk;dvG;
z8_J|89V9ToV72BCyIoOK+7-iF9I5%^CH)O~YVCnA`<HX;wUh~vLtRTq|2Qmb-KCYU
z?&j<Ob8}LdJ2-r3G)qimwJ3CYBzPNkE{fo`e*AC{(Y4J=<Ob$Ma6MlUV<Q8%_EIE=
zat;?8@Kpk=aN{CVA;03QtE-`)=l2lUf?3qgL%=RF6sG*$xEj@Sft5K5=475veikWr
zG6z4}3haEn+Tnl9!4N-SWpqByPO21E^v)pVNiW_w1OB26_fJnQOZR)a+67cpG*7&9
zJkR<txww@nZo~&nWX?W+)&pO0gn!p^*dJomP%4_W>qL|kkv8(Z^`45?PR6^3`8QCf
zM;)sqi3<BE&0Zz*Z};ynZnB%EfA2ox-oDSKKyGdT<X8bGYc>~hR<sLYu8p>etqfWB
zXC$w``(QiV>`Gj3g;bTNDC+vr%{G2kCds2pxht|1w<`PpsQSvNIJThM!8JGx?(PIa
za0?{3I|PRbuEAl@;1VE6aCZyAf;$8Y8r&rWcV}L6?|0w#-s;87TJvL=)2FLy*WOii
zdP1<pA8=r&>8oo36euth7#sn45n8tI%k#bUp0F|;Yu#Y;@|brb>jkxp@zj}f$o_jz
zy>iJ6dJf-?g?C_l6sPN9FpQ3;xYadJ5&ovphuuUvVIxh_nV&yl(JijTSaT}6RGTo5
zaoFZ*xQf^<BF@@+a2RS+@eh+)^dMZWhYG!&+*is1<BsWUN`I#|(f98iZpA6EZccib
zZsJxSki+&=efnA#?|B~_IU|3KoA%c>=oq~ni{IbT+l99~$;LaK+J;dHJ~8zKOzmB?
zaKTQ(pm0tA1N9D95KbUs@R{w<Dc90dp1L^k6yb~=*gW$TsRFj|ndtxs4|VC}>*Lky
zV;np;lGIQlp7V(2hW*Tf47x;w(x1v`gJ1-59N1YoN?h0I5IPtc&wdd6;?^u*cvHgr
zwh8~c^t|*-<svwxyaPK(0~dbkX3FNoh?|=)+G#;vpY#XRkss#~jJVAy??kg|6Yia&
zeR#~eUo(9-3|Al18@mLa(EWMd*2`HU=xJT{XK^V6709p6t|%3$H?GT6G9!#9VXl6X
z`~}w`ua2j=IJdY_x<B^6ZHo;6>F8WmtqrGWEv>=U#Nn%|s-bZZAS$(JiCNl}IpST<
z+r~K};kJyC$b?Y=6`WhT?pvu3zG~NpK&$^9DeTGdcyoK0ZMeJv<FeXqMW?y#xIJU>
zY^Zb(bHduP;8c8&>;dL}3-$Ahfs7}qKqX(bc;LRhKd|`rnv))jc?=)c#&sGvuz>}m
z>+mt3Y8-$8#`3c`#R$3G>;a{<=+&)yMxo&un`_O0>9FMnw14#ZcQ%e%-<S`;G+45Y
z-oJm`-*fv)6xAmuUDUJg^h`hj*))JhinrZc{CvI^G3*Q|vOk*{;IRKCrYb3ckSiWB
zXv`Xco)PAzWq))TZ6D;g^aW>7B0g*C0jTv<#B7Z4h&Pl|7DH)cX#FMjE%z<~I#Qry
zlA(oKM=j{(Cc@N+qAP2_4nLt`5L=4aVWS{P9YFb$-<I85di<M@*YKge@mPIE1V#NZ
zVQ5i!!4mSwB+uYOFmLwLkp=+HoQ|JFD}LMF43T5YT050*Re!3@zbJa`REPWGyd0Qp
zo_vHjpVWujK0W=`iPWxHO-ztcuVoo4j#9iokx6BzB`6pc44ZdP@XLt3xtLO^)exHx
zc1~0H5hYokeJlNaDhqnh7h9M({wY`*U5v3c*z4->6gG22NGbmGO6=jJ=eCO4Q7gtj
zn_;@j#&+zQ9mofFg*=bwnanRoZp3e36z9;djJ|h!&p^@%w&GWzeX)F<aHCduhjAXs
zV;E<NX`nnQ5HDzfF8|Jb!>zIH=<fU$W^;`mM<v>yh|T4kinYAd?(hJ~*b@`egB*lm
zR2vG<D_y;&LfI4HeZmGV7}_RODQ(S-HT&r)Y85u@-XeN*eZOh_gm>uNY?%D$4+RRQ
z-`%UF0lct2JJE2@dW}e?G8<?(Dk^Hb&FA{bx>onWk{E-<k>o<8Zj!<1`!}ToX(m_k
z*)Df>RMo)mX#xa;n1eXe7LBtLdhYP)3~9IT){5KP3hr+s7i}K(nCE@3dMl=qH%TGw
z^b2HH-vfpbZ5PhPI7z3A(zFzAEjR9TrxTb6%mk@aW<MVJoxDTSx?fpY*+`5NhXdKI
zE{uUcVXfSL;U>e-X9^UlK`RL^5VI=qi27WnRQEt%KH;pKeJ9B@eqg*Ts)X`zl^=I<
zGf@pF(Y(MNrn*2{o!B`605}!&0Zkfl@sMbLhSXHU2+8;?qQoj>F`}_9HDcJ}cGO3x
z%i_^gfoTw!9bUW_u=;dG_pH&}>Scy})_Wi0b-Kc8aErfhn?4*ZSinCT;ZPrwLK})F
z>5lmX1%`FCHTS)vf?`T;PkE2VaF|Y-h;FJ+vbBK=u6!kDH#IgKf}t1p`%mJ*uqn4*
zN9etQ$kS!Dv(LTdSsU!><7S6JC)3h&tjYpDtVa-CZbKw{)7*S>4VoW(cvE_|dcGJ9
zllfcps9flK2jn(Su8-|&!0rLAat3kDO@vZqif_~db>EzcD6A)tO1M^p9IG5f9D1KE
zy|pX|4GK~ZQJx|DHS>mqAWKCF<jWY^`e(HL#viFbKc_PsGK@uE%A?guH`gr`Y#%Q`
z*3-c!Ep2Kdb<PN!Wr`Ua$iF;+&QCal!fpDagFgiI<zcqmOhzYe$qizSPU=~OjB7$#
zGHX)S>R#PZ)K+>O(IEIQ)aN%>FT4HdK?JS<7_*U~R|fI-@835Eb>jdpk~!FK_GinI
z$^g3fs6PZqK@4b2StouoLaVEqu>um?O$L;%ol;Cwynvp3zZiEiZ2XAMCEn3}>Q=#l
z3=?z-h8f2JjP7sG(+ytoVl>CLOYOV$GzoX;i-(^~F`yR;)|*j+Kd2Gfu$Ro5-6nod
zR{=8+y*KXu`5xmj-$`HH7x1)iD@1Ur_Wi3ZYy5MZn4uEcxAcRR_9~?5iNs~NfNYEm
ztFEd(orh$btBdXRT2g|&%@NgGI(ck{4Qu>P9^0x}-TE`F>Q0YTc42%<H;3=2)^$33
zLsGbm7r4U5W*=`ip-m^e3TVw;1;mb#>K@R+?Pssrce;Njz6BYpq>h0VPwh>mFD^pg
zvlHR(yi>`zXbBnc();P$3=FYmPZ<Vg-WtQ{R{Y)v621R~nrzquFr#SD7+05pbffby
zvjjrxm91NHCim8{gX)xI9asO)f3*NFlr02IbM?(QDptHs*FmnTdPcJ0f9qYNGZcC5
zjb8I6F6vE4lA(mUv-70}>Mzh*`QsAHhkIlonfZ|VlvCUtB$>RSE(Fs=Y1rT|OhU;!
zbQwSAeN}c~SV$NU<De$bw#&cG^<dcJHHU{+46|<M_C19k*u;H4j+8DPrH_@lfE_z2
zv!P*$DakR#v6@;>V2bF}uZZRvEx5JgH%6DS=vR~lb#!C^#?%jI_rNyYdM_`1O@U0x
z7iHy$_^NXu?P863+tnDuXtc2%ELP$-d^_H+wA@FoByx}bv>&=wO)1*Fn+=V1p*8%l
z{P~LhuOX&u$pSvo81@f?HT8b#Q{tfhPk<m62Agv3o|z#unm)B|X`>cns30vecnZ5F
zf+6WYY3Yf$Uo?GmKR6SSUViv#Fbvz{UT>s&B<i@Ep=*73U{KyBFi@z7gO1&dKm5k{
z9No6W)twewcqj7g!R_N<g-I&FlLGSsl0P8wo$@(eQFH_2qX|H;-+g_3Wl7(FQ^V6Q
zz1vs{?Lda0xrfG%+eKKjF6WbDmoE*fN&6dFdi2;=fhQ(Ef^ju(A>%%B+7EMt9|=ho
zb{EVB3S(#5@C#NH-z|(wa}>@)ev~ww35wpYP0ka|HHT0y9K76tzE_TZqqX?g_q}gu
ztk&v9+f`KURo*0f`JdkKDEj?I{%;a2#UT`t*!S<6M+eRhG*8&}x0YxU7>`tXAXhC7
zKt^y&_OQGPqc~b^QK>BFhI?pv0g27*;@ExJih^C1$uSJtL;IGPAu$oOzrVWK7X|jb
zI%xJo$&btIf=<1<fkDn;)v%rF(`zWqqX~LUdCI6!5@N1Iw@HK)$~BwnGjdTQZl9)*
z_GUhLdgtyhX?DA3;O=;q>DSoYS>N|hWXMe_D?$&BHu@+nX}nVYm!6_Gu%0!bT=>-~
zOK_x@*#jt1<P_7`QPI?)cBxf`NJ8-Qd(6Kj!sp^~Dz53__@k?hf=>z?&^Wq`x}CXa
zGi%3v0;7AzI>J!{2|)^#-^B#1MZfY0bRe@uO)CsS!A(0lI=W&5Z66(B0W2rTNr1dY
zzw#%al5VB8Oo0)|`&X}5WsV##>1EkMrhB)w^bVVRh(C@*BojZP;YZ}0X|^qbHHUj?
zMHN<f?pt)RtX9-pZ7X3p2NAT$J4C!rGck>IDd&!n2fVJI>HS>4e_aU#w(Kw@zIjA_
zTywV-M*g5Njow{8`i&m%>j(j_%a4Z0=Chj_V&s;;&V7kHN%q@E<V>_>i<Bq<dQ^w!
zf1@GeS(|{K+yfkz`p<0!(g(Peg?6N}wUe==x|N}VzD7+E9R8-cFVhWzEJ_2xn|OzL
z8?Tk#iTFHWav8ODUS1xPJ)Cw5{`1tHz~<{9z$OX;JN_C-9!82sU`|p%=Is3L+WFo;
zL#ie3b8%By7S4Xc9XCp5$&_h#9c27;qb^NlHtV$ODm*gwK}Y$+yovZmrwZe@inXTH
z=!6?bCav`wK)XwOZc4%$fBv;T*C(s6d+5L-_Da8jV;kWuukc17MyqKS4JEIH4VCvt
zoX=VC=-#|fh+d2eJi<_W)14_u(~lo{KQ10)U}?eXJ5Nh*YdZzWo`tthw_H3)-Xc35
z_4+^&D~K83qYtiq?D)xmi8V~PxWFrH7dUyxw4JUA-su!zf-AAYdWbsvp!bU%kJ(Xu
zXV8)*kwrX6;HwWaWytY$@t#_uuSZNaIdhdtOermp`YOa3+u<;7h-Gt)zr5C2!^7{@
zG=q|iuvfFd{|Sz06xqjhqg@zm57SFxG(wD5rcCF+EvekoL@iNrEE+g-yf-@_BpV%~
z(yw^sfvqqigC9(+PZdw!AL=|Ph}ryis8FQs{7BgII@9CisO5NMb=&0i=t_SM@x_DS
z81l!473#%Al53SII4&dKPXKGR3FPMF#pYYMBEO$;=qd_q)$bbC*>c>v@B4B)x4a`e
z^OE1V3&siY?5Jtwb+K*S;~w?k%n~0M9gTsReF)x5hGp3dFz(Ke#N@TAj6sr3iKFaP
zF(KqY1}$)V?Cah5BxL=?`xA_jne{l@e7cCi;x93QG@0xUpAryU>pF{H`#pG!3xWM4
z-MK%Utfm*}s-<_q0F8a>^rq__U{$bF3Mr6BSkF4h1beM%!J+ZFLa}Z>N&P20$f(Vm
zfn9#7i<Wj02M@89+v@C#XPN>1OBSwkG-+`(tt^HLPC;~&tB@89wVjH_pvLJ;t$xKH
zw;fJcoyl_Ha=$nj%Kj2sGBh%NRSEJW62JaD8D6K$ZUL9cfN_SIYmpKp>j!Z*BxhJ{
z%g@NWIgrmy1!v-Kv_=gCKj4>3qc&S|@4`c_(iQ5Iujuis8CY%D{fY)2II<SGT`k-P
z;PTVn<E`~Yji1Z|e}A02fNF!2BjMu>;DlJulansHVVw-ky94Ua1@mt4JCSdsx;x9<
zvMk@ff4_dU<KFJ-eCe}MvA-S|UAxjo{oB{T5E-VlzXr=5g^e5e#)7%Tf<=f#Ja0h9
z?e|!KmBj%}ZNROHasenIz3`^}SBgNIC1ShK*vF3ZJzhg&<EaQT>=U<dxPQ^M-^wgT
z`?RV;_{iGJK~b3-@!YBe<Jz0(r33>_?CfFyMQrp0y_(;>Iq2K<ytw)O(bpU0`e?NW
zSb*)5*HXj-_7L6E4;}*7ZP{=r>2*a%oT<+5-%S8Sg=G7EO1V^~Hs4dCf@vY|KU)<F
zaQ3*4J1$INVkY~WekI@tBcG7_fg_%qTUvT-8W-1rDO)dC_b(TcV_Xc&P1fOB_#|@X
zS2sR8n-HP2WL@aDecmcH(@+u5s}M9Tj>jq2cp%9V;i9keM>=fP800z|A#4obqd??D
z%IFWgA~TtR2=mxN#4%A3WyA%i;3Z8ev`VIXd22H|>yuPRFq;1$^*y?YT6pg5M!9xg
z?UH=O(V?c)q0+@3tm+nu9KsMI?mC#B*)HgMIfB^i6F`Jm^Fs4LQN^xDh8R>;?e7SF
zU%rk0d^>_suz{RPbg2b8o|1w*AXvjPXhn0nYlshOS*8GFn%%_NMT4cKr40e4qefMf
zF|@w8o8vyW6QH)!XAK5q`&HG|f$;1)3QHZYvj<mNpxD>P%LDE$AA`Osd#@@cG3Vwh
zQN!jZmdhys&FJ*(FS@a|*bIZf&hW!u_c~Tv2)M}q?Du9z0X6vkdjC}1I2AnRoce+E
z0mcHP^?ykL1Pel+Ee9aa%^KY49{d;*CAEQ%JyqX`hsEwr%CbXPI+w#vR44Ewfo#Yr
zRn}|^hHVe*7~l!BZXA1ESNoEq-~){It%X6BNT5sM5ElXR3$tJTkouq4yd;Gqaar+*
z@Zu4us;2>axaoefjTvmR59mUS3vM6sqQ+1?a|)3atCMH2=z^OVWF$dM0pptSUA!0{
z_#+Yxq&}NwPP|5zV~}M?N$7=qdLRxSxAF+L6G=>j$fXu2vo&^|8c5y8SCAfixp!ko
zv(%7au;uc#bRk9uCpPZV3Ty_|5G@!)71gj(rndT~^gM7hgM?07>O3=vgY4WI^SeY$
zKBq~*VNJmSwHZzAKltq`lG&CzpxDDR=)isMac{}&*n}HlYD~?B5~D+BYJEPUm?XC>
zE}H_P=A}*8vV)klAMkE2syB1va*_5M&Q|jzIEuiyw3hVw4z=F^<*3g@%l_*9^|^Mr
z*QAVB{jx)?pDhMljh4}SL+LcFAqNkX!3WVh;8ypTb}uhexK|sk?_3c9N|fRN8jo~s
zRckCv1mkE<mI)i#Ap(BT?_RmqFRrjZ`dmltc<)rmT9pF$Urat1I`Y+3Rf>(Lr6k$t
z4F(j&oYTZQYUu7B9yp-;pT*WfX4iiS-CHQyo0@BRhH3BUr~uH50t<Bf0+XTkPgMWg
zmve3m0tyrotiJ-(Zmm%@4Q*3P`Z$9Qa7OjHgG-S$>*a75sqr60S(><>8S8)mVan>`
zAy2867d10G)Nwa~=mLxZh0HZ^)p564kOBHYZbxgPH<$YCO##yJC97YN+wbC#(g&ku
z@n(jYREY4AsqQl$EODHn_2V4BZi@6?vB5J0XngEf+?7Uc{UzV2Qstsg4hfoV>q9GS
z(92Rct#68?#%H=ISk`Fmt#CR@!O_&^6yWSzp-)lQ7wP2gK9}G#rZ+-($@MA*LH(;>
zUMta*ROoBWg4$H{A=T`9<~$<0D3%wPM~-XI-t#r+vyt6z!hAn_#;Bu<-9OavK3p&4
z+=j1jKH!PfkG>v+ilYXoFwQ8`1>9FL0mbk$H!FAzT~I%Y2c7#R_!!4*m{0@@?fK1g
z1QEu$vrbH+m_M_X`1a{4w%PM{FK$Eq#FaGQ0(#b|K{fMsPR`CWv_XCDErg)C<7@9e
z=JFZVkm4kD5xAF|C7p82TD8pa7fAtdv~Y-a6;B3{>N1M_!bi@(sBhczWWhoX)kb{4
zY`NM^-|qZ1x=7uL$pT$0`O|`)h+b|r22#4!^6zefRr%mI^(y8}`tn_i71<CuDdON&
z#$>bfZ5Enu<Q|oLGLj(|x`zc1iH|w57(%x^%0xXmFX;KhzxUc^<ad{ZcJU<C$c6G_
zW~jRKr-pb=i+mM*OMJb|lU$|`=a-CQ5bnY`R0=g@^5j+}VJLnjJxJHdrvb%>@c@WU
z{07QM`3w>SyPsc!VLbf+VBmxG#d_Rur5@iP#Lw7-UV6U=8nOXlI8-j1|0gLx8tmz7
zWa~07x$r~!n}o@&Fq2TXJP$30rk)BZ8>u}4I?>cl!aJ?tZ+;3Q7>D3h88TMSfayYh
zs<ni-ilt95{zO%HdaV`gdnHEtjtLDMm_rvqFctCZx0NT~r(b?HI`EZnUrc0gUqPFN
zt`4Sjk=gG|x*D5e2>5CQ93tnfL)D{jy>k4&ewXs68%t<fk>!lfG9->7vq6F+57C;d
zdvZ^<o=`-P3&nuJ&YOylajulKwxPYvCNkf8@hTe5jQpy_Sl)UIGCYw%p0mh*FP<CV
zIGTUFB+xcsoU1NP#fCa!90%0-AkQIzfKn4+V1ou$*qe#P@bVe-@|m(Ez1$B0(}C(S
zJexBtv2kN2(~s@+U5;HI_cTJx4LV=>zsjbc((v=jHZi+&XYwhBgtCjsy;W5S2wJ^e
zzk*DXZG4p~z9K>>B{E$Oha!^J8w45xNg5s+Q_MUZQ||6q5bt$Z%Ryhwnx^u3R=3QX
z7<N=NH+!qb#D&eW>?OvZ-%*?5eUj1TP;T`2h7d7w`k4tx?emZpUuo!YIq^G`Q1a4Y
zy*&~E+Yc09X-$4wgw<F6)H>R&l{l<#+MWwL%_qjT510^$(uMYEuEqZ-4YdMH;Qzl?
zA0FUNjH%-{Pv;T{nE~DwDPS&cV45KxD2B>47Ro4+3)H!h=aYRo*%>r&xC0U-o>N1~
z#n(VH3DluL+xn}1H6j^KM1aitq=Rq-C-NmRFavG4UL~pwPs4F23NOtz*Z@MW8Id*;
z>dhh%iBy=7Fw`qk=joWu;f&{6JN3w_YffoH0k$19^qsNVCCPi|O!U&S*p}^hN@~yE
z^EPZX7JO_$aGoc@AHGXJLLi0lH5sAa=%cqJ>XW{+&PZ8>ycDC)$yYDXncM?0GlQu>
zII)|owmn*LB=)d8p_;BNgnKer3?wZMlx{S2!GH@|Z}NZd0W1d4`Ch@PznDRp+Mk>N
z26m8q3H{sVaZHI777Xyi_mk@Yn@xMh$@(KorCvgOG%OOOh*1xbM#3!qw}ew5>ulCk
z)sT7u8C-Y{c|XY(lj@UcG|ic9t!fK<n#dc=P)pp-fxhV|orv~Mw7mjaGhSpHbIv8B
z0&C@{yFbw(M5>~kAZa3_@DItO0AkI78@%uidBxOyFMpa>e5-XYS3IB&A-M0IVgDfJ
zyCyfx*1Kt~N57bwA;tf}yj<%m*C|5YxMOK#Y7HijRMsu~Qb|z?M%2#B-tX>Prn2TX
zwGBb}!Q2C*Gq;MS)(dLb*wH&26z;2;*j+3yQq1O%lbTn7oEXT8|JO=@T!P>!O0!sA
zNuK2)M>PXv(y__~6pJ8&h+3A93X-dUCekqR2TAR6tx^xPzJ!hAzl6Kw+Q=oO<!b@O
z<M5+tZt9-h=P%*Dm^U`YSUmk~EK)*gdGQwYT~i31cN<v)shiw4f&;_vF0{=!r604T
zc?92*v$EQ?_a%0Yf{M8Hc{YL^@6de|otY1Ww@a*53N!zf5uqjyuGy0gl++c=d)1}a
z<l12BWU$gE-I1XehmHmu^iOosDV}kA7R5-?QSw|x4%zfAyNn^ke;UAmTx@TtX;#Qa
z*KX@$yxa}4iycOlEqc2Ww5{OB$0;44-_*Mh8jtx8CH_o{V?VW|{Oc)KIbaGqFsUub
zOYtvx)9L=|TsXta%gbn~P)%ge*3}i!v?pB72zD{#4V*-8U}*qNnN|QptA6~$toO%c
z3ubQL1{0zWykew2v%|b5$!3juLqxpCE`i>|>1(Af59q7a7q4oMz$0QP6~t;yI4tYU
zn6!QJQATjWnAtMwt!&H$)a*TxpZYaQIuQMouVih0x1jnnH&uAnSy8-`caC=zn=B_(
z9}Sa9;gNKf4V8BVUy$<RYz)X~dk|rfCf!K+|4@wO#n%7ZKxCc0=j@11oNb}=WwWR(
zM&yr8#Cee5dA05b#n*lEhnlORV@HkLvRW!M6cGykc|14A{x6<THvf$u&oQKW<@p9d
zu^&=Kpde_j_Cz9mftWiysHOzFgA-J<dTiNdWXt@@mpc-?$^uePVy5|+GN+6oNkf9e
zD~1z&|C{VHRsv{@_ffX}$=Wjw)4k9^j({$idAPHW5N_mZo>&9T^2*gkRE*q2SL(~j
zflMuNDT<m=AcguLMz{G9ghO*go734~%6!2O{2;f@3W@6iQl4ofjlYePX^2MceAt>z
zmFh$mKxZ;s8T_&2DLwQ%YMtd#Oe!N6yiq54ORVLv(&^?y*5OoOkD26+I@$RF<2!@v
zyMR%5f}Uyv=FIl0RcFG>Q-6EovN%@z|M3sv>97BZpyD^!XO1VZ7aQV0fsN%eb$})T
z<Usf)MlT~<T7-ea1s6=<B&dYdY)+&t+Wr0rx|<WmuYXGoGL|BiclsGvh(lDv%$U}R
zU}IWGAO5+*vjkIGO7i*!*CaG5e~f#2OkN=N`@GRdGEbtq7>j~&a%MT-B3oo_w5|1^
zq07&Sl_ms8EjJ@E3&n!pXxXJe=J!kdqqTTHR}!yTM&G()RN#F^4>VX0&CmdO9xNvt
zIt!pIRh3on%y`Znd?u2pdo`BuDGe)z(6(Ma<d=%=r~VmwjjE6ST$}S42ZpLHdQo1{
z-XBRKIK{c!LL&**SN(EH^cQvoizFij$gM7sVH{k+up_EPv76&l@_*vzHGm-sT!Fhp
zwaNlRN~KZ+5H(g90&q?=z`8uwY&tY10+0$IIb}-6^E$oTILl|`FH+vVQU80dKI+Cj
zdosP&B-g6;%Vv#ukA|`!N<+2c%>>1(RE*(jd<pg@&i+b<l~1qDP(KbPf9;eo!z-Sf
z=w5HE%~zp)>T=j5bBYQ~tDG(HCVM@X`~vhgPw(}pRgx@CmfA#+rHoME5QtHkxfU*z
zgFzxVkYw|(4C=HP*qSjXq`~M<ZzRuvz&O$EyC2(BHpxUR3`L7?KcYr2Q;I2ZnM%g_
z*zwYRK$9T0oB3_mNW8b($}r~Cu_5Nwb)w^FMBWlGAaUm(w1D;0@*GQ`U!FO$f9zub
z1-87}1%;jXopwBRe<;N+0&Bc>WV**P^*ac0FI%N57#)0R?&_{8ax_cbpBlUl$LjEb
zS_{pu+*3XV|6Q=4aOL=*vzfOl9gY?!O6KKarHATOg)U<bn3Gm>D{_%DNs*(9vPA0G
zuQ`BG%l`MT5*WIEdYU?p0gYw02#YCWkgJK2jrgOq0!EoX6=sQm-WM9jBxZ81Do|$S
zFK146L(f-SM(pU1T4(B51o*XzGk)EnD;Woa+fClR1XE(d8Y3R|w!9%U9(Yc;w5kMb
z6WZs&`?=e%w}Iex($31XHOD<&H?)ld<M992JO00~p7^)Me|Pg%DJncrqr#I$t>^$C
z0mAVw*Z%uv&l2F|8W&IXr%=^Y%(|814h%zf_)SRyZ~W~YO}JR#<V42hy>JW?av6IL
ze`6aNe(#u;*ADMhV@jjdyrG4*eTI8$AGM`0ImFK@9n0%Yhy0Q)Nje9|nJ!<mW??D4
zZ{iMZJfQ&3VUN~KA1*l2FfW^u*LtInmx0D<424aiECuDoxamcoeSVPjY3Q!5oDK2J
zqm_L;8HCB&I(U}G8bUO$iET@>xU_vExYHl$Unya42logE8hu04k&g2^_!D9?DZZ6u
z7z|bOU-ZZXC_w*V%I48EDBY}(@0$lMnhp5U)MTKX1VjXKYknSd3q(y|j`LW@OK%U4
zut$I6Gwh!u3U4uXNNMsyWps69no|QcW$8(?CWXmVBL1#&#&ufIN^}2EEKD4vjn|AC
zX0MM|{<i4JI<z3W)?A5C+fAaa%a_v^kc(zvJLGRxM%cCCqE*yiQmc@Mi6Ro*$hU%s
zu4i(oU30yuWX4t}z8ea8=ZQ?`NrEo;IT`t@ydGD)(>HeZxFm$AIG?$Ag~cyT#&$YZ
zp3%XZg}SkVzelaSq69U0qWvf&S_N*SKV#`L%w<Lzd^vOhQT&q77i=`;)?9|C8leL+
zi*fINZ^2B~GpNETetsp0?1DLl!rX#^g9wg}s&d4jHSYaZb&_pw!jV9wt280uNdO-R
z0*LfA%X}nnai^;h_?*s)%5Ka=<np6)lDzKR^D82dN}pnYdQ`-|aAUok8^wY+yX!CJ
z1VtoA`tKp;+Md9Xh={||=4l>ENMxZKdv)(fnP%f^syPZ+d*ZxuEm&4Y9kt3avq;!#
z!FwM~UeXgD$h#lzX7{~3Mv8}wprS~2R4>lLvuNXBDA#wWML(Q}H3*d^sZRbNG8^I*
zrU93B-jdtWh!C6$nuM5htfcUCA@H1Igcy%A5ZZDkvC_YA7@<SEM>FWxs4uxWeO`7K
zG(-gR$^8ETmFpcAPrrpjN)+B*4oD9JUU2@<{kiFbwGHr(p!3YGI|aUt$b*H9D&10v
zliI&-O=X2*M~Jx7rP2HqQp&UfgMEtk3WHpbdOi!j<`0d&BebgJCexKjaD?n-<5A=(
zEz!grRp`pGpB4^fqLbN5M7>)(W6S*-=zCpq)V<bJ=WAp7X~Hxjx)9eTL!#O{Shf(r
zY2hf2;I894`ai!0KS{D~^`~%5FW?!?yqoQra|1VlaO9(WY-QlZQmlElx|M<_?CN&e
z!Bju72;Hw&qQbF=olVvP)67S3b>i}lt{wr<*wOC@tT~(E88ejwA>#RRB!>;3dSVt#
z*tS1MMu*08{mG~(j2F3pSc&i9v<b=`R?9|n3PSAJOYIN}OyZsa#}PrmM@^G#LA>~-
zpQ@SVM3@V|+k0t8Myv-K7tr?1m*;Tt-CObCCQ_is;1N1&ciR0z4BBHQLWwQD-)o=s
zmVj*qZHw8E&s6KKxdzU@XShR%@2HyUB9FqpUzaMpJ>ccSbL!W%8`Q@CqCoHpa{RfG
zyKaU>A1+J&?F76uLg+>n56!J|sI@=GXSx%^UFIL7oQl&sOA)QJ8#s?Mer?ShV@%A9
z&#SW=2NwNIBS249{UTkEVRc^59|QGoGCF?BQx*kF$Ja7G96<L-6<eQoTmQO~?jNoR
zK(IyXaZWBrbw_w*Z5JT)6K$QIKtT$zhG96|=$>@YSKJS?Fi4zD?o~jp5_~<;%Z4xa
z{DySd2qvoVbDQ6S%fKHqn+RWVO08h!LgmB=Y!o`TiHJnTK8I|+y)l$-E&;O%(+_W&
zIe(`VV`CbXP-V`FlnG3jkW~JWXf5wBrDvG1JC4!h#hm5A36Cn%2N8Qgw^cpnR!bRY
zIcEAj{WJ+>AbMP#kI6xY*sYto_@&B~AcPk)ayHu~w>EIc4cF~H=lFm2mwfo2C;mB$
z;$090Vjt}B49YK;5<SbLFxc0J6mVza-LMW3zt@8cICPJ?y~^W8l&+q_I6!YLF~g43
z%{AS)BA+P#eOql!>_d1tfDxcmM>?1E9goxxNwQRlHC^djlByB0s61o&j+DLA%f!sW
zIi7p=8s>57i}VIuPa{nPy~H-dntAarL!j|fp3IXDC%!p4?Qr(v$>H*QT*$_ab`#>k
zR+`-J@nL3taj%>J^W+60myA#Ss%yID9Cw7rJSKSD(|=C`xg07FwI6arhXW}fO3lWB
zzpzo>aY*Ufr3j@yhUjsvuv<D9tF!;-=>PZq^zB)Pn1K;!aNUWy^CABw=%MSPUQ&=8
z>n{JL<yS_%N^N#s_I8}p$Mbu^Q|C%HOw6OepaK=l)d8KpBPTc27iMQ(EqIGXh|-yR
zS02{vSJI?uw74eH&VpFTGcUHJ2ISmdTHo*~W2S133{ho9Xx!T9#77Z5T$SP(PCgL@
zpnfARAV>NX`xEoC%IUg5sJUUrsH(le*LJIS>q{CLz2@E043?0`DR{jKrG9CeJk)K%
zqT&4b<OoC^b(&YI(k<R%?~L*Os|7$BbEP^rsof*kGjcvAk~$AY8GrU@akKw_UMT9m
zDh|T{DNebmqg;3&1KQ}~VZ$7SlppsaFl2^L>7~+?_48x{u`-fw$@9(>lkh~jYP&Re
z+*EhNjdtQcA$RPW257+*4DRgc?QuNgNN=OCnF0_h?&qi)W)tzEOhJu%>|F{m=AfW<
zrgT3&WcAcm?veH^b>|D>KZo{g{8st8zTKUsmGu3%@@V6^xZ0Kp;);>sI9H7!j~~Re
z$mqJIqALnL4Zl}{9s6+lQ0(tpM+IW~aJ3cn#`h!Jv3PK~?tUW4V<dt<Pp*wzT5#4Q
zJS;JtD`0{nM^!%|!{l!NS@3f*{68024{UP1gFQvzJtsPV^na`#7e2*eUI>P413C~K
z<K>v?9J9`Mt}&73O@@YAKY|l1ZZ9g~g4|yjVL|Fa{9E)stEk9Gh6Wj}+<){}wY8&R
z>~%&#Q8+mf%qDmr*3~oFxryv1&8h|6<-aHE8j+J*)Vtw(d~d1|XKc9w>q$Ux>Ti(p
zB92sgS@pD+Xty^zf8lYD>(?I1%b)rAb4X(0PdS(J6u^x>xK;2q7~s0uz4Hg{y6nqT
zaHu<@eH#9G_=XtAdEoS{wdI9_<Cf+3?|r@htgQo3cdj3UVZ;EIFW&5IUc!2M=NAmi
zF^BTQAlS69sBq@a%jR>*UNc}qHV7Eb19Xo77``81LV$jQPb<q+=)q|u0m|QGUFkTH
z=o~|NF}d{R@sOj1#a?f(T{=YY>NTl)hSzb_tJGxMvAGJ-$(2+fk)e|pXojM-qBC=f
zG>aq17?U6x#<!~a7@+xi@Bh-UCX)DF0LCXZPdL218T&T38_&BSe;$D$aQtTBIN0FI
z*j%_#FQmKsZpnX4;d|QQpqS@`O$Wh2Lyefxrg$~BBZmFxn-g&&NvaTO2Bgdk<0E`O
z3ryMI{JG@X{vXJ&<~D1xhXG*y;uMn6htKZ@nE+?}teNaS8FxXWMEXW}#m<f8S<tVL
zKoh$Fc>oM<yPHD;bz0T2>|c`JJ$Bvdyq!lx$jz&F%JJeQE7vnCi0WNmJZ$zru26_r
z({ZU$F5t(FuVlUac{tfts~TQIWL!Sn=y0js%sA577s{}=`RW%355v$q_y*yg0;hDy
zEhER=7fTDDrn`hk`uvzLjplh4Ei=i?27cRJiYCMQXD4d3pYo{6t`(1_ih>yzClZUj
z&+m0B&g@e9&y()hpm~0Ve_V1W;5T@UGWJ7HslhCbl^xq~`2$LnA$gB#|6|0BB)}?P
zM<K(8l9_!@RxO@$c>{8zVc6d#+goFF)!2c2e})=ztT2G{tDUz)l$hAX`GiS@g#x!@
zoL|}qCffud)NJz#*fzvV5=@J!nbE$Yp>*Q3fmneic@B%O$||4AYzybZq>e>P{(M*S
z*)7Np@2v%WQ>N?i<k5J4u9&RL?qbSb$P!lLIVBeJ<$CkaJD;UucUu%R6!C%7!#J5*
z4hbHA(MfMZ5$McRQH{_22R8HYnyJ$%R}0IeSZhh<Pl*X3Tb>pM8=xMUj3`rKS(jV|
zqIcr*4_J~c#a3%$eqJV-7^NEr58ijY4@_-xyTA@ZCpTX{yY2kge^FY42N1Vmw&&s&
zmHj^lr5?b~NVH^?jvb_${RY*<{~!c?YB2(|v#U8Gu14x$uARy+p-dn^C5>Wehkp&m
zHuTFz>ycdV?sCb<@B=0gJPtQr+<r*Tgz)p#7LJk<Dme`BGoz~H{*l@E-lx^kO^Tsv
zz&$#qN?aIYUenyM)DzL2ed)(u^j6@fQpVwM<BT9t<*_qSB_fq~owAYU@<x_%Yf{ep
zt94IKMqzV7qDgL?39<fK@V&?&!=b(>3y}!(U|#)eGY(S_PZ+I{>__d0+oYS-xka{-
zV3=C>TE~DX082<8AmU!Y<GomX{9nu(id;+A-}zKnf(BHwT!7yKWDVDi&RdU`WgvXf
zx-8i7=Uf&5p$h;is;{g*e^H*WUN7K7`wqRY<8$snmPT#j=tMN4_pW1BUY|RDNbbP2
z*Q~<YLCh?9kti+2DsWr*q9T9JmfnK1ADyz=1&*0UlU-+X$N#NC0g*_9aKdU_CMj9-
z3$UYuITCkontjZ$jEH;a!D(t=20>zijIF6v2g7F}a6}#1iz2}RK@}s!r2(UL^eY86
zHf(nGf!Gvs+u5{8uJ|*ZP97`hhQ$8Wm6^zm@#4R99SY#PM9Gk0`IY}d&{bL(N7Kh4
zX3(DmHBcwu!}5~80n*Oh^j%&fzDz-<90_9pPJ`#nzKp4Ze#!glaEk#t)sNZ83enV6
zQ=xw$jH+BsR^~ICXutEO;7sxDIGIUgMcd@PvuXB6WxY<%$L--F8e5d!QS<K0FAvSi
zT1}czoO`>W73}(2kH&_WG|49NHb}<xiFmcTRMF|>&1LvBc=W3XpI?xAYGdcKr_6Jj
z<JhFfjW$GGZcC+~t`a2~<+7dYDmZV_lDR1Id$k&jn{$p6o;Uv+h@f`DH^%pBz^s;k
zud1XjsBh0hN-xv^>4$zLpb9GZ9UunW4&h-u7cEtt2&o?$X4}B(8x&iOzFiQ5X+6GO
zGw5>3ex*-e|IFUlW>59|EE0(whcIoV_D|Ch>dglzt>IA4+OK|twYHB7-7w^|+my%+
zaGx54>1DsK(o3mY?I7frZ_GD@+H@_0`n!89E`5onHYfcO>FE~8A(aBk&eY-AUQR=O
zHy@F#`w`5iTvr!qcgXJC-hul{2T~5XSg7#0`@abq_s2wX#4PS_ND!qRS7!b8%5MGF
z1;=H*c%nlweNHDDyPyrv0Q*^~dsHJ)oC@(qPz4UrsDFRp-V!R76pux}<E@4RaX$%y
zBMzRxhz_B5Iun`0C4LO*Ix{CjVL+<BV9B!N6@(aojV1j#^)Z>{)(Dx0=q4~O*|g)A
z`G12umFnb;1V~ziTqPTOkl=oiY%v_fZT%tCXc*so|EsF+XeiC^qf1RSC0ndsbktAV
zj;I_@Od?rFrwD*{+vd8HZ=~2i8fInDai2aT?ATvJI{p}}78^*!_hr<1Gw?10vtisk
z)6WJtdj8)ha_L{$WffT3rS0?5gtvee^ptHEYjM_dfJ=u1YI9$7!gr#jQVFVIqr=1J
zY-RQE!3tR4Nl$mlPNF6drxI&o7eF2GDUDtA#{*ZR<d?oxvL@PJO3hR?I)1zgPw<=e
z!}RC$74?Z4x`x2_1*Jfa=8j5?h3<`DV!8=urD7ImZ$)d@dY4=}9=5l=vhir~T7UOn
z4!|+~ePR_E5mJuv|B`#Z+wdsCleNo*{!Vyoe!2Y$o#w-@504jq+lu#-TVKs9f*E(&
zMTCdU@BuGF1?a5+=@s|<P?kI=f*p<?_d+-0XEz^#S%9krfV@~`4EUQ^->@1^k}p8f
zIQ(=NK0Grp=egL;qF$dQ&&-8%7O&*4+RisULza`#WV&l$K13JO$IqwttliLL!7PvW
zt&K1O=SqUZ<31rHM>2VxVv!-=`?1nD;Wvpt<~v+%liEO2xYow5>5AG{bdFfM$5TXp
zakgWAhUUkI0^?p*5$uPU+N|Pc#iN<J!VRy@9L0`|Yj)GJ$#IMr6D+?QL_^4R1+@jm
zPyN0ZZ@(B&GT-3Y?#k_f^{;fnW;?oI4dZLj<Ozp=w-LzyHlG2M?G1FN-@XSbNEvrm
zBI!>4%ys>Z`}qu%fT~|>T+kHXkV`WGl6;bawOqhRPPB4azCBN5goRVTw$j=g$rF;y
z)YM72RAVm)&UU+VLm%|Lte+``=vv`is6d|>=Q!GMrq8i??boh(_}0e0hRQ=M{V^o)
zPou6F1URUB<|!A^3#K1n2H1gMxJ5M2MIL|RpG%$*?+4xcLf7$T9Df2Pdrb3mJ%2-~
zUvU(R#3{+rA_mz<ofMDJUIJ<3hO(|aLOrmmw&zu?IGn6*KG(zl%jeW_*jIc9D6O+E
z*Vs?#_IG!rPbt=4&s<TJ{x~$UMJ+p^JgemD^0m9_Am)M1+7H>%M7hwRH1haKuP+uQ
z^nztHLJJ<gM0?Vi_owz6bs@6H`}O8hZrX*$(!6qc@7W!nTys9n>E-@32~WSzerXfR
z+kTAO01RUo+0Irc`x5V}y*eb)wdVDKB3w5@aKAC;kPur?>}Y(SI|ZZJ&5oUsmIyD|
zZ){comG5rIy<ydSvW{v01BU+62AA6C$5I^1vy`LvSOeS(v;H1AnT0?5ey%=8iMp8o
zw(!XdcvJxs^x5e+(gW!NUF+eftEfo;TW#q$Jnny0XF<!95f}iHS9ZZ<#}|c8%x!y;
zx#5=u0!LQm2+rHM9=xXeAc=h*4d>9|RDtNac6AVW=B90W72J`*8WQCm5wei#=-23-
z-`;v^7rHo(6cU934#IPpn<Ls-eB&Zl8ygTK!x`Mx_C6cKFFhS;Z_QI?S#Q=*!VBt%
z!#wI=TEF(OF0YE2b99eTG#0!oVS$VM^X>bD-*-bz=42h-{Y}|A%i=eHn}p5%ua5c8
zl14XSHuc?nN>@&I>XAV0BS6IK+BGhI1E~T;<U#Q}?6BZJ_I<PAf8hhaj0oWC!ZC#}
z`nc(b=`-PXve&3}FiIx=d6c-9N7u~foTr^uCi7XX)=yrem7fw1(t*5I7RYu>`HUfn
zD7JVYZ51St`;DV6(#Z7ic2K5L)rhv%hhF4$O%tx)^2CvmT3pBnzhiF#<Yc0{LS~Fe
ziXGju@yZONKy#xJ;-I0w*h#qeS*rrFOg=JSeFr#PPnNFLM0A2-wa056?O4Eu{dc(n
zM)*1aX1OE%8IWG&fhCB!)Bu6tHlfWwS5>+I#C(ZjS%zUcS|<$^j!n#MOCxYNMm=jF
zx^O*x)r|X)^`Oy#Z$|T%@N?Cd1hh#uGcy@l#?q6poVrVm5|x&UfZs^t*}SN<P6QXu
z4KyoNv1bN?HjW*sULAA({n237M0pur%1tSXRj$F=6(OfoN3R_7bT^a8KAK@x>um6s
ztm@hFUUN~=M|cnPM>w?5ER-6>j#e4FUTSMjJDp9(JU-u1-(hn}JCU2?AOGU9`^O*J
z&&x}X23#i;7_MNj)d33fj)5$Cw>6{(0t5;On0difNbsnrUSLGfjUY+8m;n|dmzzDw
z^GyH5hgp@Q!u}x;v_d<#RcBbO;vdJZc=ks{#W4*QCxYRQ^j_bN)@p3d5T|2=)SSd+
zQ`G9GZiQKNvp~yHgA)?0!tue(9_z6CU>rfc(3#piqi=nlA#?9EP|h*bmZzj$Ez3I?
zX}9h&R3H4l>a$s?dr4p0*G>b{&aXW#SaJ3lQdMYFyLKaa^xr2QU6)*VPR9+ua{~^9
zD)z<G=4CD^(5?NPZs@Q)Tb#e=$tt~X-2>MbSm=#$ku^LwtZBr%%^m4-#$OXT;Fl{Z
zQVBTf6%DV6fSH3Ks=U)Tj~1bP+PBKpYn2}lb%pLWNSAGl;j_5d1Ym3uUB2I1_6@kJ
zAN!bxXvB((bhOyD74at1KbEwrn(W%sxVS&jReNC}%Q~c^mu?SqU@kc|-;}RBjmgAp
z4_uQ=a2cNJvLeriNi2OBuYlkJ)34qa|NL!mi%}h>EwV`Oqc8fl%@-+}k<6{qi;V1W
z71`AYyvlja{AZqYGw+P>orp=Pcm#~`IoLr@#BaH89KDfY<0T{yj=s-J25QUtZ@A|5
zLFygo#FRX!H>?v#ARp%SfAYs4ic^}PB;Xn5ABSVT6Vr@s4UvE&{*Bida3&282UNeH
ztHOhauLCqmEF3u<Zqb+SLd-u%6uK91f)I<RBHUm18*D0ahtL!GSYw12{6@`hR}qaT
z5SoQq@;GY$!Xm|s9X~z3U`k6{%H<%8^dAuoG?KvhTrh*u{o%UlcGLLoazlLIP4sWE
zE>*vAY&EtJ&sg(KKCguAPmK&TOCQqegVeJkYj9)+mXjV9`2CgW87(Kn^QxY|^grkM
z{(Ug)`!j-}T4jWBa8L1lvHq%jLB?a*v5EoucW#b795qliUq}G(VHn_zAMYiRAvA0K
z#&>GF0_!#fRr_P#+GKL`*5#)BX`>vvWpu5ULbgeo3XrhjqBoaX4o4!0WT|WM!iEYg
z(l6bu+|cpW>qgOWaU~y@m{tcu=RfL&3^67kNIJglcLhT^%E0?YIE><mEIOER2VC`E
zD5vUuG#(P}$ZgpIc*aJ*dYxJOA7Tr+u8Q0yEF|MOk>2-9*0hXt^>5E#{pzm?J=v9U
z*Ipt~hWPR6TY~?!&&!V|*<YT0P~+9VRRJ9|58!(9dVRV3;9O>)i3RkxvIiiyfq?|H
zw1u2xGVg6kyUVeP;%k;_RHA|yGk$mVU(qX|QWK??<R|@*%ECfJ(8D(*j_1)`O2JSE
zCG>9NRHyrGn9JMM_XX+?DrZSXC}4<;5pvU5^esqpf9XfzK(<3sPf-nE2yPECr@=xS
zd3)E-c}9WSYvMDK{S{+8u_3N{<+E?DMBhC7?*W7;3%J1Vt(GHJD3`JkSDEWksJr15
zCYW$ctlwwHY(mV~U!Z@aa#h*15g4bjz;vS-t0jLJUwno#z7{9h*DnC=A{(&Y@oW^B
zt4{*ZwNZK2Ve}g)q;Hvh(}o3f0X}ONKP)umSpb6IQ0}TQ>FbxjV|q0o)>Y#IkY9UC
zq~aKA+SH`ZQGmv}M)x=AaO?T4@4JuJ*FM*YeYUM$Bv$P$v5Ol2bOJU@ER!I=DzE<D
z(eZ|#;|vkcul`Y!&&>1$IAV-|_?z*tW~m?_g?8)G)0W@dI1+EHtTf(X$~!`DTbFK=
zqH4hgR^gw2h$^#gPq?N!iY#j+4}Z<t*|LOgF(^jtj&~rgiXpJhb@SxwM5##{m>gV^
z?_2<V2WznB;SBX0!7psW8YurURjP;IkHN4?fYye-gkih_ER$jXQXdep`O}r2wf*=1
zNc(WAz$an3EBZ;y0_nLST!_<78KV;T7FZOC=E<&Ao+ktRoz)6wm_cVVhatv<C!rT9
z{RCN(>m*T9Tf)V~jmE!yg}v_muaX7kDnC+#G*`3aX<C}ht`66Ot5RNM!J6X7sXc;v
zQ@?$iSD`y1X;bUiX>$|?!><}kxel4g#A@{?-+xBIFoN&mcT4dL=*yxDL3FTaKBpRQ
zs=w1R3GcIQ+Hejfbf^PN^4Umj09A&c>><t%8TRp+>;f*b9w>fM2d*p7#$r^hMx_{c
z=q?OQR(dba3e4ID;XGPTZl3A}2%U2ya7)vScM7PAIs_(}8h@OG|8sAs{RD4kFz4Mz
zhY~B^;qd4Yk7t)jp>?u9qBv_1$>iy;YdN#38;4WpdM6r}N2)K^E%xPYl^Xj%i0sl>
zay?n_`^%8}>ya--uB(j5HT`1(@%C7VaHNc{f@9=jucp>iBfHZUQ0H@FBm9fI<+9i^
zs@AXCPaXvw4T;Hu6|U{4r~<@_St28Xjd(W-AOF^YMU=EROn5;ro*)2v-4(jFCw(|3
z0YdAyXGOMc4_L1_Rh&=js7ewrmh!~76-)#$cVRtn7bbTA3<4T^fQrwbt<vA0elQ2z
zx~6)?J2;^clsz1b$cBgKZ#`5_<J}Qx>85iw$?B$?IK`VbMgiS}2OoESI2iO~T)g!;
zPq7Lv(T5b6kK6Jm(q;PPHl!(9AIQ^oP>P553PoxP52mz+emtJMBaXsNln@7VHw9JB
zALTXA#?`9ZbY1=GGX`r&HM&m+CYp)uPi)8zQ_3Ih>!SK@!Bs~<%V>S2qvGfHf>qVL
zAOQsZv)m@Py3`R0rX0R=@9v(3R*U0*_w@F;Lgk+gr?&;3>&5+BE~KtYO4!Vwmr5FX
zz>tbIBlC{clppd00D<{OC9aJB@yyhPL2!4-r2FJ$;0Ng2jtsAHW!y!@IBE3&Nww54
zB^q`m)%@j=Qbsw&uXy*~_tMA-46-s&8*VSH5>_14{`5tdB@P<NIvhD7rCA_))vJ4g
z<NTPf{$LB3x<_L$#IZ~lWX`K)+8OQY<OYe^&Ri)t^v`+Te+a`0(u*U@HMAW%>=XSI
z7L~)l|7b>>uyW(Nj+2w|cZ9%ZUE!nrsa@IMdlBXv+bdDle@jfL9y~UYVau~N>uchN
z&$_!fS2Zl_km?~$$Y>ZU`O|g-pyr4BZ0hkq0)X^FA$3oY27vfi5x{O=`h)<?UTR9T
zRn!s)$JE$|t-*6qa7{Vm_qghpq)w8<TI!MtnVNx%ycacNC#ZhfbY7pB6!m@WCr{eV
z+HJ)<UL1|guz7WS73W&OA3?dd*f2Y|T)ek#v!Ygr%&nABX8pMzjfkL=hNHw$I6`@C
zl~I;y?K0^1A(9fjF?oUZC`9krNWRF2dPZ}XbJeokzC??~s&2n2slc-r{Ns9NJW97B
zQY>EkW4%Bsr0%=Qy=X9_RjwmscMUqtbF(@F^bZb`{6khhTQE?Y*WvmE{-WVmX^fDe
z6G(}L()I=w<avMC2=<m_2CR4*WvatSf#<cH8sercaH@BJ?X?t&R6;&@!dWg<aXT3&
zUj(7MaTkMOHGxiW$VhSA0aM~M8*Qu(NB<^r7qVg?Il_y)dr5yDZCJVYG>_r%>$4dJ
zgguWm=5t@!P~~^WK0mdZ##aSTBHw_S{VVrU&Xm-?;sc`K5P=-Dv2pIQHb`zZ#JR~t
zl~RNYuZDW4p;_R>gi&Cg-Nbn*;YlEUw_z-leU$o>K*(!3Wu~y*2E4u(K!AM>%+o@F
zjn6&9NAa6Dpkol|?&CN!ehC96J){-Mfh4Lg|5itD0Cw91M4&>kFjb&N8A#bey#bZ2
z4-zBKbCU4$mQ_E27t`g&=Mh5!?C}zp8fT1dJzGfP+Pshk-=H|m?k#n=fH4p0k_mFE
z(YkOK{%1WngaFh@9aP&yNWgcAq@YirrMFR2?8;JsN6psXSWVxY3P5a%i~g`1r{1y|
zB{i3zn=R40)5D8`H?t16I`%3B4$qV&3brTM_E?7AVkonJ%K~@9A*n#%H%+veU)u-1
zAg6_ibO;R(3oWCtbp|0TBz-sG0?yPNy!@|9paYlxpM>CjKWuzuu~**R5E8UH)Ot%7
z|E1tHf6g_cvp!k-u9A<2R^6XdDXk?>Qo3(VY1ZEd)e&MyBxsQ^e+BattTdQnBcF_X
zV249cXrQq*e<Yr&BN;-NJ3=ZoN_EJQ<7%1Es&qG~DP@)SPV+MEXLrcJUyTS)KPJ?Z
z(QX5WRivajZ|?RA?nZ^X(jK(|Bh-P5>cvy>ROz43Y9Mb~&5N!){KH3IF^Kymu22Gq
z{w24JXdd3Hbu#mWkgNuoH(EO^%k(^&rq-{{_Rz5)hy^7DK#^cu<hsAbZOFn;@p=cj
zv{La>--U*;J6ucQ@1NfV$a`)1scI}8s_UVwd{ER1UZ6Yg#>#LAD?l4sqQVbv-1?;X
ze`xv&peWn#?WK|KZV(hu5b17Ek?u}Wx*L{mqy;3EmXb~h>F(}s*(DcP*ze)}egAoe
z8CZ50?t4#O=bY>C@4phT@eJ)@{iS4*G~|6!(hvgGC|P2C{cgWGMA@bbHs_;0ow3$r
zgyiAI`{Tfxe<M|;a;ohxnc0lyL2U&{5A7h+Qd#L(0SUj-b5ftf^EW#-C7|fzj@{t9
zck9%TlaO&5ez*YKR)YGG!`~j}DGGLiM?@k(l0X~$UHdxpt@&1>8WML~1h-E_>!Mxw
zq8%$J*taB>!j<qXsXPyoSHtZ=Fukk`sFe0M5+>4vXx((}0_h`;Y7ppixov0|%sKV5
zK2N3JZ|4UF+I@J0q<3tGr5I8dlm^SJ>%!*ahpR@V_r2-L?C`~~8KcPaR2;@*jZd+R
zg&Y&M$(<A?OGQ^9K^*Frv-nMw(w_ePokJjD)PGZ<iJg(rA8+4#{d~jSox6-bxDd<M
zCy#WnaT?8BinfP*xcHIR{c$!W<ox-7*7qgSY(+&~K5^<t>c{5zA#gW%D|^WvHcnv!
za|E7Zek$M>5(JMJU)jX1SDur!$Ps|Jy>C`MyM6uuqp$L^ED#y1yLSAg(k3*HBZ{BW
z&pf-JIrt=%%-#|l$d`m=&MqMs??JkB#i2xjQn)n-Rs-nSJ#8AY<qeUhyKSkX2Hs-o
z329|eVZZrDQnD@drZ%`<Pl#b8O4hY5TSQ8uHquI<*3Kw;WfoVzIfdPanwBvZ0il$Z
zDWuxZ<CocsXS#2{o(YG{d6e8Vg6g{a6dy(`tp0xVmMKq`H=?CUWaZWg>hGwH`00p?
zD8<J`%ms8yq}l&>xTga)exiDe`9w$fh!QyAo_#QUh{TYChs(ysmJSqk^*G7?iG_ml
z1n79WTYqD#MUuYLu>QO-VcS5;+0LvCu?`ZQNwrIRYc)%vzGXm)x+7eFd0A%X7N3X(
z7g0;$+Qxrod19TZRQ@^o_vshT*{aUpC3yI#Io50Mt6t_sexAgit<`SbMvB2GIkGI^
zi<6DV5|^q;vdN*E#X!s5Tei}}%^O*ixRLddZ@!ozW^WLlGAGj`rPgG5+>W%bw;0hN
z(?Sa$Ft8_ZFXw|#7ltFk5m1-^sVFYuzGO2u!xpwat@{g1gCNS5iaPtgZ#?YMjFX(4
zObj%xmwEDMR{N0LE_Iby52j-yG2&v1HWiqL>auAORI{W~9&#9!ad^i+k4mnUiTS@?
zfN|!OqG#yeTns6u%G%Vzhd^cP*yG|<=_0IoYEhU+JWN~6Z~tPAFKjBa$Ur)pa~r~x
zk38&kx~ORIMVpBGO9+p}aq&uBzS14OA&iq@uS$jbrl?zT44Wh~8kuf<^QWxV(#BX9
z$#ad#^c&x36()>N|5<<N?szUOUVZWfzc7wrS^*958OG&p592BYboS{nS^f;8-)!BK
z;9G|vxS{l**5}*+ss#jcKs<}WEvm`NNfrbA#0nJ)B?e8o)3#JnqYAy4{IL3v@&X`w
zx2|e=^$)az5%z;KSBL9ezP#^C>T*pemDncIr@Ghb34$rs*^)eMS&lIap+A)T^9FIm
zQ&40WJ{Ek&n`dweuR!sC&B4!(7Mfsqt?pxa_Bka6rX}_UbD@*CSQt|S!KC^N<(48h
z34Ak`$=X$Ws}iyyG_XjhlH%kqrV~1eI-rs^q^d|9_c$DH%WZOh*X41Fz7dKjA9LyZ
z49MvC@sp&^*FA}_mB!P@yYw%i88|lL$CimFM&okD$fvgxC~|W2?A==7?Ps1=Z$qlM
z6w%Kr_x~#K8-BD_-LuTGhdUlvWC)>pb&;V+ZE@^ZQGF>XaOTBk+;ui+Do-B)8L==J
zms90HkMC_1c!KdNQ)_&2Tl|oT(ty6SQ2nW4A@oG{1fD<GJ(mS7RMSxeRkPO{7%tzw
ze0u|x4zvytaorj|n&=WJ{yuUM#1PsN8ygY5TEzS9owmY^2H~ivZ~MD8ZD%dKwZq!Y
z^>coB+Ub*VeOrc$`1bS(t{+*_Q9YKO3cw|Z;2+j+ejK-OXO0F(hK_y;nYGcPqx3&2
zEk*|Us>rS1NHP5W_%SGyd*y>JB*hoT9R54kd&lFGl_1z1^s~j*Pfv5G<}0;jMH{Yc
zhB~calQ<9jFNKf=Yg*Ts%l2%!ul#QsUW=_!3^RThl~`mf9RuRPv{F>-4fD&NQJ4SH
zCWWJqdJlJ%jGt{ZKaMlSEbJz~nf<~~!A5gGdiu47RoT-Q<8AErD|(3S){G*sy!AST
ze{>oGNFM0+$&4yc{CYD1i3gMs{HbEIV_+SUYeO|iB|UMES-t8&C=F~&{OWu2Pl}%1
z0uR7_5&_rIem3cD6loAMf%}D}Z)k5Or+{cT3jH66wD$`CO?r~o$YvLd0Qdb1jP|7l
zH}?(7w}KUEUb~7x9BI&FFEmOG#gP64?Q_@HQ$dAOkDWDM#&o3F&s9d57ai|bsKtWi
zsr>a5RWO2C+(zwyLVCO(?b_V?-*aqc*_T+4Bp7z)HW-r)=fcmE<M+&3g*m3Ic~X7A
ze`xP*`Jw-))1N$mg@K%Ux5V3JNbbcPa8i}rCn<a$k~1F;RtSP{dEbX37?>Ev%}4_O
zq>BT(24YYGDP6wI*Z20@mGznWT+S<Nq6M&6CnHs05hO=oM50&@40U3ARsAg_@fnM#
zufSTdSlOG^5T9qG(p*?@Wr)QM)t6A<x@;9I<)G$v1!c)88)t0pwZ+NXvb$?x(7mT#
zjvmM8HAj}YGYU+VuvZnQM--XNQr2t5tnDse3DXFRV>KMNytyw5{&ifv{l;hXBBOnN
ziIg%vMcq0!ZBo%?U}<>B6<DKmS+yzQ?+D|9*}!h#Pcr$xM}iklo=wr!0qPbDHJS(Z
zCMF-;d`xM5#>dD+1XA=vj$?SxV$koNGgbEx(w3EyQamKOrK&Zd6FA3Icuk-_P$F5U
zB)-sd*82N{{5J*e^M<AeJJqs3C%k-T7&3h57@RDoB7vVXa6orL9-%?F1C+^@^Bn%O
zkzpvmsbj^U3>q;by25eW%J_O2Oy|8kH?C6e_k}Nxy)*1wObsfBybH1~<S35Ypq*#u
za(X#@gHV=EVk(79thK@!J}u$7^i=CbO^8YM#*;+8`tzTa?AWA#GAC6U-H7~7FeIw`
zG*Ct$#Ew4`)N@0Sla+N4a|lT1sfVqCTtzgFDtoz7ll1!42g)$UApM<^H8!?DHRkco
zZ0w#?i|$zO%bUC`AESLnfsHQ@UHD1A?8M)9?qccPq7#8xWZvdwc}~R-C*xP@HGh6C
zu3oP&rXLWCpBywKhIekECMQ5K$7G_d5C)8G5`tr}R2BbK`wc+M34an!k6dXU*xF6W
z`AgHbe1{P#US)~T_a=jGG~#Dw(3^iC)Ki>u<tzlbfS~LPtkL%AME~~y{s4^62M4Rd
z%Y2J6{SR7z1~f7rJ7i>l!tXijxcGfJsMAjzA1YdU>CXifmyW_gkCA6sKyv681jnJj
zysaMsxsgfEnD&X9RjxDXrR)Wgj%|2z`Xud+-ftWYz{d0OdMBSfh$_&dIhm@Y)dZFQ
zjXx|P%V1V@o<+kPPl$t(oey^nqdyD1HDxBCO6cYe+=c(9jr*vnK4k2jJy0O*{X&o}
zIZEy;i(}Q)m@KQ7cas}3+<3W~GgXPio;qgWmne~O%r`&twGm9mPz3KLAN-#4N!2v1
zyTKlSF#$ZCJ?ut~>QRgu7a@0#kAj#!oT&pWB}-4l5a8000tZ{q+HDhn9eG41O7!N>
z3Gtao4inkeg_`tW$QUR74|8}mo~Jbip6}yyNnWV9+6mj12X|9y$CYHo^fCPLErMM4
z2d0JO3*$xN=By}qlJqR$KkCbeB`)Ao<=M__G-NgVp#RgMp;&cBk4r(-JY~d9$T6X1
zkX`<zBstW-Fo`{TraSX8%@&%mKh9d&M!Q@6+0pLj;Q8}_;CdYqhrd?~lDaYc&c?4R
zCu@U8Ep>XG(f6Kw8Ss2A-jq1j=mug?;6Y&W!L9Yy=^xAH*t=z{3eN6-uQ~v8-Myb`
zC-r3=Sy4ei<FNL-dH1$#il!ifABUMtdp04mkh8p(zN03+FWa#m%R9n;zS}rT!?)AK
z5kXN9HdcMpg2T%*7;r!G93uUxws}b&U4d3~QCA^fG1b;$`5xZ7&|XF1OvzV(lo>=a
zBszyL^`qlxL-*L&OlI-p)Yrzlf}+08N#>ZEh0tw`CbiajtiI*VfrQ%D#3)wTc1zi`
z{1DRFeybr1X66&^pGBqV^RC@s_$oxDTmU}5^aZBy-_ax{o}7i*ri6tYNK)GGG_<H6
zV|c*4n!;EF2^7;S?Z`RPpYZd{SE*Rz!jZYO`klL~nbkXf$vo8kjjQ)WsQ6fXz4044
z$7GfG&Y-BD7GE#A%JkizpKAnuLY>hzPE}-490HaN65d4+G7l`5&rqw%r`j=5#4xGV
z917%u63`<j4+w9V%NplCRdzGQ$Vr)^jNUT}e4e}ffg<dtIzFUP=L+0_Z1zdvl(skn
z(=_&O1ugZ00^h^XL440!NsA)+QfYg2hyV1hiudU>>yYt>fuoB0#s9uP;{j0OuBGys
zGMI#z7%s@8a|6fWzi`Y0WZ7(pcgBeNJ9B)WCvy~#TmpJ_;<;mY8*y%e5VT~s{of08
ztYJ?3Bk5PZE<*ib9E-(!RhIP@m~h`%3P-~#O`fO&m@0;agEM8PYyLoEinoEFQ)U;c
zJ<9YNk`~l7FLaQ9(AX-CJ!y$SYja-U`L&)jUOO)F8pZNrpg>NwcwUZFJrXDV<qCd{
z(5A|mO^D1(g$j<r@ZnRx+u&yf&-h8-+cO+ik<re!hY=V`j5c6Tq;w=3efxs-7+A0#
zj>wXDTzWe1?vr1nezbLutCypE`i}bXm?kR<aj+aEF6hReX(paaZE&~r44C}7PWlUz
zq=d{d39u&A<tuAbZ_%%vk9B=x`dGcaH_6sTBHKsG8^7ndC~aK8U4+W}lJrHLSjAQ7
zWv^Xf@V4dr7FSPQwLL;g9!lV#*&t`id-uF_U`;APa<{LZ#?3ngWpDz^V0oHm-zpn&
z#q?b^S&gdX{YJ|H;l(Dbioqh(gqEhlKUE-8ia$N##I>BZeFsC{p?He^2thGE>sAm|
zMD|AAcj}$gG_SeV0)Ya(dtjCO>&^8Y)=JK&L#|#u#WG_Pkh9zW6JZ2KcL&y)61@Lr
z7zK1mCk@iAn!jFp_KN&dEoH;<DJn${FV&WeRe8`-AmIiDo%p*Kw+w_ygt~@NaleS{
zpIzo!dY`vlXTq>4x5+Xn$~mqBHfGVkw$Tv>tBjnC;$sf^;w~`mdQQGU+tIyzfni!P
zwcw`~h8I{LG`Ay}+)ugFH=f{@A_#1XA+K_5d{7SN&8X(IMbQu+&^NjYnzQVrh2#qv
zCH<hHWjSxDv7vF~J-9^{j<h0neWN=8`Wy0VvkyO@y(C>!Z;U_km__Xk5=V#Q?{R87
znCE|?&Hr*JsAIPT>63%GaTjBOf5_np2d^Cfi|mPNhs>)JfYzMxUR-G0Ri&S(<1buP
z!cRs-)T}QkEfzc@1^LFCq#LrMQ3*yV>s}9u9EEB4+(vE;{nn2YbvDR}FOapFKVhOm
zEHD`IG7q#SUX-2A)>Io}<r(BeS36%uRt#F<iVxyOi<?_X?%PO5hvJ}+42GlXFPn3T
zyz3lWd{%%@CJljKK+!C|SEA8P@HlH?U_FeT?zoGH3?QYz>JFJhXXX|dHoxC2OnGSb
z@o!l9e4G@9o<F~)e$+?|2ZJj%bK3>r@wE&8)7TEcK;2J4Or|ip!I7DMQn@_u9aAxZ
zJlG5wXE`i$v~LJ}VnL4$lH@AE04;{Cf|3PIf4|LYDELDd_dDyYzWQ^a&=eD1GZPD>
zu%Nx6v3!i@^n*tarU@xO4ceYH8H(=V1$mX?p!y8T2a9o<^?a_2viZX}tWzr4xBEuc
zTJf5+S^v$y58rl(>^3;5>+D@i1EYH=PTrE(EB1wauqOPKZRzdm{w2(PG1bumdK#0-
z36hN0&g0Ql{APF-ipOxLt|d|JqCFc=r{+Y$wpk0Q!)_IH&I8;^ZW*ve33&Fy%e}fK
z*qTGb5#>K-w7bEDmfheH{SA|#9+(PFQNzyVB?)N4eU(LA6MgcA+5>Z2#)><4yy5`h
z5^*!Kw*HvRAS=t-hXo~J+5RmkF;ec@m5@=K7irpbjTQFE1k35U+>D+4dZL9eI}Dfq
zAa>EPo<3#Fy;-Fezgo(NUb5*iF)!N6yxB>cuV`tmEwv&roY_YR#UYTi2|ecB->Y{=
z9k^U57a}n*wS9AucfG{lX=(zR`Ca;E)_&FIHO2@!6}jHFx8cSP3_)d?@}%O@s|W1<
zJV=W}mz0?+)sH@2*xbn;u<lk5%I6mqIQ|9y{V=8v_?wQ$|Ak16Zk5CS{P20O0G#}k
z{QL{dv(3l_UM$Uc4}sxNA8J0d<W*6|auwl&q&-~#PP|P!ewoNW6SUIf=8~A0A#13u
zNSIr(LR3FeH98{&k<f7DZNy@4?e2y5W?hiXR2g<hd-s?4md8m5%*7p0g7s6L9o_Cz
zaX;6OK4xC_UpwP<`HQqT9FD$;Y5s6TqRki~gcSPfFX+r$!w6Ng?@L1?0Ru6T4l#G#
zkK7T7<G)uNO+6{4KW}VIYMYS?R7N|>QeUZlXkiqouW{hNB96FPFT72B9{27l4ZTX6
zgNBA?19sp|6R<@Pfq~If(-Pbrf>N%{0qWe`l=_I=<huV4;_V58$9tY_Nvt%-G_D6=
zJn_UVpTSB0t+uAM(CM}(rF^@Ia}QaWldh5a_7sLli2J~+Dh<23Hv66Z++w>!;<q6X
zr_Sk3ByF9sh+=>OnyF`8giz(?-)grAWey$sqnUqfLx^c_3{-)fmc=*3C=bm<PPq?=
z-MSGd8;BvBu<mXY8j0M!;@KlCytRHf@5UkCTEKmk6XMYyz6`$S|F_-&F5L%UoN$Cf
zD0s2~6Y;kZY3$Qm3(IO<oC%ZHY2(>hS#B4%e(j5PpK2HF0HX2M%40JB_3_;M9oKb&
zL=$%5LM>9zvJ5j}(Tx$k6+LXZt3hMDq#wN<7KYnHc_%K+)$!?|kO?KJYX{_$$ImXh
zdwLtiq(`psC;HmfUy2q|DlzC}>n?2Yv&c>QS3Rv;=g9G^^EjMX=C&930o=?Z;hdvd
z+xcM*poy7;qvjg@&8Lf}r{BD*FB23Nrpi{LCtGcHC3oz&z+3a)uY&YtO7tuXKPy%)
z7_%ZK2QD@YfZX8ptdBZnq+h?rJNaG0Bch8%fKO&r030c>4*ww(v)?5FyK9HOOsZ8=
z?q-OOQW~S!7sb93eX`3k_b53z{m@CmN~6~3ZG86t9}LI#+bUcYA*0aS4s8c|K6vg&
zT*NkTuv2N+F&J@%SS>S}uRyW`P+QQ#$o@q|q#Y1(aDl{|bvZvBU-_V$qMJ^-ueP1t
zdjo48yF<DiC3n(D7<#wNLcg58pw1*#LVtf1si($=gg3OLXRMlYfn2dMkBg~q012jz
zav||wWlnCRZ-D&>>SvE_n_;s2=AOF}1&(tmnIw;St)<caoBBBO81o{tJ^m<|Sz7X0
zyR<-RLv8Qw>l04%?zVl+T!QIhK3Z_?$<3gjiO77VN%tsqZXXvte)7q-q+{EyOxwk^
z2n?u(pgOie_cCsq&z>%#oq5FZ?y&>{K3&pkbGktPYOcELoG0+p0`@=;f41hgJvt=4
zA^|bYRqEgQwtUz8(!dahUlLzi@a!+|H%C~9E^Pkx5cZ~L8b1KS=CwUaFFtvJfV4h^
z;wSwPafnrin_R@|27$v}yF|w5Cu%}HNB&G;8>pS^jwV3X%%-BO+)|ty-~(OrJ#z<y
z5kNQgpXOR4AmlQ<#ZgK<4YK1%Uw@gp$Smp@*1TG1t4ihJlcAz!!OG$6z;Ld}c_X7Z
z8LsK*zU)<SR^MP7G9t^`kj{SB=t)S9%kpiM`8xkjI3%l*=GPa71&y(KdWoB0KU8j|
zdsd9EEOSfMy*6)t|DfSCKcCjg>4QSw7`I<BIjq6zXv@3}57++q!oVE}HrV40IPeUN
zz&Motgu(bYTLM`9Zm`~IcmGo(+~nki*X?dvj;<)FLg9?~Se{yDDho?ov@a#ApBA}O
z=cAn3t|##J@#IJZz=5;9&D`d9EVtq%4Yj<a7(?tY8a+7|uq;evksXH52)~MdoQ^jZ
z6BAoS){Pl>7FZE^$y7s@XbfDJD`Tj`ALDT(Hwq6-a?mILb*{^S&o3o4anRQ$vOz>4
z_dgku9`=6P5xoA}O~&&#7X?G>vsNJLXYBNXbmW-<ocuY~La`F5ueho~fjw%Z_P^`|
zVwAPe^Y5GkFJ2+rN{acG$WV=3C>qtrU4Ufu^4jEBsy*aIwNztvf~NYGLP7JD#=WDN
z0+90xa{Bvs9<l!bJ1DRQXKaVYt#>awcGOA$$x62b9qnV4QEQ-A(o|pgS#@CTe7aXo
zqyX`9-fLwWszf`59wT9ef<K#xsK1E%V;$(<IO?XW(Cxz~-CcjUJKH?<T=Op9L;TgX
zou_`hnFBH%MF>61HFqc^_iW|Q#bW!JfOFc!*H{Ps%u$!-6ZZ%wbW=Q2;D^2CQxCfM
zxYtjX%tR-Go1X@Kk-eKVqzsASY@zc<p_T|KF?wNK;4|OQY+Fv42Xf8Do<-uxdkI0G
zI!7~NNd|9KC!G?0$n%hqgtv3Xy-un9s)sV)2ssCET&>UjAMGC=LYkp5Zpjz7<oP+!
zY8U0o@S~o2Kng0-jC)4O9Yp#2?diz=JOHY8ClG)SkT`q38a1l}^g*I*FJuc0Y*L=9
zAa}mlL+hCqIot3A-`qe>&-~^G&DPVcJot*@YqPG0m}KG&^r(H8=#4IWTc{uD9pNU;
zE@)iqK7?E=ZP104O33d6;EKBDJ09<0*PiVciK7Vo_jUjf^%(}HzYM(SIDU`0S@m>P
zHg1^nOf{<xjkcg=U;zkeq6QM=9nKBj7-+=0c9Apm_rZMtp6TrhTkgHEY``1-VlejZ
z3Ezp>e5_5ME4q{ImCN^+Atat;k#q(0mexK06lFif@~XS$M8@({4g2REBsRR<>S`!<
z_*VSTH_)jCk{Pe;R}ZTk=KXfl9%hMm&Mx>tj?`Y{fv2G^dtn?9|K+LxvPQ>_^B#GF
z@eiK=R(cyd9%$i{p6xNMp8xpaIspQ3FgF}<$1Cj*SPmU`i^D<1XMW^Q7wNn|mdyyI
zX~3tNUeKoNoEj_g8)3FHFu+Chp7rA*(r{J4m#1eN%gzCJ+<Rb#+Ay^UTw@b`9!snL
z3Q(c95)6QH1zhIqsHmt2_^($1H$c^$I0=|?SxbN`BQQhUilnpcxJ4)sK!|Ji#cx;6
zwBlo#+yh8x@Hd?E(YG!LkakA+=~8|+*oK>)zL6XwY%VF>y;&<sT)c%Pc9piImrbm7
zl@ZBJnfxoVp~C6kF}Kft^EoW>@=Z>8wqF9ON#||gm>LOfx)4A${0Zeel|u*8{DEh3
zuK;^d;_liLy`SL8D%0a2#tnal*(&pizJZ!soM{l(D*C^2B9rcf+-*bzKI^vt$cjS|
z!z3jmrBt68eJCyvD2vwiS!gtLW7~eb@LVZe#C|qH26NN#A0Pzp*Kdw1kNKHu0Jy^d
zblfDfFkA~DSu5kf=Em2d+}MmG+bC9-0|#5lxqknslUEqa<&4=Aw<mc9fW?k4mGt>T
z1EXff!(8vf-ge2eYr3Ge)eDzl4Sj!skxp1FH}%c+3jIsJW8oUsDfMSMc_DOJ@d<55
z2l29xNkO1zH2N4DC$CO|3u_g}s0`!AqU9%92)UK&(q;)q-m$H%Kb|7|6+go~0Zkw8
zLs%_!3C3WFT4@@@3NDLVIPcP2jPyn48<67UM(u`!Js$wnv0LLORgU-pd_1lHclvZm
zvTVor+adwDPRS;iD{kSrNN8r|@tps<<EPpT;jm1ARX+Q5+OYL~doCy)KoAZAuu_RN
znKBT#jLgTswc`QutjWdnZi#Qc>)7b@yi|zhTADQVF3jnT^*gyUehh`F#)HeV%d;9D
zB(dKZ$@XH!pv@`zuEB=LG+0c`b*^dL^Ugd@Vyfnk`WMe}^T=1{c%l)%`YJ^=F_;O5
zlP`XIPV_7)=kI^SfdJ|oRONrg;kCJk3n1JVDeV(=0O94slGaMgRnnjGR(ara%li<C
z$i!9oN|W<%y<g;PqC0CL#|?@;Q_UldOyVUpF6|+`&CR2f9YOUtE`^VTun#!jfx6)X
zv62q`=ST9tfroNean2DRPgJt6g$;WYx+MU-9lx#WR$?FlHtl<J=I;q?VP#DobP&!4
z=!jb?MV@?(yAgR2C<loffEuQOFEnnni7S5zG;aUvMQaJ>&gq$Quo5j2OVAIcvS-_(
z(HGM1kgXMj$cLJbeo^kVm!R$sdTpebW7GPQnNh|Kva5Km%Na_qX*=-V!zMl_8c=BO
zI0J+vD0*6BSw_RM3h|y8<22j~us75!bT+ojYSyHkY<T$4*{T3EL^l|r!sS0xFAuPz
zakV+2^!F=x9an(2jmK7jL^F3A0fB%_9*z);5MJrB*`c*67`fxabAaL0ao$Tbh4a<8
zM(mgGn40by;_m$7`gBe$Rj&e@l>4o_5zPIFu1%!&ISB9j=wiST!+Q-7=)gJ;-@IEe
zSHs2|A#LRg(!(9Eg*$6}30%bY;!XP7n~PDz_e(%dSJxk%=iS8uH3%1x4uBgxG_MvU
zO#}$kRU{s;{nu5VR&N4iiJq-Sjk=sg{_CDGz2+{vha6ndm}dm<LG`YE$N{;G)o+^Q
zB8PPnRYy!vEE!20?s4{a+B88kUhe{3`*IpHFOps@Tn{C9QQ&Z+V9ZlW>u>C8Ce}}*
z&@;b?_F20@-tbQtnvwe;?^X=oo2*4HpFA8{P82ml1#D_C0$A&$<9DP1K0~?Oa+xR=
zzq)a{zvc+UT=Tn#c(N<KXW_*c(@(EMnwP5>A~)g$z`6@w)dag?g&%~w=Sac5=0jXw
zmOJ;Vb)yJ+v`6ZkF_maGNyr|xgxh={U{tZcB2n(GL=-Q14IXApCkoKMupK?LgQ?h?
zXu~=1_p=ZvLZK4=H*9ACjyxGBpcC00lFl#l?q;=%Ssq5@sGVRWQ{mikYXATd2fQ`(
zWqvJ?dPHDEtS1car0GHjs8<zuT=>7Csg*IedVEWEW_2WFx%b-a@1I*LL$WlvEYbFu
z(LEgTthUd-2?@yQzx_2NUv=uy%k=xYl1B%Bzhd?Q)Qa_{CLy4g@Xe~~u{%F&zuIbo
z-FVGxNH+?6&hfD?%y;J@Lhi}+fN$a--~5Bf@BmfA+lvM+rbm3{oYzatXA+z(uKTYa
zm%*3u!x3X7*V2z7W528Y*Ez1J>u&)m0%zumQ^ak(oHEW<*gc(fwKv>xfwru+Vp#GY
zLHXa~BG8P`;RX_PevkObk?jC~RYwQ}ASJdVkCE#zuJUb-a1ze;NFKC|-rT+9$xspo
zt=iPz#e!5g@Nb!D6mOz;=Ih_)<K*_|nTs1lGPp9a6A}$;ltmAnv}$YU+usZ_DfYxu
z%9ELG*;djQc>Qq@F;NruMwPqY=l<X)NY^}`QLX3v>oZSA)1&^X6ZlunueCDSbyw5K
zp=UYgHCY`#4#LA4w$mqUCXn~bq<$0yXNd-m{D6*i*ugq_V2)mQ8-Q7Y@N7p7#JLx+
zNwopv+OrUpcZc=G*TDJndl3>}yzV-I%=39x`8=J9nu5o;t6Z8=^K07%Ry`jF&)e^o
z<vHw?6A<ts1c9^<j=Dmeu-ycl_cPT1w%1?ahwuFV^#Zh|LF$fMvLizm?L34}TmEIV
zpB4L90_$u&DE={L0VZfg=EeDCI#f@=YDbE}B86iYhuI^W?zU2N@y1Zk+c!fa53A(m
zs91K?(&QDP!spoBM6|T$T1$i8y!pdF$*d_w_Nim+nj*wwRe9QQVo~?Z2?R0Xn+;<<
zr}U6sfROZd-fv*^C-P^Xlw<?p3HW;aQK9W|iG1nfEq)ML3|hcd#~lXH<p+ytd?d=e
zYRReIL`ZLSY#weBZ68(uuL1a$gOaBIjz=}uccTT`4LdE>*X+x1#N@_Pum`sB^7&k+
z%Lys#xWjjn+b<qnI&In!M*8`vHvZO7#pIW=X@jxz`~V{r^)w}LZzVt>Q77j$(Ifpi
z9I*yat#{1d_)BCc-5t8M5GT@gI@B&+8qJ>q2)H=8bULu(7YKn5ZP`A7z8TGr;^X6W
zFfw&e7-m{#k@lr$k&pZpvM}(--KyVS3ZTp0c+sz$t#v*}f}M7Ca3z|QltNVw@T-?l
zS<S`&e5h`yn5;dI9nSdTr83I0``kL#$}pMl#VZwsZ~eHzJ=C5G8zv0;2d_CyQi(;9
zQ!!Kagal!N?bowa0BZ6%-i_*yNe#2GCjtmfo_8Vu$fSFknWc9+Tg3CmB4559nq+?-
ztN4d{8@QSu8wkk8Htguk53Ro+S0z3eUDSVW&ESCSEHrWH6$b;Kj=h)VNx3i*=}9$i
zypVXkEiM9Rn#cEj{J-?bAvY(day#Zw0EqYB=8n%ZxwIHp-9G~X-8M*pK-UIP6PS4F
z(2!ZbF|3cga@_a}8^6;R#B6~SD}Er#Q5p9PWuIkZ%;yaspqJjI+OJX%6hL*+wXu&Z
za;{@Ut;INHrj{|Iu;c71eoKn|8^op)$LiE^x|?cPd7h1dJ=xyNi=J`5xl^Kslj1WJ
z<vwnj#3>W7x>SW@D*Aa(?R5i6vPPSS+ofpx)u_bhn0W=ohzJbWoB#r(FfIZ3u&a3X
z76O=rxHuplJq2Dolw}TK@dR<Pe{EEFjl<tlfoqH|1V=4gGZ9cl2pIS~kC068L{^uA
zB1%pGeFu%ziL!WtIJQV_DtGi7a<%o_uSv5iJHH7B<5u-r%(9lFb8!(XvuyN;c$>$k
z^2yOWZWX=KELYkGB~a*<Pu#5^9tg+^CU3;<+WP@z^ZJMJ0+ZqE=8_I65l2(a1osby
zm%=8UBAsdvtWHD2Vs3{lyz`l{Hh6vF%tJ_7BCO5ko~Z{)rrq0@iTrFcY_5JUh&Irf
zY;tk)u>?K-x~Z1SzURfqXCDE7)cL0y66;tfl6Q-(l^`7OIgmOzJ91;LA`MdE_$ZEt
zk1y}S=cDW9<rRq7HwnN8vYhHodU9e!qp^e6-ET#x8^_kO!0zd<<j>xxz7aCfC0mgE
zB2j6Wi7)~K_z!iCxTvtGXlDn!BjWZY<c?|C+l+lqbRes6!!r~sf~&iTI>vis_L%2f
zb~GG;9ffH7m&JYoj&u*L-9sGUpo7v!KY0OdAwXk~<sah+psQ&WFh|yN$5)q^mu^6H
zsR*E=IBszOtaMRvaj^%!nPTcEo{#T|@A|W;9*o{lHI{4+L>Ld#U?&9n8|ckQkt<OO
z8X6f2Brxr|87<cwC%?-8h==|mvFg<YdJpVIzW+{1ze|}cf>P818o5iJw>@NO43_xy
z;Xb<U>sz2ayz4@S@HP?r!xL!JK5ud_+72%?alEnc8@T*CN)32&0AmS9#O7GS!O(gx
zUQvJ4r`Iug+K%L2;$uR#{vLKT5FjtgHRR16dy5(BWFqMC9!&s?uBf<QEU;Z>obKXF
z)6QyCv$}V)Hruymo;6x(&df*Et=)}KT?P<}8zIDp6him)Q3Rv${bH+x_l+-wF`x6&
z&4WYhYR=gHg_Dm@3(D`zYk$OvdG&#^iV7PL_p~gZ76JYY-BdV3sfD9#)>?Mw%a($d
zl$nSyvpi?1>=zpEf;@HnH0vJ=^@;0zD4(QUEq@4BjSf}R$&8SVskNJKiPi@N1`XKT
zKIr3z1jW^&8_tWX&IbiYNu}N}zI7SXAdi><>)?o_;ob<*FZ7`={uEEy*zDT9nir1;
z?g@^06Gz8q)ZsxY9kURQV53G<bzGyhJ^FM{E6B}P8KL!bR5{rpX;U+wikKm_3`l(`
zdvE{P7){6iBtrV?qKoiQOBBZ8%;T9p$Vidxai;$Fd)d{13Q-ZZl&a0#qsjuYe=u<9
zMTfZ6<)52?yEV@%vC!$my7f~JV2REpAT&VO+>i-m8YUoaAu+M+e;%z*sm8Ux#OkTX
zswGc`I5DmC8)6FbhPUE8$i@?{;u!_RrS%7H9|NTkhB-J*Nrn48w>B!ZmvM8r-@T{&
znh7;AFiK^`&s%D{7|*yA7^1J`Ep<52uYBijr19$tO{ne0sItx<<M5O;=L>iaoF7)^
zX}Cv1rjD!p>8d&&!)*NH#6?>IPJf-+@xmpVVc>_W1}}e_fnZJv_<VqI<$>mD7CE82
z+eyDsCgMX5@A`c&f}A>s4%_8|c*BWB(L?MLSFi9(&+F@Q+jAe-G<Pc69%rs%w?vL1
z92|HnA(<pUo{j+D0U$;rxNZ6LDfE@dR`!Ix%Wob1<hpd@pAJZg-MsrX-CtlB1daQ&
z#Q}J+SV5lFB+$E*6Q;l4Pof_u?YoC9_aWd_nFP5Vqo_^4{cZn^LpItBu>4VS=FU*|
zi>`Kt%r+C6A8N8xFM1;zaw0uBhY$HOh5Mz8apF$eO}#J$l<kTm{#SDghZ^%XpTOl1
zNDn}-L?}lo{R{_KR|VGWU|?h@;_lewv&d;Y;bF{>yLJ9=3?t4@Eh`EZG4vH30Dyvz
zFtHN}i6?y$BBbBho}I_4U+h-Uczi4U>F<Hwfs+dUx&2$J$6OpZxbxP;#s!H$R<@=t
zxBX`Nrd=RINjYDm32;XbhlgJ}bU8f$Yti~L(7L5E6HuDL!^1<s%qqKiI`L$<jf-B4
zSR+H~K<ZbjWymj6b%{+=2PT@n>OcBp{}8R|mZpQ|ByZ@w{JyvJd{?!ZX(-`=>;!zK
zGs;MXB5h{Ld@FgIuuBc&aIABmKRn^PDMD|{I{W!Y5sti29Tal=GEg%rkU%mkdEx7(
zXpUvS>zdcJ34jchL)Wvq`jgMM9VEY4-+v{aonrYmNdC?K5$pwXyqMm8H(zCfvc9%4
zM}9fDb48ORhU5Tjjqg`3RBmAYkuB*#l(1-AQ5lZt$3wIq<GVjL<{~Rna6*c~H=f}8
zKZBMofbuJE<Nat)U;7#>j&17W<0FhVVc)n6BmlI5&jKCXd;c-k$*&?Cp-D|57t0bA
zVKvWD{xLq(o&8;)E-#5E0}14etyXn;zkCC*1XNw;?}$uLbXr~4=PEeROgQh|Y<da_
za*s31TeQUuerKkr_po)h(RV-*`W@54u2v&z@(L^EB5<L~pwakmS_k}?^eeR(p4(G)
z-Rw(#)^?!-qI$e-9QN(I*}Tc`M-2b>wi(D}Q_|MqX(XF9g6svc!R1WfI@KqaR@;k?
zhZna2Ab8{LA+%@-?l$MuHXa1s?cLq3rnnrug5E5B$1V}&F5K)`is(l|XddQgA)b#R
zhyrsTcAoN|#^uF7As`PX7pnN!e?>;~56I~Ij_9U5*~-PBr}Xenl@jNMK=@OzBjN3&
z7%8T2ulsJa#!~uL7D1sXRw{LTb}8O~yW<X-oTaR{N3qk9Ena|`q;vjINMy1?cJ&YP
zoEuB8LdKK_9b?sDlQ#{&*(7eBn~2VN@fi2uEA!=C%rO394Ks}GNYBZA=lKvVAV*Ix
z7VqfyfS}sUo7|QLtYUZW<8AJCKloxh9DFpo9gf)E&JQnU3#>G0jh48-0EczlX3~>m
z6E;+sBQZT%jlJ}|GyXsy-FR!V>tqZU5EY|*x?T8T?gIxL)-U04&F}XOAGx|0rkiK4
z0vg*LoHL|J|6re3G32CGq6FZ=25>OR1sJp@B6NF855#cSpczI{(nO<q_su7N>*C^q
z3<7x4rA#yzZvM2V8<)Gh%*SVi4S9GGnJ(UfNXG)+kBccH<CXYA^!k4oRPivb)#r>1
z)G2f4F8&=1m=ux0>O2t9l!kx^Us2`djp7cw(&xXrW=p3**3wP(8M97|SobD6R$nV4
zk@hK(ebkRqiV)hE6(@Po3+j6y;M+1iWfhCsw$Pz$Y8ndxigjfj7eF5)m6&#&zERhF
zz&?kd;EVO<Sx6OFTpv#F2j7P2cTW>b0Z4_(eRkCbaYV$#jRtb02c6QookBf^){cc&
zCW2Ulo&*5|fVe6um=)R_ey3$7T|w={>PdVD)vAt&uDH|pG{3d`1J5i_RQp5bWNZP4
z(`f78r29957rqVcK`00zfXfQ6JVt)%Fb4tr@hBh>&{KOk&~LYY(VTjAZ`@M3tfvs^
zJ+C@fdUREeg2QB-vmg-T)N^jR@J=YzwcXOP51&Kf*bD`4u=5voel(-2#Kom3`?g1I
z`uxye&U(@;cvA(Orp}lnmiV2voN$QR74w!0l;DSZ<OhYs_~qYe_P-uqfZwxWBw<t~
zFtMx*El}E{=wLqOMnGVj_h;tj*-xN0`QPbMXKesX4{QhN0P@HR2|F*Jq=WxZn`{Ki
zc)7OnxZOHGhV`}nf{1AN5**P50T+&{sL+(6fUWAIuM_Q@XZ8}}hI^64G->$RB^n%l
zo`?VWCG+jngAXo225S_S_<n10*RHUBlU#ZH|J%C!#QS~z0JNx4&vw`4R0u)bEAo*i
z1LYm$&lxP3V!YBfeiAK6HY@Y1E1)OwMB6hltD+LsY%^~g+)g=4pQgJA@et=r)8G=`
zv!T(?ac((ilhOW?kDpO}+pV2ZV>bgz$5$TC7s@IM(MXb_+Z>F@-q`JT!G%wKl%No_
z7}=?6_!;sosC9#3P-Z#5=mTxkMobmB{bPd)11&v$Dn7>-7-9g5coLR(Pk7d8{dj(n
zUfQ>1d;L^W>@|J_Fc<<Dnn9NATrVho=c|R=k|O&2-uP`x;s!FTAHUUVD(zNN`W$jQ
z>dt`X1N<<Y*RycP))4=76cB)OMs4rxpiZ}+o&Mmd-LwImQA_(78xXnrUT1991Jpw1
zcWIYBil63U#YEK8<$f$S{du#aqK=iq)v6sBFMe@=fvs{*cI%7&=AP29nTEU4|0_kh
zLT-+Dp(w_$;yoC{vBJl>QVB{&)6P%I*#sMdim582I(4K(fqu5nAS?9z>f`u@AB?#4
z<3*TET}F3^ksa0p(5gD-jJco%Q&sSx_5MG=*04DfxK($D#lQS6U`tj<Fc-h5Shb~>
z&+zt36D6GWt4)H)boN{i4EADo0A+x~5N!4VK0gn20(Q@~pH?CrbFH~}^a!$(Z6!w6
z6Pq#iFNy!ENPG`3xZLvXMigcvf*}9Fn@`9S0B<VGDg!7T0CI*;PfrIl8~$S*-X#J7
z?HH*YfnCWd2OstOnTE}yM;hw11bxDVA|iIvyyX7azsqU<W!#$PyYi{lEiSHyQb+q+
zN9*ai;o!(k!lE1tjp_^O9iQRl8O88X0j7P)4QAAp+=N$i>al+nyhd_tYVyK)&AWvm
zU-dosjpM}Q%`;YbMDq9rKOQG0`gv0y9lR?gMTnr%(9qTOZ<>I79_q)pHz0YNxpx<8
z8wg@t74qPA*wVhUlNUv`jC=yx!OU2U&|=N>-^NjdT<+Lk#1l;VBt|Mv0WR=oev&C_
zENhetjg+j)7IQCts-dErPuz?L&(l3_9V>e60`=~dS!^*xgf!VqZ~GaL5ij-NfyiRy
z1ciix#5LtX13*LM(^`_qupTOWO|e%SC@*IV%P>hP_?$i)1x>liSavapsfK0;1*-Dt
z9_zkN#u*tH0&O8>gs_!Ow_E45F{9vfB-l*8a*yVOfRc~27STj<%l-EwDoDC<9gCSU
zl>2NQ$_Yh#19_1Jci)wL64?w&_IxQB@>i9f-YTEXLQNw5%F+J<|M!&d1eI9z6ZB-z
zam#h$*^N*DR!!M?wGgCiKdTGm9wLkO>nR&W94=vWA?O1xZm4r!gDSLjARX|%4vLep
zS2Gzz;peNgH>-2Pd4A0ObRmsU7vn(s^;&nLc@$o_$;9otlBwk*xiYXPj3;-TFB1g)
z!4uOPeEJe3>4*F=J@S_)%;c>L(y8gdjw!YmT0F7vTbd+|ygqe};DRQZc3NPD$i7sH
zs%j>Dj`lJ>rbU)nEB{%kKRVBa0HL$!j=@wG_yB{tpd%^;mt|0INL(YsPqju$W|^lm
z#X6}pq*BzK6_<q*<4+MHf%Emer?_cB`(ND3`hkqp;wi?0$3IWNlRqVS<dXwlZZtuf
zfFJ;=xSC(`S0;~odQr#3zqjy^rp&djXfH_QJL1%J9B$Guxd-;E9#tWauAGFUPB768
z=8T5FEmoVCKT!&U^;bCAbp09nM=1GKCY-BVanDkZ8o*QRA63M;l0Htr=|PI~?!-x{
z0Fw(qp8MPIwcP(N%zpwb%c32gY5S@JImOzCCfE*8B@B;*CuvN*MosL(cBgCB`vb<p
z^W8hrt|>d}?EX7Oi%Is&p9klI0_!TcXx}qC`DFMFzBh}x<Eow*T70Exy?>d+F?hAy
z{NIaXDhbX^P4I(fG*+RFzlL2~`&SywIsUZjvqj1yPGtT$74Sb{Xe@z~msh03{j>yS
zs(L<KGSFxfVR9eAwKbM4f{W1d;e|=SdypRCDu|9rZECR$x3e{W_>u(N(dlN)=!1pG
z#0y^s#CNVtggd+A1-OFlF2KntPy$gKUK}I;)N@nyFrVAC+KQ6nB4XV-d^%m>e{S?^
zqhf$N$&5(9vA|mznpfCompm;A)DXEY;q(L$0ndMr5juD6CMXM_1t7F11{DKn_5-k3
z)&YP5*=lq-4Z&B>@<G9Og=QNB(DGlqxOdh~WLOph9tq|5WYrC8$!2KBS*x7y)bO|p
zIJKCOyHK9*VvEy5ZPf5wjnxf$ajPjYDys;p49QPRT(&VH7lJeuj)>>?C8^&hKs!4H
z_OXtoEkR!8`~p6<{X3-UYTqc60@4NkSrf|qY`5`6azdCgXs=1LV|S%>TuS6m_A-kd
z%|Q^GTZmln;e5;^pU?T1`j+7JyU}$JL51X$a`mf}mEgClW$GD-xSHDzLmcDtTj0IT
zn}<wOKxy0YVa{>E(Uaa_^dF0>+?L?koI=C5_hs}l9~E0&@jggh>}-mAh_GL%b|b7Z
z5qe#Be(3<5g4*d&t-G<aBMX?_DVtgHX%tMOc{3mfs%sqzuK9tSa3F`%!8m3Rs}y0x
zLq=Bm)(KZgwopl_no=;!DLL@OuHxC$jQMRwmFQjGa`oXCF&wtiU;$cENVwfE)nY{{
z>CTCE?u}%%?w3aQtSrTOF+v4Q&9S<D4%A|({cqRL`VpGs@9<DBqvk{8(m87v@{(Iv
zG<DE9+l#Eq!Cku=j}EJMI1X!VLGt9uPnwk}ARZTvz{fx|I{cY|xCI>oy+}>o7k#Fy
zL8k_<zL5p+=d|9^OV*SQ!O!fd^yi;vBOL!+ns-m5vGx)#e`ufZ+~%5j_5pL_D$!qf
zKVSEykU}64F)N1-3AMg0;GQxOAAd|zraTRh)e|G*RAr}UWo79eF52~-6=J@F{Cxib
zT;E;rd6%J-+xak#*WR(nwdI*=IUYx`y`?Dw>$GFZWT>=YkNT(d(twNd(c8#80;$3`
z{q~g<H_JHkx5_I#zXg3#y0w9(`ljHa&QuW>Ud$-1+#wfmDmh=fWoTERZE>P&&12-%
z?Bk?6Cbg{h^$J<JP4^CJ&BzjS8<)8M?S~F=(bylG^zl@P)6$>hxlh<r{}H8+nLmqM
ztiGT{$R1dq_s1y0dIP|}x26M&IbJgEG|*+oeHJ;{c!3w~EDoE@s3aL95kVJa3p~dv
zJfN9`fDiY;{qOzo%?J_!sXzwly-qW)%AW86U)Sb7kK*C#3tR|Zr6N6x`Jf&2T5cio
zV_miK(NaQ$hymYe-N3U-x4Tzw-o*cH@^NJ@7DsAJe}6Ls)fPDmeXjA|e`9@6)kx-R
zDRK!(m|43EFzI3?g#;r=f4lH6XInC;)V&lczpeR)+O%M!J)r}d8}LHLfq{1$k0y#8
z14LJD4F0oP0;U8a(?Ev}pan-0D1EfhJVB99T?$`7Hw^?e<BajF4Yv}7r~P2xiN)Q#
z(BdG=pJRHTe)Jj=Tre9jC%*mL?6x1B9f~?E`3g#^lfOCUB+9EfxC{X!?SY4r#u5JO
z*xXr|t9JZecZbCQV*-lg#Juu>FXpZV{e3#9JM#qSMwpdR%&vRxZPS@fs4e`A)nbk8
zdMBtX=+Ip&RF_dBsEl*)T@sQiHPRr5b%4?Ujdud--VRPF_u#<*w-*~HRIYD_hKV7A
zoU)eE;w0CLx%!o765sG}0f9NKUMK^UO3(9a+A!)WQUN3LvlQ=qepn<MbvYF~xJv6w
zIeCaa^3O$_!0v9D6`#XieS9h-$(DyB4rt;jE+QWJe|bw<B+!b1Rast{?oWNVh0>DF
z&O8Y?5UV~2*vTu>pph!)H8!r7ewQ*I(n;J*zxg|S@MbpCaIVOEZ`G=eVEdJI^n&%C
zU8U=fv3&6Dzat3ccftr1V0Z}niU<@4%;)u*2lbjKdSD7<;x;VXAKcRc1=VlERyDS2
zGAe5}m6iwtrI$1!zgx;{S#<f#`I1U7ALyQ2Jt#+$5o_ihWjpIp4^F7x2b5`zD!<6S
z-w&jSi(K9ecrLSfO~Ia$iwpc4%}Sq-7Xxzyry@T@D{H-=!j98^=~$GUa2Sk%TE@gI
z&T6wl#W0m8NH}L^lj~bJ`K@aV_Jc=8tkKw~TF!)v5QsCjUYk9QJs~O#xcEeknDi^O
zoBVwjW=+ecz4=!aLN;pw6e$#uwhVVG{S4H8uFG<-f&^W77d|aSDGCznj0q8JL6c8L
z)+PGB_H68z9PfFO8U+Ah3FOwKMA}v(J_flHKny`o9LOpG=fns1FQomXevrn80cD!4
z90KodJG&!-f`2T%LP$OB$<5Dygw1?uuY9i_xMR>+?zFo5lPp<{ky4)rJucXbt(S&S
zy+ptd4XdQe=N(N#7kXcohQ!A|nqyzJk~YtAf7$$!W*916(T%UDZmYAyER}_4<A1un
z7QK0M#fc$%bTx*~o@8x$aozGh6%S={vr8(b-B=nB3~OgA_rgsC<95esgNgE8)~QWF
zZ$ZcSGgZGAhD&fT|0DkLzm39z@zsFdf1|r*3!~V92FIX4D*EjSZS|cOf(G*J%t?Es
z;-4~t&!4I2gIkWKsUNxEaQe%p&+9jLZ4_3Y8x3D~vz+rF5gY{ZfKIN6W%7v=3oxP5
zG3%q;1Gb-}zB7Ixk|tszEpZ!}vM0yl4*9tJ!?K*!Y+G-djVuZRXOm%Zq9~rZ(Ea8}
zKz3I=mg*iwQ##{17*MK;j;+D0;+~Lh&Kt7ZyA^Wa;mfl*69O~xJV&NXf(}{@EFjOS
z^x3(L{nQJ@(=8Ma8Sa1c{FnL_!7hz-=P*~}YV5EgknHESKD-Cu3}A!ys!c0pS|W~0
zq}K+NHgN2q;UFC%T|SDifC1TAT5`D2jSjjkf#dQsjIGC`??bz_W?~FN5fdrADhb4r
zzQ!}kE`d$BXS_H7TL9N6oD16Y83Yj8bAbK=vDYgyY$OI^oUx79bd*n=BMQII?oCrm
zdC=eJo!PY}HS%1%P$aTKRYDGb`5~Wi4t-zoD@t*MCE7dFp8{Ykq>*(<Gjj-b(S+Od
zXLXOkKk`aS<OQhK8#6lmQ>KVuO7Yo~xc;#3M3^`mBtjF{y;EO?S9O*0Ol#K3<R-=0
z@|t3Wy(aQVcvi#8l~dK$_?aM@dI6jI-|T@Cr>*><0up?RCyUwUc0X&TBcoyuTKrC6
znHKQqIlm0Y?>1ScZEL%1){%&r{pA;2rJw)L1xl2yBN{7Zq|;UTt2VXItB<BCQ$6$d
zv0;Re+GO(=Scl<7N6ur`=qF(CW!O(V7vKdz4jcr=?LdF+_}{*AGb*OVUphRfCp-38
zc2-A<9w#DdRXgkwT|^}s_p(V3Jy`g`UsED|ej1VF@PTrGBnO8YGNjzMV`kd+t28~W
z(w{A!evkr&Q>#(n@D>BDouVqru_MHKjHKQou<T?mjNn8+sW{ChTAsTk7zJlI5Cdhl
z^<juC4;|-SNXR-_6=?J>sv*;P5D1@$Xw$<HDc6tCb%<N@JLt~O9mSZcO9Ay$%Sd&g
zYUk2Qexp7O1W&_nI`=%L?F6uPlp;sb0@&DuUhH+^hO`JV^P>okbiF^g**H>rj~~6+
zP<ILxsDM0;AQ;rGZ00xg834jW7}_J8nhnFRd@7WG5Ua1>_{9H6$5i|}$G5sfHbjE_
zjJI(Ay{4n#F;ZKx!(S;EaUzDu=TNMHFf+-zSJ%4MatCu{NsX2EY^0ypHJ0t_XlkK6
z5b2rrV&;r@tP^N7JxB|ARvwAesqs#q170OJto+FeJ^v2P@SFPB%MSL~!x3!N43U`5
z@tO>KDf0EXggKfU2G5^>yh*D<a^t2+NPI*HIKa>+fA}5H+Jt1lLWQe6hMmce$c+R0
ztE%J=e-PM)qt=+Mt-jpHkSJoKc9r}P&e_~evf{Z$PV`~AL5gCNx76YPdI6@TUsgH(
z-b5geAc8Ki8J_BGmL!r34vioNV5AMmN+9NUfTI9rp9zBP8Vz1`yoI8pk{12a6LG}$
zyW4q9u7<%!LP$gzrI>YEHZ#I~GEygR^s}EfSb%@Oi9lt|>HpDml~GZCUv~)U5|Qp!
zK#=Zkkd}~??vkznL8QAI0RicjF6r*>juD0shMM=`_h0W?d>TI8=iYnn+2`!N50{Zc
z+3R51kSI#$@fcFcj=CcK`KPoZzCf+49dQNFQNJDvD*yK(-c)eFXdrUJwPC~w%3IXs
z@^WbI5AosX&%te-erocVnh6#)ULR@~d}3n(>bYBpY-;9n26?hj2|RAWTkykMwCBEd
zYW6d`+-{+YCb|)cp%ugN{oFoW@M+~?7A@>@=GtzYLLNtom$z;P&8he_=!n)BB7B;F
z)c4QkT0`X21jD@g^VA+CT?Ozx#^J1ZhB0J)Oi`g;f&>7{0AeG+J_ioSG23w&Q{hPq
zHEmot8s@y<pH7+DvT(^1Miq`XBAp1@LKTdOlmQ83pC>W=3|A>Ne0y<T<4-Ch1aF>_
zyN2yySiNm5ijT(QEKqC<!D}O=CBkw3(XTiawCF49n0KyPlZtHNiS#Sc7m;hkkOBX&
zh0HBay<l@!FiakUM97NMt9V?l6@MXsnt*KcYXb=@9HL|Vrf~7lb$To_*YOq}cnde^
z)hv+bbMjjzBm!N8uTfg9?}IHzcRI&Zqm!PQ)@--0;<Gg~J~d@0VAu%rC4CD)pk`~B
zjS&dUHFH~J`{BL_>d>O(K1(X+eK4+ui7_hqEnBBe9NgjD<*AY+_nE#2=xYCy0ZKO!
z+;<RpRdH22H%m}a$RC79D@eS3GlYfc&c0Ws);O0X9Z8?#canrmrzK81sI1pbrdwk{
z!9Sd@s2G~VVz9E!wLN}5#IKo-CGCPIPaS8?-#up<O7L~(%?1WL3dW<|Lc$c2<BLl0
z`(Pv*Lrpy&(Jh~<aZ3T^LWFnN{-wo0NnNHu76j0vQ@10J$(}aYpQ?C-c_Mb9^t`vn
zH#L19GvVJckS6zwWo4h~ygJ%ths?<Om;3{&syatQ<%ho+>|gXoy^BcbO*thuIlw4Y
zp(jfo3QPzQFe(cl)0CnBfV<Zdk%^aX$(<KqodU4tMV=+QcmT-a1lg=`{KY>`l<h+<
zuT_@BnU_3O!3SlTqUI-7scw99<`G*?Pa|!gWn)BNqPJ~Bdo$*M2?PacZ%o@iKOf?-
z+O3JOes9kHv`Au78&We+wOOWGi%@Cbc3Lk%Byp*MC|}I`JqWo_s1aAuXI~mq4qkKz
z(H!N+du?|JT5%u)@&Vaaz0UY4TX%rgG0|Ed3cuWe?_*-CM&kp?6QI#(Tgu9(dnY~~
zC29-+Ov}t%QXs2h0dyZ9?S+@AD0s{V{un{<vI#viB0Xj`mb97*a|v`+TMdIMnTiQ2
z0dxk0N7U=3mdaNq=hrzt$8Y{v4PY^P0ZJoie1W#UA8RQfcP%quk;2cicB2bnw)9}M
ze%XTo?Rk}$mu|p3fp~u??#fP#T#m(jI9OAf`Eq*Rc@<Gb_*EyAnEnr$1md?U|8h1S
zW?lvNyg$=3oo@DB!P#)lpTcr)BDRV|deW=C`_B+?=m~44OCpkd_U0GG4Z%DY-QIJ9
zT;jHCy}`JoJc?Jq=94~cFg+Oq@o{!=W`w;HnVOBuAS63h1lsdv49<IC+z)#`{;t!-
z(HW25H}}yg=Nz&N$MXg7y<=z?wt_EH|BOcn;Mk7H3kA0@&ZGdPhusHu#HpEFMCwt?
zy7QUbCj!v3nn#u71s=dr;?2aCrU(2xuBn5=uqK#4ev|(xo**AV>(x80lIT`Z7yN@;
z5KoA>X(HJRlka0Za&kcMFggiIcrVr(nLlS2=MRoW>)qG_Zh4%<QpPXk<+$$|P)i>7
zEB=y~Bpi=5<$Y+O;m<)jDdE*3V8-a^9M&AX8<l&7h{T2`wkn<X^d~?y#35-}H8_(D
z1OiUMj0F{`p>2zT%7<P!5DhJX01)N4{(Fm6hDaXv$kW?r`ZQpX0|(+DGm}{Vv6T8Y
z`*KZWM>^RJq&2MWvq#J*O6lwVTp`48<d32_Lvnf~<0(~J@SZWa&lxo+oc-s3W!?K%
z=|K16i%Rc#lKKjbbPJv@finLj&Wkx2jk21)yYp#<JzE^5d5fX9u2var+ueoz$+mT~
zhArCUsk2Vo(WCUt+xNt^cNCLc1EC$9;&ag9MJt4lv>XKC`I6?x?{JkE_Qtx!F?2{~
zhi$dcM1OUc-+xwiV5CStx2pGt1${?O0-`<k0hEjffB}`8%h!MjiPoX;Z70xfUt^yy
ziJt~;0T2#&?By-m952D)a68~0y#0^ud&dJBI+79{4;}#b5YXm$aDPoK_!DEGS1=&^
zH|=P(Yw-t9Krh&S2Y3eSC$b6=sjvL0K!CbotF$<WlWLyw?JFl{H`YF;=oCMVv)fa4
zIbMDzS59RiyeH)b1}p03A4z;~azyT2eY0;1**$)G^x(wBa_cTrKW_QD1!}o?i<v>j
z1Hb%wla25r0y&8Dn!zF8E=l}kH!S3&az<-OjMo;t8kn>l^Ac|Y;oqW}`;*DFjk09W
z9v$0h2%(4R6bHC%^Bd8ps|NLKqu(xd069V!_sQ5RpTfybt2oo=>OIb5vrH4L^AC81
z!k$}}&k3vXGjl>j-#2r(R7wbn%Sg?k2{PqO-6QR?O~kiB_sM<E11VSJye+utC_Lfr
z@Ew{JFe(B_0i`x%HrP@}4AJs2Y0$XV+$rulnqoBEXhLp3Nj9?m%b3#>7oV!ZYs!bE
z{fOx164S-Xg;-c*<RM0hz1CWH;5CoL&>~2hMbOcuWmmZk`oUT=hG-vjp=c}QS%3BY
zbI`p+8wyBLopy{VpPL%pR=0bo7!Y&u8eH(pGcJkmCNC>J)aoBvj6U2|+{{ufpr8y~
zmb9;wPN7lsp^gA7dn&lx1fMX^uNf$GYETk&Jmvzed4H~cgd5)EiOWk$cayV_M{H`P
zkVVm&U3D0B7-QfXmf*r<Wq&&&<SnJ)${CuA?&-KDb1Bmc@5_NF-*uz{<)J$~br8Tq
zN?hAr^W2zgL^KR>Wa(F0^@iHAi0teV+}6!>1aD7kESZBWh5bb68TRx$J{gOj>#z04
zKAjt!RHhq#QP0?2<tSTbclb`nuu9|+<2K^m<>5@r+|(V6KH%`EZyxB=^*~EvwSS_g
zUpk?n^2A(hQEMC|YIiY3Av0B-qV_u7AdPHT(T9Au-p6u|@?gz6>FO3>_QB4@$jxlM
zY_*Dk<G($e%t9&Tg0tDD3Os9eWmc8-3r*alMQ*}k^xx5(nF?psH=8BbM2M05j!mpo
z;!Xv>n2mP3c~D{eCW&EHY9s_$8KwttHGLOPLo0aT76c!P{R#naFraa1RRcuesmVuf
zZ<jxC$w8*N0v!~~&Zkpch-t~s6)ljo54tM{&c<!fjY_on=F(V(+`nQE`w<Zxa2RQ&
z{bJ!M&+@D+URL>L5JJsk5Gd3jz%0g@K+cJ(#ovp2wb7-zhFu0tagre`DS40b9iOZP
z`WK}@xrt^eLhp0`NS<srG#=a_ULY&*$SLy~P#^(V*OFT>(rvWCn|gVB@FDjUf<F#y
zeiN*8DnL-wM^umHOz|kq@t?M6YQFPDoW0tDwiM-A(i<FCtD&lW);dFXcYuO(blEvO
z5BFo)^k|hKevk#oinRvs-U|o_bOTawpa=pCGF!4I1e#L>@4;$9Sq32zOOhL7Bx>6g
zK-I5`%jTfIqkTPUhKuC$V4EAE2_@xLtz&0n#+;Yp%WSQXSmF8Q%{4xrF7q&kO|znR
zcU|s#>P265PGV7usQ8(yhNH2{Q9wvfXtxj4NnV~R^tE>qfgEHQ9-1BnvSw~>SAM<V
z=mm_Y6-VEKy1|%3)WR36Y|FK<4gXI2OMvlAnl1Bpky(J;2DS@X-ADLT1ruO^v_OS5
zzC5Ja3Mq;+I8Q`zKlnc7l*2auo?)O#T+6iv%Vv%-0$l~52?_1H0<yNxyqPqj5nA<e
zVS-o$q+udEY>H+nQGe*WdZyS^UlvFCv1H6tI4$wyIX;Xd{E$Z#qCF0DrmR$@$i3~A
z6JT}v<uEESED<Lslob|2i=Z{E)IXw#J##1Vc)270uBv6XEh3R?U_3tv;4qw=O+&TT
zFS>t_2cxyo^4ki9M33iXB+i^04|J}7St^+#eoXZ#<bTI#FOkZ&zWfl&E5;-ETnauW
zCv3%iN53&y`SI&Ni*tj79jS3`BOEQhvt4W=MLF8sVt@p63p38L{sEuA@t>sVS+Y;z
zeWd-MqN1`mm3&Jn=|5bu-kX;8O5H=sbd}{h5nVHp-MWJtnpRrl2hx#W-Dx}Gk|r{)
zWVUfbVSn1}-<gpsZ4Ze`{mYz2EoPLFzyke}SDfg!^*d0B`x->fxYK~K%vsy>lFEUa
zdI6ggra<$`GDf1uq*@*gNqIV6eWXfIlOq1rk^A5Kp_g$Ue=4T*+}zw|&%r7HM}tQ&
zautWhYl{bO4F3M{VjK><L*ul4i2}qSm<;`aD-K9w2-_nrlnfprfurI1*Ob<t5hwc(
z*l^X=2dAQI)FWA~7AVE#^o__>`g=e%j7Samp>FkEmDX-?2?hfmTY1@+Igq#vPn8#y
zD5(Kf-izXIQTlQ#9o`lo?j9;RVx3xC^6Uk9ma_V9M=RgwVOR~wT@tMHeZ`*~HY1#>
zIZ-!jdp&WHcq(Ryj3b*XYPad3HvEI|G_Cmoq4$L0Vh|l__W0|RdKnsYJ7K6}D6qzm
zBZCZ(2>6ACfh&3sRByW|S!d2;)gP)zb4as;F@&Qh;C*d4205_Kt<ov)XW~JbmG)fC
zM*MBfY8FOAZx5>cZ|6(IsdJxdEGjLXIVb`e&`etX&SdhG>VMf8fY~boEKJZ3a4Sdz
zkS1?twJs~@mS_g^*)N8Mk|??3>;qn<>l-1fY|Gdz@~@vzzXU;@DuY)pP&5!nX|Z2-
zbBJR|Iqz*9d*Z|*@)G@4j6WIeiVL3a!qW($K`k1t0x4OH80;mTgpLTV<Bybzcr3b=
ziKsoP&3ALY-9^W3c`wIFRT2}Uf7LJrJ3Qaa+oHOMZg_B!W~Ty#+0p)$2jc;_%kz~?
z#K94D-0+Tm5qFuqv=+AyzHIAdst--}&5&~aJ}qEHmqe8bkot8m#W+rrBL;D%n(ko}
zU>uX*hIoNM{~-iD5OBA%s9P#ImYzsk9{WB8az)x2ccGUMDnP6`1Lz&C;-kI@`dWF7
zTrYG<%#`2CGOXues8TUw({NShi?}H62BclY-*HM4EpACHzbR<T(TPBO>5?HsJIH*o
zla-Y##&8ncU^5kOf-;7aUCddFkWeEYK@_n67&2)>U8?LjsaQ6bj6oGmnw-QwPWq(u
z--%_nIq%|_1^NbLpz=y?;0RL{`F`lDsJVb<1RqF!Vm@Uz*6zdHBbWO9%C@QcONCgW
zR#_vEA&$a1?cV@uH$;%(!V90W5KxzEb5accDZ{r10#cF?A_LX%m+179;tOAI%Cie-
zw7)#aQM^3+d;lUvRyD<JM(XJ|d|6&Sqxm+t{okN;e6B@YOOZvw1$~Oukc;7P=Me5!
zdZGzm#d+5Nxp#B%y6joCUr`AzUKj>RKVo2DbO-kyEjO^(O6k3TO}Jr!tZ%Hi1;r>R
z$+;iQ#GY1=IG(o;M>MBDK&#)e{(pz_2w)6>IOP~LI^rfg16JJy8PivIUaj0Zw_x&m
zT8~7Lj5xU${FfLtZxFUrVuB?7-itJ@u<c*M03|T0JDNp}?kQj<I%{S=zyV4V4?%v3
z_*GtBPP-jdX?RYEfTGm(v4?@g*oIgo&Yna5AVl;2B|>+w?IgAg7A+Ej!UH+B38R1*
zCzJe%dsR@B32F3U9JybpIYGj;Si=s*`=Psxkw%YpM$MF0pp6a&Tpr&zU!=-Mm4ERl
z#S#YTl%<{DQ6W!JvIhmds=zvPgTRJK+_r9n6qJ-n5>mD7*;VY94;$yRhi!#&)h7~P
zT(~6up4zONqGH?cL@{=$l1;INE!FR@lCXMo05GTLf!%EltMbgZ#H?gM1_5Xvnp^1y
zUBZMNk$>u_T=}1k56f=JGs{5IhuRia^Xln+JLl@^n(-u2Vpx|=-F0F`Fs_o!OG{?S
zVyO8$xE_xhFBS!C*<ZQ%am5zd^HT*yVhcy6?Oy*5Fz@dXW}vGIjEY*@RWX(K$3-TH
zh)7#(E85-uwS)p9=l)(jCGbY9WA5A-P<sGj<S2daSK7^WBGKnm?<XfOTQ{R=*pU6w
zlD$Lrp66MfQDhQMAmlJVhO75I+j>MxciKzicQuQE&7JD<!vvPQArsKiFwFp*1BOg%
zo-6#wAYhC+sF919!z<qA1$##~jbwiARHlXHTg1)rBk<>HjxYFr0z=4Y=pj-1aIUS7
z3KSVh>@vuImajt7j_Xtv+AbS~S$YP<gf~WojLk^&L?NkO)YfF)yJ4`a&`-zRL)<%Z
z6V7GbB(Vt>h0Dl1@u*3{-sw8JGxVhkOC{>jIERDQy>Pu-r&((;3UYEUeTPeM5L`BT
zT!~OP?8KFivu-WC$=DFQr-Gjxs%^iRPdfXi8m#w1>XVVNMWyX+C&y)HhlFHi?!*C&
zs2ECDbtxct3j$_xn_xz+)9H+dl1QTcqSr1#NAaV~fY;vP72w3%xbxQ*L==5y_)P!e
z)=woUeNvbzcrzI{(jYEDUBSv|c5(Weym>o`ButEFY%2p^vGIZ2G7y0l{d|5Rg1j93
zrv^vSPqB+kpOkemNHg%ZqfiRXdm>T9EBy;jBijZ4O8k`U!OuC{7kOJ?s;3pY3$pA~
z?XqOD1G#;$!T$fQoQ+pBW>w!Hj`tRoIB&XrRyM0gRG#~?s?!0iMs;l4SyH70zH)vB
z7z<Cpl?@jZ{7Rxi@XSSX&DxDH#k6E668=gGW0hGc&vAt?)4jKS|570|&$1Hx(tCUJ
ziBa(;dC8O4#6fjpTTl@tv5R);Y*5Z}lw4vn?7L7^RJ{yjIKF#+csCy51XC;h*Q)r}
z26h1*XB~H6V|-%0&^uq|KiAz*N})}2q^@;=G^Ze@^u7)Y{bOxUwI&X%jSmD0jKU_?
zkc^zdO>d{!L%-ScP9k_TsR-zZKS$f5?;&<X7|v&VWs+1K9}5d8O`2Cf#yTI@>!F@g
z2#9C`_k>p`>i%`L(ewBX+%|ywL9_svzwz+qPCVP9nbs^K^j`WPf&eNAP*h`u=2hjI
zbTc~fxYI4JbIDOAIA^)wXIf$<V66``W?L1N1bmE3H>;h@_g>fd;O!svBLIi^7ymmV
zNz3}<p0JaupFzX>?Fz9aMSe72I`Hg;M5Tj@g@=AOe0NNZ7G<m5y~Uj?`5N0#|Kz|I
zZ~jX}Lx0m+kpl^u2hAghOiO$EajcKrIOT0qog51H2O15)l>?+6VUaXlgkkpw;7?OH
zZc~8INwMrfQMWc0+veo$Ip4CA{7(CeAy`wLrf5z{CkatfYK+N#s~7rSLM<)OYRiI&
zP2P!R0c1)qb8eu9tlsI=Zlnqd`MbOOhab>_Jd0x7v)7%iDH<TAjPG%mwGssf)_J;w
zlt2sVQCLCw+Z3tvVf1ZZNqFAd_6vw7i+b_c0&zVCJaZ;oOI!KjBoV2@wd*4MIv&at
zI(UT9oG3em>qV&nMl33_mK*$HBNW7sDf!6M|MjeufRo0*tdj0*b>V^4H=<GcgH|<=
zmM+bn=iX^{g9~JFC0p>4(IpqNdEf&fBV5lLOHGifcO^20D^bBpO1GlxxPMICGT}7_
z!S9|BJtm-M>Y1Plz`zf=Jsb=LCr`W*g%9lUw`%}sY6&M0h&|M_Tf4jT%7B$2$V4<3
z69g2E)=28LXM<4-TTGh@g8#Aq3+Z?R%G%~sNIRo6tym(lOl@79G7TQeB2oJAwYKdC
zSTWYfvx?ZXt+#0W0!02>5amhJu=!YbYt$y9D=tdXaj}`(+Ju@A%b>eh$6el4t9bl+
zCX#tCKP-tV?T4sm_hmdi9<0P+f#{US)(wT{;jHg@rP4N)KVei3PdAt|Km?LHjVcNf
zG$)=MIaa1uw)qs;<e%H*wivO-(UUWut8LyJ-@l8&^I#kZGq!%D3f$`E1Od)|*K3zQ
zZtzq<fMT1ZjM*n1Na2=oJRV7Ou}OCRQVn`(T1D6f{+=6qLo=_cB4?Y7oB|Q0*;BRn
zF%`)-yW19r^aCH55FlJk7bA(u=Hkk+lxSuSivs^u<)B=umOOt{M3j=SO|s_~rR{De
z>7ou+vKb2VqXaAGmrrp@Q7Gh}@;n|iP7zi|Q)ZDqV@CCYn-3qkT23$j+sgb4wvm^s
z5n~e!P|X1^cLI&|-Q7b{wu&Q^;bQDQdr9YNURm9nB6gmq+;W&$MoNc>Bxuq1fGDyL
z;L#w1p4lRWg74dWB&n2aZ}5J;@HhFa?+Rn^o^UDSyIB|bWfJ<@#AZCW(h-+QYR4@6
zQ!J{~;Bj89dOB^`fzS65j9-O?5>rEg8e&@cpVB@iT<rQNKj``~g%B$!dawS~+w8!2
zoC%;`nx*4y9wFQ_mnAk3ZT~YMd})ThUR^4eFwE5Mn)kKq<ko)nu)A~%&ie3t8j}bu
zxZwq3a0s$e!Hv{Vy!?CDv%+%&QxysmU4;S6?;FCwSPip|xF%Ng4V)eO8ms_+SK<=P
zKX7LZLN{DM2VMDBwFb9d`-n{G;Hq%n_=!%0s954fxu^q<^ET@sbViJCLfdU~^lou^
z-??8~M&Qgwv03t1eRUrT+;pO3&f(khJWTzkhtT~v*HPs2x_U^wUR8mF<|4Bt2XwZl
ziE6#gMB;-VtuVUVQwo?{s)9zu5qi2BTF}XJSf)n${{8DJJ{SuQxlaz%ya4WAuzIhU
zf$fT;)729*8>{tGQ=fJwoQ%f@Pw|TsMs=d5xJQnM&$d`N@eed#`MIA0a$c3^DvGwj
zQ-dcG?t)8tK&lP81W)n?<z@OKbg7Vq6-)IF4WR?oc@1M__O9w^;`YHfM{(}RKv^0s
z{<le+YqF5Wy&*ax!q+Cfu05j*oa&qASE4==*Z7@MB+?U^o`v$euSE*|hUtb7d}1kB
z<q~9u(|=*_KkBO{$<UDK?er1ZDwu@YUdZoZI;RC8kH}5C=Fa6y?q%&YIQ_DVCJ(n^
zKau<!_!R{kml6bcSiK|V5yY*j;C{FlwSN5!1)ohgc%)o07alLgxMwWV;A8-ZN=4D%
zx<BU}VEB7?o}n}YJKTwz5TcGdCH}!SyeL73rR#qhm0<QG&Gr_Yun!hEyEFDgYpv|H
z=j{cWwLrSYN{9*S0z|49&reDFklIALN{MZ;T8vR4L^I6c)!D4HhN$R@U?b*kUxHv7
zndZ?cDm@ZbrEN5I7=7?W)4X07x<P>P2$VRe6f~4wG|DjSRU8B|O6ix7kFcUsqceA1
zxnJ(E7V&P)p<BT&A5Oiebvadtj}{lN^MSSQsM>9JGkcjki$xmo0?8;4WP1O*gC2gr
zYV*j_;V$X>K%zq#^>xdvddM$ZGeD=938GzdvPYq4oOJMNLTXsrPRvy$stHh%xjf-2
zi1NafY(3?}$owsl0kYqJ5SRm~+o+#$06~?aODI^1V)*ylfsJZCLF~AslyNdl^ax~D
z1+{KN1ObXSJP3alxg_*{$-FeBn8$URMcg2AdCU*cgGg;W{9`+9nJ<?85s#lT=iD!l
zBR38@_RTeSc<QXp<9xjzyK9Fcqk$3rebwahTfu#H$N>t|&iCP42d8~(XH4x6MBzxP
z`_hQNJ<lkgH+HSrw`mKG^*<1`)?C(VY+mN@gt`MriJ#xe0>B{)l;@2UxQt)SG=O2A
zi7qEhg#|lo9cOmLfd0!7O)ThkU}9pfSOO{>B`{-r<DC;Yz$)JcET&<8l%T<(p>SoO
z%JD3f{I3fOydUA;MjaF5L+tfQ&836<wZ70#^V(2TD#(9B@U3%>h;+Y%>8}-O>?oKj
zC}RD~Ee<3eb6(jwnyS?<E{hGZm(A7iV)-pRLIKM>Pq|l{MiRPS^A}9t-K@Nc%jSeA
zQNlPbt(t$iXo9hr6U^UQ=DoQnpeC>lMn$y~L*iSACuE2w%?6yh0C)_53<>739lzO%
zF}NaR(7NDKvvwf}OZuaRa`Rg5VVw8D;K2>=+a;@QDQE#WJGh@8@UP;y1Sch5`NvkC
zEFz%Yg@*6BzM%jCrxyla^35b3NjOnH72?~V>b7+MA|t*=ZYxaYG0~HOy+qcF8NZ6g
zd21z3PxFLjZ-b1^MHbIFU}k1A7R8YycWB#~a(wLAo6`r_P@H!~R{s2~fK>9UKCU0c
zHBv@`W6VoUk}{ZTfAqMA$?ljHc9s=(&snDT(J+~$Sm>mkh%aDVz@_8WOQ!90GD%=C
z_|y$v=#(|Vw5DwGhpD=8#40?p^ua0QItsf+$(>@fX<vwfgI?+5MBAaed&uf%fBkM^
z`+PFZ&bR6G)8i9%DPP%p^@n$`X3sYz>@RB_XVvUQ24zW4u`63%k!$$tO=huYM07l?
zsSm%h&k#iYyhbXwQ@|4xn5QR?+L7x{Q%Vtki>gA%^ddK!bnfu>Htl@z+_)G11HeTB
zrN*a=E{)Of#&KRz9zpi8gD<UG1r+7LwD9609(j5rgL4B`e*FXA(@_JgPbfC(I$h(e
zIAl+WmE^{ud|g-FbR18KvZoKZ3(4LhQ;+%o&joNuwE=h!IO0HcZO9xS@BwWBSTO}t
zC1)4E2e0~34bvGbEDEkeGYJ&EXFk-vNk4&R=lB1O7G}{ZmcXjDu8n(FwfibpLCMd|
zG3rm@G;3<MvxK|ZRs5#ea8ZdYx2<}P%?h7QDd=s9{d$7-=8HR{b?$Pj*k~nJFz=dE
z(LK2Cu3>$YLyoInwL$xYOLCjdSx4Gdh!hBzmoS%JILWP;Bao4*96K<ezFxisKw|WB
zFujDmAN~8`{NMP7)TfdVP>7*?WMI}rv_w+nKRcI%n$d4w#nGk0Z$beToz(-;T-b&9
zB^*>pSAf4E#hf^V3{Z;zS0)jDSpXXXeO+MNk8wWBD-QS61WHnvV2^r!8lBk_ezMf_
zy(|Gr&;yDSE3?!xdK&s>Qqy(grNMvL9e?}R>?PQib_~Aq#6#*{asC87JM1_3I~-@B
zT#GX4glj3m8?pFv3;kyleRKQI3zruu@2M|`aKbE_tTO71xP0}P$cIctXOA8>Q60J*
z+(dzt8*%cy6BmB@96{*&UgdrH$@`?={2$aRE+}Y)>N}Y|SsS<LC_|I{_^n^YjUY+N
zkzBf{cT_MDjYrZM>1Mp*3E$oxtTY6?tR|qwfc|=`II8~!4<pcdZ}>H+%Ni&Ohfvdm
za8SnbyaEk&cS~f9-G8)m31*$l9eBO=w|-^xt^E41$LpUlABxlR2M1Yfv}iG4CT4$;
zU&!aidZ>rPS1m<tU%aKNBD#JpqV&)+)Nd8<Z%+5qb6r=m#nNtkk2<hWWxUOnY_($w
z^&qC@pRkMJn_LiD!kx~gtAFTg#Si+c>Ql=)u&l<^e5dWhzb~JoDVvH)U?{x(7LXu3
z?=&=tDK<YEets(^475PpL_cL^;iV+4k}Fu}6T5A7M`9Ra%NwkM=GSeyshf>J-dM*3
zkshN^IiZI3P<SNQQ(4ZoNC?1Y`7BH+B@MV3H+=dwXWLhm0s=<Cf%0Ae!s-k*?l{+Y
zonag7Y$-y$blD;5zUuQQuC#AXywqca7#zE6EF+pjWlW_8Bh>Y(mqREgBYQYIB}%-Z
zZRfwrPt5|}hn^AHki)hdOao6wUs8Jr73#YZym_mBo|LVWqLYdLi)rIe1}_4`NP@dL
zohf6)jutz;Tx1uoAUja70Xz?b{s*T5zN-ytHbFObIw`sx|3h67+P`F#J!}cBr&5V9
z>s=+x<tXyGMb<vXAng5^Xxtje{%?gyG-`E1{)y6P`2`V@#l|2LVanp-sC}j>YpZ2g
zYdFWDRed<U-yLO>Icjvb;{vI3;A<zHwzj;Xl_8J#gq1MJWTVfx84<^-1gnM7`C^9B
zmzi&PMFbQT>iM@ybnm+NhvLkot{3Y3cyqcy;X;0(7F#i|AB{*S+zaVVwdnX-o+{%$
zV+;&IG)-wM2COQ}^o>*L+__X{HT*WWVo3j$zNJKR2+wyU$>3~&@|!gKyPKb>{<x4q
z-hw0S1qoID>4BnOCN|Za^sogqfslLo-DBnm)HKQJ9$;SBJfKSVR95-5u3gBQ0B*&A
z^bJJ4=Gr_<g%G$dg(e;wg`(+h`RO$k9Xd@2frRrbe+Y;FXN&05h}4k*hc&mccPhU%
zo26b}xQnigmf5vx_PbhAyVQScT0uhK{xZ2>k=WjRE;&MG@xaKcWa9|41{s^JT~RV+
zcsuIQQJ9PK;EXgn;P@Jdub{p8s&%OKyA%1%rxe}Bmz;ae6eBi3)s2A+SSRLx>-<qr
zKqt6`u-bbYJHq?)UmxHOI>c7__0G%ap|A|98Rh@)X85HnFk$sChBilP><`;?e6V+Z
zVk{r;gV?_vu=5T$FziouH;8%?5)|%L1WW+4B+BLdW%a@Htrxp2Gck5+HU>lZ`_KKC
zrZgk_(X^ArhVs^exl?19XxbWiWZVri&2;x#PV!iT<|FhfrB|a>05;K#=pP8}&%3~6
zec!gndph6Nn$@-6m|vPB+I&!qoB^+VRP0R5N4ZRG>P;t+u}k?t@lviH%Za}Dodz4<
z;{jyFbFySgR4|I~l<y%o`uVt8P2J#}O{3$s59}N4fD1>s{<qi;PcNeRlr{)L05pjM
zZ}U`m#n_16rbWCkI0k!<_$3ylZ$MJ4Yj;5>5R_J+#;dpNpsOI@`SGz-KF$VQRRF01
zVqnyO**eW1+lFbAFXkVkT)B`sq<r7B#OSn_<5iKfG>AkTYCn}$nqbMgA^uT3=J{$5
z^0rIA4{BkWBkFnA__5K@vHLqQ1RX`0HCRj)dl$9LOG=%>axF0+n{tLP9QFMSB1>R)
z5GP}d@0?TK$$Vf15}vKT9g98buSgJtj4XOe)p3BGJE*s})q2*NYOTc|6&ub^^n@D=
zbUGl#E1q8QX0hH4(2f5}lzOu}L+_MF{lW*nbu}{E5UCH1=X%vv?M&d<W;fb<JAD$X
zQSH<KZLt3ZYCog5xx`_rq;m@@CV(P+=7{^yjtQUW&eSIlT&)bI$_Jr!J31sxe-I@5
zv5uCJt6d0th>o?FMhxh|F%eS5W>}bD@q0Jp^xA6juu{heIuqRj48c$eTywOVzN>%@
z5+QWu@}XS5))k$2bJ9gR=9qf2;I`k%_lvcP(aQOtW4iA6$s~wWWmt(->3DsVEO$pc
zS3~+e+MhO)QU8ww9K1h5*J5^op6e9?vB-1&F4n06FwaP@c@voUMWDN7(eRAtvaDXx
zK(T$INZ$qp+o<#{%f<UCN;{j+`-}$O`LcBlc=n{3?gqQi)ekjE!MDH-wtpa^E?htd
zZ1BQQL_mu+bS(o0MNcn6Vfl45d)E{h$zv<o;(q0C(bExM$$tKMpS{ePR_?Ovp+^JT
zpWBT3hHZo$Db&3`_wbg8CDps`NXv-X*x>je4~u=Iji#ElMQzyoQbm7=MF?^IuNBO`
zkU8yQ=_ss}i|n`Fl1%Ui9^!RP`p{+GT9nL`?8L&KfEVEl$2HplSJJtod594Il-w?G
zs>9)Z+w^}+cx|<&D^@(WkvM#ge>fC}`L|5>gT<dWz9@>RH4o3cJkXC@b#AzsY-6Oq
z0&PnH(x7_tuUt+M#{Z*&C5;nc??Y~>Q1;>Ycf}Em`M}HwJuJ5?I$(UUP`E`M=U~K;
zl}|zbH<PqM#j~KeC>d8P(!KZuEOIX*mi-|V!yMm#7?*wr<5&HVpg(f76)r#b5|SMB
zq#zcfEt`%0ng7s!wxe>KWN<6{sGININuEj=wz<&L$>3*A>CrK$7E~l4&4`)^nXD}d
zUIu-nr#Qx4>3D}1`?t|dAo>{4SOD$G*jq8%*1ypxgKcr5<|_qIDoVLj{|BJZ$1P2w
zI=)aW@M=3MgUF{J77VE)w`$wKb$lvHmT&3jHKv5SMHYvGv%bO0kyhq?g`box9&kZl
zug=OAh-OBF&e{@50i)x5AYv^q$7~o-QN2z4Nu=OqNWvmC^y$KshS|6c6!=F$6w_#>
zu?V8F#jED#1`+;ZgZ9+&^sWHAG?d=GGB>&>7gf7R=}w(8aaKN<-Avrjb$d78&&H4e
zYWWGJB(<4vOB~U~`65}^`R&QK=+zO;lkck&Fcdq_KjILUpY5=H{W%{}o)%cjvTQHh
z8w%gg+^E1@JDi>wYwExhYWlpf(GT9&@9gxh+bUJh_E{P1KY_3vHpb`&{wYfu#Y}Ah
z^MM7W(ZI(dHZC<XX7P?_yK6EdO1<!J#PDx3Ko_Wg2Ri<dbqyDMEA^}z_}jnp9{9<T
zoAhW$;U1#17*qH0W^~CyY8}79vmBbj6t$h!^Nz|}(tZMi^fk$E!xa^qMQ;srodak6
zp1~=yPic!PmlToqUB8O)N*>~%%}g(_6DFA!s-EcCf0pOJ$7Y*94Ba*`qxs@|%~4(U
zm`1K@-`h~?w_oAl$Z&Ep4_Se>>qe7Wd}38`K8Zc!ez=LwC3}91Z0mKi0Lz~h7bbz&
z28V}(JEez>7WZOc)e@0?h)qr#vbF6o)e^*NNdS3&slHoQK(+R_xbnzNa{7B3Hc>N&
zHfw@0BGM<9`~i49DC{hKLHUlAWQw9^_QDu`ZTw$fHt5C9_)zw*&^MJk?HsIe^Fx@S
z1}WI}hnklR^rO2fBi_SIR6$AFq&94KlOq`?S5_^Lo}!r*DDz~gT$FFEn!20UmzfSO
zK|u(gN>|V*qUqzZ{snaUh153|RUS-w3avFVcF5}x68pvG=`$zf*mj{HJFVNdhD5Wj
zwZXJ|JC(%PpPU*Eqh(_p*Zo*fQ4-f~!)3|f%~=|~faKsYOUD1*;Qp0_uOO99mW8h(
zE=%}+{}%=$@sKzO*M{*R#5_R-zq0=ISQTa-01kW}*eM@K-0ePL)3~{Kss%n#_FVg9
zlTP`fF{~R9_wUpIwd*y-kdO6^+1Ly$V^mb;`LHHK?EB=pBjTWwB+=lt>|YffLtQ29
zS`mWXa+sVGrh<!!8yVOVD;fa=zn%L_Uti3m7EXuqOEp1UI<j&o)c(dMO!$xyj4|(O
z`oAcYBP*6C2sbz1Y~-T;!{2CfIyjuzx$zrH!EO5|33U~iVG$tuVB86neWO;O^ucM}
zFOpG0Dp9B&x-mO-&>paJ%_#-^&gb-$dye@n=WeY|v>NADK$j7GipN|tS3Ku|@x?LQ
z3QBBFWD@}k1@FUZNa09$<|YqB?}~5mrh$wDkhQx3(!nNt*#h-q_Tq)%i<BB;Lp!J|
zi#Ex)ezi97N=;S{w#3MOraB~%Bb~^R%N?btuxQLE@Xdrbjd{U~wz#dv3!KcKET~4~
z^(Pp-gpg5#N^UoVCZaj@wV^sp&V81P+`tTPQxN?c+1Sh98ej}ps)eZei@A}gLp-kK
zcCIZ-VPV1N@XU}g5zBJ(7ie%2J)h?^AK_~R!j38?O)~h+7X17WZsTQ}BoEc{bqv;^
z(!KF0N+Lo-G>Th<eayM-E!1Su8sBD|a|#70tfQA^JWnIu1Mpk>G>SW&4<_wKBd=72
z^S?>)WsU)m071S?)_T8oyTv6nv}?on#eUt89)iU{Nsq32!=2*#gQ;}1q7e5xp^_B>
zdaYc&Bxfd{B}F9dCFNGxadB{m{TVer8V1QpXr_c&bbTY2$qDr4ss>B@W`6LCEr-=u
zgQ4TZzlLv2Y@i`n8d*#Mq2%GjP7`oy6`N)X)&a&c_7hR$t5vUd;BKn^n?u*|&Q=3b
zWp-^;CZ<Rr*$Q{_+cvECBS_3W9gj@RxqE>Lb2VqZ^%A0LA1(5Ch!V&FA2~tkG<rL2
zE+wPkca%Li0I6#SN(>z=0f_@k>~Ryk=5bqr@QUjGG@!3`W!3!m>2LLPp03NN7YR1a
z9I?bBPix86!@sOb;|x5fQtM`SM~NRii!s$L7ZkMT{YeG)FViGuF7^KUPk~u3@u-)e
zyM8o9-sx=}eqwz-zgmM>%Rb<KGaJI`k!|@p)oNsSW5ccC16wYW`P2&shFFO>)W=UZ
z*j0Un@Q9fsRP#bgqu~+Hd88tH=f&G4Pt}%{<N%~W;u<06HYqElYp8Ec@WH{yw#oBI
z#{NvTbby5{`egTa_6T4${U@2WJN#+#tXOgrd<_Diomt(I8)%vglI*gPK1_}IdG@s}
z1)F(EIsd1UKQcjT2i86dOT4#&mkC6#*YPgS5H&#vG%Wf}ks~{CDNdMO<#h2eSFf}F
zJ}fz^`LN@XnZ}@@w>_OCMe~vw9dX;<Z3+4q>cY586n9vnXBWm)y5%DN9JRvR-0xL<
z75wSQDcAe9UUp{IZh_N6q2QB$+5a>kvH(>k!prs5Pg>@Me(*}p-u=I9V8Jg{p^v}!
zf{pONmsR#R_K7Vf!>vjH@4T$urD8%%WM+KG7WdNbwli<16C`2Gga$h5=2QfD=5Ei>
zb;z8v+p@0POBe?fg4v%+`cw84v73)_jzQz`DiLg~(pg43o5#f;SgTq8A<eC|rSW=>
zmQ*yNz<m)-o;T{ViMgKCV$g&|Y96b_pkN(lflqx`VlMJN=UuA@Qf*_g&!A1?#_-{s
zsOUp6(22t1{iK1&(CJwT2v6*)+9E>X_rdVSll8-8ma67K9|4j}xxwXITp*{Y6T!Zp
z))W(+5((@vLju?4UlX0~c8V_DR9|AURaVt6X|;9(L^tDo{3tjgXazFwwhpWW@L>il
z0|os{MgdkuaSE*HN?jg`!a>k%(yz>ix&hr5{ajhfYU?NPwFmQsQ_0g!4A6m>ej8o$
zE^@wfDje&0+`Te+W+N*T{KaaiFX6%}diqlL>%h-1nH)z?Z#3>!6tXT3)>>C%F0@xV
zn)0qM=9bkrIXg9mW@fI*oa!@g*x!#G3|vWfhQf0R;0sP|>*sFar2{i$mgLn;To>k*
z(QvCBpu&`zNucVHvr9yiFX)Ll+-Ee#IC9??cf9+e7%dg&+zk0lp7#NF<bpUFE@3g|
z&{Oywucx~^X!2+RD6Jq+!zut=^8!TC87T?Blk|pelI_m93dE!Sf$+}JzHUCPb}4;7
z+a&je!s8}FXZ@}+zMLzD@fHnzA-fyv&fLFnAU7_Gr~N#U|FKo=q5#~!+V3?Mk-IVk
zvCy+^`KOvu8;kL7`MW!3d9EvF_TJ#bm!uwP=a74pxfc8MKp>}GKbt<}oW4E|CIbla
zY)^pqzcXan&e~1jsQ+XmXqkVd0T<EMN7dos%=<006G$1BSpXGH@-XVglIPu?K(wL3
zZQm!AOYf!czO@r3XcESDo1PK%IjbJMov929kHD%qIi4_~w19AkMwCj{herVb>CZS$
z{4iyt2(<Wt@l`m`I*Yh#T4MS(8Hp=$6!|7yf~UV+x3i>#Ovk9a>&=*lp8(DFsZ<_<
zBph6lO13{l=08rysM@}Eaai=YD-(ZQzBsQU&PL?y_b;7OGn>H#;+XUJ4xfP*bQ>n8
zXI#CP9iPc*yCKuL09&vFBFd-89wSNM^>Ep_JF&j)?7RiTl63&z3YzOy5<U|qrU0yo
zM4okZW*`b>9P9xk@znVJ%bnXoJv%yEt2VL$vv1j5m&8AQpKRQp9%u)2YbO|n;mL6m
z9wF9kb?)|Fy1Deje@hWRyE<Zn@QFgazpL4KZQQRjK`BBMkX%M|?;xXizY^UG;#RlX
z^tIlJA16MQN7W+Dsyq-jp`#JFFR(Rt+)i!)PI?FRBPs~=JbPyiJK4V<TB8Wev!OHb
zwkCBBUXv>)Pg70vP~^MHy)T8##av;Wo8P>?y_ta723~9)&Un?3Vr>3v4PnFZT{`SP
zaWV<;TRjKo{<n#Hp~Xsa3&voiOV~=aDo=SkwLmo71?y(fdPl6Oj^Cy=BsJbgcuc*H
zAxEk7Y+*)kuMVG>tWEw3^L1<8>j)1vT!WMYOKiAk)l)~@4*2~`s@MU*j?trRP7&DE
z4hnLKGn!S$CL#Yk<xb{$xx2eebO=;zef(YcO!Ewazkq-o(dmy~GPJ0mrHRcuHFBYK
zlaUv(e6+1<Q)Gq}H9nxCjIXH*T&PTD6_oRu&5Lh?0Jm_%l#AN;Q1|y2moI~9)C9UP
z<0kCvxJ%0hKNh=%W-pJ`-v2`isDjuUyao0a;Qrm*;P5_dfFF$Qyjrw?iqp>B^#a1x
zz%bw{nT6F1rE+-Kh=n&Qc{N*$iuFgk8O*Ny?f52_yYVhy_&{*+e#|x7J3f8G&f34N
zaR@UxjnrlRd;(&)2o<vy1Lo2k>eB<-c|2pGsS52fkjVl-iU(b(W*`8{=~uB4lDFNQ
z_k$R^Tz7(i{T!_%2GVAWuf#NM(PqiIkqxz|F|WDZs$P1)NF)FKhrC(07$asX5C6Rv
zCQ=iaY#$PTM5FyMcm9X2Y<g_Ia~`V0Wh?P%7gEF=C5X5)$zQuwK#`mQ)S0yD3Q~3Z
zhD@hC(Ai%ac0y5NVmAO-6Wk3SQdnVVQ+9iF@6nWajQr(&v&Cw=1Kt-2@p5tm{=@C|
z*ng5X5j)m~dj7Paakes-<8|>4M^&&r;YS;VPz0fd|D6-)OluwnaEju9w)yIRhBVkf
z(g4idxVPX;HxbM><;^Ujkd%Vf6w0z%Hqm#Q?!6sxu&x*rO`~U#B|>jU993LEGiXe%
z!e$fqDcH{BhcvI$&sczZFKRxqR-eAg<AnF~kA+|%i#E`gDRsWiiXoAI`=OnyzV)DC
zXE(1*U^$VPjJlyG!|crp4g$IfZQyzs8R9h6*Vvd+L$r@8O*a=TRi>h1>%GPWk>Ws=
zzp~>Na$B|qm)LqXbt=k(JrL_ubs!79tfl|h>a+uI--Q2nn}hD4N1h0ig;{==-fF?W
zZ#loP55MN9{~fQGaiR9tS;3Z$o!)l#JT_ABX#{W%+y-o-(L|I9K$1YNbj5ZpWWh&C
zv?lZJ)ks?cU#8?ZNI3Z=R<22ME+N`40~ZMCx$cJr%ACA~nTEKHB2!5Je$B&+?cU)-
zI;lp(R7#AIK?T-KtU%tcGRm#CUfxr$)13ChqZ+KK<b9^v+zo25)=3rxFJGmdw(25#
zET~CeT(Fb6r{tG|YxujJp6bBrW|dPfew49y%$_^x`BDGRAK|($;C;!f@YCapisYNd
zdMMlouw{1>D8bb}eqg-cI`#ctEny~6du{)v&2Fy9J2BT2n{A3%s`1E=zJ3di9|Ql)
zO$z*lcbHKE95^2Bve&@$x3M*ZqjrJ>xTL8x6*C=AGbReR6f;)wYUMkjc|Z1~!7}F&
zWnOwn*r@8?9jt2C7nEP5=h9Fsk=g4ThaAxDTi<^9;AlwP=Oigyc=(NLbn$2jYQA*q
z*Ce8u17iu2=A8P<hN3|pul!T>JGpTl`XQwpjUG{+=*#JBht6U?rvRcR$Bj3~4sP!c
z$1*n{RC{aZPF`MWx8Tc)v+el`z%E7+7!Z`=%N-Dq)k3dN=H(vVWhh4mpXh>T@&VzT
z^BL{`e!BC_^B<3_4x!<LY-Lvk@QyWRLzZqmba)TgPbdn_TM0d};iK?xRPepcP4U2|
z#lz?Pi6dPZ5hM)TO`K*+RZ3SW#-|d?IG$i<SI)-23gQ&{G@TO4{P&YLSeKaq;1N_l
z=#}4H4zD{t?h6X^n4XZ?&V2pm)N+08lGI0R(D2v3L{wut_~kzz<0c+wHl}Ybb<9Np
zb?Udpd=}>?+iYBk2%1xdhq0VkBG_+l5*rO?z?CQEOonq1y3Lb~Tg%oU_*V_8&wv|7
z+AaLf>A@3lq)G|^=0IpaXhR#g(OK#4sHxWa;lADA-kH9ljfaEIWWlw~FhbS!Q?COh
zPam%UEm5WJh0g;B4y`Q(OdVMWLO{9k>Q=Qu;em~&<2zo#6!RY)ER4xc4^yB60%Rl*
z5VC(s)I8pXc`h>kWz-BZ(!x?9xrR98r@BIBVuo1SuQ3u+Bta2)=E$BP#ajgh4`2S@
zs%&OMRb4L&D5m@F#^_ndRN>vSnzQyNMEpiPsvScOln5AeRr5B?8^3V%V?{zY#p<Fg
zE)hlkrNhP`s16!_hCHHuR|W3G&}M~g*x#A`OK-v6jl=E9IU?g>zGGm7H21^AffMlj
zM!&;vKi_Ve5pl3rd?OyG%-9)~KD0>nL3a7JlL{`9vwZ6|b@+{6^rMcS4fX*MF~go=
zfvD3$sUdbWRa;^b74x=diyMx%F9jg-DI$jV&CbbDAs;%Sk2(wivi{^fSM(K@_-!Gy
z58dRtIB{Mju+u{jS>t@c@S-{?38)Fxf7XtD(UEAdOK&SDRy^5!@8DZ#m#6kVi{ASo
zIfoaOd}Iz&R9d_aP(ed;QGumg2~ThAWbqxDl;Olh9-N+cpplDzI!6<n&UKo3%H?mZ
zTc!SeMRp}y3eS_rls%43GCsd(&{>|!!juN0n$hoNc16-BLnA3%6ga!FZv{nPhxn|R
z{Jy7V>PjG)*>@)Xl-1jfRQnz9bgwAjP(D({Eo?}=jmlM%3sHb9E}M5!FEt&SWbMk(
zvL9Y>5qsTW*UKvipsTiU3}Y6C!j<@*immv8i4PEMpjZWTInOOk{s(*kK!FZGs*fX)
z-Lr9=iv8+lzjaH=w*L4hy!Xm4$(@OLMNg*YK3D#_NH@5SD4*~`ghwWchT3ohM8?~*
zZ8<+%nn3u$^h*7+-mPc6+I@yTeXyxX?H3Sp#MUw|*=R!0=gZU$DH$r7q_^z327PS@
zbt@h&HrZ?=Y1wA*`;*S8m>47EPppKuJw)Id_|*9sCxP*o$Qu%P=hL;vEQEFvpzRWM
zT<tx5$0@U^-SKz9R^5$VxsCOVgnQWa_E85HOWV@%j!}I+C6e$CGAnI*-C4#Il5O}&
zy4f!vJE$#=Q<d4_RyEnE7Ha%0;T9!a`ffDs$c+>bI<@S%k{nX@fW&jf>6(LbFgqRW
zk<dLP)EqzJx*3_aS>+VGKr@<Javm)(i1fK@Ls#xLMskmtKS401qSB|V*yS~xlF$nt
zNf1&A#%XCVl(w<%=5`}6Nke?puWc%Dxaq*Iy3rj)(uTRT$urewMZPBGfccDwj<aR6
z6^Cu2UJ4jl%dJuR`fMF5@dw;Po`4avOQTXfaHxxrpwG)gTfyZ}?r^2pcTB=>_L{RY
ze>XtE;xU(7onR5b<b6j)rwTtOqA$APBhDX-wo(xq!#XX@<?wl3R>I4dBeNP0Y!-%q
zIC7?l94_S-EbTLF-4@Hy{(0M^buHlh>Z<;E{79NI<C<liz#_y0)o_6VL~Pg$krQG5
ze=dOQ-VE)9G{^Vo8~4g#p{xN)_{o>z?B#m=D)Lv{EE^r<6@qRe2F?j$413D@N2_wa
zgp8JZY@+_S;8n`ofL4Ep7m*s{rBg|^t<7!nR?7_*tnM1?g`Z+2cXtqJt}w;gW8+{Y
z6bzeOJL&9+eZywES1lE+ZxJ4ravwLmE{1S7&mKo7wD#<;tY=0RjG}K=04*2BEqq4o
z@#gpR`PHIEe_{cFe`DjTU%Xh%gkOBf;3IxkJ8)I_=|&Uu=>5;ss`gOe4GjszGk($i
zXisFRv52-5x&%2wIeoMLt~#OJ+X4C;Y#<+vKY<N@bI?Zu50+;NctAZLH-4Nm4zS`T
z1x$1yM?j7XG>M&^0qOs>N9)?(7GUZ-ppXMSD>#5g>l~ekF5_XN+4X+^r-bxP{m*@%
zo`Z?kmU}Q+dHIaN!*)xb?#drKZv`CIP;}gxwfBNKwZ?T*LnSyl4-rp!%+8yo7rob|
z;;RCTjaaGL>d>mMcbTO>WU18*`2|-^dSbsupF8lzesl@<51^NEu|=79(C#Xz6u+bR
z*;`N`g3aSYFeEz(bkklx7`NZy<KO~T(tN+p<kgjl0{hZ)m6sICy$6Gfd7pOLZoyl}
zXN|z8DWp{0Kmi@r^l{@xl;R0FVfdUyoo5YtTdW;%Hs(|kw#xiNV7sSG(jWt>zZ-TB
zVueuS(0*{oYmN>NS`gaI5y3NELW@zE@s&U7=WX2$Jp_?&Z;gm*MC*nvyDQFlhF5YM
zGW9A<QNwE&FGoZ*!&F_iPcY;cQce@Q9oL8gQ$KyTQdDKYrw%ckCD|Y%f^qY*e?uTJ
zNJr*_&EO-o?U^BuTD`M5;i)+GiOUKd$&Hdzn!TSrrOg=nMZJ+^s84+?0C{?`()oZJ
z5FO*r?K5iwB=|s_uy{C>d!oz?g%8p+z?=af#7de&$)zF8M#yyVRTYAk@W^Jp(^+w{
zwhabs(ozFp04SuS<MfKqLg|!PaQn=RPCLJV81Pvux(jLYo8>4$=M8!*UR3lxEUsa!
zu4Ib}7aQIsMFqDZWXG4pqZXk9YzH7;^Y!1Q0$u6Poauu=amKQ)hAaF}p#nonErQ}_
z4u2uP+;o*=q(j+p=1&V2->!6jRs3n6)a$OC>;5M9&W?y^-$ooK_ur9h^;FobY7TCW
zdAy>Ke|RY(%_S&~(#%I^jS;0yq5AI!ddXqsehHZaE%Fa|#=rjw33bHX^+HYVzAQq|
zU**_;=?29h6hTlE?0|2<4j-;+%)F&~b+>1H#3T=Nr5K+M1_o~TjA0F-#RDM$M^q1Q
z_b&z9YBfdm<~1RQ=>ax7o$~_@PxQB9Ks4eN6_G96(e&TS?~HF*{A+Ikw^is;U6y{U
zLBj5ZAZhm%u`cT4r*fVL+~oGj9kBcq(hy?g|8eydP*nzNw1*Dq?v@ac?(Puj5b2VZ
z?l>SwNSBCoC=E(WHxklFNq0$ioHuyyU2na&hB)igTL1hr-+ZyZy(3&%C1L7mSLQcw
ze;6wNC+(O*4ZG^gp_B%hbKC@R#17mK&(Ne%Yud3lKSx+r<l%)9bif~X7esB9+G~*L
zMu;%IuzkwGpNF>>5#@5rOY?e$WG&B^g(VwzQ^3cWL8{0m(7{<LS5a+@@#EXLa@L&0
zeT}cp?bTuFhX^%M-1FHo0qy6n21I+)-_y#mm+0XRsL@mf45~gYtPZg0-q_xL4!o*+
zA~LbLv-71ZMl9?@c$=${J8@qCFA)WVxft8iZO1PuC>N0CeJP*h)O_ZW6X8m|jD^{(
z!LE;?-ZQ<0eZk)TCFyMpP5n;@TI8d`^EeTr+D@%o-#XkydnCrPW5S+t#GyY>cV2P4
zy(3OI3%rKVfRyD}>Vz62KHN?CfG8hXj64boN@j$+(R2(DT}ExU5v8IQJ?=&kj|sZG
z443~>brMU-cK>6lVj`T>a`VN>hW@DC!cLQ8_EhF+P{ql+{N+xTAD=lqJS)`b(WE!n
z&iy^cg<836P;Jw_bB29u^4=0A>gxRvj}e|xqTNxpO5~2o)GAgeDa{jg>A%46?{A7>
za3S~bX%Ryn@bY#ihF`wklF;R!+!iY&HuguGu4qwa0X}oo#?-X<<V8pqY-P+S0x|+^
zUfIzA)}!*v($sALdiq%Z`#G6?x2hyj+F6l@{217uli91ozQUlbY?$|#SouRfmaM9m
z80=Y)Ec)3R*VxYK{mW{i$d7RWQShMgT%)gz<=D9w<`sCimb3&EGZuCctRSFGAnUKJ
zrJJuW85Tg$Yk`ad78aKL-g%>lprGJ(<J(COqxx9~c{Q=~4z;MC_^OWG1+V0D&@IF4
zdMODvVt$cW>$kpQp;w?*30yfNi~liPVtjj+6P4-UURAipZNlj@X?SgrlffcA!iOQ4
z_gXgeG+7{dbB~l^6+-`BZLbjvi8RaAykc;7%E3a9GJnGeft-)rJV4*G`7QS&7~owU
zv;XAwd*Zg3QavaDesXoe%7K`yqsEou*b|P{<gB3WgREPMZzQX?-?Y#YY$8Ny_dufQ
zk{DL+1XFraCHn5HGm4`pb%aO%&zWbuSY1a}$54Fcc81~}kuvMx5y{Gy*iH3{#3oeb
z2<F@e1r+Mg^VG^X`Fz0GT?iJ=d`L*hf(<V^ohu-FC&QA@AJYQQF8H>HLpX)O909b`
z<AJ{K*%VTkb+c^kEhShMDvZeiKY+D4<;Cu#;q}2zZ&x+!{p4ERTlk(VMd?L&PkG<3
zWHoDUeu?db<4$Tu$0Vz*4x5=OjHC%uE<y=|W7*wGxxBBP^@nEF+=4TPoO@e6s}WY<
z22|yssXoK8-YM<asP{QhU~aUFs2y(mRs`-0d?}6|li~c40ij^NOgf+FwPE7!n9$~3
zNG>^g%`2&joA2i@T3^psgZTkxH>k!#=C00)M!_46phizL>YC;#B2Fzu>YvCra0hl)
z5`56d<UqY*w(FAEfJPsUoIUS@wZER>d4OGIf>m_8?S<?`=L(K!RctIQRXIx$syH?5
z$N4Fp+69OU3U?zfkkXOQf57F<uh^5<s}L;~2~DxOXeVksnr03~L9|w@QV-W5{Hr_Q
zppqwaQh<Vk|MEEOWBM~<T&m>RpaAhVy7^SOb1cDm&;O_f<XZHTRRv9=SF-&!!$iao
zjithrB~+Ou!#ua2Ge;q>u1@=$ulfATVxJBcJVJ-CXhNOVRgpUT$=ng_3W!tgjM4NY
z#VBnZX1WJRgh$83?z7Lsz2rr*Ugk`xum%=KY^@DRp9*u=Ywpzis4P6`8x#}u_)|_l
z9L>@T-P3cpZ%>4trQUO!{YJXjf3DvJeS3M_0n>Nyz2cZ^zQ4*gCPiJ&OiJn@Pl)^l
zT$h)ON$fX0E2^?5ShPVQKsg|X<0}x-Ksl!B9En&)lYACXoOG9)5}+-oUOjw`a_TbK
z#F;l2D%U>d7>PbcuYSK?h-gmgr9riei*AAXwX0`cEB~VT#R_vlqsAsZ)uK}JdBf}X
zjDAg~Q2I0ZNh_49k=dtf)u<fZo5CL~Y)sP#3jVfAK$8w~?kuSRKD?hkAd>dhE@|fS
z<4ylw{n!!psrcsAp%?$0nED~%)H~J(abigE$Uy(I=uF*v?zmaUJ2f9F#D{s8{mYNz
zs(x0jW4CW4&KV65Y_L|DjvQc5r@j?lXc}bfmx2`0aSsfE1Qrqz@f;nYQv`ZHeF)kv
zoEsP3daWIMqbzI7dhVUy0O`2DkNXEjuXHMS9QeW{z%qla6N)3RCVstM2<HQ>A>omT
z7z)dZ(_9HOTPFN8VwV52kMqPg)T~><c%UbeVIiutr1i_N@<wBgC;#j6a5oRG)p6V+
zw;C}83*N@H{_SC*NTZpQoN{<B2FZejAL;{)?@CUK5`-gOGq4^)Hu*iIcZ;{fJ5c){
zA`&ZT9jOxYorl}Y=j&bk@A$>f`_(X>%x$-hgFpxhlen9>YL5b_zfjnG{h{gN(V4m}
zaAdOY;$Q?IaID=H$aGKP$5oLG>Q|!?a&_FTjDy{80Ov1o`Ehf7q8<VM4jo{)yGs%j
z&$O<W@8@VuT(AktEs=fESBa-F_=GrDZmcyw786#nzZL`Coc|p#vIgDmNo){&LW|gZ
znhL#!1r!3=m5M!8IoY__w}3{|3-A?N56`rm4vUb)^?_b4ASZ0qv|v7c*sYkTU^R&E
zg7!BrK*ix&tQ)2bP%uxQ7TD9OI@dHB>hj7+u{^6t%Cl7YQS?k8)R57L2boNy^5dqa
z^rVJwWyA@y6;rB8lV`q*G}GI~qNHeR4dnWGsw(^s9+pk)6rVRwqdHot$lbVxpQR`a
zl;Z2o7u6Gf7YXL_O`O;bQtr_yz^S^IbiVH;zxt64Q}Gizl6lM-np~}>x~zp|X@lAT
z_!&Do8&xz(3;=HnkU*3qzP%TqikW@R@KQSLTjCHw;!R-Tp)xrYY^)cWev-5b19cNy
zZ(qd%?;8OD<3s#+d<DE-rpk<Y4>bZq``M?q7<KiQ!X51Ds{|tKywcyiOVgs}-gdRU
zDH=EvT!o3pz&5to>GH=EAvCRl@IQ%&Ac~-p$(5=4-MA9S+cb^YAl_HkZem%5xqn$e
zpe=->GPw^GXXW;?e60>r)hCz^cL8EQj6Yw~ldFCRV;E(zDbfnt)JW*V8NjHmS@{rF
zrJv8cgyuY#^|!8gz^?ft1H#s9Ev<{=6ZX%`Q_9Vot{%mwa!y6QVXwO{0^Zgf;rQT^
zX3FITGWm{4j1l=msQ|}Cl*x@UxjQutCDlR?hyO9Li#Ng2+T@YRW*g0;tJKNize5bx
z(!bXq9dG}`qn|3#lMGrl>5de`*yQA{Yd)X55tGC~v7VX;VCQ0w-g5*1a$~shl@$#M
zamvM~)OPHx`D^Eqs7^w;8AZ1@Ct{X%sUOlrS4ON@MI3mE?XIk|o>M(gk6ux`(+ZNs
z0Lv{a+v(ea9E8<gfq(--czcf#+9}O6PeKZb$To9Up@!iXd|H3>Q{toDUaiatPiq+{
zrGEb7#)4tObFR#uWPqsSo$8(Ml+bcv6c8-$>F?p^py5H;z@58P(PDS@ll>=zVU56%
z{+e}*00o0jKtHl|tXABwuGG$W3DA%tTc>MZVsE<L0SQ+!j&!dTzDDY^liF!;VS%K5
zeNO3TU}HwX)~@Ft7aMOy%lMId+s=l4<?0iYed0epRfOYMhpk4dxoD1#RuU9tgG=*Q
zhm~R^Am!C}^#iuc;|->#^)cA(B5svkOM(c~o6TKQ%G5J!HebD$4p@mN<6iOzwv2Nf
zH;<pr%<)kHn513_y?by7n)={?iUsQEAx>=H8VF6(u0uj*9WFW!Jm)jBvcCGEdNnOb
z`AY@pwR*lIiH`XYafI99kNojt<9#&!JyoMmwMr#>)OCrrNX*Cz+0%m;spuoO7`AE)
zaA(~tC3Fa@6dq5I54+Y*S{FY1ZyA(rc-}i9`^Uags$Ix+`^6I1p`D2x8;iz{{_?&|
zFWv(0??`ZCzJ9r`{oM-ng9vD%dkp5Gu{-Xsr<L;E#(*tryZhbN3DSO@cD1ryZRM+Z
zYe2Yf4R#YEVdveb_Nd)g?sU&;7;x<M-LOK%Wc{#)Cw`OkOQp^#TI!^yq^l~%EHky!
z1ez^5>`>w%6<Y1EHW5$&TA`uW^KBueOMz&mfz}L3uh=kt>3NIi!F})iXmNQ%b7tH&
z*uyfqIRP|jc6)kZYJv|;QU!VsA^>P{2oVILQI8JRzu)|^ZFgR>10b0Wyif&c)HR$=
zl6JvRPSB&P1(^UY7|<YvUcL4j4Jca5j~SpgOnJlT!#ZE}mD(d{GCFYS*^K(opec@G
zEAFYN2O2UR#+GBYNBsOSZk)>X8_RCRxWLWkDOUt}$7_<tnNz(|J)d#U!{T3loB8W3
zgyhSP%o3-m2hWsz<p+QK3C|8hhTTB@FoB5Cna`)U>)Qa=1+=aoxHbXjAq;SWZl)C;
zSHh;l3cX%{oH`JxKK@l5hp7pjj*ZvfM_MDEg?-s>#PRfO3f#(zfo(YeNmk&1Fy$N6
z|6Sf|Gdo^CkkIJ)IP=_YBg}s*%~8j7aZtKoWodUMZ&f12&ua~eN_*FHe2m=+?7Kkz
zm<>A}E5sgmHsYsm?Q6#-K%fMgDE7|DTyE7%pFCEA^{6my`ZnL>lXTSlZJ0$$lA<RI
ze33FjZ66#kzw*@z>HSA+Maprf$}L}Rn?cppJ#o#oI1I^czn>KL`Z3ALNtN-js0=Y*
zNBrG8l3$P{(8WY{XlGD+4G#|XintcPLL@3A_RZnHOQ^|U+N#|s8@rq?QlZUH$%f1G
zd^)~>Uxf7T`k3n>3U*@ca^90V{Ct%8an-@j(qZszM_)KB0{>vwJ&LoQ`ot9ySMZB2
zJYmUdJ?insPTO1CeT%pn;lLR3ont1mb2aLoF?1Kp^49ZC;Vo!Hz{ZE!`hzvfr0hNC
zruN2>%Vs>}SJ#tRZDi)GWqtd#eV<5_=G)n$!)@1P7!w6d=lgiu8*w8=F;M`+>2Uqw
zzY7SQj8Io-TH~Dmcr0|httW>Q1Y&sDfv;s3D_<6_<yyXydWzjOmXLcUEqR2v1pl)#
zI-oVc<Aq$>*H%>ICFG^iJz^>uZi4BOL#*7oZiYhDn)6VGt<i*`5<}xRbE`{zUbw|v
zC&^Z#YUkofdH$#=soq#;JvdW&Dz#O$7H~-3($r~f$2VR_Lp*A0hj*E<{h<pEp2yI}
z<a!PoB5{>3A>9Qv${LIXUIq+Nz!-`^{nlGJ>Fq*eOy$G9NhdYf)(0I(w^b^3FMe>G
z6b$;0duTyXrxeE1mqKy>`pMP<4|n+()>r>_tv7~WJTn}8Gz5GUMg+YIhyDGt)}~aM
z@Y&Fr|NG_7_3NJ$9S&ClK#CgLc`Q*tJh69+Qh!`6@%$Mc7DTl6b$KJ$Y$4tbH3-f)
z#P8P%#jiTlo~+-)N#WoWFflo2tBdJjlv-AXR)yq|zL<3h$<)98wPRN#llf}TM%;pu
zL;V^O@hP^L6kUNI-Ke4e<Cqas3RdN@#&~N#O;F91dBEgNpCL78`)3}u*6bCWo}Dqn
zQo(%h6_t_=o%_PWVO9OVJ*$YYi=_u@L2>b3w-NCuR=tXhh3%(#kG=$~SKzpO>46eh
zIf%_wW&hfBQ`waXo9a=UfGDPBTp={t>Hgx-)Wx-Gn*a1tQ0XWsWlk2Cq&e%vBayKi
z&IK=J6E8I1^-ch&M^4tQ9R{vIUB-J010L(ykI4xCJ?H}^8<C5D=XD?S>u$H0<}YM7
zvdhaXr6(gA-2mhY?Sh);Eaw;SfJmAsiuyj#5cMyh^KMLaZZSRt=>=8D-I=?v7%Hs_
zNMTxvQmL(VI^#)y5<4AQYGkCN=BCtl;Ma|Cua9$I*wfoX-H=@`qs$L_kRNUlkww^;
zf($$K{p4W2=(WGLYh(3)ii4akUJw^hHI<K{h-?*SlVu;HGwG(g<lAa@cQ|prXpf$O
z%H4W>!6vfOTG6k~3X6MKsa!eDz8(6~2DJd*DnJjdfK$=TrOM{Y>1yeP3@C8!KDx1U
z;4Jk6I3qyA)^V%XJR%&&!S0ECq4N1oHsZVG38;A{bi*WW!rMNKK>t=_szo6gw_ZG}
zXgPWP8r9cVV69CvnCl?P?aV2Y)J}_-^l^JLdpsn?!e~R=t{yI7U3v=nW4=ub&->Pn
z$?nBM_s)G=(tf=m2fx&SAb+jjG7mc?4b;Zaf_7|pKa1X<g`40eU{A@ps4O6K_3$N>
zMGUw+J$UBC8`3QJ-kIE*^tZS<8%fELn=yju;W~OzNNBKM7WeH{1)Nq}xG5$-`n#gZ
zTZJuW-bP57(B-LM$f=-$>Rv(Dgc^)M90q_9ZmG_6^Vl_&D_~Bruxdc+2qYN0&cMDj
zaTRU(U|)I10TTMx(vH$WcYe&`Lu1>W!${YQB=<%>z6&j??dViw4^OD57$35IHf{YM
z+_F2i#QlVh-2uSI8z5ee^Lti<qhXhgrl#Z+f7t1pDpQ=UrbX}DFky$_W-TG&c4qIr
z!)aHR{SDfoe!W35<w^ggiqx)V^261t#_;)smb?t=1W*wqjgg;l<3RPPW$SLpc2FlM
zXgFke%ae^1ZznrX>f`Z#zXO%a@y7QOZd41?AN3xWojhiQQD;C>c)f8%kcXm_^(;BM
zVil73Jbd@7PgVoB4uWU1pEU`-7H`a35ix@{&A)b&%s5@|^WVn=>g2PGpXX)bMmDJ+
z9QqKw1M+bIA<6e3;opB$fIr>SuO#F{G51tG6I(^_@cqThu&A415q;Y$sO1stY(nBa
z?8Ys-g&>${5%+G){8+sgb~>6<&YflV>MdApmmW*m#}be$XdCPvc9b$^QzP9*^XJ1)
zymnpL-*i=k5Nc2gUYoMxOH*OY2MzLm0MrA74EdA5B;5a02)rST@ZT=8Q5J(=B`ot#
z{ZKIlXsKqEr$u!I9>RVZkG(g)bhyqc#Fs{u3op&cQJsBnG$r*kpu6sqHQ!xHuq351
zvwPXiXi>1Dzx%gWkiSWBm^+5UkS|GG%VPOi)r?<cY^^EpXVUxX4@X80S#xr*+qWcO
z`gix0futj1m-~zSR0542dsuH<&xtCQyz|LikRGSUG5rz&mJR!3eN<Z+0N&`QaePME
zM893sDB}`KX&l$q`Bf#&;j$J9)-?Ol_Nv}h{Mi-kZc99>GT@w;WAV!U7VGWe-Sfw9
z?4FRJfYnwa@166zf8=lgbJhl1gGOXSkFy^ppm*p&=eLWOty4>Pzm^=}%7Eh2YuUQe
zDZ3=1P}<OA-<B-Mr)c^79nU68ginF%^b+?U6fbG9%RbXyA4cYlZKB5T5Wp9Zwd*fa
z@Xm<^t(9*>01V{G_g<~}yaPEh<nk4ER@*iV>zA#6&ZQs3kVO&4c_^14Q*+85XbuIN
z3$inIy@9d)wzMOpb*7mJI<C5YzA+icO96lN|4E>oQp08}$Wx5ih#CUdF#q`PH8ptb
z#s2txls&&AXLnWa_{Zc<;&NZ%xVAFzx^u<WDSPkEa>?>7wMHNJfE_+^kA>>|p*{J7
zn@Edd9PtCkz?J)2uh-G$uX<;Y$XdPe6MCq=_Zl}N_T(z9?GJ;6!AdZ&&F+9gvX4LZ
ziZ7@cF#zsx5D<Tzux*pMT2E4YIM{F%Lcb5Ol&1}y1u+Xq<FN#-QgsH%58y)P_1U!k
zI_De0ry&=%1Q({XxuZ5w(j@8*__4s%zwPETePfKgUhc8%<4yYP$#3d`qQ-QasR2w4
z!k~Wda(Yfj!9HtmG?_*M!~k5IyA}@gkQrU3Gk6UX>lnL$u2?S!jrCs1n<ndd(MS1t
zH2)KPi72&z6Km@0!ZwfuXukgK1rT!NSBqn~s%NjZb7J`K^adfI#DUNOD-^#5A4rNL
z&Z;nhQYt8Tl{W3kG!ebgt4%b%ZE*@dWYS~7K39@BmX$yg?nC^tLVeENZV>{bdXeqz
zaOD1o;J7&#aQ1djb~5k|?Sozf^ELC{3EZ_2Ut!<NShaGK#pnXzPE6An(DxV@opmB(
z#Rv>ChG`xYxR*C)Jk)`5G}I@j@FVT|2B&^ZR~YNTH<wcaHB;r&GjzM??3Gh>wIiz=
zWwCIdQp~c#G0vJ3!ruwN=O|jo)R}iL(y(+o|7G{m9>|vSbZxBsdsBN#6-n+|B#wOv
zEf=r5wu7P{-Svrwf%(AqzL<?$eawKTZqZJF?jN9jL@a<pSFSAT4Z!EWUI1q(>^2g%
zCGo%orX;)FZ6ttT1bT<t0p2Vq+8C8C&=w`p8Zdu`%aM^{hyRsL;Hfux4tlMG-8s=s
z#q5Ys(F$x86cDx~V$}jyt&jiY^NKGt;ve&Jf-=h*w5x5STp1HKB`Ra3NoLqeyGZxo
zWp=sMcS`Ml0Q4ErOewRu8xtN_^6di$wo%)Gs%`Z2-Z=<PV!(OkUOhV`ez(%*!7eFo
z`RW2gFIlUN|J%za;lW-%tSYVt4-U*W(wh@8!?`WBiE)FK$p*F3wR=Lzvb$U{W%=o_
z`3kiv3*kQv=z9J7_L3K+#aZg`<-3xdeWRAot<537%lNXUp5t7I+<U#~8WRbZs?v}&
zG?{O{xgSWuUjAX7-O~pqMfCEI!ttN#5%Hrn5rAjFii>r=y~tkn3lHz9=+Td@lt7>!
zJ&M!Z41-+~z^Jd<QI5Q_{Wy-?0sLp7cWlfEBoB(9PRl|^l?5XC)@r^t&}%c|+oO^?
z_sucdd?39S1`|JM>6*ZO+efo;x%zxrjsm6y%G*=+m@vOx*D6kI>tzW-Y%pg_um|X!
zoqy2~IOZ#EKrM)<-IqVz@fVhvD8De)y_S3-gwYq<Y*x9Y`l38hEA2zxhh{RgVn?5*
zW``Pa<w*g(wd!b28`7QbnV|iZYGs*|Oqst7Yg865uE!HfeY@>VObFQYqEAJKxvYCl
zCC=}wLk=S)k)j{IWF()Ag;f`Q<00N4OYA5-sI{VsF3ZI@U3VabR2cqvx0Q9zTw!<(
z$pWSd1aTAhG!*g3Yq?TBfW>Q+x-^ZN+QP;4-8FVBmxMT&6Wq<y`b+Wl)jzJ7{eV2P
z5KJ8gOs~QpG9rGfA?mY%p5+I=r`#L<XlP=qd!iq{@6_VX#^o{U*_06M9W#n5ynPR&
z6)rt|rA9J3+ms6?5vqFIj*_Lw(F%QB?_Jb^WNNU<iJ(8^S(~R8Y(z`|F31I(&h5WO
zpbh<WXe@jDe^`JAqq>IXHP|<dN1y68U5M$yR%(Wt6zQ9^=yP;ao-`GHx^dVJ@Fcu}
zdwKQH0oE$?Hl<=uyj$ZP&dufPcK!^#2^neKi7CaRvUd6O7&;?`gUGs1MV@ThF@k9}
z@4V0hK79L#GT`fD5fUF8Ya5>dXLq!9hPSAQJV3;qW}{n)y=2YTC3c95@iFc8>*qpE
zHOE2YjR_;vCHdn8xs>s(Agv-HX!~zWj6t)(giKtC5RG>98GFxwtZi%Owqe)6uZD60
za!WmXSg><(+be-{-aEaMM|(8wZGR<^{&<L%9&DLl!s`CEdUruF1|F{G``iFD{c#}y
ze^LJC_AyDkTQl*7F)0$%^C0n$f+3c?WarN`EFxax;-XFZv`i|hOr~fPzb=rG+;+nI
zQbuGLF#kt?#|_nedrwiX)(5+LbdcCICgvLdSzll22~l7LYkkc6y0qzRRqRcVSQ9~C
zdbr<-ra9g_mXNd1(&Uysyu%XgF=$D^6hg9;#Mwg1oCt}{EFE4kR!733;84}og{Yc-
z>qGTkV@VR*js70~_qKp}JZO?wNoHEU*Vyw?-9r=!GrzhM?GHq*oR!9t+rwp<cBEC|
z!K*&zl0&l=M9<V81BfnYcH0WfVc6n03`S;9j5%m;KJeRWfcNgy8obzM`{24}0_Yv#
z){bBCr^nb9fQt7g)k1j4BUY4)DvpaRMiIWB`mI$uoyfkWWG~xuX{{Zh7{p0PJfid=
z1-GQkvC!z!Q@O4aA5!gp{R<2-nGtzY%D9B|z}pB}^|UXSY&Y|Rj&uypVJ3pw9O0HY
zr5LDR4yP|NDNspsI!KKaVLmb#NF2tDAD;$(7ixYGrd3$l@_Krqi3->B!EJzFp98;W
zL~DMh@tqinrxvMe)f`GLUHZ;xyafDtWa{_LZ_?(>uF5$(^P_<Y(k6U;nfqg`g&+e$
z{kWk2?+B<<AcEz-g8^QvTqwXrsW2w3!#`q$0O(`Nj_?uh9n<h)#x}PB59|2lWe0a>
z1Pwi{eAP0XnV#o#Jc816Xi8d)frP$`RLawjW0nxwGtp~Lx}}d^eqy8^4%5P4mkE<F
z3W<Wh_X!wUUz#Dn>%hK05y_8w)=;L-@{+QZBkzsT*S?D$p>>7~_CAPER2jWx;XE}q
z+PC|%F~Wl;$tq05F>cb9H$-yXGv=OblhnN~GkddHRrrecgg=S2!&{`*c}sXs<Mq#m
zBPlId^3<o+&x&8Tex74+U20U;2^3MpG^<}R0jOUP33P|S{un>r-{Pi~rO7lO5WX7Q
zU!fdT9C2{5Bhtubd3bRi;8jf9>sL+}^DoeLgXAj&bZ0x%&vTN+fFF2>yAgE>+MI$6
z#(Pb;G$=WescA?n@mQhFL34{E<g+mA*N7I{WPP2S!m6w`u}%FY<Pj@J<3Xo#D!w;v
z>_q&yNJxI}&(PH;Zhw1HI91#iG~tm9$gDaBNmNEM?1;N-N$7IWQ&)e(<==CDzq?y5
zMzY1vyIiD!R4&_~YM&}sz(oFPla?>R@%wH=WVmTyYOM6R`cEmc${mg`@zsM#kdX%Y
z3&rrMkK7(cD6s&qkXkj{j0v;q`M>u(#qjYlHacwe`TGVE46wo>pj2oIn!+HBg;~DO
z%5+&lX&&F`52f~ECy?xXlM(aF;@1;h9&YT<1vrtNRS1e!1F=UwlFAl4dq7<9iJ{lc
zX7q0dA3aO$F8-7FB<E;y^;bc!IJFX_NyuBI5j{9_s$!*P$H^<oC(aMPushN_nH0Jk
z=_W{N_gww5D%4ALq9#G<SJ-$r6|+^G%DNflX|ydoXLeI=V)xK~UTynQIkNfXbjf~j
z+=G&ywwtSEhyBP7cl-+vNTlv(4|dI&4}q?TrC@b~F%C%Wbz&b+Q0d3N&{sx)49xQG
zG8%2P@&FPP8x0R>q<%OG2fO*|I1buO9@htfET~e%$p1i~l<5>^+wg3aR$qVGUXcF0
z$Aj0L$^NX5M>Dt4h0KPu%*L0=9E0bWNmKXP?9pUoQHIpU#&GPphB_mu0e=z3)n~JH
zMK}*`(mZ*b#Aw18=VW&E*JDr}N(Fj`a9hQEqN!lonZsxKuh!THr)HKdaCx17M39{p
z-4IQu>R97D{;EkKXY-CUPv*AawQkS7?g+8Rp6jB$<QrV0|M-<~?3Lcf6ocxqLQ$!o
z)AUT1rQPOtZ?B!e!Ul2PkiebW1D(@9+tyb6xYc37tJHM4ZMB?yxN%XQ0K^1fy^YBN
zpz1evNEt-4$W7-3hof8b>=|h-8ttnX#=b<AB~od}6snpwPm;W{A`IMMJ)A0+1hai<
zMVjAz-He=7$%%y7a4PMzY3y%g{)#5t72YKH|N4o?dJe%D+bM?Q=FpuS_|@&97eyeZ
zVJb|+BvHI%Hx+8?o_jwSG^E<>uKv+0+0~~7{@dcS`i|vdY?no@t=>ubfWTqBjS(TQ
z7+GDikqvsH?&Mj**!oSHM2fejH6epp9oU?{%F~U*UsJ9Wx+IQ2m8x<JfRjw%E`QYG
zaW{W-0?$LcU|pS1K{2tH`)~Ql!QQp2O`LV8+XD(7#mRovvw$V!@KJ?!;XO{{<nd$|
zsb!ka!Mf#SZHhlZ24?o@7W*A44s{Fq>zACFIZIRDWWIek>ZM9t8XPK^YS|)Q%#r54
zV?!Y~S5m5*SqYBj*c(2^-_Xvrqs**|+W2B)vX@t7NH0=ZAgTBDrfFQa-}+f|J%##r
z(*D?34$>uAk5Z~q2xU%zMTy`nUdSBRGKyH&3wN?ihPB;Fw5g4oNfCA)_1>yQ7MwxL
z$+^&1Spk9VvxtQog_F1sFDd`Gdm%eb{}#C?8~AeIVg@f^!aiPy!Mxr>wcd+UGycW-
zJC3#T*r^SQ5ukkqG-Q3Bb+81*NnWyk0Q}$Qwd?gt)QD(F6k&K)m+z=`k2kna7cZNF
zP%O?ZC<o<ry3@9xQ6b1~<v$4^y0b&2vqI^U9+n+XEr1_mB9?2N`4Jp5seo5gR-SQA
zPS-|C^QBt#8c(DPtMHBNBHWcQH^i|C151lvJ|l=tqMi^#GTO8_ZwRHfkcPnX`7O#j
zX%1BnTTW9S8J5D|PZOpYQsE^A68Cx5_g*V_HvSNQKui&fid%eW^iM#(pqTo#A;MD2
z5L!57(bdK=3Gn}w9(>@o@1;KO?=UC_Xi`V$Z8JIC@Q<XN5W1=G`KM}UR}1Kk$|Q(@
z3MfLnC+hpZv>1kFmJFQEG3J7r7Kp@FqF$QQUsAZ4B_xq$m6yXbe~?773}DMvO$O`B
z^k-ID-D{v}8SF@~6``F`31eLBtFZdy`8Nj)xqk1Ga}T^ZQ94v?)J8F2{p0n@0wGwc
z!K8}o&00lJ7|HhlX^5G4KFWyc^J|s+UM$f-z3`0BiyOVS!Cwbx<q9&y6$A56(Ifj0
zhoMQB-qss?M+u{@kV1DorE#VhiXB0?Z9%1dYbUkW3R7le*RCxfp$D9{)K30?%iTcy
z(QOO(w;EVRTGmX4BVh%3V>S!`<J)gZck}!P<nkiLU3vfFAVcm&P-T9W;LcN!b8Y7n
zjB&mVrP6Hf9{S87OZmmK=+y22r)22MBFTQ*-}O;L?e?G!UCp0;+?NImb!F2p9+DZT
z@AwkBp)V`ZEJgf44Ye7c8Exq6Li=^qb4@wEMS}SK(3_~A6k`yrvGA#Ef}1zt89d>u
zO(+gkr4hj=g7TjHJIZ`yI>K)@)7oy$x&+Z?TGyyJGI)fN4b#ZoL$1GJeibG7o;>sB
z$bUu|b0n|P0`BqRz~!ZbCH?;K_I8CNflk^-OP0GTfyyBG9x2D<v>b>Bzb@}|{h@M5
zt3tX~q5=B0Bhugfyh;31sj(Z_)b{lgn<*4|mX(Vd|Hz7umQ^8hG%MD113u{6{L{_Z
zovVC^oLHl@f^G>d@yi$ebMnk0@|5ucD*;$cf)>SS85wR)Q#vw;%HjbYy-J?ul`nS6
zaIdur(<?WAqSoU>+{Xz|PCYoX)ISTMcW6{(;hLAMTJli`XU?B%FF+NH!sVA#A)8AD
zdK4dPLrkqu2`Inx%59gyh6n6!7}RNVwxQI;$`+z~9BUG%i(o-79cBAC{<GjtSCvOj
z<Bv0-rGt$GTb<va&wp*npZ-WM0l9H208P#Zp5&|6W0I?^XOz1my}!LVEO@!Xqi`7D
zBHumW(`(Aml+t|)>QiMBLWyzx!Htx|OsBzP3jN(MkPWBDDO&yAJHQ~bN!aMN#9DQ_
zwIt=VE$Nt;^jVG+OQ9#e2oDeQk0n0y1!r+2FEU8OVc414m@=|YPp8B6ViCTC4vMzR
zvb<-iz*Of7{md=aq|)a=f|3zA+=*l44~)gUi)mLK3rEBmnPb3#t|(kt(ggqV!OdG5
zG{3S3S2*qZuWq+}rRLCM-Hm8;2>K*}kP>9u3l+{ish@$bz^Q854~?}sXNgS59+Ocl
zlgATX+v;2VqLg+@N<~Us2A^_nm2q0@g5{8*8kE*cy^LdCNB3JyJE9FiC;6-0nTEva
z!&yQ4ktU-!d%ZsKEkNGg{^{*NN|Dv-tgz&u{qJz3@|fr=DMk^4-yA`jBe5tv>hW($
zn1}parIoUE&bx(gqKr18Yd6gmIz)?yW_J=Xc5%!ovjiy%QL#?O5XrDtA-D$^?u*oO
zmc6fj5s9i!x@>=9tQffo{C+cix>dJW&4`N$i)?$eP6c_7e^vfxxZ@xX2(k>~M%sqI
z-RB>B5#WOWe(kp(DqI13PdtW5?bi>?8YHU{y|~|2>Ar;_LaK1D=VTmsSU7`=Dh2jE
zJ>>8>Fub*(vKk+bY_^Jd(6yO@+ueys2XUN#{dRL@7NScSM(Fz~cQec_By_^}_l`{$
zIh-Iz(F2*lgHd15oY-?xV0H{LONB1ZFsP37tPCFsegQRV5_`yr*3bEbU|I$~yq-_>
zlt0ZfF37q+&1wF3#W${rL-TyWxoI|ooEQ5?(fHGC+YQlE2@5wJ20;(rXnT`FX21Fo
zJpTC{|6;2DK7v_<L(ymvjiw#z4WdDLe%1k?7*y*qJtbdLk{L$J1LCSrqf)4FW~tb$
zD5}$8IymadlJC(8b*>5dNCQ9clH{_OGY}T$CL|2iXsE9a+VPaAs1yXJbZ-1|S{qU)
ziL5JX45m?FQYnBS7ktIC%a3+A8@JrjjvQz>yt9qztt<7nzV5zzv%JagAhcHKuPJ97
zY+7jDmN{EZ$tCDB*edKid8WM6i+j5K^djP2oMf8kWMumksq&URGJfuZf{^J+?Q)=f
zfar44>#9%j$qGE7=tM2$w?ECgp$`XEpjP;w0j>RKp8lDrgm#Ja^3enh;8KB3vs`Xk
zao1!kT$<LYEDYU7toXB=$oqFRPrhS+EAyYwAQ0-;K%Uc#8}xZApe`(eU{H_Xqiwc0
zS5IlA9`|O@nzlCOWj;izI!bIlOUiLW(H0RS*O#v|KAzUxo$jyN-dXbat4;0tUw!ww
zf;j6BZ#>e}h@Y~|eF42?pC~dZ;}egYP%}`9<EluE8hu~tyYMTe`1+}8P;RL-<EyC}
z-|}9he<KUc$XXk$QCh+mPa$-i5Ynl%zrbTO%FkQRp?`P@dvvde9r^AGLCWcW<7pcv
z%=^=o-Wu<_m_7>-D`Eld_OycVfl;wgv!;dJm~i<YfqUuX=gR%>ET8&0N50r<EZD>F
zo@sBHSh@Lhq6^)4oh<c*vkyTKyU4Adq{XZ$EGGE71IuoAZ-qShzUL3GuZDUW{B`6U
zB#ViGESZ_w&Ko)cd`yY!5yQch&cg=6nf|lK@__#nr}j{YV<+e~4u!Qd>L9$)n4KAf
zlNOra-9~TbXTLP4WfxZREOKW1%PL-(%_18Tpe0aV<rofMV@##Ry-@EiUNK>Ptd9r?
z+g=sE_zd#p;GD%D8Pa>av+qa3U?}gPa5tBO2-|03p%71hOI{5ii2#suSV5sUcuq<*
zGqJ469XomHQweI9eN5T2QgR0b9@QGtb5=+t<1v~t;=~yc6ni%GzmfwlgW^iBY12{!
zb{ZWBEF0`{?)iO@Xb57=3XQhe$*h-MF>tuqkP8#W0C3sLx|?R768hXC7EUnyZM%$P
zmEmiCY#ghzaS?WlKWz4^90*a*$s-ZIJlP=DQ$0`E>#yq!XrG?#m_m;193J=bau2$8
z9{#c%HOG%Ye>`yiad=!rKV|~$UU3@*@B@ZH*(bo6b2vzN{^&?)fwT6D!~Nx>sX~c`
zLC&H8fF|9w_i}j9t`?8xIqEf)w3wbSSq#k$l{EHIGyF^JOsSXGX>py)HLPKhd03qg
zIcO7eMB(S}j0k4dQg<$|xd~9Z9o7*<OS7V7stopujn%D%jCH(P1GS7}ME0xjD{zIr
z>|?OXQ^wSysQh)BGN>{op=b3Li2Z!Rjj9z$hLNM1Aem6&>Tz1=;=h|r7-8;_QGpxx
zm19agIsAh^oAo&TEF!k<j<0hczoI~G@C4P5@1mhNL-Y;$#&vM{U8d(8k}lAo6%*Nx
zge%JSw(mgi^#32>?_kcVcTsfSKt@XM2|NzSdO7evxtWWE&}<XsQISri6htUGOEU)Q
zNX6#X;4!Tr7_F(M7)IE0PB+6b<Oo_3$V04EDpWVI&qQ>yqI*xxgd3K9ue@k1ULfyC
zuGM$7&@0)}W}jZFP7a!`e>|b^fUoIhUGMfhMpON9Fy7&l)-rJ!kTI7k{vjD^&}tu`
zOUOe=&t#~9s&Hesv-q71XMFkdxVo^7M9?){m!VrowY9#<&-9FZMe&L*t3*sIp_=He
zs13~L3&K|A145dG*<sL;^P|VSG1RU6zcy*fXhe?uLCl2Bx~q+0MsOa@P<~_6gK{-&
z8MMIt>uR@xncwWV&+SC*tR;+{S(A;azA;lG;mXe4#&{42RVT?W9wZlKkutyz5*qxA
zN%Q?cTxKJQ@&gCG>ff^kKMH)gep?}`#64~eh|#e~tCY{nTD1LOIvi4(Kh24$QzBmx
z37qb7MXO9H1aHKTZh~(!!ADX*EhRgp!sUB-hws2uoR^5j@4ggQ3sYlpLmh3SmcK6O
zVB}u1e~0n{*~^NC#ICJdc|8&(`b><W6%V$frD8nMda}768K+Bdk{%ic{aCvq@$k5f
z3-2&thEo5v%P^S^D9yu5kMGDUUW2UV)Ao?<Y;JT&>C`~;@z`G+#x-o(GXX-^qaH82
zzc@|r9img-yCq``kg9Mac#7i|ObxsEPer#M;SPEYo29twP$;?@U)V}lkiYbyW*Hq8
z5H0oZPC}7Gc0-iiKq{j;dw3<E*j<aS@?-pmmA;IINeRzPdJw5|uTpNFUah$@@y)Lg
zDNOYn<J6KeRpcnDU7;<EWgpq!P6|7J`f3mSyHb;4JWvKwZ`k9z+&vqdAj-3=IsK~Y
z&}q*6<^q4qc}$q(zYCM-r)=Z9Gf;YT5q~U%!4k<HBDehd+A@M+mVY17l?5J4?!pJ4
zbYl1%3Bs6!Hm`Yst7y<Rru+0HA$V2fH%Z+d^ODkj5eWkk$+h3ij}(vc;fFk(X1zrD
z7Sva}f0{#1hr4B?iektx?6(?Q{;;tQc8BR92<|=GK(qQhkYZ`Nc<qZSC!SbfGks(n
zxov~RzuIY*z_Wfr%jk>aok`xeXL)LHm}OU2x`7_v0TaGwkr1gXR5l1{s};w$Ex73)
zyR9;-FU1zM?CJ@sJaD;SAYVpduAQE2oC&V_@3PIlw!gZZCVS9o$#_g+EFF&mWX%!w
zSySjSm2_lfCM4*a;q#DIPw7Xps$XxCt~L+k7AO%12!*@~ym+1AH`^RCjIX7wp6cSR
zD(g1_aV}a#)}xz^9Kw0`RUy_4-G{%vF~rz-hlux{f_uLd-uo{sa+R2E^1tI^7_nA9
z#^p;<a^ffQbxqi_SKE!~vDC>-5kR?hn>VJ~O!w$_#ri^eJ9fxW>e4_se{?RxApB%J
zcp{Tp^wsbjpDI^lj!nF5m)=86OaVraA_}f}RsN2-$KR{GXMgzGEjkDO0ORXays`u`
z7XKR~F`&<n4A5r^MpkAqSGhv~chSo&MT<8;gR}idj{$B~Uh|2V;tLv*gtG5~L6(d+
z!!IcH%O@5U?G3o9Bu6^jw0i{+CXj_#_~|O$KX8BB4?}ra$#gAOtq9NfR9D!CD%kd$
zQhi|jG}Q@@Bg4&gfA+{deKBGgbAqcpY=^Q6W+X^G?gU5lYHR!Y=z!rtmigJ&y3bZ@
zia+7HZPX7M>$<8qO$M+}&G$*k5`O7!=4S@z&MT1hjK8+8|6-6{ZQHRkgr--(^ZapP
zK91Y7FlYlH2K@YZ13~nr(FNPt*}-ZDMRLGh1X7JH#`G<o=06Mv>}r**`qo@P{{}$W
zox0hINq$<Jk+LJ%N0hWuPO6<Ma4+G|K0ysm7cnwe8`cT89;a(R4;v!zIr7&itkxR6
zb13TlQQYBb`R>e|B4N)TZXCb#s&SxjR%@P6j6o=ZgZjPM==pSn9<c_liG0jA^9Cx^
zNWH1liS)1f#_HuF#Q3*HDEv9z$yK}Uf}i0Et<GL0<jXsR&yHCdzuNj^%%*apzm<NY
z;TW4`{?!!|^Jf_Ky{hn=v}Eh3mj@vg+ok_GS%8=Si0lDoi2pH$rM9~3)5-=7D?nX+
z2e9sfw$ldJ4P_`cklQW-UK50dl5_z`e1+1$!I{-RagbGMmi{GgL8^(;iPcZ;SpN6*
z>+eQt0~f<XtTOW#&DJQ(81(R!TWvhOSr`+feu?ShU(A<TGGk)K2^8PA7E}JtH7=EF
ziLQRnM{~ak=Ojrf?WyekX5rHB7ZGo^ye^4oNg*$@;8wS1qPKY(+R#8D?ICX_0ye*a
z=QtsX#vTf^Ak1UiN2zsU%HRSiMWe;tXv~YE_8ft?$dPJ)M%T@VzccyNx=+t9kMwlr
z$cbS5NX_<h<-dEo)c^a@oe+Ns2&=+iv;lua9zv3zVf%8se}85AA7*XhiN4hFJyxc5
z(1fd}IhnU}b*6?)vd2|hg2A1yfo7cG3^^ShtdUtp>Sk7_S11$ZBk{Ca6x!bO8)&k~
znO8+1%@f#ty>(h^Nz*@5V5i;tQ|zaVxYMw3;s+_@66>G+R{CtFHR|KV2u3eaX5mur
zdwflexW9<ga*~t&TtTK%SKnQji5?|t`i{-8TrI<4sfknNw&wn}uO1Ty1W5+OurlJ1
zxm5?ttP7=EtWQ`>vW8l4vvhj#rxw7anS6YVT}OU_Bn%*@I3GQ#EU^Vo)HixVt^|%o
zy>LMX*VhS_Aa6@|;Y=W)PWg`<(Io=Owap+}LB9H3Y46B~aw8@)#BF+Y%d6EB$c^GF
zmVwgkVxFI7sH@LJ11`Rx+u#&wGATY(T(^j*cnCjXc9+UDc7wEbP4IEME*%#oZ;&;w
zt%-B~rqvZdibN71ZxOb%K(QOe{S<uK^;^ewVEeiH>v3`+Y`(zZ!Qu4E4on6I`~9=T
zR#qA|?e%>GRkhCxdwu8!b6-V6?r8T?^#{(w3&L9^ieB15e+K&~4DDdT^gADKV7G#K
z<BCN8(h+s(BM=6pl|^~)v~DZ*#g^OVd@*4NZ0JFN!D_T8yw4lsGdz66p*8|evOL<r
zAu9)2MD(q@ZU*GuA|SWa`@=<Oqej>eGrR*+K{J^do%8p#pi1nr8PjN{slj2zZdtA9
zpF@@FMR<GQ;wcF8E++4bc}8p2wRd>rdVUuB9hHjvoA~rSrP(SFmW!?N*~3TJ_HAm-
zFt*U2IX}?|m2B(}&~AWRW7Y~7rW$HbNH4|AET-gn<4tPQ&Mb5iQu&Gd>&x0;_2Tdw
z=Jy^&8Riii=C_;*tjnATrE6i($3m#q7fe{t1nC#PJL|N^Z3_rsS%E*i)!n9jME&e4
zwSk9O64v|)XPiX??xrvrp7W448E9vY*@W)6m$1{7KI8eghK2FMnpc$={)seEVoa4T
zHEj3LF}jnnIcktF=7Vm(9b$h_V{E%ZxebcOWR7zYl9L9%=Opb}+(0esO?Ud?9WB##
zaOn<<GQIiwx@YK#i-;X(nwMQ%$2O(yw=i;oqV+ojQu9^9Sv0O$&lC@@0?ADAsT3&d
zk*mq~yFm3Sf20Y4;*nwur#+^eQp|*We%zh`Na@aEmVR4*ZqeOv-E8nSwZw<nOM5ee
zUMzT_1lMm$ZLAt!LCw?YF{snG{!eJv&HA6*8#Ug;moR9+f~<c7h5%vEU9v{m^j^*-
z4m_y+lB=qzA&uFX+j4z~fg#qiYZ5ul+f~m-zTzZ}<!sheUDl%t6%MB}%JD4;8^Wb{
zw$_m;Y*f&e_IdqO+vcP9?+BS+xD4TI1HYq1?pN=|mTNILe{FMWM@L$%*XeAwS0wG#
zB&7fRw&6<C`0-|ODlOAV-^3aAJE$Kk!z#%8QcIYuQous%2tl@+bXNV%k3m47clW6-
zF;KcniazQjQ$cYY-q&x^f@uGh4JWDVnLP0sZ_Q_(Rqpqqq%hmWQLvXsz)i=lnF5bM
z*6m*{91w7L-}MP77Q6tpPe{AFFd)iEi;X55w`c#+_&+Rw&bnvQ`?&2-hg{qYB>}B}
zJ3dh)epPxs#r;W!`$;J(c3EdJK|7i}?FB}q7Fqdrl+7oi9MoWZ-e930lCe0DFSL;~
zh`!AZNF<CUDS3n%6{h)4{omaPx`d>sP%f2z;plu_uOS(FJ_o-UVmaFJb=T0)AW)Je
zoQ5hx{Z|)%iQ}o4Cz}${bn8?|3|4WAT{#OKl2dpvh1O8Q{xD`)lM&iJ9F;!yKE%)9
zrH%4AgKqrs8w;N_s3%>=eaZ>u>e7soW!<B(28f&g3{%p_yFGR^BD%nIhcd1Jp{br#
z0X(mu(4B>oGG+H3$it2UbW&0zD18F-zZB3_DV%7S8!V82MZ(%p?aEZWi29Xt{!Z1U
zjHJA)zRxF_gP+Jrl5xNc!oDNog_yb#OHe{j;}yT6MUF~4bx5znsB9+0o+0!ieNF+{
z@Mr*yR*bPRzDMZyXA4Vp*9{iDm4=FQ%F|WZpB_6SlJl_ceBm2&nkt>NCA3ittfR~E
z-YbQrhl-zrn&c>J8K@$R_T&Y9uVPV3X%+gg3Pt6U_Sp04)+4798eZFS#@Rl9M)(u=
zE9g!MgZBMD*(t!xXfp4QeN1g$-b(?3dC;~!0FG%ukF$0x$k$}}{0m67`pTHiIPi-=
z@Bk53VK@#f&ha2m9}hqHfnf8-`~|;YgMZ-Qr_&;w9xr&&Cj+r1MJdt2F)u_WNhC2T
zCOd?plCRI=C_{Bglv~TNq$`#bFqq-v=cn0y%nX!=l}*N9PdH=Bmf?Hm1dmsx$7Wkj
zF1Bk45xXcMNc}vyNFYrO&r=(sSLo-?ks0?J*I9;plWOH$XPOoTQ~VfnpcX-npFp>a
z9WuN7NurukFg;d6rKYGP&ViUe4(oLV^yVFJQ8BaU=!*~{3wwp{j05xkR{P_MUpm5m
zK7Himu6gTlRSzf(O^yzAvOiPC$cxalxMlrfaffjJ>&QZSq$3Z&d)a)f?z_*lAv@zf
zlu<f`#!PsIblFofMgHpTr(kBfAUDAvPgGLXr`TJyTklsWls)Mdx9=5h+{O|fn)WPP
z-e%aP@<dEWASrs*{oOo7=PVhHvt%QA(Myz>vlBs)#Er$)euiT3*;S)m$-!iP-`xGP
z{>69xL~h|XtQ-nQ@5Wq=DzE+hI8vi9OZ4?wf4-(Y`kmo@z!TDf2lt2YHP6yj1geW|
z>pg70#i-1x&x7%zJm5ln%kX4zzTS#|>g6J1lR+YFo#HMNiIO7caflo;DqedPiD^6>
zLsUBr=}deiqAF(ysYGuClnO&6Vg&_-pEH;`I?YQdN$&+Z_eTV&aRW{w+kpZH{-*T(
z(<WBzCf%vmr6m_a_X_;!I_n2+!;9zD53RMH<s~g%6s$NBqbwoZ(_Cr%sK)SVMOT$z
zgxeNwmxBMq6gqc$cd6p653CR2m6z18yLR>G4^)rbTQ=g^TGg-EP$2+5xgDM@xt2lS
zUuVs~XW)=9q?{Bs!Q=YFBZr~E29*FK7>T1lQhZR(^fF*Pl^5H%3hPek2A4AQ2np@|
zm$LY>Y~i10^{!%c76s8k259CoFOkvmG_a5}V~HuM-0$-65}-GD_*Cm`JRt)**u$(Y
zDnlWt^sOzwsOG53hbFyNBq^bT-c;Emc%%}Ak|Z{(;xRsh?94PS93j*nR3tw9jt}O!
z6eM}8h{(Q46HA`y{&pVaMJlrgN!e5oAvulzNA+6#w5g1Yi%@8fg!}ym*axUl;cDBe
zNh)~wZ%9rbtSrSWFI^v_MsR#NY*Zb-1&X)rhdHRBM@jMm>6j5km*@rUkZW2weny;M
zvX*b^yD+jl%K*wRIhczXQIbGC!_(Y6gQ9({;pUaI<Fj<RfmgJ<7!b_l$lz`VLlTug
z#<{l2IkFl*E+|gZJJlAuOW~-D>aN&#I|M12IR!nQ3#uj@kXWwNOt_D+41O;NiIj|4
zj-?^qLgegOIVz4dP*|=uG8{q1tEKGxLE}~{*4txhMwvJC_5BijdSpJXg>Y~RjtMT0
zAr{u}F~&1=l_D<DObAQsiwk@Y>ddwp@<_u?{fmC@k}HLtws@%?C>RoM8pkGJV9%QL
z!0vk`l*GcSkztPW=GC)D1*7G<tdN{*|Had&9k`(SXkk-tvs~yn^LvMQUik!CbA{Yk
z5wk04ypE$Uxbb(+9Xs7m{n&?0lV#0>#LzjP8Q1kwhUCZyOR}i%G$U`#pb+Y(9pMT0
zgemhkpVJAxUv@xyfLalb^{bm-C35(w)LDu5Bd9+Q=o+QASuex2{f1J=`gFY`riS>M
zXLLm_#}?;21I`j1nO$wCA)h{ubZC2-EhePZomu6{e5!}j*!NT?jE`ro{1YdZJccXH
z9-UO6sra4f2pl8RQickGr5t4>=5X|J3xp8%pYf+*)nu?>)#RKGiY)vLEPvLACG0za
z?yD{K{N^V$d%~~Fb-iy7>bqpD9=8BXV}*TVMOV2&{Z#-V!AD~h<V*t1;cZ3K)N1DO
ztE)HGj;QZghPl7tnM&>0?qq7d!;@x|p~d`wX(VN2S?C(ZaQjpvdnaL*r559ta=3d0
z!<-_Gh?!*WWiIx3EdR=j(GlSfyb3}kjf@k07Efabknx~HN=Db{nkFCQ)!K#!B79YM
z6RK@Vz5eE%E<<az2!|1+EB=s+FeOnYxvtpBWJGrKbOhJD$y<A}R=~ab{Znd(sB7+r
z(1jPmdF6?Y`4qA4@t;$@DLQm#XOVwIt*cFDcDA`D62cO)K0vjB4bZzgJ^bHxxWt5s
z5>QhY%-5CAJMbfh-lD)k0JIgZD{6-;{ntCTE3N{^`Nld&Bgh6PE7Mc&hqqM}Qi@W{
zsJ&Ylig@{nrp{v|1#mps+!k~_%=5vk+?BeGUxi%W`u`cln~UONAX)z%^vdJ~`>rxs
z41blPwfiSL&IAL@aY>%b9(il;m&%FklfAts*k@Yq(<<~D4u$Te_qE~#8Sxa;ER^~?
z{VK_x?>;Xs4|PZI^YotU;1Cvk?OVO#rZ2QS+}AK7MhvL-{<fz1f2exPu&CbedwA#&
z3F&SD>5vZTZWX0F6r@vNDCq|2Qd;TmkPZO>sR4$RmWBa_ndk8F|NULpbMXQhU)|^2
zv-jF-@4Z&jw8U$QR@+^Dw`9>oH#SRtvLm@gI#fg)&%f7g113d&t&Rqpb#KuB`S{;A
z0(svrBd@xiPfxKQv`!}nj$t4Wl(d<J%BukTbjMwHJWEZF6WVdqh$$I&FkQn~&lx|X
z8ifFo-8RMrVf<J<mz{1(YY3vdnj@xMr780P-#*uJOBUL^pL{JZb$IGOy&=`2>PSLK
zu!$*pO3~~>(yKet6;e-pBuFVEJh7XtC$IRYnML1){*nUB(Y1gg>MHFh#aK>^#^pLw
zjn9+1D}pe`aOhH7`#prsCr(8}!t^tm$;s*6!DCLTh3@JZA;nUTP`NU}5Lzet<ShGy
zFLsn3j@=}#<oyi$3!stWAY{Q#G;*N|h<)^Bux81B@BQK3AGpz<@cw*+&J+U%%{Fmo
zVvU{95dO5RO}s|~wo&5F^S`*WNz0;@zY|+*RY)T1zcq&ETD=hvUJ$2b#m3NmXRPPS
zWlZNSny*V*su8J5mTFzc=GI|;LUM4zHj}~mCBK9yxBoQv=EFw|X6r>F)rg%CL9aPR
zS&3gQCLmR*iRgiurIx5Y5jodR{RzQO=&8)EE=gXxU@lRXiN5)Wnc$eR)23|}Q4eJe
zJIr6YUtJ+8Q{`4|mtEeh>gC|{9r-{*9f8%aCOAXAm&Ogx9lRM+VQNb#gBrPRT3R#K
zC&%3nr~Lo_$n3(fHsFBVF|mxoY_}KcI^7QdU{)PWdD4ztzl6y~R2Fjih$NE7#^Io_
zhLhmxu9;G`R+K*Ot;us`m*rP`<LY4(G{J-O9&02#ck1U3Iz1VCl)ON`hE-xp4H=Hy
zh{cG->HI~9OW;Ov!y$Wr#8-8(VB>rqDc*8C0i89<33PDg7m>|mQu;4(^$j*5p`p{r
z#L6(8DTb(COgBbuy2Jw8E`7p5hM~aMBYJ8o*3O|OLL~86c8r&$I3TvB3M-sNZf64&
zj32W7k5CZR#<OC?-FOJJzYnqO-;d{g7;wS+v<74dUY+L01Hpcmq!31rpzM{A(I{~;
z@-W$Hs|p2Am!XAo7tU#4Y}6K!WV*Qy?pNxG;n+qJ2HD|kWWVs`%d}95wHGBC5{666
zbB+&fA7H=ad|`K>^t$1+!1%{>=ZN)*iX^px6$2GUMw5AO5s4#h8b-K~hV&$aLe7hU
zLil?7D}J5F4(-L1o#W8vGuq<6zOy$fA8{ogC9-rz6+F3{^L%yoQ`{vQKix?y7vCR6
zP9qC@ucOcGX+b&Hw-ROBqXqn;nKUEAqApCkNnuSCVqL0}W3XGWOw+kzBE8rI%9|x~
z6r`#QDKc{C;p~s4{uk&;k**cdV5rhb0R8E)=8q(B4PMat^H9L>C2<N=04R_E{=Wbb
z-)vfq1Cq&l`IIdLRC$&vr`QzQ5k!&dhDrBn?|^y$4^McMz4Ap)#pJ}W*e~h7u38r8
zujqe-TMo)g=y;*y;SX=-O@fR?F-$QC86~qxRW$N9T69-+|IA&A&!l^;>WC*^j<qsB
zMzl!vP@B!gEX|3@&$ZzzDW#rJX9(Mz{C;v%6w5jqNt;%}G56&nY*+6$5zXShYb;6s
z(z^0a(eW2Tapo1%K-IdOEgYL2xwcw7^Rtd|y>J9}l$7d+e-SO>7bk)l`f%{=xqrt$
z7DV8Hnjn>=9H5qMw>^-Kk54RAK+R-6*jaq*Z4nyHqbR#!i#Oz?8dG7Yks_*Xsk^=D
z_85P{QZ^Z~zo1Za;TT>Z79FV-22x7JP8efz%XP=@3Gs){ROGZmq~CIc^qnx%@^x^r
z>m^_1B-J*n$_=7&aSx9PjcoaL<;<#`^eq9m0k<nTNwPXX$oWq&8pgG)@9W@!vl2%&
z30i@y&uBxgEt<2T9=l6q>`zSCaf>wa>pgKl5!y2ZENqUC$t`^>qp%@%VwOp6eDtS&
z0}N{hqF48Z%#)Y@VV4K|g6vs`iis@$9lC@KTy%H>Y?s=4f4VCT9i3&Tss6m@dP!fC
zlhvpdh%*6ARQp?v-OY%ggJ$iYw|VNMrMWRqhNJdk6NaCf%3Itg_(NhtmeJNeJ)y-6
zwLpuWP`q|#Bo%PbW9i@AJH*M+w;J4pGrQU5W}}jxI@it{>5-atWJRQV7Ca-~x};94
z=*zHtk8bXfbXD2qE*#~gEWorU?7xJd9G=?~n;$yu5Y$sglDvFklTCytL70X!Lvrih
zVP+EA{ZcJh%=()EVny~q`NNP(xFxlhfDRM9NtmVHR_<m4=S|;drT<dY191DlA2=dt
zEq|E)q$AOtM~-3_1(=k5UcVR{w9Zi|bq(>%{dm3NJ<=VT2*U{f5s7^ws0FS;*EqnY
zupgKGmb#nM->a}DHb3w-xB>fj;;XlYGp(~zTjMg~JV!L4JHu<(XA&4QgggGoA2_<k
zEzg4@1wLyfndc<&QPA}X7Pc1ptoEKv)aiudTEy0QuV^__*RYndF}rV~xG%DH0?|t6
z9h=3S9D{(ToNx^Xq2W7PBZF1CP|3yBN43G8rFY(pgu_QdIo#1=e7)|2QOb80l-1_V
zOYy&32m!w*Weg(wx3A%X+N8+khlB;d^;#mxD>$3-zq@`ch6uG~ML76;?l_MLl#~UW
zGU~A4z|hLn&ukH!ZA^;Qca!6f5{U#!W0kQ*L+Kr`WPMo`hbrRqF)7er)K-lb6cylZ
zT-7E1(1_En3fu7+&ci8qQ6O@{occ=O_w<YDBy_A7LM-@U=lV(<w~r{FZE%@-=#jYy
zzo)RbTI$;@;&5e1l4hq}7}8XKojVoFD8V5{sr!d!Yz$R%QQH>s0w2EId~i2g&UUXn
zW-A5ZvK|&D^`v!pX$8|rcf;n{PnGw<BRDO2x7ggD^;=e2XsCyAo5@Le(`?o3A1t4=
z0*>!YiWJLy3FoX!(F1P!<jyk$H^PA&!4ZmN@H%~plciM(cy@z=Y^C!fs(|SZPm>*n
zOLB*X8`i=GyctG)%cYES)*dDKgpa|#sy=*SqU~CcQ98ZQSK&l>k9&K5cw>L+q0-Iy
zj1`EwZ>(dgbv&(^EUKbZfI_osp1ajUp9a*;?5=}&G?~9$qh1#xy%8OB&Et;_)TVj3
zhJ{t4N40Rotpm1~Ri4|1E7)kJc*atqDnM)9vt8p>+Skeo0Tiy&L^SaeGvh@eTfW+d
z{xK%o!-Z%uAD!{TOxI2A&`+^^byr)CAJj1iqLDq?z}1#{hQK=ee+ccrSe6vu-YfGL
z8wr|fa-wkSG`$8byS1{IF9<|$yQ$9XrE&_r@Zspp7u8o`Q4Ox)lN$_buuV-ifj`pt
zL{Ry%^QgC6+XVBSkF($m%O}DfIk6Pd&DyiAv&tANEYrwhCLil{(Xh_tISbWI+*0()
zEp9zqEIDK}WSIQ9-o1c(5i7~Qi<i=w<^GcP<5GVqsBb}T23<KaBqbSNU?KRYf9k8!
zc2X33kZX$b%Y9BO=4scW9d^-2I9u$;4adWUO}b-*V*&>n3Rl0yjiPAZ8qC$=J<~WC
z6`v~j7s&D+>hNmVb*=&Y4wDp_S<8vQ7&xXz;82)qbT2vr0wTXWX@O!a>!&TSe>^+B
z;|_Sv?m!iTs}77IP5s(b+r63X8N?$LMqX+3qI593Wgjf2^w*kpiVSCOLce}}GCXB&
zH&gr-B}s%vdIGa&Qx%OSb<e}3SKEb0Yw=}4qjdwz!LaZT#y4wjCYb{pn_tWxnagJg
z@i|OI8MEf84m0)1!!>VGcy95fNna=!YU6E8y~O#=8m|=3iI(J4P4ldIY<CbtD`Ik%
z^0R&Dk6>|)5Q9yfLB2jpYU;>xn5yi&o&mmL`l)2G=l^htx}@9phhihFG#Y8#O^W<d
zAC2T|Dr1H$qaf~ym2$!S0f&C<0WA@LMsf)C<7)z{khgr2GpXjZHRL;m?^v86qx@oI
zv7w?B{S0@n72){mO>&~I%W+yrK4r;pdU#6fesy80i6)MZI5=~za=bfe)I$R&J7mTU
z$9@NWnX23iDKH@wz=xi2Z1*UQ&*_W{ohH$+Yx31RwsFBZK6IU$ke=c7X02ClT20g$
zUx*&t72i2jS)N33ctrWMMH6=6^<|g(VhB6}(~|I~c5%C+=OeG{^Iw(_E_E8dqE6s|
zW0|T5eS;+cCr*h6Ug*bv=~(4)^+WE8Ph~6HKzf}XD<0E8C3X$4X^C3*JOF2rC!pCZ
z@tgE%eMl4VuHCB3v#QPuI*D!V%ThX$C1v*&Twjk<g5JuloG@aLzg4BlQpYH+XA;nt
zeXXtNcNt5wpE45r;)&I^^*T7BA_o-zHA-7os1AfK@Pph<57Rl9K|s>RN>NS3&LQK2
zs&n!pGY%m+?A$ChszyQw#J{=I)WtsZw6jr$V|y)39@o!0M!2oEH=eeBRx@x6htii3
zQ%FKfsY~2wFXaABM4?a3L`;7MnMB1qrr*v#5~7Vzkf$fW@QUBY$ARt-I{%lS%}$-~
zDu62vB}Tr}K_xP}v=(3lJqE4vME^(VDxKf>`;6|owE|=DZdbtq9X6>QjVhQoEu%`J
zrPt@UjBi*+guis@sF9IqiBc9tH?w;BZ+F>Xj@weG4NMGY4!ZD2Rphuw{h5st{mpxx
z%xEt<5pU3tWIkz&89^NS<+9VYuFJ&Co}4r;JWG;cUCEd29eSs3Abyo()w}B8@?C)r
z>t--TCX29nKw*#RL^zA4YBy!XYbp`t^!}9OQsS%kZNe>@gN+SiR?B9X$OU@jjoxYg
zv@vi%86|`NvT?W50}!bmi=aSmogTAjqXSdG9w*22)^z}N0LNvd0&N{Lq7$_O9u?+3
zg`Gb9QbD4%X@Zy5WKbO!C0%U2q+hz9g#E|)e(qp~zZq`N4JAtyV&I_Rcmf$$TwiiW
zW$A^g*fsQ}J+WhiVPcjZd}Xjy1x-X?Fko$m-QL<1&(#(Q1*bzRna9ND^lX)>VjtsC
zT11%ZKWU+D)^QmBaxh*F;-_Rw{nALH@cTGNiWyT*HPk~?AR|ni<WAkkvsN>?+%hMU
zTV_t0)mb?4O<rUI<Q*w8xGEai@UKivNP2l%-ChMV@OTXrQcwwaia1tJHQ^6u+U<xa
zU@7YlSq#SWn1PTxz?TBIr$%5mUqSwBJ;S19I1Va$2+C`8V}@Bikqx{G(BYFxbwMUv
zz9?trn)|qkIh-0twL-c&G#j*?O)K?{U};rg93?0}d}utl>`CCAr(wv#;9B~K4Vm(3
zmMF=JUD|8xn;n{yNPPXJq-mBOBAVo4n|?<2d(oslqWIn>{7lA!HNlCI_>{u(vg1IP
zcS{z^%*@f^G1d~AE+kp2sJ-#i^max`6skC*gbsY)cL_cJrJHl12Qt(EURwMQZ=BSN
zAY6G*0o{(ul+N=U=T_rse`)%w<Oy5Br!j3+2R3NTIviIO=Q^37yAjM10V2cUR>$xx
z3^qf{ZBbw%V9AYuC$o*U06mN93p&cy3t}8lkmnfY4wFyF-*bT&4?7xx0oSh`UqkHz
zQFr@GE0}NUJI1J3gGkVVhy9QA<tk}(B;U*DlWdtKXG-P;L4+3fJkZxLsknOma*~hU
zf7Ef|?=q2S>N-|-VirlO)PDT=a@~V^+dM1DHKz36ky6}&T3`|gwcrs00qkdpYc2pz
z_4dVsm(}6KGF-sIa#+;*yT-E_Eu^JicQuL0yhW#}2%IHr#M;tqE7^zaJ1k6f*XHo$
zms-=m{+8@q%TFvdyQg)-x)kYg?u#6LIeoH_vwOO*`x3ccgjw!sz5a27MU|Fd^k+?%
zI>GufLRvXacPaTx9U<ioW&5v^zRZd+f@rPJ*M&PYE;Z!^dXG^TwerSBM_ip2fi3_<
z#bd2YODTR1XJ;3GVi^5h6w%MJn-Q&_4Le;X$4{i#Z_!sX$jjw9^7Xu8KCbzl35wYM
z`~JziKF!~L2(AFJp{)jdhLrlzeQ+n@U)pb^bf3)%I4q-_@Rp>LNS+Nd<AVUX-TpHs
z_d-#37Z=k}*QbB2Kd)yzN8O`VO3Qym+}i&vFonnv^+ge8nnb=kRq~t#<x<^xY8`Aw
zoMogYJ=2TNQiJsm!0?U!xJuy-bL}IRd`f5EKb(V^Q!%K;0C~MTg~`E@t*e|Yiuu>@
zJkx!;4|(gL?G+PTq#isqkE7MVqHb~BYM!}0fGNd@#iSS9P&8@Tlweu2{em23lfq1^
zkm4ltr@cb|zaUz@_m8!IzzNl`bf;Aj_{>QgjtmH>Te0v6KBEK;Sjwi{_y?kzqZR=B
zfy9W_>wtNopIaxpyE4r0=*V*(ixLi7pxK~ogDUqPsh~w)8Ho}tFkgPuV8C%<-9=Ni
zVJQD$Zn^YGk}u8%k^9X_D!kZN(kO+^FWtSt6NDZ(dZxXdQT-W{{HHvw_)24u0ahG;
zJBKb41bv4wXPD=XBX_6E{dQzAht;3HGyGH)887_0gtK(4pUh2o)t<7qYyxv88Yvk^
zirjcJ0G9I^0B7##mBXN~06fb|iu4<gMiS5??z+H$ZA^3b@9X;#hb$-PHKgmfIc3DU
z-LUc&V4@>P<pTNd{W=G2>%aW8opBbXE&(zh|9*i0&%4Y<Sc|!Vb#i86{V`YfAbTY!
znJ9O{M}-d6ho!Vw?x~e^P6idRfV{0#Rtfi)c_jJPx<?Z?l((E&Yk1N2WlNWSTV%Y5
z?VlD>3F)75!UeGDc07V6w5OtbN@oXpaFW57E8&Nazjlg_W&f<wna;1fw6<S;@+H%v
zwfJbzGrxYFWsIZFbpnk~)FPO^Tz&Dls)DjC2T-XXMTU^cf262?$omck|1T#VgI~ez
z9Lizc@8J?L;IBZr=C97c=SXQ%`Fbm#87+|Di-fqi-pijm=V2<^VfvV?>6gV%Os09p
z8Y-*=adoi=qkOlO%(0G12A@`Pfchlde7IO0`@63AtCoE+(HKb9Xt|<dU%Zx<w6(pH
z=SU%rdz&`P4_aD#qRi>w{p)lv&|eC*jFI)Apn6IQqX56Dz@f1rmdwZr-DjW1u8anv
zeW-!*7T=P#srOAyZ>%ahtynn$`M2c6D5s$dRQ?k+<?N+`66T$)%FVUFK>>Tii0!W-
znxbz`>2DwM{B^)fc<E8yX0-SN>Iu;?d4|wEm6@%8K_4O4U*;^QFf;9BpMKo2vg&z$
zev<<Nrg5hII+f-<?ICmAWHG~vHM&?fC>mkr3LMIMoJOK7n7h_SzuT*6QfYE2z@u-4
z5}Z`<c8U|dL;9bv-<=`Lr20oc%y5mG3;CPAwBe)RW0O=FikYpkY1boDX;KxySF%IL
zHNtWX|Kxys1V?$_f0)C)Qp~iiKRV8OAES*`_$XSIN#sL8w>j=%QBlzrpvmpW^omBL
zk@?YW*Y(i|UzP)BTn}R*!7m>4K}VSql$kN8dmpZ;6Q~k6?G73#(rq~!3>ng4qb&qp
zGnj(y^}~MvUABFBVPTkeUG5{2L4J_(gczA6S`e)B9Asbnh7e#JAKIFLjxf;DoozZg
zN!3Lq`K&9b%QNACuZi=+GC<dZ$yKJ=zMw4{Q^KEHRAy(g)t`2FCWQ2@ftX6WvE~(w
zzqK9hf3pBR#OHZv1Lh!}lYA<3mPqF-ZkxA+O{_Hx=i#&hSV{%0+iu+CnnuU-!HqLt
z9O(})6hru@s)O~gDZV<N;Tzv5H6_KywN8~%yv*~?!#XJ7QcvAC{?LdcO4h;tj3z|E
zYEE0nrpa7E>T$Q5)lLWn(SUng8g0H^`>0q)kxV~Bj`fJ#zFLz@6wUvk{D(Z6Pw)>u
z#AqEqMueg&og9PQAV+D=I35R=OP(eX0PY3RbVp1@=>nAw4n>}lyaIl_-uLJyOzmvT
z7>ss8T)iw9jM9aFt-DFWV%Wp*#CQV3U;oO)Gk+2gQ)~>eb9f(0+@S22`*yWNXWq7k
z2^LXXPV_O8T2E_Od~iL&g9WZn#T-^ak~HO~^7swepB}eKN%3E7)c!LHzHVNlsAIJ^
zPZh_ccL>$rQnPI_B@l>T3;hwukt9p7XxA0qleNDZs0SRg&o^tvZ9wC;a|N_f+nH!I
zDO+%I$}pC3M;>KN7wx0O5f6v^(<7<F;s2fff4^^x2aq2lk?e1=c5Jp$8Gi}mfR>s*
zbtg=r1c3<{gVq~~d*$xkn1a@&Nc))8ax*T9$;3h2bkqWp$qK53iBwp~*&$lADPJB%
zdR5^8c2i<bJoX@tkohzg!2+5OMZavdecsCoDT#%+7EIS@lBwPcr`h#BKKA%xO^nq%
zBK5?I-Fz$BdswdCVj=kh>rrQn2qo5v4(@19U;Pl}8=Ow28r9Ab8#w!W+0fkx!t|9_
zUQa3Qc6H<W&iG};(toiWgNlwW2ePZSrv|TLkAyQF^@d*x|M~I4k~4#M41>|#&Zg4Z
z(yDF-rR!hzCD^f9i3UdopZmXtbKbHt{;PaQk<nEoNLdms948%BNK>ct3zPZhfn#M4
za{XLnK$9)9EMKdX@J<zQ!RWOXh%ybjd$~u#NUxxsYHL-Lc+Q|=3+F;#U;FWk@1_{E
z)lk$kF+by!JRU?Yie~t$XM%I4Qdqolfh!lc*&0tvbds;6)%9(lT>xv-QOJNOn!xYX
z`M<gPmUvn}N4O#!juS*EOLzUq1v4;AghF;f_H4Ny)e@>{;+MKw^Zr2Wtco0KAWBRX
zzGHYly1l-u48vK1gVFR2t%EkCS@MM!(1$oeObce|)k10dGWOyG5;I2#C7BVgTw*&>
zNRh?0&k%jEf9LiU=R}}9d;<;&Ns+Y^Qaxb894IjH-C;ulngVKh(VeW{?*^PJy*qML
z6h7=ids$GqHc;7F<fmKNL)=k=g}RapgIyHx6gAbv@7M&NMiovkxlOP(siH&_RJ4ps
zOm!RST2k>wkW21X;#fNB%7~+>mU=L~Cg}5tQpKHBmG-<+#lp(mPW+fxEEr3LOE-{U
zhFUXGbYi#0NWMn0LWN#ob#U=^J{hYjzg|k>+h5Mn9#-tA231NB-PDzd3}Ku8AA1_2
z>lDw4UtNtks&I#+L>KXBeYSV4vmdPI|Mzkwz5at?05KUQt!ZHY>U7e0g&LkRhxW;&
zzzOp8Kzzqc0>#{?Ug1#>VDW_2bAw~C8&JQPvFQAZg@j>CV=m1l9xpP7+N<Sh(;6x1
zw`~*((x-T`AqgrcKvjZ~P|RpO>JhLQFPBf%gRWh=_OmuraWINcRF%$UnSBKll%MG)
zPd(9tG4iQ4BMm0OHpDK^NX)1#U2V-^PyNzHHq%|_3@=Rb6CVx8jlbGrskXresW<N!
z_w92Xn#mKacLGIw3%^#+GFi*SL6`+I=Gj%=yKVUAp<?m)1pL{PE-o%XO-`<S`GrnK
zgh6lrkn(|QjJejZTRh+Ur0;Ibp~ehwFSqy-Xa6J<abE4W?NoJ`(cpwk7z_u99KME!
zzJCet2E$~;#eeMWrL^3RXm4CxsOFgZKN(UU5|s)7ekp^3W@gv~JwVl6w@W8COYhgO
zzgKsK(<63=0QD^KKv>^{quzm<65zJu^Xc#Q=&gAy$rf4j#t0(!R;la1)~$*<JU69q
z01Rmo#Xj9*=r0Zp6_QSRO$wu(k1=}GGgLm{7ECSj!Mt;E?N1z|RzSw)1CiWqz9GFy
z56n4#*=A0V47v2v1X?2+xR3$MUjWf$$dgXU7GnKY*aE{{CyXSskMEqMQD2r5!_ewv
zG)0Rsk6h_#f6m4v>X5_}?KICYy#tOlp|$P8^gcFK{!&T?1YImYWiW}TWdK9hGnQ$|
zVFmFJ6>oIXYk3Rf3&(Mm9ECrYJj0VV)*~w=>ieo!qanF(brBLf{d$xb5h{MjhH)jv
zhR<s_Pt?W7C6t}Px-Xfq9U^#a_;Q+>*lANzMW#Ht=>jeYm6anzKVG2^MMNx)<k9iV
zSC%F~=*IuZ-={Q8Shn{3q!w}A9MpvOH8#7P4{AD!7-^U5lb^C2KJ9c-xk)E^DEqqS
zVKRWG<nQnK{lD$<dda&_5?n4b?V?jU18|!k2lz8qp6`FJUjGef0(*DeN%`-zL;Df}
zVOAXh_u*x_gUFs4mt`?rFUF&uOGn;5e&rIQ_3sM;Znu^zZsBkCHJAP)H)m$NxbX=H
zTs?duQ&Na&XlcJ)>*^<3Nh_)50#jRWCwJTlQP|iV+5z=kY7ys+KXKVU2TRYFTU`5O
z+EEEi;Pg}vHEMS$j6i(?e+$^8@M*kU@rGi6L~^x0H_Au>9<DpakIeUTvL$xfe%cD6
z@pbx~?m;sfj_P@wFN0fE3dp~ra*WqDpj+XQV{WR|k)U5%3!3UW-7v{^YX?Atm7S}2
zd8sFs!~9+gv#?Jek<{ED_eNTd@weqtH-#Jy8O1X@#kSuhd^`aB<pLVZ=vkh^Mi1_<
z*zK5RpMd97DNHHi_`KE=M;3P7+}y|#WDpb&=e^o0dUNa*gE!HvPZRWhzG^);TjbQ+
zxg!er_W&^yNDW@c{A?PaRlbPK8w?;<Hjpu9FiBJYb@dj%%M{oKxinZ=a{1sa_c)M1
z2ELwf`qMdp8hZ2hTHtv_z)^BQNqo{Gk5nm)0>4fp<%$&9tP5@W`78V2ptldXm{Ko#
z4YLyU_fXMWecU`C{Pmag(Q2F5<A?7mwSaWMi_Pw@Qa4@N0ji-D58ONb$#LYHk2aLf
z%@F#In?Y^l(6(DEO3h*02MqH@)9QIZQ%+HV8r8)Cn4nJ^+jbPsZ3>hV#h7vu&R*Ob
zQ16z?6q?-5T!C`C%vsRO9y|)Zk1-|F!Z4uvPKol|Y`g|7ihRRR)`ku3(5>+8tw8*w
zxO=<xk$H~Eu+~<t?mJ1Uap_u@A$)DStcF96_nESkr4a%3CW|Ufge?~SnXgpqUYTkv
z`6}A+(pneHUJu<%?1X>h_HS%@f4W<kuo3l$+~x1G72F5fn|F;DIbf*~Gs0PJcPM!P
z4EC(WiGahq0lmwUL2BnL$Bb$rztb+ZJ%D%KWWIO>M`NI&r(fR}%<oq>yAc2$Ke?;F
ze@AHAb+d7IAT1OSiY5T#-FiqI<&roMiruS7JTk!k)6ryr`dHPvItSp2Ccmuq1tY88
zyTW!0MZxQmbTZyN{cP%$cwp~j9~#)Sle+3SzxtA+Fl;efrY~FOBQfAAcun9B_kLlV
zyB`0*T0GX|SOF%{0=n;e55RXz&W^&_tl>E8m_2S%k|ws#^Cv}w@+WzLLcvQs_Y8M^
zTucNQQkenV(>`uQ%|JgqO|c`j-)bus60j;@RpiS+4N1jP>n}biA8j2Z3i8U7TzviF
z7S;ZxY*hX5FEdnCKgOp66zPHb45@XfS*54KZ<%fET4D@z4J5F6+ciG6Z}*Ivnu6Y8
z@oyx?Tz&D46o@^-G$Oo+J?)qjjXK1()7E-;+AS{Yl1~w<(Hh5H`H)9--fdJFv7B8J
zFFL~-hFr8ajGRsSv`qs@MLsOEFJwJ_@{l*L>5v^yVABSHd%^kWX`|n(@r~4xTS%B7
zV4NhQ<R<$qy3x+H<c*Ah2EYNL74Y(GD1Ip^-jI>UDp(5CIRRg7q3_Uv@yI9g4N`jA
zqqvK&MidAQpA}~`eCGlL1wD_b5PzHlL$XDjqfb|nFy7WFKMkh}0Hh)BBax7!E39h7
zmJC7((xeVjXEH<soPrNXgGhs(qqLwGU`%<Mh!|DRn?RaofGC2&C(#MJIM#T2R4-Pe
zGWa#PwqFf>CoHWkGFN>g#8r6rskI2xW53id+8jRZLee#FshZIZ)xp5ZPqxj$)3N;x
zOHQZsLT0O7R0>x4W^%{!R6^RY>DE%t<#e5Al3IHe^ZKG2vKnHhZUqz9-%zsSGd{S>
z2j`n;*|R%AHbTsB8X&S!{y!z~n(i=1?~SMOtfF58p8wH=|I{`eIH>N9e@Q0^v`6z0
z(MXA2<Y}f=$Hiwez}UrqFL)8(uX>aKd|?G2$%k_wHlT?1mCx5FpB$ukm|>Ki_8ewC
zui!@FG8C}mHvFAQFv-qDZr@@GvAq75_fUC);(ebF%0@h@*uwW{6n_)kZ((od&pP6@
z{~UfKK`M(1N((3CTb2X0UN^yM_i?ifYy=7)g4#m>F~!zJ$F!L}k5<D<VNe>VsY6Z_
zh3}~C15ord8&=x7%K7Xyv!#r<r>*k`l}Xi2U`WsywS6A{6Gl`&Dkk1g;PG@QWcIH!
z9aftF#a1k9ar)!n$XU%Fi>!ZQQ>MmdIcly(%)|JJP4!np&h-|-P~8oZ=Lz3Lt*>TF
z!@tpv^RQ*dJ8i!>u}ZGYuTQECymp6~%mc84MB79%&PdKl`>9KsAAaiXE&hvoWupO$
zrz*#g1nxN+azM!!d|&Ewf0@5Aw?S6t*U<2gao9XQpMw4U!_vDEuR7qIX7@c+n178-
z1AtxKf$n>6SWGv}+vl=zJ{BMT>2vCrDI2a|Wap4UfqV8lZpg>i)tQg-qLBif$07(w
zQ=dM$w(IEzM_bbh<^5k4-%LixOxobrjUMl}k>PCVU5J_d4QJ%l<;lyLJ6hz}73HOa
z6Q8rh9M(gYhIYfcS3U%u%*;n{7dk<z0Il4%gEm$or$~E6h3`OVVfVBPlyMON1@uOM
zzf!u6A%b=j9V(Bd{!%^`;SK+;lgwgcjIN4Cyz{wB<t5u2eH}%d#N;NmH`a0C7)Q|B
z6b&YUf%qM;@*3WztCuB3+H5JU(P>3^+=YJh=t3T?emMBAyM4a9PwIS%H&?Bxhj7vD
zX#ho=RNoi61132BV|46L8r5s7JvATpm&7tYhYXySU5}1hQ$o5>3f>zT``tSD@9P_!
zE=&fXYtFE+SQl%ltVHU{5C|%nRNZ5<)vk8s+J0+timA7YII1}+>a%nmlfigsft#Is
zwF3~vJr<0B-V4HekCAkN>oUk8pac9ikG{ms-=C(bk1k(q@H=3)cQEgaE|XEVvc^o4
zb|xg6%6;Z#{(j*2m+%b#<$&b?GBg}nb#QVqqrKT`SG`d?G!1JAow4lHd%61ibzNc)
zG<~|?4LaS#J&~6KyJM8#N{?B8MRv`IAW$Cv7QdTv#Jj|YVdiMS78=Li{=iOlJD)<u
zc2+w85z~ijP1e(Nd<QUi*?{Xovs1eXPx^=HrlS$J)*N8VEG?1>lv3jG6x7yr%r;~<
z(Z!c3L{CeRYMdIz0kW)8`t3Z8nu3{!%M$1v^rQ>3<WbKwt4KVf1h_{q*O{1S{}au{
zKnlAg7Sl&ZJUrJPd+TXJnmUHmSr&mNO0q|Y<a5I3PgZtsc~H1Rj9HGxwNtY_mXlU3
zFm$GQ?eVR2r<;qsPl%YclI{r3;sTnTBGk2I;_UM8Ndo`wNQbCCo%)-$<TLV?i*y2I
zF#fNs>iBf*0CC^YWUl<Yr_VuU^FxxVzw};5!ro}0gV+1`i5e6&@e&eFSC02eQ<6{Y
zxO(eo?IabiaF_QD6R=(wm%XKVFHwDp?Ck}xIUwF%#<C)X%hY*P$9Wa2DdlKH-}c*=
z(;#hkp$3R{%y!y9LJ{+DlISm;+F2Puz7fn_DBf|CejWe$y0YB(8NxF^xC01uF-Y_&
z03(_rp9b+U9=26ELz>vWI?a3D1H+jqK+s<N(5yKlL>q3W*>Ljxlifs)Z&I0W&WpD%
z_hazJtR)SMdGId_f7PW#c3Vo^4SRftv-1T6`jd{**llOl+Jv*zwkim-AYh?iG@nA4
zAT43GJ3$#2Yf9q8&Ufxn#)32uJhiXwawBI{>dd=r#Y4kZ!C!?SpFvUS_l*6Vhg^k2
zl0MjJWM0A@lQbadTbP*SHN4*EaM@}xYV8f>BXe(k(N@+W4vg_-e!=3^?~my>V-JbR
zdCUQflIy)H`!ENfNZE%3f;bKst_+SOH-k?{xG~v}ou2Y{!3HKbi>v)9=c}PT55XN=
zQXvt?>Rhaq`KBWKm({{_YEEJQ{GjPOIGFGh32SxtLCj39*A993FR_WWzPI!){Zy`#
z(%yb3=&qW`Z35ZY;u<Qg1jEL2hrp!o>r*OdKIu-{eDG2QCWKwczZt-fX_1?SR`)#t
z$B4g6jbPa886jXFqyDI^3af_oD>u=lLPIV9RER;uAmG;jv=(q!rx%#HzTX<pOsTO+
z-58gQQB_YhK2k+Vxh5&%u3Hefp8Ob6STo2IG8ik@a6ZUTFFWEU7QQe0H1N>>YB~Pk
z;HaerHN!cd7+YR7;)jxTi!NyDk^^l)v?Gnt?%S-M_XgkSMd^;Ws2&~jxS`N}@YSIX
z2~CTtR;IZBm;G_k+D&CTv7Ylusfg12KwJ~Z*TwW#Hpsiy!1tKV)MegkQoRd*0X?Q+
zE8xy8x4Mf;O7>q;&jXTN57(RcwlybDI!Xpn2rTBnyODMT_W>c^dhx&|--zkEBSr4t
zf#VM5tC<Hh{_2}6?P>2C-RkSS8(NO&U>`G?W!2IFX6vu<k${1R58{SVy0Nv?FrjSU
zYvWOZgfPxW-Z7q~%(*HjR{%MQic9{0%tPaO+o6Jp@783Cugc%>-gBSG9ZI<i_d;i4
zd^?Gs&3DrQxTP-w{N9;z5&Or&#H|Q4;5yeC#U%jh{4_<Cpn&b`(YwZdNRuZq$j+{w
z67UNJ;GwX|`~yHQa>!Dh5lZPR+$7JoJrgDRRLW0;aiAVHCG-QN9L5)TOp$3ey|C!x
z6d?Uaf!5a;hqH<Jh3egC<F7t7c~#$N{0LdPVC5|9ZS<mX1@EYtUlXMo?)VI>c2;**
zp)mzDMh#=PD!oZF>SV)W<KnslAda6Taf{ff+O;3he-F&)OWqxpo&eCCMQS-ES+qCz
z)!z}9LUJ4mf?Kgpw4TBQ>5$UAHf*dP080FCDMJ!($P95ie}dJG{0LhZs<PfKQv{6q
z4slI^PeG_%=efs}=4$jKN^Fyq^!o>=dx?A#FbLlsR-IKQjKD$gIpQt}$_zK_@FAKE
z+<!(Fz%p2Bg3|%vZe{s;C2DASqje>YJ{kjWQj0h387hq-msNO(Yl?AhaDrQGzjbMS
znap^@=&xdT8>dIEGGu6VK=zUOa@w>ZqkbRv-nsMgXV<Za6XZiw8CDI@Z;}c+0@jHg
zr1NEtat?Cb^>>W17&`n=doJLg*udUCN9gFGhOnsABF0nRomt}D3p~jq=D*BdYUYfb
zFGzSaglNfx26yG}%L?A~Nq+mynE~myIhH(O;%*I?vLs;>(85>4@9iP^J0@AYIYx!A
zizU`J({-U)?R!s>jwJRwo8XY7<y22^<bDrt&vA`cdh#4NNB+ar`;)2t5Ks9ASG$Ny
zjaNXv`n>aAjvcjuiIgb`N7G9ysX(2LJTZU{0fYTNB1w@Par9(xnVT(QSSR$RGU6}k
zljB#um%ryvv=Ms-rz!azwskY7zxI4h5_`KFLVbkHycWFTknJ`e`6pn${LReolPuMu
zb&9&mpw|0)#2d#)CS;Zq(uzvPbjN|IVM?fE&15hzqR)&pPbsTD3f}l*m(z3HGomTf
zb-83nXwH2I=!ek~@FLuSqo!{ny$&9L4)~0k!j!-E>$+6f7+{kC3<4bh^(YR(=Z6Rn
zY5M8c`KL5aE33pIAwJ%W<*WOegZOsj@RvS99y}3Kmn~e*Rea(hs<vNMtR~;$E^VGh
zYS8ATrP|YB#lz^PImHZxa+3nX+;cn`>C&sODq{l-ihQ;<t;qeY!dYxseK(}JyX$gc
z=a=qnk&7ubi8SUnx^Von$2rzcgnHvi^vrhUSib8YPcKOF{jT(%9b|D@p}5nOoHkEK
zo7W4G^`2E!+6`&N=Mn`PoCl1Zm=2!1boN2!oeMT(w09y<ki6jg@36kMXFdkoFc<}I
zz;=4AA<yZ3Hv-J)IV?=Z%QJYtwovSCsooTZV4tam(@@rL$mFyWKU{Cug~pA|na;Dt
zrsbGG_mtv*r&;aMZAz=@WT%}@Mv|`UsK&>D<Je<Tq<gzroe)b(J&cl#eJ&sO`*|0H
zqf>rC0lpc<rVW3Fh?pc`M)d8N^n-VroQ>PB=9;rg76AyU2{a)`tm}^MRvVq#kJ=_Q
zfsYmhmV|%^pBZ-ab)xm}$?kZ1R=BibVl*h3Mbi6pE!JYpeY(a*iN)FemIjBCaQ=m9
z(zK77;Jt|=s{YiPL!DM|NS$Jdoaom#^CPy3OEE!0EMh|h-Zh&$yUz|Uwd|8T1;XuU
z95>laY}h#WpVm_`C#+FCworS#gc)$m>_H&AVMTvO0SH;gs?HqZVOy0tA14WJ-j7C^
z{$lm@6>XMSGwgD^JZ4FRFsukY{twguq4xgv@r6|PMho!pd?O#Qd@S+?d`o{aDiT;J
zE%XPlRCEkCgM9+W0(lPp`x;3Fj3Z6Q-=H$v7OC!X?{nsy3ny2ht5dJZ7e~-XzIzTB
z*==+mi2EN}8Mthp6>q#}aZ?;j$UzL#K#8tCw2R`Mx=12o+CCB{)>oKZR(gp^H#)@t
zDWmYXS$@SOz`{{qD_m#8rl3NXA~Ao#)%c2<zrd^k5Hr}IPh#UpkHAKzUA0Fd@m-uv
z!FNZ_BAWG1S+)|H8n?h#AXlpt^84LyXW{HXf&58rAjG4;0Fo{6PEPcJg4PMrr%Yg0
zWP9dw_(q@9z))@ZjeKpiO7I}+7}eLA&*zlX5<K8E9%n)S?WJQ4cg3t3E)?+o=HjDT
zorFdS|DVUL6UTycO8I1a)?0NxYVL5SX0?7Uj0ED#ECRXkz-sl0EQf50`PwC1GnW@5
zu2vF2tbrZcNyoYG(5XlLB#~%*$*k9l5x1n?x>aFUVOc(rF+#S^`ixz?PW<P!`=4=s
zI^^yqY;h7H-PK(45LqpL06G*Lhzo551#j0$@nJ^evhU5IolG3^w)>VBAiI!eh+siu
z%$sz0Y*#e~C3RE)p15uIvjaTva|C(T*z0S;hg=K0D9s<*l$QSNVSF~WuKtvdqlnzn
zpz3FrtAoa9>!ww}c7K;Xsl;fe;1F!rH(ncps;HHz*$<4D1P9o^gZN4e2c*LyDW;(A
zDH+ko2vX$wLT40m_WCc7>!Ao+=ruL6=vUW4+mWNNyHJOhB?KTECbp(M#63a7GD#zV
zrrOSn-rL*Nn^$I)<FLJP`hM5*Jv>25o5B0GlGfDZcYWr`m^-O1hXFReK_mA+YfW4*
zt%D~_`lEEAV_0QdqkL8BTZ$@MLtaEG(|@zUZA3S_<FT0Drlo$j%>D{fCdWBtcAj}u
zE%o9lJzDnToiT$Sx3`QXoxLXoE9rED2mAWu{r}eI_pYxq*0C0vQc2{0;}i?5j!~7|
zJ~$N3OR;3v@`kqO_LaK<(b_%#9xp!r%^)c<Z8ZV|X^?-zf`CKe995<PB|XmE-bPy5
z`83w>aluIO2EQ37R_-E<I$=zmA>%F=^kOxC_PWZP^ZA1*H$Cm+(>;~`QavslSh^!e
z+sm>~l}*~Qqps7(A4)K(scj>XC2v(dC=I=6CqLgf#!m)b35tsQzigOTW3NcXksv3B
z1~t9%&5qtYl8|Tp<vamRz*v}7;zZD!!lANo@AeHD4x7TgHhf?U36KgxafuoDp$W<X
z!hZ@Nk|erg2m*jUcTkjjm4vi-e045^4lxgx<KP1R#AU@N^+ZLK5)lhqwP9=JV&c+f
zk{5+c8+j{VguMQ6b(N_9yb8g^owb0tP-q?BP4Mwe#j1R4o6S4NW_9NAwFvZ7JR%$w
zDqd^aA#$O)wjR0_TXCQs4rbob(QtL6VH?ywNUlj(>uLQEDH`^OoCmNWkO6kIv*Hcd
zM=$ZZ1YK1rr(^WC13#1=q9okka=^8?7_GeAW|B9|W<Os+o4E7*&v2I8Jk>jhaY>N`
zL<qCnQQmceK;$)01GOf(zH23a$O_1d?t8Wedf}vx9)UeKckVYU{`;+iQ-VN=k>ryB
zCl%l|$iU4+!E}HmKZi!?-B4-j#`@6FV1`NY7KhvB^7mRB5i9<5O$!65x8O)^ZA;hp
z!Pz2EqRPwR=?O}<y*VW(8Mnr`7v<FSq=wPCa8K<4WM4SazkL~)KgS7TZe#*X@t~W>
zRc75+ny~cg$(?iVpd-J|)ep@^SmtBZx%RKWzXF2O(-YoesG~4kCzHI)fo_s$oP018
z<o1N&vb3JdjkiXyr_N~;ql>JmRGC7tEi8w;W;&E_)cnK()nb?FiKIKNLy(v`71~cx
znpRpyf_HS%o)m^yO-@-HgnHP}E&W^;Zrn0JG|`i-tbP`^)WT8uSNb&Bt$Ggo_2+WD
z&>gJ*%>r=xXy%kUdvBky!r^Sv(ta}GELK7w+4=fw+0>=&+wn%|Vtj)HyRD!1h0(XR
z?{7Eal}0yrCQulR+r79Os$j^qP2^{1__M%sGvt_G_u5C}2PPhb0=~&T##lLsZENJu
zPEFbU%`fFYxluca1PnPi(|I>{zzE_2SSqnQ$4cAx&Nwr%1Pd#zwRe*ldeQldR#)aF
z(_LQ<h2`i#Vb*hv@0~fQ<H+whJ{0BUrcBC4HYN6%^#|t}7ftFW9$h~BEdBZvS+ged
zJL!wRBtm~lcqz>NKKr=C{Tzaj6)*z%6Iei-jsVT%wh@168I%{0qo$*~ynG&Uhb&t_
zvFAQ!FMEj9T|h9|^l)ccIg#~3GtFj@wQ%`$5mvJ6u#5x8aT%A+eKHRYYt$nqO+8$i
z=N2k>Q_tSU$AAn2;=>rXw=$-`3W}voJaK9bY-AkLc%7;_;d<gMr6iedq!@d&fU|X7
z{C<hMX8Nl=9-VO$C8El>D{L&C*XE9$RM9sORzyc0(ekyVBKLx=8Ty>Vv4VnC8uwy*
zuoLp+wkTOifrxY>PYQ*|<!A|#RtFa)MN&%B(ZIXU;>-p(yAkgx#ozn#jsi_6UqY0J
zK8J=e#vAY%6PL4@P~N4UP0epA<hjr)H?a2A+TrcL#N7$e;nYt$-DzJUXY*&``7Hj6
z{QB<FXrB#iIf?Ht2K2^yPNYqKd)M^NV!g|rLK7!9DB5Dt*>trZO5wck*I6-3X$4^i
zyn;XSbMqLQ!~*zfMnnv$JZjFJ1Tytk9C&)S2?+dtoqr)sD}XDhrJIkBPaR-3m@-mC
zNyjJdNRBae6(A$#{)d@Y=QdUMd7`@(<#&^0Ey~!C8BUe67LbO@2m1sY=flrzPF{Uf
zU+8Ao`!dmGE$|*=zkgYTr$vR9P+kAbYAtbRfv6vP!wqta9nPLmh&>@kXXrK0CAIOi
zyOf?C5oP+^ndo72Wq(ZljYTx~JRa3Tpv7HJfweP%Ap5&*rOdqZ2R)Tf=ZmgI?xTsy
z1N7bo)&^co62jvEsT)LS`otKRM!q*+Lw+_xHi}dFgZ_KQK|#m<*GOTbmhdOz==(8<
zyvDw1XGqZ?@?$V?v#;~<N?vYFZd*<qX*7IDkGIT~ddBK{jK8<|{EEkLBG6jJa6f$^
z9q#c#k2t{1`0>|}ZtbIi54qz*k-IV6_?!p;7x=@Wr7&#)ptZT`bG?!cU3L`i1dr|l
zJed>Zp>mC~7esLx?2Z8J4w@fGOWTENKHw_5dH4f1ukYx*@vBZJf4{2N%E<I2tip)2
zj{KC%Z;pWp4L|xZ-qO0u3M<R;z%j+un5jV5PNh};&A%z~Ox}V`)+#_u9^9%mV?UK{
z0Mb)tH8_mUWLivPaiXlN^VkPkav<;@`==XGpXRLa$8GE!VW(&#Bj&C~tf*rWV}WNB
z)kc!idd`k-s+5Z$3okeW4yu^g{Lb26K`DNgJPWeW6GdME2r-!;7<il7Qvk+5nnx0N
z-3|?1_3R}V=KnidX;2QG6=pv&{NOMnY_R#z**n`-Z*jYE`_n;z7K;2l+?6|G5=roa
z>D**<Rq3*G>Dl?3l?rjpH-r@X-5|1_jSb|(rtTM)1ZgV0{{YwEy=}~0xDqDfsePGe
zKk)t=FgZwvfPRNT0hD6Yym}){bO{nxXfUas2Y~xDz&)}ui8w&64gon(jnbJBul8K?
z3~aBH?_m)UL%c$o=eoEbqo%hfau`eHT!Q(sohBNsPL^yu-`hLno30lfjBNXnwLh<+
zG2@WAvfWq~XvA=g|EuB-vY#sa6N6&wyrCHvEXY$Uh{zqIbMSK?!X{dNZRV!!vwEX?
zYxSZo!7jdz>9iUns_E12LL(j*1<ga4P*3NDzSgOiP5;P?(NbIB%O?BrFeAjTB(QhD
z27LVWXLwAl*Bz!)m52uJ<rR&XAwbtgA%V-v_edKTdB)qllTh=x7p~<b|50MJ>GPH8
zCbF{+`FSkeb^B~v7fR0q`oh|z%~h9l<u&#uJB&{M?I4F3BlpjdK}(Il*F3jsPS@qg
zr24+1lgj2*szJv0*R}KTre6M7)zRXBQZK87VuFBQ<j5<IEFdQfBQl%rD3G*7N$wM3
z^W8UdGVuH6+pcsV(S2x!bU8utB5#59qjNNr+y8cFQCtweiPJ<&KOduRo<+&FsmQNA
z^5x{?tY9yzQ+NMkOrmuRb8SP^cCQU>Gr=*fuR<NRz%9sGSP>IuVH`1;i4gB;Mv+YX
zHr~gHkuH<E&o8K=w`B4yLdxFL>fj9PY9*PLj8UylDM=KT(U;ICrpQX<mH0A9%r&OS
z=59}Kx{84jl00TwY@v%m3X9cIo`3D1`3&ce#nGa6sZScUCpT>ECrk@$)T_%bUFq%*
z^?$L(8(~f#OXpet@#)c&@hiAHn1Bjl=C_x=Z+(KoQ|-Swe**2euyKEBiie_Gx@3M%
zQ1n8Sto9A?)PEp90o~S{(PGDsZ1J`E+Fxxk+lq(9$;dyHirSBScmKrjV;*lg(17tt
zfZfJ!)t<t1ezBc0E5Z**&47~yh9HVMYfd|#Hh+38G27`@k2cR|!}@B|wfA(W9Ib{q
z4!6$`^a}89<<oqae%?Ds8c1i}^IM?%(b99krh4UFBNLO`!DSY8%TL?QwOf%lH6(tI
z4+JTd+|}l%r{AU}$0Y7l)QanC&-A!4rPkp(=8PMZw1)*^Nv#Ku%q@6n1+ld0VzROp
z)CklmWz10y{}Px8mYy!L+1KOLivFu@X0C*lw%>Ds`WW8`Djt^;_`If(S#3xLpbATI
zj}^u+=VIB<=Gx6TqF%@6X0vRwWE3*<_PQEwe0!#-K$_@yw^{K<^>s2I>5M?GYR5eQ
zMR->A?Zv;r2zH>(aI?-^yufSleP!<DdtdOFGvYgV52{b$`JLAgTOn?^%cz}Z-+m^N
zoTc?uEEUq39;vLX+;Th47IVnP|4g3^3p(y!AbJWxL#P^YjPM_=s9JQ|^nnpOv~ggG
zQ{;}!sq1Og27i2G9y6vJ`Dxduh4_)n=@BwnEj&wYtqZ&AzKiQ<Bo+bkSQ&oY{I?VY
zY*RHXI)*UZA2=;r*1izTp9K2*7UH?UKm~<o{UV-;K2S{a2V?|sDmr|!M{y`jh~=9R
zE1W`20?B^)<S1eNyFtz!^I3Y)d3xV6IZ4L3Qi)A(%G0;JRjIOO)^;!0X+wUJY|ATU
zS)e9T)D;=jksJ)%CY8jV6E;AuSWUTxEkBNRdzNTan=aP8B?e_o+QBZ)CvVTE6c=m@
z6k@4GOZ^GcJO|?;8k!TAN5qN2$&lYzBe7y>_nt&O(b6}W?^g*Hpp;>if5Q3Cp^&Bl
zfcuTP@t2-fA9w(0Gi>?&^vGjyq#+#~XcdJ4+^$SNFpi{hNz40E?KG3WkXIw(2XD!o
zYAf)x$&u$bD0$$&Z=rTn363KJ@p`J3(PK0z#@Na3zw1)8PBWFD7k6)dA?&>SmS6RD
z-MfcEq5$m>z`8BJ&!5ihd*OYN`V#)p^UsIJHnk&1c%+H*Dt=7GnN){mC|3Pi?7+na
z(2nzI{)<2X6(@*c34i{i37|IvNNCD8o6K`Kv~-mYubn7Pw$bL$^Ye6;j1OdfH%2r>
z*Q#wIeuxY^FD;zmPEuN%X0+v^OYv|1sBwFnJ-jnjiiz2*?Tlx0yJ?LTz1kwBH+>Lh
z%yi^12W1@P#)vewP_O6k%`Bnh-cw+|p}Vsp?B}m=|E$G}5iJPL;sNcp;YeS%PKM)P
zhH6F0>%1HdI?EsnABJl!q3*`frM54S4w$z-qffzlh3N{7?3kqJN}aNLE}I%(joN)9
zl|Om9r!5oF^j;I#+eAYi(<2fR5>9rIJNY*_O5F5eZhqn#YYBiQ8+9J~X^5Pee-w;Y
z`W2kM>o=^M7-=%U?w)^#hmUXRA3guRHgHtdPzW*Obw@%Oc#W;j;q>*_!uB`EYz<WP
zdmC%l_KTGm*aPV}Gbw|$YMQQv*C9hTFB$;N4lH!mb~3RHwo-sk40(^p4uL=B7QIXJ
zD}(Jg6Ij8$lW@T51weEEL!+UX3>J+ZU`a7v`TDzUr>PaN`~fO+GQz7@aa+}Ch|Yca
zRGWlVFssJn2@!bcypMm80IB$C*UNY3EAP8E3s<Nr)N+4ayIF37V6=jKuXTHqL?w(8
zlw^$g9u=zK=~Bgpb{uQj)aMZQ1Ql>nxocI~`Z4)%p(v%Fg=qz<1qz976!F<HFJo~O
zyrC_+R(K5XNMoXW-!-?#js188%B4SiPep}I@XxGUXt0~5Z$OVQwI%W%C;L{G@QC>9
z<;nPR{eLulWl&V_A1_FED%~mFodVJ!-QC>{3(^e&0!oN9NJ=B!A*FP8H^>4D=bqpH
z-aE4|_QlSe*=L{q<|l?Hw~As~J&*9g`^5IY>bWYt7stFU@GfWKIbXP-!o|!qV+3R1
zZ%ieWY8m^W)y$w^7;qm3l)-p!E<q&bpg1~eQLK_H=u^$v)Xji4D7))|ENmk#`bsU;
z7#|q-aoKo3P}m)EI6mXgbOl^q;%0>eEAf91DeDSTZz?<EYjSW%P(x>R+F)COQh#og
z4EO;qDoBAgEmI2P+653r2*T<3zJQMKxu8_p8Mpv7_is2XzIci*;CnpWnt_PqH0m)Y
z4&39#ha>)cY<*qIO8!%hED%?=n3}g)VD~ncFdHe7e>%5!G^aDvOa)Z19{wmhHlSwv
zLvt@O4t4W+XtLy45%Phu%Gk01Ki5||oJ}|7jZk|nbJk++y|2--rePD-lGJu230_zN
z5$E>Up0bT8yWr0ErK(fh3zHVrG~IJnzwkPz9$ChytJf4c$bNJv9CnlBRzD4P&RX0e
zB|v2yNmw`Ru68bFBsgr`PV&jYxZ48(a`$}kL^mss)7^Boyoeb=_GB_&bp;`M5tcAe
zFpM;e*Q`PJ@d_0d&u~-Ev3l~ZE86`+px@GQGG_VEGT&Ua>H?$M{)4<wYlcH18`R+I
zTyHzI^t5scGSnylR;vw|_y9ylem1SB0z6Pc;He7$*4qMhI6-ZyQm|&W=2^m@v28NE
z8y+4GS@2oepRYCoxjs}Ow;xa<nWq0siP2>wST@AVQ9)=Z9;F5;tH&wq4$X!y^T-!H
z<ISe^@1bJ-DUkY0%$2Ar8=~a0oxNqJFEaD--+Se9%EDrUAV`uNdXm?lx}y_zFvUjO
z#dK@bf2SbJzI^1)8F)*vbQ+N$kecW~ktN`oH-i_#%0zaQf=&A>{LE59vbA&6oc^d;
zsX`GSn@7Z(I2Lu*Bj+aQ(;Mf)X}ub?n%S;!?dH?G`MR^f+Bnz3Nw9e1mduvkD%qyG
z;D1q9FBo9mfX<QAGzEu^f$#Xm9*R2)xR!$+zVp2a!AZcl$H!uKgl(VzJQ8PyI;?H#
zwnmy294=><Z4wh#<VTfbsMU&?%z9W9DAnzF!Ws54$qw_LLt~xsKo+N2UvDpb<MUwE
zSAUwx?gwXM?rk0Fv)UaGxZ{qQYj^sAR}V)j6g-Vrc7p(DKr2@kT_BwjOjQVm4EM<y
zZ;`>flZASHw(^{*gJ7IOqiWs1J`^qjWS5_3q)Di0zx(&U?PH-KvBA!XA2D{Q&?j|&
zDMYy<{_3M|$d6o^r1T2kVlFbac7Oy`^VsvGh;82fl&2Q4O&~kC9+?_5nvHXI$^HRz
z6IYxeqBM*i2l>o?x8B3ii^1AVzx3nK-=3yl7~<Gxix&I#o^P}Byr8QG5)q?yg!y~D
zn*7tXl3p$)jh@maoT#IHJky)E<9>O?R@UT3{+gfttiD8lgpjZckbl_st09}z9t+(C
zb^ogWG*<^Gfslx&a6l3O;c+`VJKVO84{#YfJ9M!13)q|4giPbOVY=mQS8P1s!wzt^
z1xP-u+WA-M`bKg?PA72QUhM{-Q+E(iE1QkloFxKLQ^lqn(B#);61Q)&DE;<%{mxAX
zff|>q3El!s`6r3HviY(h#R2zxGryh#sDJyTH9rOOeL4@3d(Ka@A>tkR=BX@Dq)dYA
zYUBG_;$H1|bn~<APc*^S#}*|a;8=PAZnG@WGq20V2y{PeS#oYX@*hJUnw!*<Hl{ab
zVa!+NJp5zh>Z<&mLS3x5Z>QvESJv;Sm_XUo0OSlB#j;ccYH1QnA=_}Su-qitYa|<J
z1CVWz`eU3eEtSUmpFPY{efBLy$|-O1MbCxR7XDt*8ghi-7&VH$DE9dJdT^Bq`(HQl
znZMXEdn|e5!!?-qSo<brFVfrJCTkRvEsaD2YartuLh|*=+p}n4Uj$0Jel%L=MPIwT
zA5Y#iMwgQ+?j)>pk^GnIVmB-t<oOW{OS-U_v~?rc!V@x8&GjH>FeSJaavGuIG(8=W
zv=FWjY^|%l0(>taV20RzJErK&3>{LCYuhchBV!89v7+|=$g@z(W|j4O@W$1yb#zuY
zQBt8vyAmR~Eji58JYz9yAzzm05@6sC^LvPk8|uHbt1aBE)RrkRLhvT9fI{qdB+m$d
zHu>(w1?Uq>kU?63)`>$gC0uurr9J1bsNC!!5<#=weJ{ZWcE$I^g+y49saqPRTHryu
zXSXm;wAvWiheYs-y@-`W^Yhh5(>~ttTb44jnAu_RWy|<73Cl~p>+of{)>@V_j`PZY
z_c?P{QQ}nq7k-dw1oJg<;;M?#t!Chlf>~rQsg>}FW~mttX_eF-VWI3Tuvs1@MmxGT
zpX7{RAC6DoiS5xrkF-ElngT6;C}ha94r0;I{J6O^eUZ+Larb>on#Y_~SGWyp!8UWr
zIT<8=Zafcz%Z2p2uHKkB%ygL6ZrYecX7_;vzbWsP<R8BzAVthG4D3irUhqO9j`*d7
z{KT|Q8O%L7f^^<kA;(>Ol2~aWr<4Clu#wRC`c*7NEuVBcgYrrcF#tY;FrSc2Z>pGZ
zw@JBOnMDnD8x@?0)h-beMGV}rWOw@hNmK^s*ftNT0}!S!cyO`zxU(S38}1R@yV}<4
zUnU&odDVa$<jD;gq1(5nqJ?prB^O&B9sQJ=<FO|3bA9{HaT2xCgByFYGQeb0=Ch+r
z{nOV>8sYMrdYo|tGPhlMJK{zU1-LryI_JjkNPVf4EkwS{Gx`x*!_?`1l=R8N61nA5
zR+n8)>{Y0X{&+beY>GeUKZsF=pp3(t=Q-MyA5FG3s0YIcwmS0k2MNsYq6>~2g{ebS
z1)w>}O5w82nMPvZh6tX<Rj$eP^Kc7a3^zuv2^HJ4`4h|Zm=)j0^=%|&4z*aX67J>Z
zK@dESnV|#g7K8%7A$Ob_<NbOdX5zA=`?*_+j^D0qMj0(5R$vgCLJDZXAlo}sDTIhH
z-Xu$+WF6(wUF<AajhOtjhq*Iz%wbkS{aAC6cOsk1Y$qCj)##DS^cQb{atP3Mrbr6>
zE1|Du_-L}A-G?2wEjwr#Y3^t2;4(5=*oB;aw^ttzxW8;A0R!pkrl(FT^B_-@Velb1
zd4G2|GHlD`E>!X@7_gyFsA%@NUXz2)k+|uGp>ybQO6e*N5ea<_LtktqiwS;{k=PL0
zn<ezTv9BJ@=_V}p)nQ{-3+HnVDpr`1>L}s18~9AQQN>;AFFkzL1luD9Z8@fy3pwEt
zQh93rI=t_qe>S*xXpr}1jjEYi!Sil*`&NsV(^_cU>JEP}DP9`LjEqIpWY;p1`rxdR
zx~!vQ<hpxh@~m*c%&yvJJa=$o^?|HnU3-TjQqlULVW>pW!M;1@GJf|@9sdD{SSg3z
zcdpyPx^FW%cLs^N`1-8asdoQw><B#~`u)L+n>IA)q8e7;C0IEGS&A9_uUEf>?r=*a
zF<fuHx70i2zate^wC*5cvN=_tt9xO)Q_V>qq_=TMOcWZuPd7SqvTsRTABRp|DXtSR
zSEL$UJ=aK#II+v+Cm0a~*r07H%2vM4kyRf~j!#OTr62+~7~2<Hi9jT@M+0u)VlG#$
zOrIkQ5$<=B)55!|nv>mxqZmB0u-I6%Z`2IvA3e8Q1Pn)0`Hpi%|0LeM^OzwHYt_!@
z<#?Oeo9#1C2O!etsn*^1V%=G#e96+++t3*Qb)uqn&a?3mp%nXV{!&k$<Cn7W=9Zum
zq?XN?9(se)fpKN4zwMwtqfE;!S$k}f;Vkh{mdl^b?IRm`Ra7H6cDb=*o^S@D*42>*
z?T@8vF35eK%$5X+$3+I~?^}CNui~EA5bd#N8J6Q0ggQ`(3lsDdB(LI9Vq&<pVH;-u
zmDlY$w-%h;548Xic(37#p(=jfP;y>5(H5hhjxf$00IV)s_7Ie_zW!?XCf~eza$(i~
z#wteFtV?x&RUcEs+XI%hlQK|SZzX3y5_s+h%es1--?X5#>yY-US%6XVviM||(KPU*
z?b9n`s?w~tKas%dld2MW@d<iC1`>Wj;5fKp83t|i_(>I)0z0v*0~nXwp8RsXWM0W&
z4q-ZJCDSS=nA};E7D<(uL*I|Ju8opdMRNHweHp$g*}*WP$s^2%QC=u3b0#i9x9%C0
z^Sx~_h|zMVS-x(iZt&aFukq{@Q6#eI>Ml=v@4tr$V6*wurgdBN^<K}K$NnNdI0$!b
zVcb2``-MvB|ARGa2jj3LsD7UBjjZR@bo;_|@@!z6gckxm{8$o-1{st5Ff-wvClAGL
zv7|tK)0f|E!sfZP#_p5zG8tFB!O0-(CpI2<N&xgiJ0%qM`!&Fg<G{EX;22vyyDvm0
znGx%mw-jABObRGNyMrGZ0#jAcuF&dpc%}=QDH1S>4$3csQhL&>Sf20fJ!HOL`0f~Z
z<~WP^OYQ)@!RHsho5UR<wJxlJ20I^i*hR0uFl9CmCTF~|vM=Y<tDr9hkM<a<{sr6o
zr%5+_*Z>Pndrc9@#{_2`34^b&K(Zt6wgIhVG^i2)y0F4w3%<<|(r;f&i6I)oi_LmZ
zd~y{P*F~duoB5%^((r|)TJuA$>_|vgdyVOvDWV5BWO!Qjp!SSO?;A=lhcH~~CiAS}
z2Yv0zNy<_6*p1yP(JP`o67pmexeN4=5xfkotD!^nx>IF=LJo=7X1;95Eqfl&No;e0
zuRDEFH)z31mm{xFZrMwkIgA-m&xQ3lq#Rl_Yut`T=on;bVcrkizOTv5wTRL`M{<%N
z<{m}JcBXZ4<mZ2P>4<EPhdiKNJ^i}`cGJ~2OUz!biEo<3WcT*W9!Mv1(`pGV$h?oU
z5k8uw7&r!`ef~@egg*pFV-QUyd`8nb((lM^w-1tkt+;LWv_D&wo?R;YW4|nspha1?
zUbFOjqTTg92vaU-_h->XJG;X|^c}dtM{M$yi&xl*O&O2-O}yvZPNL_vEp+6lJqVzP
zy@<{U5CCM3P|7~au#@)W`4gXR!|K4E4H<uT_f5FgBky?dRdbRn=n4+`Oj7dM{!Cu1
z-Q-kF?Ag{7$8RReBFY~%%)JXS|AOUP{((!A=p}A!JTZN|T$I5Zxwsf3+*jBr#afnO
z`MGl$joM=|JlM*9nYxH9@!Pehx0qTno$nrnrn_1W90MnPh>6`Kme;!i2AUOtJ-HLT
zj+<6T>8%Wm1G+r8tvHMWZo%4|MG{n%s9lq=pxaFStyVM2&}78s`m0<AR)l<SG+}&F
z3uVt&x-0>HWWy{-+p|!sJg1d)RWh#C9>~>pg^=bI=TW;67^cU~YN{frzW+CS%7W}w
zz32_S5q}@unreDGaHhc>eZfJM4~2j;*t(!7rxm>PMVc$OQKAjyPio0zW>{sz^d6dn
zKq6|JtD5M%r|+x|v-O-2aqaEXb0WYkQ9`uccETcRK|L4!G(VhIOT=W0N+8Qx5q%;Q
zdBUPpo&t__B?+$zK$@aZ<N%VS5GWG&$$#&g6ZGq<GK-nY24ZPZ-N+Q&ukh%Z#@-%g
zX8zDlK|}Nv8q>{KNy~4TJ|oPu=&V_CTQ>H}Sv3R>NT|g<WK0rALL7#S8Q(k86>PSi
z7^hm?7b|OEEIg`L#kct$>VAKvlhxTb^a}zq;W8e>%6X^9n+vI+eVZ-H$HmJH5*E7?
z-UQYKGGHGi#Mw}5C3j~(L4%e|cjiaoN5}LteMnrng1x_3p@l&Gt&MQP%{=1|n`KS(
z0bxOQNv~!*rnb6n3~w=?D^RsV7q(#qE6A4!&+5|DLy>ge+pC5A-cT-Yu@uJGcJCF)
z%_5R4K5ZX@zzGRu@1T(tpm%*)+JiQ-O6#^4w}dP!m{yi87jJdyn^Eq(c;N)69sGQb
z6VNqbJMKU&xNv|$j<??~*CfFU8Y3)y@LZ5-^TNl;*%1pzy`pwp69zIgySmU93=o<E
z_o}ze=F=u1VcXp+OfUC`{ZD)FLfs;$a9}2Mt=Dh;uS*XfJMt!_lmj(mP^EZRZHePl
zdGTNUgW*LY7kcX&{vd8?3q-;=-b<96m{`-`KNewmf0B)f)xcqmQW`4_bK^lTy{tuc
z%q2SMdbX@2iFnxC($oMa7X|%`YNPY_<<7C6enkHLx@tBlH5x<qTM*6hyA|={nRo%3
z6s=vT^GtPmGi{#c>QA)>p6EI0$u2|VG7fVw=FDY}onK$oR#w$EKiwua)t}P|>$Uo)
zvVOE6XY&65eVa0F>$cM`5j^Ifj;Kx+t96feWTyb14P|p41Ud&HCKNFD&tSs{Gz4;7
zZ%;q@#;ey?U70oL4*?H1RH_#gY?#CJ=eKtxEN6DxqG^tAXDe%s{08Nh%1)J=(`ywQ
zb}9q}UhIZQIqd!Z{G%QO6j!z@{`^sKVaJORdh4mkdDSuS?sn%D6Q%saDCrY)D_dm(
z$AbpcKLJpLUcL%jOS}mFZEbb|ZPC0<<b%!`{y!Fg$PmPWgG^(`0r&)pgZr;MSJ>9?
zv6XzoaYua}qL|O^|0SZ+rOjIHTs4y<A3gU~%na8TZ(%`Hk0{_9l6brO{fLIfOq>Th
zmnZVRy(Rg~gW@&5KF=-}fOI()O0Qp>R<5Gttv<tjHE3BZL28*%|5=?cr*$g#ouo$}
zvjp3|`EfwbsI$5~N_h}U5L2}rkz&AkE^LA^(b!Pk(|A_XmE7R1oJ^NJQL0SLiwi|d
zNtUQPN55Mlr=pcj2;Za~sp-FTh+^FJ_b}WGh9A%@p9^fj$LF%&$n+(%b{p#7nl-&g
z9+q(5Rrl~0Dwzy`C=_Or)KkZl20MNozXE|V!Ji{O_LRp4cq6`6&sr?iKQ0cSZo_<y
zpSN>iFW&}%gis>o)*8=GuiO&)Y;RVCb_TnQ9jwSjbU4*mcIc(Ogq)uf!$pT60Z|{W
zYL~?tuO#QeG6d9(?KtvAr}dQG?US+jJYKSMuK^d<UF*K+Mk-9dAbQ}RM=)#NL?goZ
z$N2E(9yN&@zBnqA<Nm|AF9(UT%+lM`_nV_4#=HlPeMprP)*8klDLMC`>yGS+l5Y}g
zk}@w@j2~LH$ao)6`ipP-)dvyAP9FKx_Rj{4ilU+q-Z>J<oIk0rp>TD<&v4e98%+7r
z_t=gsDyh;-pFaJID%V8+&)4V8lV}?;*XwIt#*b>q2MmVq6Ns831}YD~hRE-~>YX1)
zvURd3`Sx~nYpV0`-e$HLWU&SRr<?;Qn^l0ZdjEg1I`m;Yw(5<{j1e$+Wx7)~1W5vz
z@)a&9GKjW2#%laOoeBDJXia^d74`HY5TGn0#4)(DV$-~mHx*zJNPT(!HuT?Bh6Sv1
z7`K+GHj*>qs!>>p&ZGI%*y$lgu`@1c?3c+L>Z!kM`=_;o%Upe!-<7eL!w%#k5PJ3<
zWKzxkPyP-}g`>jqFbxv8{&BRnB9Nx+vNAiJT_CMUZH60q6SixO`~`{ThRBdOP5OZE
zB>JsQE<SaACm~r14bVyz5KbuRqT3twBer-Zs=Z=%yO>dw#**$`GLxzSofZu|Y_hRP
zifKVnb)-TEE|Xsqe(XL=$lfm0NZ6r0LXNOO{(XmBOi{pYS%HX9Hx+}#x-k3v9bx-a
z%kRIeNOte`E1YRHY*q~9X(c@A_h0D<pdv_5z2%9F?t|`aivBaY&Ub9R%+n0?%uJ_v
z9fqdXzSQQGQUNLg_$32S^E5+=AA5sD5bk=vOb=|`62GwQ{~AOK%3ua$-Oks+v@m*A
zZMKK4@KSxIxFB53h8LYd04CK&EbvB2tJ?OEOQKtQ_pJ{VEZG-F2_|{JXf?7l$)(n+
zf!=+F=mxc|r#(Tc#SZJEPjdNFLxYcExtOQt0V?h+_M`B<q@N3dt@#cR$!NdwnJG%V
z+jhD;dmSEbLuN$#_T}sjI}Gd}@4opF+C_xr@^KBPf1r!y`)W~nnYcl%H|8@!%U9T?
z(>(c3p+ra_%$`A1M?E$B_i<$B#OyDx@g~9)(ch8h>a*`Yl`5!BP^N8%!?X9&Seyk*
zeyAb+@j=`4a~D|-!zUiq2Kju>(R{D#+=vX$G_+`V_vNrA=V-V72uI{V>=bN}FKzF5
z@(EExi<?Nu>uyN5x}mrJ$1(J4q|2K_O=&M{*fmnr`&o{FRke*~O0JQL#UUH(LMy}R
zGvYkNILXb^Q8cy5d^wO<yagQ3sc#?8+2NZyJ-BCbhHl+}?BW+ZIMiPwk_d)UOW#cQ
zaQ9^1065@N{r$7e#FZ{NyUG_y$&SY-^-aviPA;xJg&_|vXbDNk`LmA#>wA`mi}g}5
zw+~2~r;D&}U+5*QmzSD*o(O=ceDU7VB?80^wv0_<PUJ*V>}F=fOry4K;<OZYY%G39
ze7vI46uMECOq-%@fF>UJ<@?s5ox}|RvAxC%RJMeRe9Hg&5KKwmZdi>9ch#_M`%}7m
z>6dc2`>@zFm(;Jz>6|!d-tG*dKcO`3@zDi{_j7lDZxGD!uj(F83(6U^<e2o62$_~+
zok2?BF6V&%N15$sVNVi7N<pTtx0*|&KM-TMf-U=}gPm|wAC=HTW+%3@+fI{Kl|;NP
z@?u@7j(?7O=0mntp+aO2a@`^$bDrU8Q#ZcEK^$b%ymDP)f<%&MLW-TMJ!*ePaW_?%
zmVfU#n0H1=e41O#Xx1!Pb#qM+uaJ(y%x&uOPTaNZyG`G){ef{as7eJ%)I(!^xgZ2X
zdEFZh5cA3a7jedSjjkK|=ZcE|#mN+`r;o1+j@B!1#9g<Hj~YVsPCs3Z{>!;*WO=!u
z<h(lAUeurXbY=w;Y-A)rreA)d9spAEcXZwr4&nlND5<%G{-XHrs4XHsTW+hc$w6@3
zb2IQshcrf?(pV!wJ?IM=QlP~(hyWC0@qq)SXB?UgqtHQIB`9In_dxW=i{YRp;ra=6
zaF7Luu@y5?_IyW0Hy@9mhaly8EFDit<4u&}05u(xEAiYCyfO_g7K6sy+6D@Y{D7^0
zS8GASrh9T##dNo9SqchNtTrXv@rK$p0+c^hd(iqb$DzB!=z8}v(?vhyqf6l7Y1D~!
z&3|%yDj2$ejH2{vGm6ZlA0LCfg})^DXVv_fri~q}`e*?8X)v4rB7G|F@R=J+Zk8t7
znqSYSDHD5Z{SnHQ*Qj2NQ5PQ<bIGf}vX}<9!i4Q4&is}h9xx7Od`t!bU~0W%!1yz{
zoh9D=6>wjxr`J!f8gXk{Of=*y>&ULa^^15h8{T;_tn=C&(_hyrF?=bB#{5?iy@DuC
z#qdy=f`cxyti!L@qv3a(v1{Z?=f@VnV5s&76O%j1^PN=!)7-=fPFlLD&N=5#cY1lJ
zFDL6?nRt0<d1$+W^SnL^B;SER|0ALu<g(kb5(pIM#i`xz9y?R|EA}P6zyX92=Jo)b
z++W1_e^5r3q@PZvDyRH*1aS%&$dH!cn7+`$O%D-kmKpydu}_dWIy(d1U^!iGM}q=X
zkbgfL^*Q37kLYO>x0%R<JbKZv1ZoJVn(m0Lkt%xxjl*z`Gp0rXGg}zS&1TJscMMmz
zt9z5-)#>SJA}DRY+8LA;7wt08D3k4no})0E__LhRt8n7G><f3@c1_^}D)W#;@IbBs
z@)N6F;m_6#Ec&;Y2MhC3NH6Z#ll!FW!G@FAym!;m0pHwwfBoR)@<ol-sqapTR_Q5T
zeM5RtNBX^CyXkQ)<Wm5<tP=I!t>nL=MX5Z7a1p5vTpiPsIcjf>bk29iF3L*^Pe<yI
zF|jc+tqU?*x41omRqkOytx+1*E~8N|dt*Km=Nc7(T#APo!qFld@eaclv|H&=g3a8o
za+P@ZL2OCz4u2*2o#}I`yclK22S2)QbRq090T4<6m@|9WJF?)>8arC=?6@7|3{8uL
zOJSYDjc6N`Wr6_{b`ma>z5?bS`={_?c_jx;E4eU)qLRRMGaDi|!!R53Fn8C()EgHw
z2Yb%V@Z(~SA2~xcGYN43_>}YF6{A@9U@I%g5Qcq8)_SJ09&vr0zF$69&t|tJAw+k~
z7Wx$iMDKJbZg=mtDDD#dA;>uxo>rOtW0Nl)#3;KL&eLA4-<}Y6!$uo|V)Gfko4@Y6
zGj#GF`sD76uq^15$gjI5F<<TUb(IApqs*9+{9C;JkL&OcP&H2YfNxujqI1N$RH>RV
z27GzOc^~A*aAw%L8LV5^?*o&+QuD+W@*`sIeZQ=Xjx?U1WIrc(xP2CtRZrVqjeNFg
zW%*UYIo*6*A~abhargFm6y^AfR?u3vP*#XV#mQsl5bAV>8sbOx<#lIyu|4y#YZRDM
z=ugYATopWfDGz45<-*oy+m*|?7{}tcu#~;%vZSG0l^4l#p!<=vTSe;&e(8TVot0Ke
zCfj^E`v&9X>q#xo3*=a<pwg-!!6?SJn#D!9J{vXp21_wTpqY#F25sZUEDE5L#kM;@
zhW&*Lh`m0`f*Qs;B^MB30YLgxX!C&ehZQ8FzBrtRi}`&eWg#`vm+NO2+R~&6FDi#p
z_-(!i0Bab6eQB1llOMQzaX;&m$K}<%a&~>b8Q5uS`<aCI{^U-?tIe3B;-o#e&QIVg
z8tzm_<fSNvHL*i`y->)}q*h^(%~dc@e#KonzSx+8_Ef6Z!$9q4B7Bf}r1RjpQ))#q
zn`n1F0_R;`!T4Sf-<Xw0$}00QdX6ra*{0vl6B(ze2Th1XvqTclGCzlX-;*Mj=~T-O
zWhnLTD>A0iReeU2^u+wkZI1dvn5Y$52AA=W*bq(T<_&IZB}>uuhmMza#Jyq04^zCO
z@o)<_Ho8#+SJTR5KS%8QqOTKMmD8D?*GP#i3JNoW_y6oUxTXV=1%Nt1-`j`cdp!Kt
zPwL$&5<}5wK+HwK%WausZkQu+M=<QiwR~71(YQmTs)Ssyj?5vU^7p6wx_7Ll@~!&;
z%vSRrzpx(m+gB5kfr5wIvIz&QwGt3pXUL&NqmJjIGY)-o=0D2Oc0ycr+kVbwBZ6=B
zybEw*y<o5&68v%YAE#y_F)&jBsp)&Sw;8gLcW;ZvSP9a4iWC)N^{q9m&`EQnEYw!E
zX3r7d(UB6%$bF~rm$}*)W0CcwyLum)lH{YLHpUV?xTN?TANb%P-1i#2eqJMS;s;{J
zXzE<T+`@ELOexX)(HIAL<CgqWv|BCf*d+H4p4;DXQl(q89HfmVnQuMa--^NT|0*`R
z#r}-~S^N^9NXD^#ob>?*{)#&()9!490wS}5dINb(V5KY0ifsE~KOV8%EjKJcg072y
z>-RMt1dqab>Sju|%?wo0-c~(!VmC;8GxkfL?eOJ!VfJnmNVx;d9%r+z$4AQe7*y}i
z*Gj;!uKYT=N*(@%U?vh+{&#YZ670AIx`#ob>OWpKs5g(73+tSUJ_tIR-9#~~6Mlhm
zem46-b+r>9uu*^@$(_5#2Qy=PbNhI5uWHQsqUG9Y!4IeT#6rGJk9s2)44He0(YrO`
z6dJwSX_gJT2C~qAwoCC5{(==f_1xUt>CsWNn@i6}i3{oc{CxZwck7HChCJ@ft`kmo
ze0`r-4Z{#cl|6V%c4K}FMp`FiX?YRS<s7-U$K-@8WBhjH#Ulvp9tJU&!B*3{G1I;c
zR$m#@Qoi%jthD76Su3}`K6BXHm~$+|VZl|%6=}lx=|#9w58FY{#3d(T4vanCrG6#$
z#cO9j*vf+k$3#V?V17r4G1k0-nAs?N%?wpdUbpf2KDO(i3MyS>T>T0`1$mL2eM<Q+
z$Mso91=44BsYK|t=dLgI=-I5acyh*nu~<B#00!9q7q#<zQOXF*%$_sNkd4?8h{zGu
zpz1?_k6)_GYv+dexgi;N6u!{+3C^Z;{Dwn&-?g_CWMj!($nD{5dLLDPk&g26tVzMB
zhBzp7N}x%O%sY}$gXNMwG$oRjG+|wRfm@}eK0o2d@-Bjh!ddW{C4-P9mzI=&PvU+i
zOyhf+vG&btu2+ghVnNS$3js}rXn1K|>6R@k+#uU|K-`CDvHU|g%RoR-j*qe~56k<U
z=AVwZ%R=2a?21FX%%OYlUY|JV#S^d)d}r~{LD92XM9ZaEtb40XB0B66A2eCdfBxyh
zAkklMShoLOUOGWb_yE^F7rk~6I#WJQkd>OUl&D$|DYmVo6%`#<;JtOeCK|1!9fMNv
zxl%<TnZve|d?VTIPuXfrZxbHo*n%p_H=U+Y4+B7JE}{LBDH12#7lS(FiSkv5u<#|x
z)ddM2ZF|tc<SwA|uN8n?5rxvE`YCCVuB!^u*ZC1pF~RO%AP47peR(%C@jNK?d1F#s
zX;g#BA0D;2-n}1_yJI0KzC7M(lgjUozQ9hjX2_!2${9U4=--RopTYnxRyzq6i54qA
zHdx3ex^0!vG>h)zmttBIBWpVzXg(zb*3T=>Lh}Ur->AOSlCNpQVpafsS^t)m(a}*w
zb=eG8vJ4XZ71x$VV~(fW_BaEU&1LqQ%uKcU>DUCs8Rvp6vd73Z?7?5#QkDK|)eZ08
z3on<WeVTFD8a(%HE1!l<o`1q^SKR8vR{toDwQyt2D(rW%_<knNI)*@=N%Y&6Vv_Kc
z#i5mY9f{DF=Cn6xY?1m)<72w$=o5uvO{zjW>evzmQ%5f$Pwi-kWEp)vIE}9(tXUr}
zbM+F*v*p90#U+vVDK&<n*HWuv<W8J7?4RYiFc7>4&f_YuwkgSt5Rzi4o)fF<CwXr_
zk>6izl<iq6rUO(5!2gX90fB1+8QZseoX@mtV7(PP<`m)1WT_yq-aQ8G)}J`Kd%Bn3
z$#kG`KO+}BsjpL%*gas@(zY6lZuJNYO}H;VW7fsU#AV_;6msP3<94$&kce>;L<8=G
zJbtH}XtZ?1>NXr(XL6?B5zOgz5l{>!{d&?z&*bjCbh!o&pOOY4H2CKgOr!#jv9Zi+
zGUa75IkEoDrnNz|pMKj~QA$?2HC_abMHinEx@7Ig#dDPq49g_0nTYUt5Q`ACXpIXy
zYJ{0T*@ylM8Xqy5`RUv0`B{`mFd2ETA=mL6R{n^Hj0FN#T*8bFEc0gFP+r0Lt3{T=
z{svjGpS^Bd1kYFmGIbu|qpu^%*Z@lXV>l3We@;4TbQ;v1+yh@-?>jECcihfzHcD>P
z3Q)k~4K2pj&fgpBnp1Brm-oBnrL7?M)IfbPi764*0wq!unPpDe)lK)euGYa5-T};D
zeT||*C0Afw_wtT3TdH&r81pj)chErxuKKIWmfOa3zRjWXw?eIlJKNmEL`?`@k-gX-
zo5f2XT5FfH#I&6+&A#FvwHk~~)nQEuh6bcv0+V^7TO64rtc7kikCb|-zFFSy432aB
zFP3>$>n&ACityUjevATD7lPzKOmxuqnv-iX`iw){pK0Do+O}15j_>(?6<Btxjk&h$
zcz0=I*c5(ZX6uY?3(y)9Xt5h2)9i9Z9-RJDo_j2aY3}oN@il$}x&yu_t!A`0stD>S
zWy_fkPTNsh^+syffQT&3K$bcLfh;Y8IZ8;@DeMZl0v<J>n$bfITkO?lUi<6TL=DC0
zr@F^w#5dSd@k?P!2~vpUBk?E_zTLyFQkQpzMD-NKQyd$5J{Dahfy2bCRT;^86*gSK
z!fUibkG-*I_m~Sw0Lm*Qo`7dAEcy6q|8$@Q1_>m2&cH4KPBF~j0M2z}s3hB>DpdX6
zth>PB>C(p1k+4U8(SC4RS3HG=631|3G>Sos6HhEs9M`telTz}zsb1m(#kx26Gu*2Q
zjd1Q2uYQzqX4G+nOqB9DL~;f%Z4_1XK{^r=MD5anZbB$0*2;*ix|*8pV`&_?*etyZ
z%yVMPQtpgNZLisR4uw=S-8cs;r1gB9I2<6HqB}Uj#fvPSkuHZT9P1e&EomkZiEWr(
z{KU?uEUZ2(>hxKL*&ElngCDP<xBaw|gyK7#cA_j6=SD3N`9q@`DH+u<-X5FSg6D2#
zrIh-Mtr1qBj40yW&daoj$f8?#Qg=50>uMF`JuXS~7j~|(bit`0aMj>)M^pp98sSGl
z$S#i4^;#%7c)0aV$vpMJbXfmLUvurXkCYRMO@lQ}k5k&hpS0~!0OtwPChx4I6;D9<
zwmCvA0{Ghl+2Q3BeK{Cp7JT3$z-z^JM#NuM)W8TD$?U!Ou!M?3+qGyLQvmHWcOk<`
zl{Zu8rryTbb8LcWU2g0UqzyxwuOx061cVWAToV~>*rEy0*><|CsH;bJ!Ey}g<tK+Q
zZW^V<e$9z>%L*EvV&EB~nVH!iOe0ZY;WXJ|^_6(qhVBuh#6%n2$~+EQ<KO;+q$(NC
z2ZI#Rd0K>~iTzV!I0b`E4b~FxX+74z$DnDo)xTL@2<Jc!m+cU!^M@;A#cpL!ZiEe}
zm>}Eq@feud%Bl^<h9xacjAc-KL#H(M)1%xqT58I}pH_aFNv0+EvnJ}tqlmy9UaM!b
zdRM<;IDGN>wZS_)R=ucJJLpws?wXeIbJ#Frb_%`8kNDg0hpw6O-}6%M>&QDcYRvyU
zRd*zo7DE1RDCc$fjYrrp0#x?^IJLqkR4WB5F!0~cnQeqJ@qN<*R*Njg$@{X=<~2-6
z)lV{5E%S*b?-Y<0CRjOZ{S!P4El6nNrqeUqeDP@3*ToSed!@l16qOmymT!kXw#o;S
z4<0+K+VH1J|BjX`^|zVLr8G9y&W0wmb+-=TXiM*Hu*%CuO%TFWK~8qN>r<DhdYM$*
zf8kWY&d#ns!m5!X#3{rvM0Z`z-i>&$H@K^fpo>nc2{(L3Dyf|5*EfIPFR0DSb2L6n
zN-O_{-kpp1YP#j2=E(*Oll&??%ER!E!o#?;8$*y}!KoS2M*i%;T`?ZXBQ1V}((Y)b
znf<XRBg*sk`~BZmdR?NscvL;uTdKp`guRbydaP`ka59dpacpI;ZNFTN&b(gm!K*Xx
zIE4^pRp7reB8(8LR=^JLL(UzTPm)?3-wcph$D(pRa;L?|dIS5`bLru3jW>-~u?spr
zg87#Tklg%V+M0sAc=46IO)B~C&F!+&{q@t}grg8x<W@X`>5a9g43$i!>k9bvdd|*e
zYEZ|_cC%`dtSE0_gj@exsyT@s_co2n_Oe$N)_gttaQ0NVTE;q7A28>bNg2HFZ#9|t
zw<E&lo!$`|BMOO^_xD}~oRIlt_axC!+WrYJBv?b$Wg9nejEfKYM?k-uJ<!k^bp{lP
zHm%nEwdA}DB6<8eOu)vj_(a42^o6<abPo^|S2ROD&-|q0&Vp=!(VN+TrsTgfXpQ-n
zH9G;m{P$#hLu6#&5mxtU5!PT{WOqy+8^3cZL33Kdl)Hx}jn$7pio24P0kzkkC9jg<
zT*80M@L!OZOCmp8K(=J@_Wqh{-RgWqM<x;zAg%R;H>n8d3>xlo?SqTXQiL?HQxU4V
zEc58p2|iY?B*U%!acUyC+6ur`3J=@Xj`}^qKC-_z)iZ%R;vOa?Ez!PAe5rRUMy0tR
zEn>BR$xUmRm#g*y=>f`6##D|LZy%;YYRs$1+*P5H(C+R$c&GX&Lbli+WmGz1_lTpP
z<18zC%pznz_2VP)>-wLp3|}y}Xsk(~EL72lzkKT({|HpgIXt>FnZG%v@m*1rUrRv3
zFfL2$|ICK)RULxG6ym!o_yB+(la;*@2Kl20gO<I4Mw`AJHng*JML%#d3cWvk9%tap
zQV#jrS(y`1N3J*#rx(jp@;)^R8KL*u6wRQX*XdWQNZRWkX^~cY=H4vmMPpLjIVAk$
z^V3u5<SZ-m96j6jr;CeA(u5?sT*tw~=6i=iGkt4KpS7CwY?)68QsQX44~gdsThWC=
zSqQFls(Iic@7~=!kbkY6!}L(5=6v;CD)S$&EU3{1pMHQ8U=Edmt6lb3U?|tSH^J(o
zEdEp^U_LPR28%Lsxk2|4Mel}3&YPt!(Oz>VEepfs_dT!{<foN43dC6g-F_FQ?6(=E
zgvFda+u=){QWKEDD@d1qqm^^1%m9aM<coS!hrGtwPccRzDEhcy3|u_0SEU$>V6|Ys
zD{}1<>-Ov1VVw`Qpx0LJg5&csrs3N~>)f`OEsqsnr2`j%r8MiqPM)nM@u{rp3*_fj
zfxW-gKxp@rXk^FQq_G)zW2s3^g*^fT$G-lK{+4=<Yx*Ytx;WLV%*$egH(W^|TF%`3
zIM{Lbm8kAS|AjT2LH(x7n9Lp=rVA|<$|P@9VP$_BX>0Al`)*qwCShAX_&-@1fd~^S
zUl~8L2ho1Ha@N1=soovH5UJTH>7R>KU?R@G=Jz@M3-_<+C<~LhzDs{YUs+pJ0lTLp
z5qSnRH@I)}qPK))ycOfiHTlO!0dZo59fFg`M|6&vyZL*oo4RKS6x6T3ROYDVjz!9=
zDpgT3($<UqO_Uuy4HUttMsL7F4BeUx!S4#*Sc<;46klKdcsI8GgNQN*XI`0IxJ}({
zYVC-s8KXZ>nCi4_BORJQknrB|to{L4o)bx2V_9Bg?EU;4V)A@N0(29$r%vcB_FW5l
zQsZSr6u`}lWgdMhnUx1Dgl}pq=JQcWZ4JR3L7hG38<$rqFA%y*Ng`_@!~J0(D{E?f
zsyNOc^a=;%BTS5UhX+pWWMxn83_+Qa+6x+Ej;v3<s5TvIrp#VPlJ6OUWG;EP?RCFO
z<{fNVztTg{=vC<6?)8b^c*ifQUH9%IwoS&OzUs8+lD~Nqb<0Y2Nmdb@?s@&0`QJQ+
zrB_V#$&_b}Z*i($7d1z!nO6FI3??Az{LX6~@Qub<Ys&dRD*doVmvzTWzvY!ctkt0*
z_hDT1NllQ*zDP<00-jDs*auN;$gu>frMfo9<JlgzOw!H=llt#WmdistrxHeiZdbWC
zPR1;J126xskIG)1?*cAB!8uj#Y`vn(;1lZOpQ>blvVe=xA~(@}fR0<M7b}G`JHxdW
zrLowR%wf~ci8vS+fX^4_cwfK1Q<w^DU#`L{5ni~7ycFcv(fn=MBOihYe)eoI7nWRN
z3l{!12s%5Ev4X#%)nx&JOO3bKCAEsm&4XABddSy-!9k?F{QP~`(%oIt4_#I&EnC@s
z?5)sl6xYfZcI0i_fkEzGA#=-5ug?!3&a|os8Qro+<Yh$-DKv`ubTBr;)6%p(Q9jJ8
zbuEgRnVTEDsplci)8H0y(}-%Z)QI@-S*&}_P0#fe2`<uzurY!`!w24+(7We?uD>v+
z0LtYypJo>LteJeru+%Vi#J$5Wg8skuS4OENKjtI3JDVaVce(r{!M`a8xPuqp++f1#
zvqE^y8I<h_S9Jmnp5S#s)k&0%z*c#uE0|EJ`TPH40c63!u;n#?@FJ;-TITKC4u%E(
zOALw>Qxlk^sF6+piyy1)`+DK3MoKE8u5efWnF>anB;v7u?QQeh=`J~VP~PCCZ9naT
zwL#Pq@KmQ_<e$mRNNTD=0%)xn*+RFqEYKSbu%;C&gM*A48!ccK{~Ooj_zQ8g>$Az4
zso<!SX3jY>fCU4esHo_8bHO=H#;pbkEiDLvVG%3S_E91^B;cCU&Go}94xc<0&8r}G
zZQ@DG_%?K|#}fPw%{yz17~Y_ta8rKP$7i)+aAN+DSwO*Z+%F9W>JyE)(mz)Q=QkK$
zg2=-!RPskElI2ng((FxaZM*iA8Slu1Kt52bM)I$C)DyeCdNYN(1R^n&<u(|CGZb}y
zZQyOnBDZO^Jl%TOgE)?E?MP0sH*9h#(kK0XFol(B?xrKAD?~<+xDo1H+y6#ARD)i&
zQN#$mJduF9gVJ#E6etT>%(^Cv)X!bheGE-`AXes{e}Yb2GQ@{R8<mP_#addv5Pm&4
zvN?sDu;1w(#~-g!k8$Ve!-3rfCZcy^LTg1MZ9R8Up~NnJOUzV7^el^CT~^TucO=Qo
zJ^&mE&(aU0Kp_kx0q~@M84s2yt2t>s5mCFKF7{^0SUBM~F*Cb4eSG{98>^<S{;<1C
zzaf*IoLDKqA)MDZ|Nb|Gj`v9Dajpujgf1R;>m1)errxE`m)8PC$pmL&tacIZU|&?U
z>n53a+O7Ik_P@bvm&3|>zK=548AF%apQtm?a%GYyOHi-vu&6+vqIsLk*7DkeJVA8S
z_okLN3T_!j$86)n;Tu+)g<=7!?>BJ5(Voz2%sr5XaQ>*x6%EP`Ig~b7A;i7uwu-=*
zxQD2A1s6#qxEP_9lV{>s>zBS>90gWhB+qcwjuyQy)=gr%548wh2(Thx%(m~hy5c)E
z|NOghr)GR;S10B)B6zJXIY3|WaGy<ZMY`pT!D~qTcRNQsMFYyX4S2Sdqw_3%T=)As
zg-bNHKt1o(OUGc&80_%Q;cobKw_MjK;D-9*l}1m@&Ir3G=?16djrwf2d$)}%XZB#%
z3Tm1C@i)31y!8$YWRd+B6_wC17xF=W#&@g?s69`e?X{6|NUHa}<++lIm@z-XLc}78
z`)+k)*E&m-JM4?eA6m&bh|5m#s%?0R!3k+q;NG)2kwTa^UGke#3c7jqc4C)X9hQ+R
zRPdht$4EwK)e0G7(ob4FQ~vOmYMocTsePWp-o1!LNW|>aJpZEk*6t7g-1jkaWwxg3
zJ;9FRQ1$5yx4UG2(NgT5;re4|TDr(Zph_}d+PIs4dPw~YP?ajytX_s(1JghmU&(<Y
zN$$?pRV3iEPQ1Q(U=PAnokH2L-|q#7YOn7YJG~>^q8U11c9kc#N=8B^D2#PGoiAVg
zJph4+wOBETn$#h>_oe#KmGG^6$@x|w@K?YsTltO==q`l1scIcsN)&wc!{x|Q77-S<
z=#04pcWQ6Ie>W{H$fS*pwQpJR2%Pzei+6S(L|2Z^AJ`>e#)%wz7jHf<?y=n~TS}0S
zlZr<BDKKQDA)b7tn&r4i3Hzs<vUdKvy<=9a)jrPPOb8Zzoey^BvSD7`WA&bNC^s(g
zZyplyH|s)ALB%J=MESR}&W4k#2@fXYMGctPCW$0I2@XEZl~O&;8lhhil?Kx>*O$MW
z7l$t(_!HiW_XIf<ZRFqYr;1Avnr-}vLng0o{!~T0R#t<Rs`AC9$(n0HOR~}X_~h+x
zE9+U2s$YhZ58b9W|L<a2I}ffB@NRX_o9$VJ*@#KRE1!QE#!ecgyfGxkv!I=?xa^*w
zaTfaxrRr1DX&FqfCCVJVz4AAA3L`(HT_AC|mm7c#mVH*$<xj1{9CCq0*VpWNWIn2d
ze`&2w1cvVazR9Ie2R6K6R4UOqcL7|1qSUT0Ab6jKl#<fQS~-foGa_~Wrft!H8IL<F
zGu%G27YnAtZIAi!@l}cTd-C@cmSPG-qBOP0e^(DQL$g>4PHcQl491Vf?aun=TiETe
zW>K!<TT<^0-<0CBp&pY&e006+;fAJn(&&vZN^BnsMZK`_`S2?@tiDJ#B3<OZ<9cvU
zfBo~5eWIitiJ_^kRh)*vD`Xj>v8Kl=ym_zAdiaP|&yspe`7vIUI~H+1|MJj;&QbzF
zkG<y$g_?5qD-vqu-Ptj}xs<fNit{RPeQ*i9RXtkFz+@KF;n|XGBpe2q=e5uX>H!%Q
z2|}}a@f3_${!^CvVYP~JJ?PXw!$@)VHlqgrB|NfU-@x`B^j>e)%_e^ex<YOvzLfOm
zkQsVC)?Ktyw%@X0K|cr~E>nFecxVrY7L?t^1GLY3!4eBmKOAHKQ(Ts%55y@1`BI>4
zk}PODI~Rm{|0MolLsGN1fjZFhb@m52u8dJ7E;Z);K-P+_K>0p2l{7Ubx^jW+fmUn^
z<gZJ|J10>}hZD>}=k^y;njh=T;H8CUd>XvC^n%UJNb`}#xQJhS7CmHo@O~=y{`UM@
zI7-mHJCN}Cfb3G_$4Xr@(Z5V7zfaE-d#xFBfq3S!QpQb0e=E>?)XmDE8YZ^P_90_8
z<gX|$`_4Q5iTCmY;@>Y;@bzqebiwPO^pWq9N#9m2(uVeERjRxcj5op{N?Ia3d*O_1
ztEx~l|7o7>G5N)`9qTaBuH?Ad(}%jZ*G^M02W9+H$%i(En!^v};?e4zZ=Q1!v`@Gk
zcZPN(Pld1oMg=Th&0M35|D=$AK>Hrcf%;j|s24zO5eqeX1aG1O?0^*5`;=31A`&uI
ze&~e!=V&@V*523G_dQr-Qn92zx1ER>vb_<<Q>;Dn_>iBIqU@5YvxrxP>o$@ZW}P=8
zgwJdS@z7z)AJ}x;Sqv~*H{qjINJB~-5z3ex`Gb_7sj4rzRqvT8FnATmO4#21apmHj
zrT?%4GJzfaSUbA!!LJcrbq5U6yPdI2DYIKQObWfeT*{M8T@<4~!!_*eG2!duS|6j3
zI6Z6#V^#Y?(Z<Lq%i+4+<c$sHQc&tp?Xfd&6wBehX~6sJhG51Txlr{hqn2B)+_cB<
z#v&US95|nW1yTQtWC>WrPb2ewQHSC*3|uX!zd5bvS9co#!ecp!Ec99PpDrX!Ept%E
z>r^EJdOX>ezGQ#yLY)%{3b^Xl7=gMmA`Hfi{H-T8_eKxh3z+jT?S(YT)eO60Colo`
zw5$3sBD^<vIX))xCJVp8&eE;LXxX*JGcZsIly8`toQ%H5DqVi|?f6X&Ho#nXzm;&e
zeu-BmVrddFdctY1g?rd96p}1c&>^1@+L*@}9W?BDG8JB($d{TVvI#nQMpnLRGv={Q
zBF%kmiX^4xqPTI;Ta}eGP@Q2tTSwdb%`f$hp4s2Fq_!<Lh6{3jGH*WfT`5ZR9>j=-
zjC>MZ7Pxor444Q6&I?(=?uM?2Cc7I~8MP<;n4b{ghOux{E5EX|iA#>Lew12F{_Jzd
z+#3DM^4(+f=RZ2wD#;66Q{mwU{M+6C3VkIvo67SQhX9w3HZ#^=IWQpgf3*=~<2cXZ
zmrKc~?h564fa&4ui#oR6G~fj<x_M`fnctRRRZlF3DO)`zc-1Xk``Xj+&dA4<0~V7f
zSgt*>{+K#H`ts`G4WQgV<7%8H<4n0&aw~WEqihsVZSRFn$@WdGmIdUU`iffaOPt~V
zlcir+Sa=v=1{qEgU{<324%!5pEF2LyfTAV$=?K_fs$9n;QxiQ}3bA&lBHx*LM8Dxp
z9Vx}ryzVbjvgcRJRpBBU{xBs?X9*qnSG3fj9^o}rnK0KD49&j)bu;wPv~wX=Ht7ea
zyi_RPwh7zcZDv=J$8cME%$PM&<R=j<^B07Nj^WKryerjkrfjKqS#!5!X=cZaE}YEy
z?Ncg!NBoV~;jfD*c4P(i7=O~NokwWtj`a`khz7(x9;zD4Jw2>;BsgXSZ9ae8N}K#P
zxCFRF7Yv4F>nDy~EoY<Z@aQi@j~BZ@P6e(InBc864*_@bB>O&K0_D>5p_`7eCuK;$
zL-q$?^sD+<I^S;no@R$A$$<PmDyyoGuQL6@C<1{5aO!GwC9W`K0keF$N?FT?Kth1G
zp6}s9z-v1(iVu{7ByfB6U*`2TuKtxYg6Vz+3Ms@%2M0~ygv>xz$mP{!Z0zLZq`&XU
zJUh);ZQckZVesQ0qcdfu(qhbLqyB-?h~O^fpX+a>TEAOAHHz^shZkJ$DvOOfCE8Al
zWG;DnM7D>(kOGV|K2hNNc3qFjx~7gKaPSBz3WzP9%UQ8t%fEhh9!V4lXNq~}KC;k6
zWh|>o7EsYiTa;FC_OH#%;tCDnoq#M6s^Z?1N~=?jz@NZQUvhZ&b^+C=m)NkP@QS^G
z-{^FA++m)V;8aoQ{jbN3CA*KF`M)O+ycqQ8-NdtTBPh~TzFfRYropS2f_Crx9v@0g
z2_^zK!&(e#|2GCaIKXiLqby@yf#k$LD;S<`jhPQjFSt)yi`7OTm+jFAMH>VhwYPzK
zItw>t_Yis3Kjb2ucNS@Q=`&~xog|~NFm!9m2t9UFZlH7<U|dqlZ=B%jBYIc8lf?g$
zAYv_3FsMFOV_7Gv7~UP5!2?EIZ5UAuKueo7rVc83ySAL<7{uCxgFwUTXo|k7s;VDx
zXTGdQgSTK?k0SBvKm!4<EMnE5{bSnAU*`0Wm2q+*1*FJQB@6c<x~6DCM{L}#O(GH@
zk~(|FJ!*;XI%m0AlsU4K)Wk)JnG-xkwDFF9_GU4X_}kFw6&m^HdTd4h`RDCx&4p_|
zj_B~S^Fo&e^Zwg`@q&_F?)0I&9^V8u-9Jd-Utdk~-DO`R^HYSzvIJ@Jadh0vvnSv0
zy<sShuyY5af{GIoiUbWq+^X6S?6n3qq&rAt7;wKbGY%GkVR#-C@q-BA&>gpi!1D+S
zN36zlAms_jD7`hVsE5k)Z9$4j=nV!nh>XUmr>^3EqqxkyPz~rfm)RD6*BX3A2L^YO
zwjn)Ux(w5?w+B8~|A(gUj;Hed|2MJ;QMO|fLWs;`i$Zo~XJ_y27+Kk)Y)5uw@2q3*
z%w)x}NA^BA&i%XJpYP-MC;xc3&wZ}z^_;J%Rj8xdnt*=Z_iw?!598!H(c@2%7Nyy3
zpNFzGTh=&fUt6iC0*dVnp@1LT&M}mf6<j|zojf_(zYk^+zz53<9~3O6$-D@Hv3~R6
zj42i|ESRb$B;CFHfD@fCc1RFERah9Z?z(&2rc9js>D&{KlMlYHj$f&gpGr?fN$*S;
z!92o8X^blDg^b&1_OrFlKX}ki`A5QYr`daPww#ON`7;Ubb)84?hGYXSZa?xUSlC$9
z$ui{w`a~3k%!eD3<KZJdqR!Y-@7Wf}78fP1k5{{NoH%$Pc+UJ(*fl9<E4DaSZ%hVC
z8^-4d-nno2Cr{zZ79bbIlRIiH38cT0vje8^sLsi4zGHoiV1w+LOXXQ~^q;+p4S)a*
z>`sGc#ABw^F^KFabIKj$(R-C+#G8|s2|#OQ9SS?#@|R+V(DfYS=d+VPvp>+tNvkW{
zQ#SO#4JC#_CT<0KN@}5HDb;9y0{w!!dE&H0jW*jOdK4KILcsu^dS{yO{#zp=%5ez(
zQ|lK;x$E{dxcclqP`m-+;^|{}gIgkS>kRPdulK#Tcm<Z|4Enb-C&YasteSNIJ@nv$
zAO&u2ZV+}o&lNAe3r1c|nSCJ1X@&$-PwM19Ho1qd7e|%By$^bB?D9WQWoOxJ$}gt8
zH-FcCAF3<Rb6JC|p%4xHT&#rakw;^|KRR#TbO5O^*K-f^C_L<)8M*uFgp<h3AE(%9
z03-4>W|V$0tSU=YL2XPShJJ2tfogJG-+LxzJ-gTNEEtDLL4u0#FY!00Cd@feMGw9j
zd9RyHL6%_g!-fOHN^@zmV&XJoW}I?}(uVN+SyDH=ae}RK%j9n8Kuh_*=N*Bvr{54n
zUaMSROWxl#3<_Ptrh##Yrm9M*XCQAdhY;2XN{b9F7>r3-M+hiv`ZDA=%l|3#jkA`=
z?gNJUHEGzs`|dx*T6|>3NN~u!_-^PuPMXUqR2vs~@++yM6|}{|P*$i{$Z0B`ffKV=
zPDXhek4>n1Pnf?5`E&H~@5T1RL9?IzG2HfVX$(uTZO;aXUM1PtT7qu9p{*Sqf6^ar
zfoJ#U1X8I85rdLcH;(%UZDL1k-z{3?p~PTE?Nhq@7TsatHjJGg?szjEY-&=MK|YWF
zc;**TNRFTNk8oe`^>Rw_#v5A323-xTy3pppmM5MwKg_V*k_jJ)^Hded-P&Os>%Y7y
zDVXhcShD2WQApD(Y?viM&e{6SPRx@|snWNa*kV;aptl|pUO3V>8Ml4^(C;#T0_U4S
zz`YAnz_{`&KW)*ok~r+R(|;pM`KI&29-OhWx_XfCFSGV~%$qKuE`7L{KTs1+7ki6{
z4$Z4<O^nNeYLHCOO<W0h6HZ<CKqx71jOLXo>i_FU+#X2){KGgu&D<~%I9M>2vXsQg
zzg=k<tHzi$xtt)ZSOjG?86Hzo{S4Kh#1Kdm&Iqg4svY})k2<Jb00mjexkMei(z!`8
z@?<V4B?2MOB>Q#B#nK8)lp+Hb%MM94L4GSc9#HCiP6;xt3Q9MJ*TJB(baT_%uZ$El
z%Vgx)Wf1<0b4MO5kFUR-OxncF?UXI9P0H|+qVkrrl`<V6*E*}YuLGC*6BDOTSXo-e
z*6wl3sCmJLJNC2LNx&=Mntt#VPQRKXDI?!Zq+PiB7wCB3hzuci-+R{uS<TV1^W0$Z
zP3`-tZw=phdhu1A=AW&9ux|;Kgdc64O4SmWJnUjpsG=p8<`Kap^KEY?_kPD`z+J$O
z#wGdXopqqTJN>A0hx=dT;1$0$6YHJ9+d@7B`(R^E70pSEXa!XJvajr}5g@0#^i{i)
zO3^qI%l^MZC3p9$FbF<!;qazAv+_hq^f)eO#d+--aO2N(xbu<r<AExs%9=GJ5(DL7
zO>e?LCSrX<CEq}K69XNv8AVXu3QM60Z8G|oE9cj>D*&i<Cn~7K*7k63Yk6OI>7;lV
zp{i0JT=eYw6f-9$2$t)qt^*r@_yfRa2_qA<spS7uW-sQo(?5{yvN1F?%$yn;irE>}
zw)ZySmd<|6o|71{_6bio*-48yJHAs*O$}!=bz@$)CiOcDi&f(Xjm)-F?Ag(=@Mku#
zI5vlvPCMI%SgS%y(egF^g_xgDGBT`r<5vptBe1c!J?C~M%2vPQJvZ_$DKa8u>wjjh
z+#{JpVw#CRfj6)361<oj$Nt#qDV@UQiv+bsJKE+z2uhBllHZi?;Dt58VA!M<`(Qv`
z^}$oDn(d24Pl}a534Ta}8NlPk%fRt{Uy98FjXYUHFf0+j1-N-vX4aTa^JH2HuXE7|
z6wqU@@VuCPn!zOy3adgR4}{ykqY$Q5F&qi)+J7t1$j!Q8%RUiLZG1->*e%#xM5IeH
z&PG@LYPDgxueXH`&e8vrUAL2gO8+h@!sP+ROuChjdty^WBj6RCn?K)xNW&{@lIQaj
zoh-I{WHH&b52o_akjiC7H1}>i?^KUsOy=z`8+N7L1}c!#DY+XNdD$&G${VoGlF9m)
z$Q{4rDvQWie{(BA*r?Osp}(@6^wHnGp(5HSK1HR?a<Nz5)rziLhpDFA1?Y~92j?O9
zM&Tn;9{D1~9odmNahbM%KV4eKQN9*qZvBwVW#xELa<BdA)<dRgMDeSKua^!j-IT_F
z&tv9_1mhN#6an6Dl#%6Mn6<}WFkDyR{Ny_tVKb@nL23#Rgz|hCIIHk#EB}QZv95N;
z+e*0LfbB$G_G9A?{vp>7lblD#5myf*J$k3Qci_DQuGnJmE$Q99S`HLRb5Ykl-7PE~
zcYif7P6Ut~jpvy>H~mM8{B%9O39t}goLBWvV2gQ0VHkSRrH!TZnD^CH1M$KYwRC{V
zQrYs{6%8feb1NViM-{W`ke}QCVhpZ;PS=5OXMQ#jI?lQ)h-<jN2EMynl9Ta0K#H=$
z)Ro_iF_O7v$=SMY{@9_aT`XtN^3WE9EZw6Z9voKcZE`_w>BWHi<y$KYJNBShQ^kAX
z4>KJ7?QwKQOd$GcX)dFD<S8SFWVV^(+BFsyo2VJpnQpVaK}F0xOF_-8oG-S0gMB8p
zTzR3{(N;m$9baXfdL<pEN}lr9Sl8BIA?QWZxS#pDW)+Ns9cqo<D;%ss$8r_tnY1$Z
zo&JnDT{n5o&N`&h;0X!-JT=A6GkT`)dS2h1k1KtRE@P_8T9-|RG09QP%bqBa<EN~&
zcuNgaf4*SJu+H~hDiizwxSV~GR9=b<ow&Py2agsI5a9YxQ74}cve3<%`g#uTo%<46
z5i?E&_WhM&>wTpYDt$^T!nXh67B)n6CG%-l`}(hE3q{|*Zc}NZZ#&Im)otk`X9=?j
zn|CGaKwn)fV^nO#AOE3_NAt|Z+WHG_pHk9vY<%ib)yiKe0Nq<~hW16z4%9rL)YZDv
zZ;5(s_6i;g&Ksb*f8BS^!3K)wA2V;4oK;(w5<mpwo-IR0+^6B7W|TQ&u6evf=N%yN
z>U|=`hil<v*X+N3TTe;~-Tf@B{3T@ZzlokT5263ea#TO1@T5rgf0n05BTTEdrRdiy
zyqit_++U_@E8j!+DaTB1$e7n+Gu`tX_Kz#;Vefv4=-*{EVRB_Bv}Yz`%6sT!brxHl
z4P}OYol#>GR9bE3Q_RB|2|vY)@lVs%ep-(--?xu#P<6Yu3mA@VvJfmKS~3r?4B|Ny
zyj>rx<ed73Mt*j{MwA*&UUfW}E1GbH^;how?=fq^WwT8+p~d05Xf&%#fS7bh*(E>(
z%z)Eg;ojcfC+1LrI6#+TdL>{V5IYPYEyA_#*NFx~%pT&msOf(s>ktTCe))w7rgToq
ztiyk+(FN@7J=>+a^(s(S+RW>IVQL#70iT<pOqyOYoO{{N{Tq8tGaAslu{(ve?4rzQ
z_ec)zo9=qMyLT(~;LIk%(3Y8;tp8b}#k1oZIa`+m&N_Z}1e+<fa>wN32EFc}BqS|a
zz<ba-{2GtI>z)8tbpQAMt-U!cy(67?JW~jZdWV(l{7h5VTlbQsttXnXKWH*tgt%c9
z-fIPhB~!@olSd}EEHrp{kT2R?#@Zv&oSCo8T7%<5v{%+9XoBv?aUF;CeCyBaZnqc?
zpG}=qWT_K`48<a}1vV%bYr4jVA$Zw@Xc<AqApFqZi;zow!a3*nh6inUZ4TA)S*))2
z(CqL$?zVpUw;N6K>5hA*91I|<Q4JuTGBM;%g`W3kBNOlDP~#r~CC*FH>npT&9Hj=}
z14jiN1E))8hr3a=4LkS<{m8PankR}>_??+reSSPgmLI6bomnu@*5<O~-?zOU>##o-
zbgAF&cnPd^uv$dcE8p0v$o?JyuRMC7)%jNTQ`6$X&c;S>Qis>xqhC7gIb0DcG&e<)
z*MXX&%_ngp2GmAUk!9ttUt055m=ug=esS4vo?D@Wx(!8H8FOafMV5OWC+Y;#nv=OG
zQ@yh0#4@S$>X`rIeZW$kR>r7_!`Abi(Rf#0ZfN%GpL+Yh)bJz$B3HRq*2K%?AtJ6E
zvAO$ztlw#oJB6e8+1#AWC#=#wzA%UT%g%VOI=>oqDTf_Rcxei{ovu*e{H**KA&>71
zuB(F3l}zMSx0kc$BhO*uax8lp2fpyC8%;+ejOp}$Vh>=8#5DcSVI#g=Po6du?2JD^
zg^48$LT#w^G4x0B+=r$Ema?SZNe<uo6PzF$sN%^fq%6^;iJ^d7rloKDE=WqC($*R$
zU-n?gFxe)>?*80Y`pE2))Xbt16W+VZR=qj=$z&At8s>Zk3PZtWc0GLD8JXb8J2*d|
z89jLX-rweMdSutWb?INK$^~8|m^GE|*LvYY;&m$~Ua8LO)`MOYj+3M%?c!c&>F@eB
zr~cE?i!u4Y+exsbSSeA1n?})mni*efnrXL5A|R(}A51}-Z}gx1ywBfrp(92q==D{m
z!V>3EIj>bv(o2aq)y27cYBqz%Y}U8S_o&vfa&UF-H?Lm){MFn%QFnEiLSBBnE&p-F
z=bk2K)$dPokE;Ai6LS8}cFCU4zVoB3Dt;YUE?%&=`4o-wg0UyuWqhyg5@>d6Tc$Tg
z?RCho7LY>&b!IZr&`UskbvIczOD7GpZ-itmpai03E)AIg!Mx8t0V=Aj5g#(2Ax>ex
z!qqarVq;8)NUW2Ce<xH~dVg<Q&JXHA#42kWeZ6bWoqifObPc*Zq3C0xT`Tr}ok6cu
zd_lw{^BMx{FrP^>8?AH<JB4womkrS{0@igu{mo*Fx#Nbxc?|UCAA_a@(0wN&G6L$7
z@1mm(f9S)BH^ruJd97NPwumei?vo9;`d4Kf2z?{LIol5=CngLFxjhf%C2pCE*_0JC
zWWE-`e}lPTiZ-k(pGtLJoeeE28)5#OMv8TfuU8XF2#v4tU}>L543{qM_G{l$)aK)$
z+Ud;&Yad?8w~l^Mwn^y_48k4@ZL>>aD{!|GeeO<i5u-juYGZu$iJ&~%bSu^osg!>>
zk}p_)BZ_lTR!(4ig!`nm>t;C$-TT0=`$n5VR#})GL5;p_AthkxD*e*h9G&Q-fic_A
zh21VQfHcD6_)>8sx`S?Ix0EY@ak#{g41k*&(<6H4=Hrt4fo~|NQ7%LhU*b#PEv4xu
zGTtOBy5t^`o!O&9SE1SCpR8j0k~tdUO?dEf;f%YLJ=xe&c;Vyo+h>-KqolNr3Q^=i
zBG-t!tH@QvN0ip)T{tM=Z>BUZRyZ~p1s!}eHZd9ckH$#him02O)}`I9^E43$J4HYb
zf6N4)7(DFJ`ej3M{)AhuiBGwA#{EktxBu@2c*>zkKIF#1r>hrH@Zs+XvF9fP=B-3L
z*?np;r}?XIO4uT*!OaCmm?<e+mx_hvrS{Mb(%YgmFMsjb(SMXtk|&zm7vXS;74wiG
zyxtw&=^0E&AgPYY>|_)q*e+y)HpFp0R-*OL>KUI|B@?L}E#o`v$2SR=^Egk)#oXqY
zTxJQXc#@Pa*a13+fr%LJoY2Y|sw)OBhWXhH0EXHaI+n}C2i^sr0;>ykw&OcS_5^nS
z&1yzS%>AJAb9+o~5PPjeJBD~2=-Auo;fBz)*RT2WZJOLG6Z!`vh`p~GAlJ3op#Qn|
zgp|Gy7S=IZJKvHAfj#Lp=-kYX1hn#`S$&b&$u<98s*&T<5gRe#QOz5)KE%ZS8j|#U
zUQESh*#wRfO6YB4G0NQtftcv&Z1(d(9!knx4@+=vK!HzPw6&!rrLImyJyjlD1o5s>
z3kGhcRW3t_CSdocerD037P0Eh)$mf?ND#g5i%}1<53ItCe9nC}rZCt<P8fRfG52GC
zvdy~0vH5mv(%}?q)sANwIqV*%u+Z0TpD*OOl7doy&;hCp8eJhsf-j>q!>Q+=RQ1@a
zPlCe43HM$O7<EC@@I2`n9I}6WyQ!^c8Mf?I)f2}_AvR}dQ_Yw96ZIs>lEKs#|0B~l
zPdI@J<etn5YgM6S85&U%iWJN<d4&OTFo{>u8uscLqa?d-H24RxT<C!f_~55DrEjM|
z{;QAdHGok^L59<UbG@5T!!gXNVC^iiANGs9`l4hN5V=yg;kv|Y)q5^6BDVQxiF^&V
z%oG-d&B=J$Mm3Mg0W&3?!0Ivc(8Jntvvbj%{|c*9e*ECeqND`Rg%O)N$|cFa2i~=d
z2md|U$v7neG9y`9Ia`0lGpgj#&y@)l5<Cp#a&$O)PJt*UGBf*t!clw@Yd&rbQMcOl
z_?L@R{M&J)UMukrH<j6syME&&Y)XhKgfWDK&*1%zar3sdn$I7)_)5~TlazLzwHJP7
z4(B2NM_86UkO*T8b8=*eaJCLlXi`KLdK1d3U3lg*5qAVIWnmod1-KAA3F)Gq(e5CE
ziCazjKe;I}7D}F`CaA+VBe;XtG6f%_PBwt?T>yzrg(?2;q@{JjB~WT<7GH&ZF<JCS
z@6<e|S(V=be1B=sCtSg@VT1%pk4`1QQc^(v@NblJ2%`nuWqO2i$o!a)OF*0qfXD<p
zZp04f-_fBVnH0C{@Siyl+i&pvB|eqpJxljH(QCxyq((pN-)8t-u*+YKBX(&SnVG1V
zse{F)s9DXN+}smz6&QF7fMPtWZyBlJBa-=}D>gPmCH_I4vTjeC%_MVv*$jP^18SNe
zazn3)uQ?){*^;3Kb6+J8w78Nwu~nmq&EB1pzy7@}NWUgEaA30>^qNfiO({ywMZIj#
zSD`lFKEjE+JrM}D+?J_lI53WtOUuh@PqP2}*Fz31Vrmn|)1@A)2`Ush4f<P+eVMjK
zja~b7+HOF1JD-1wcC)L3%`YhK`pfnb7IV*42+dKC(jV@^J$OApJ`gj43!0muV*s$f
zi2PdW%I~VK%SOMfdtKoI<39iS9!MrfETF0e{uK5ejyLJ|nHZLw!rn|UF}zUm-PvPF
ze28IZ67P)jq~Qz)<Y1)aibi()dhdUN`0OEk)R%i@dI!(S=^ssXNjEGvX_q6qH!apK
z0tGo1y9VM10Mow31MhZOd$8;3SQQfVpM<2OB-#p+Xa6JLKSqPb5Ms(r@p&*Bb#|R|
zW4b&ZNERPkn-xDqLZ184s5p2fF|3dR!*h?f{|C8Y4O%@y_PlqxyRkxdwn9ik)??(0
zttau(MjrDYB17#QOCkw&_V4k$uF}t_ok-%1jp>q?pMMN?z!MJ8tv9KO36nTYa4%#|
zHe)SNO=O<+41v1&F%t%UXQU5SrON(Jp6}c{@FshC(n#)b*Po86?x9mbmZ{ZQp*c}R
z5Ei!~^I{@C)NZ7LW%eAlF*M_MURK_riO~Wf?X<vZTHwtVxC)uF54U)jAx=XJ<zlHl
z1nG$w2ErXouW-UmfNlGP)%*d-*)A97no$4Q&c%cI#47PfXvGoumVy~}g_bFoHAHrt
zq1ZhVlse7k<kGi-M0W*}rz|7A2TLGGcs;cN{Ini9BMAXgMr<TOyL8Q<6)1aBC4<)%
z=sL?QH~5kHNw~GGZ36@)%$pj5#kMlSpBCf&np8Qe=mx6+d+Lx}d*{FUcr9;bCwSEf
zZDwn9G8GiN$NNdmm^g*0(=r2d%lK(6>m|(^UYZL9v+yfOXU_;1b9<@Cg=;b$qAjGV
z3oMzQU)-w{eSN#R?KZ)59xu*Y*mf<lI})OlkGNV6s3N}12n?AW--)yk3@19a6vGky
z&a$!)kBarZlCOLgZHN5;&zk+_MX4861H|0ijMfxQEc~|h4BfQ9Tsi^Z<~@@MM*E(^
z1_o*{zy%aN3(m3@|2<piDo1$P9D8yXY`qQ){Qmd1SYaKSI{<cj9LeMw?eUE<=BUH+
z!>Z}W%z;%z@#YCjf$l0|{Rli#*9Q{g$9L|WC&Nl7bq|r<oHsq%s3R^vzpxGO0zFj?
zw5lvO(BxH63k^Vvmlr`8Q9wjAI79_jdbqo@f$;Ak+kaP5OIuq}CI;N;okFagC4b4g
z1)7|LX4}VOCe_tO;}&ObGRc^@A;s!8w75BB!hf3GJt}j2Jl9u-Xn$9u%?%7qUdhaI
zc`FR6R)4aI>#ZQB+ckgK_nagBY>@uNYkY_!UwW5VE~Xay-$$|=0y289qw6bqS>nVG
z8DBlV22tEg>8N5np06VTmt8l~A!+hxu(Lk@74Tzz?OndUc%drKmfz!DX#P4Q+AydG
z>pqfvh^k@Ja7pE&Oe_Yo>Lhc_H10rcN4c_yfn2Tow~Mv*|1aYUJBk-CwJZd4>>#)e
zI@7|4#uaJ+O(-q!Awxk9xTP}o4r1TZ_Q~wZ77alS$Vv<Y3<qBdlGgD{2G>teE@wvm
zCr|k;6W~}GF*C7=0LXLPtW2&8cd)T3oj!tyb$FDuQUD;!Ox#0*f_K510-jyNetIh&
z!xK+{4kWCzXY8wI&xtoH8>rp~`ul(PfU?pj#67}9D%`9oaIt|-h`V3}a+?3yeU**)
z7&!?Q-y8{Un~P~rF&=|lHjxMQ4^5``e!j9?OU}j5C14`SnJ4#;C%xD8mP7n6amr2(
zFKeUrP{xImA^t!or&MP4#^wrE+v+_sa1JJ`4@?^NVp+Xl+>rk=7(A-<`()0Gsr~ja
zz`|UPu6I*8pK;;Ad6lFuNl_3z$%1S{2+Qf?BZvJerpd@{JY0d{*)_83PH(>I6F>Iz
ze$+)^0Q0lV00JZFZJbmf0D#?`(*@lzz^L8Ciw%W>_7;&(JK`QMQu0%Pp;HyZ+q>XS
z?g2#-0wHBw<$^(wDeG@C@mmL;WLXg$HYW8gCk0y$MCOzJQ8W=fK~_(!tVXT?soYvD
zg~rchw;nC<p<i`SJ{dF&8gX<jT_d{)mr@m?1EF+r4{YePD6w+SuI9~zb5mhzDitW&
zf1RG5{#z}p7kLq>Q1pKphg@wP<OqS9zf`K`t8LBR7(7Dj-aa)#UT_lD+uAkYMw?4&
z9+sG{j6e4f_P?tf3-6L!kzz1)Td`)!>-|!ZqgWR@K>KFJY&?L|Em?KMHZ%UD|4M*j
zR+Z|NxuX9=_@C$6RdX&XN6ucoqS-sEl=8>~0^(n1^7f=5LPB-7juIA?u$885DRnM6
z0&5wwcU(B-gn>qF%8k+W*=;z`y!0B$3cZWR4HtJ~*F9614Is2vIqwSqoOnW3({yeO
z&2HOQN#?AlJGju~cfiT|jchl+Gsnn_%sJqt#2w=W%y1dF9QYSFzZKG`T^a+(FFwhE
z^uQ7W=Eh<pfupvwga=~i@9|W@l9{KaH<8)<VkdAWG85?uB0>S;tVoFs`%{1+5hxFu
z0mGE7m8pI2lYI!mgou_B*c_ca^Fg1P*8^N_kJ;bnN5m@FmqZP}kn~Xx@((Q-lWMQg
z*DO>I>0ED$(RM3ybVnABi4x<#^D?i&f9;gns_$8Nk2?`jqB1(6GBZzV{o^48zv0O0
zb&N0gR{Ax6h`hf;HhmV>)kegh$6WUq&h+8}`-jO+FD;9rZAdVt6>%$sxc4TvVQpmZ
z-e!vLBJ<w$yE)C@21+jc&y{CMkE2OU3GDpgXYhxJ<oMQ=?qb)SRP9zvKhzR#Mfzqw
zKs8wxOVZ+d>39m;z_x?z0mz$6M6pXyfWO+^kGy5y_1p8UY$S9UxD%N92=w-z`#@xC
zq!g3bUeRB`d=7X3AE$=u9su(O1(_f@L4Fo_qgoTE%{1N@8wZRF2<*)FS@W7ZF!sV~
zEtxmk`#d6m>K_s7eD1X?VVxeUAbA^!%nkv9kS6aZH{Boa2A$RYvQY$mJ2BCMf`ay!
znA@Z6{_~0pB|m&Mr5*!Iq!)yO^29OnkpW-+4(r2J^|_~|qOf4=&>Z)I&#Z>fBe|}8
z9v}Qyp8{=HuU?Iq=rT{(2|sBX`4axJS~wlnLmW+1`P^;&G>tV(xOplJt&`8*107t+
zt$$dpnk(iQSHXmu;RTUW^zLM#YTraIZoV<CF`F&%TP4YU<Cjm!lPFnKhoq{SY977T
z>!diQJc;y+MBsLYA>04<!xLXT>||V-sn=*26Ky~1Inx0FR`<xjF|cc2sC)D82z_{V
z4VB(8?}qIG5NUr$6xkg#sb?fCgW?7{QM}UHb*dtaLYAGytisq4Q(f5f3a8!c069{E
z8{YOLaSa+5Q7fzR=+{dI0UDYmR>Aeqx<0UbMG`$5S$1^8$M(-FJ;~13fRys0w6rv3
zS%_7sN9JQ-P|y=4rJFDXC)=7gLX*`mo9B%Y-1*J?r6gA0DfHzGJ__#}8p}P0?8NEF
zpDaIpmg?4+r{-Fc>hps~2-R7AmtSw6v+Nq)31@;IOyWUEU9U*P&A!M86-Aqh(Qn5k
zi+@ih3v@per^=UC5j8!k$A8Y-v#BnYsKk}T;$(9(*?Oeif_Ro5e{)a%sdUN0i=WOE
zcF#{BL-wc=_We!n7s;fSwM;m@HKBMnE{7%k_j=B>uVKF<jW(I~wAc!M>^-~NkqM{*
zv*i#Z0IV>;L}iS(9%_Q-k=;Eck5-P;4ODv(;6{&QfWy`!{UZ)h3^}-8Gtz}h$nQ76
zaGua5r9tbU7yb~_Q|eL`1024K2CxMuZS7gAn?m4l0u0Dr`yVY`y<ax@+eFqB#Jkp$
z{;O@3O;VFB{D`uB2*|awI=GEoh5iUuzN7(tI5e?%UM8h3$@%p!Unupo?zkX3H0nV0
z<|oJ=f^O1zN3s7on~MZXk1j@c17&S<y%h$YdY2)C``E*V9m_~<3PcTts7P}{uzndw
zbPi5I7d{caeqLu76{@w-{!r*QWwoNlK>m6(rZ7<Qt$yP?KO_IG)7=X*35cPr^thTz
z)yVhe>DHvyt~UXUhEHtjc#kQL6A~P9GD5{Shm^6q{Kx#js#%{YV&e^S((7fe_JeC`
z6Fy1Z>!sBEup3KrB#vI2K?75os_W@W(5utHC^2>O^)VWUe3x0s1q>p{2+b3aT@E^h
z-Nf914hP#!OwHqV_g!+#vDqvp5tq|t;Q5;&8ZPu~o6L&t>hw_7kKR~o>kvLCuoI+E
zy0y#uM_@D%N-Z=;x+qN##Kax)nFfNT2WsthC>Lgaj*I7DBW?ZOqp_gBm!cw=Qk0;1
z_CS#~8jeP&i&F#2w_E={oCSXui0xC@_ErM@XSJqPx8NX)IXwlHh{L~>Yz1|7b)Xci
zCMlL>_NwY3TqfYM!=?R!L9U0=&kv(^dNEh8aJgBUe|?B=824hGzR&x%$?#+|M=y><
zQm3iA23IJ0tKw8T*`g=$VKwasK0<xfmcRd2yRh)kspI6Rv#x0q`?D+@*3*#fF0zUj
zkd-7_q5gmQPN;E6hli%gEZz38@Vje%6Lef9-Jh>ykl*j}rBxOQu#kUf$p-`O2U`9}
zVBam19E)^fBJ4d}_!_D{4dC9CRb5<UEeBmKO@Xg6JQ{#qI3T1B9(08LZ```ugS`>{
zYp$7k0`wnte*`!m%WALP*#WbGS22&ft4aW=g}lmADE*J%2WX!QerV0-xK%_2u(kq<
z!WvNUOZJRO+(KAYfayrvB)l|k{KJb>;@rQ|s>HVrr!YQ}w*fyxQRC_!2&Cx;@Bdk!
zEZI^#*?yBEZD?p{GCxNDM<(Xx<P17DO?Psc%z~-CQqvpq6;uXoPdC(>)PVZ9DM`Zq
z-D6F|_tDWsN2%=9&t7<m?))xeuWt|Z#PYS|=S#7@(mp<y7n**+TGzq8`EJ8^ko&QT
z*)r#muf7numBRLM|43u4z0uy9o7Q^UMwnE&4q-hU&{_Nr6_NjanOjcl7~u%}C&1ch
z@n9k`fwwW|cN5jn@~dW@X9jWarG%y9u;{mbXs9@$j!X@on2TcfRcR{FnJ7E=AU0>o
z&C$H)WdJuFG6)E2F?C5w9s(gP_cVwd&gb!hE_{L!lc#B>f6fVzD0Y9;u`1WN7S964
z#q#_k5K-lvejIac9%!%-nV7#na0+t|675!u06J3vQ_x18SnE3~@2H#geRsPH#(%}O
z3bY=zmyWLt`prY8TpD7^q1!Hgalcn6&my9Ws_ccRhb@1~aWOVM{K5?&x=@0Ym@5UE
z+dEU9+{@qb9S7do;()=AnYic;un0h!eaFb=Fy=+$;uCP)CUfH>KLnD5is)Wg`Mb5>
zZzb6cS6!>gBfEJx`*4k@#oUv5s#DUy62p~?F3Q`lIV5u_(OD0PW(|I7>E>(B%TqlT
zJ(g`{eJ&?uAUB;bN%Ii*G?Zw(U-jxl|3`!zu2)1?uE~-@6FzB?!-5ZX&l{3CEPP_G
zK_ORcvdycgqnv3?AEKbw5n3A~xN+%t)>kW&jblpF70hfJ<JkndW@0!Cgh|pztY%i$
z(Kxx+p57D}eqM1LD}40k^}Yj_g}tJGvri5amn%;B=u-ijx9}dYXQlonO1=2(Eb2Vo
z(>RTAAGLl1d<5Pqt*tgZ_pJ)(vwdm6ZFp&UVG{Q+3Jv=hd}x?aL?N-1d9;3l=0QV<
zBc=TpC^2=hp_!K;-ZeCwJuf`Z+b}lZHhzvG$XZnzo41Mv@M%6s2o*M@8twnN%R>WP
z>#%Rcvuc-#{BJGT{(-Uojl-o@C8aj-95HHgrlcI&2Y;5N<X~F^1$fXRm5fL^zbgzS
znpQSHdCyeyu2{fJf8xdCxiWJ8t^VcVq~5J>Pm9Nfeh3>^-iBBkIOkKfTg-O-__(nD
z#@LyZ`@!sLo=4Jj74=u<Z?vJ?WFtxfTzZRk&g6FX!Eeb@zQ+@{rI`Mv%<-acPa591
zQ4e{9lRiti{A1OLh4}JDiZo7EE4&5r8uEgYrD=gk{@Gw6SJo;qo5zc~cay}veGV7u
zE(huNuALZu9Q4gT!$6LsTLP}Y+zJTYE@HTVtF|Cx5MWG#1BR#IDqm^`CLTI`bjlGu
z3#|dPz?`#E>r!RTdwVhz?^t_|flBBRG#S7Rk|w5GgJFX2VWfhMXnjUq65;CNA8wU9
z0T53oitTyPZG*UDyB|i$rdCUItfZG9rs92=l9_Rj<gmD62oM3ll@_ssoRquh%GsaG
z-mROq<9S4slc4fLL1|)aJQx?fb9yQawNH!oZC$d#Jc^9~bADhFZR+aO&W^OmzTB>i
za!x;CwR(;s+HUR?pH;iFT>AClu?T{U-G{X2h_%Y}js;!x9s25SG||Arx?Apr!l(%U
z+puQxe{2zAb;%NI<BRS1Iicb+FL|^r7&^-2A0l|%RW+HnsOT(vKQ~yse{;i#t7*C`
zGPahv*_}STY2Xoz>hXA2HM^l`!MCF-S()Y4g>UVA@((v-%g;Q~SJYe60RD^m+#|?E
z1v`AsfI&LuF83Lhn0m(11AMg&+^SW#X}bn(C!-7SO4_X;aM8jXRR&FAfEnankmRgd
zcbe&fXD}wI<1`y#BAoJTuTwGg1a^v>NCe0*9Rbk5?VQTlJzlX}@5D2h5#KrRf;oRk
zKnvaQ2t$CTl?{p9MmA--L3tpj%bmtj&oS3)0N7R0wCsNzh=O9tGXP#w1<ymBY|+tv
z6~|^yStAJ<yCXvYpNUnlDGvH5;93p=vXXze<MMKH&cP9oi~7I*J)4Xg@Wls-O9=^y
zr{te^TPh*LLlL|@T3B-OnZ?pQ_}2N9Kf0t`Ci&NoUyz)!glzJ?AMK>2E*?^@=VUDY
zb1BhiKYl-5sxUCAH->_qsnK%bxGTy;F6^_6SGBA1h!(Zd-WM@X*XSRTjZWe*xViZ`
zpH=4Z@jeSyo!e8q{9(?@)U;4&oe_O`n-F{~4s&oE#7df0{hg?N%3|>5TX_0uM9F?Y
z7j8tb3i_je(YtZV#4ibCn5fX#_HXDsg1@xiV};fCAFp7?-QQzcR0;_=UU5>iWr1D;
z+y?--kSYyxWp<lR=JaaUS`CqqD$mAd-$$X_yP=7K&4K!EXDK7@2R99=sOq8h%oE_L
z#NSdNZ_^_-s^b8By9X7S)->T&y6dn`5(yJb&I!;J4p6+e&?iU7=}JSR0q3XB_L!`G
z+`Pg9?yT5*qlbXP^OP0Dgpe&2y*JS<2w6ax^DQ}d)eXqJQ&Q$pQX)HoTDjRkLxd98
z)1qLT0^X*b>?0kEFu5WU#?8n{M#fH*Zf;4^=XDC+mP5j#a8)K!nc4Y1Sq_Hq$}FX>
z@p~>!Q%SZP6F>X03a~z=LYSf(bU4TZ|9zU8_&rK*VtFxKZj*0GIvN@r>tQ{>I?<lp
zYXSclw6Q>n8&7_}(zs+Vlww%M|2#t$eXQu=RHlQRK<c!Y9{SPlf87c#ySMy;TU)9^
zI0JH@zO3=-d2&nOliLh5zNpIH9E;vH;)%^2)J}Yj($DW4_4ICM=_&~<|2UsM1E3g?
zi$~u4@lnahnbOciqPO5vkihlCNXR@lc$KD5J7gXM&jHwZ7yHfeQ0mq_JO20^D2vX^
zM_SzKPZ+1fg5RUbcN5Mm{bDHx)6QZ|&+B>sP%C%^^}kvY!}Q3R-0`Oqp)g9v@Kox~
z7tZ8f!q>3RrV8lopr-${AB{tBI$6ZIC_YzG@^o{X+?LUlQB@ah>kIyAJO%FcJ$Lv2
z*OJf@3{z7wmhAA1B_-uhKIg1@kn`PP<{yo*q2k#Op|8ZA`uF(u;usBH#wmtTI$VA6
z*pO=xO#E3fHq?X~P$Q>2iL<oy{B)Y|Rx0Y_H6__M_cYFl?NPUT3C3sNYs1g*`W<tW
z!jpZh<ip87x=Jfy@5PIEXaxYm=13?zQMfCI2#&6D;@+vHJ$181-^icPK$F!1Z-lB-
zW0=a5ZMO@d>yY?R_kCLSf9;z96xD^)#3V{@x54uOU>Z1pYmsO8sZAqL4L~8<{CREF
zD&4RF=E$Jz!lN5Te*uUuqdNS^`o0q7I9yf(FGZa`p%ER+pAZX?+kJmrUQX`AL*SOx
z9;5&}J(Ld(bRp4Bx#X5iA|#F{g>At)C^!u!60tvkI^6l%H3Y=-3vy$8?hZl0L(tw*
zEBeL%vNMbGHg&7@ii4n2ii-{8-%L$SACL?3jDGe8`3^9|0j8BCWn_vwj+P-CFL6$f
zHKd;K=~ofp+{lYEyA&!7{CRmlU&K+=c+$I%)~a^+wXOt-4f@!F=j#vLPMX%!pX{zF
z>|He^)njcsD^)*M3*J22`z-r3BlEI>Y=irlE!4k*>8?&bEL7_oDKiPfr<JrV!jNQ!
zsLGufJ<i`fU^O*>G;*1ZSo>bM*&o7RK(jO_Wgvby{T``(`|xj~fXMs}tq@z1V;Hfi
zZbz6hPCZrmwqJ~AVVgb%UMb^yEJoJ#;S~0pBp4%#2GD4WpmJAraoM0v@!;68@$uB4
z*Nw^2$3%`ji?184jGxSYr@};GU_n6|E}Vg%yu}L6YwnOHg)1#C1Hq5IvcSD5l1i;z
zW<zB}Oj*LJ{=Ur2?>6%Y0Hpu17?>Eg4X778?0-&uZolwr>UK<)5}p1Y&I`88br1yR
zgUDSIO_K-&&8|xk+BYp~XMvSE7e8jyr_L-tMk^)8P0h?aZ2WINS!krtMj(%@J%aAA
z#qz$re!xTTisf<g5j!n!=Z$setxl(_a`x{bd?BeMIuuc^@xMPOsTv8ts&FLhnV6G3
z@NK1%;#ieJDXfL5C`8}U)~5z@E&M@!@Ei5fW*)xw_C&SmY;pSxmTT$kJ*9jsy!+vu
z09Ipn1NyD*<FXEqU`<fX9pV?dR8uU~7QSRmtNWp6fO$&5{POV6#i#q(wFl;uCzM}2
z?*6nuunF$X!@?W;!_u!RGR7r$OijqiQzrLP0lq~j0|5M+4Tecd-aIIl9-3{I!G%jq
z0ql^hV|c<TEK%#L>@FdoYWf@a%D9%7KF+-dTt5E*x}U0t$rIq*e)H=@?$S1LFNaV^
zJ9qrYuy)hwMRJT{W+00TY1TQ(CVmcqhEkJHz3&rM3Yqm35|WL~_su+@Ic4VNWf-6q
z5dzdA-ta$CP%46h8b3G`{ue>^_U=zlPX`mxGFeYO#z)=3yiJ#7p%TZ)W-Zv7So?+_
z?0@;!au`OUm>IxVG^gch%3ZZ9S8GCn*Uh7kYhH6b88Wl4gNNYscpXhG9;Icw@<f*J
zt>*(J8*PSw|L+A*_|xh@EW5IvkdkD@ot{&A|J_;0MO`y*-Hx9-Ymi~=Di4Ef&g$h2
zZr=RN52fjwHPfUlg!%ysscq9+L)S=Q<n8j+NGs7-$U(Rcn_;5vy}!*Z?D|NHrS-+h
z#<cHuCbu6EvYJ(z3qGWX!p3)(jJup41lL-X9Z<68+m(Ae<G`9AH{c@ybpU`;z!Cfa
zgo{eG;8U<O<Q;hr`C|+e-6&-s`{>2bq%&+lgZa9a3X^^ry%Vszv(x;F01Yp@ggHX)
zpevz6*9ZsInwjYa&paw1TyHu~Hy|Vq1)1;EA_sg-RDmNnQ2g~}ek?zEI8?cl46{<~
zxCU#;e)#*fqiuF+FBbs&b^>*odRz$FijP384`frKqtiz?pVmD}1!WbBEer^W+KZxw
zDJX|#X7qzEz!kdRD3ZbO85i4bO9D-7#QxPS3Ei@T#hasWDXug2H$N+QTu5`$W<>D^
z%j0Cl%RdzgAIsFg{5(d$E+evHJ50j(M_!}O>-B_e)lYsth6)p|P<JH?H2p%aN#l;N
ze6?2K({PHRGGenvXQGm>5mRl1n)Vy+bOQo@^)dr}cch4}!&INW?Q1?EkqU7Ke+E;n
z{QFj3E8sRXQm?<7Syj3V7N?zFdQv5U*XME{;bSe|y-B!hn1qb&396bauLe$pY<3y9
zfpC-dyA^DwKYK#}Yzza#Otj~jtBVW&cj{!1K`_zL#&4=Ltx54t+gEo)C<@sT`$2wL
z$H?3N=05^ghww~>xL11Uc54j)niL1%lFwLiOze8B!d?$>3kF03O4J%#!UBbrZtkbL
z{jm1WUHknv&nu}a%n4FIsa=<MaX#*Z)%a_N^Gi-9hS+}X9@qfBY>h+!Yf@%P0-4wD
zHE&+GTvW{(VQXn=f%dJ5i;HJwCMJ`8eSLA6)*bVXV~vXkanY##eMhj@Z(B)}yI?*T
z0sm!Fx9KRBO*t7B4e~NefMDizBk`}{24~#|@0Rj8JlL%rRtiq--X6VPYfLa2A|MvJ
ztP#@)A|#HOdy!o%f3+yZYF{*r_`y5xw*;;(h;Vr+VpTH*{hXkf`=0tky;~eHPiB~k
zxY)Ibt^h2;`@6F{9UkciXIcN7v`4XcO92PV&tnOcU+30$&EoI$#4Py`oh8C}x1Sy)
z4$ZfCk78kuFmFCm{UQa0mNuR9fUFDD2LNIbXg>dgWtp1**by{wGk1z4x8tS($#)gr
zf{E9%ZVvqdp_baW;fJmQ@&K??SPI5EcAj;XTFBSu{aq1WF9R00vaSdEZxa=fW>;?v
zI|iuVZT8eMHoV^hIGXJiTv5Q-wO_~QuOC$J_~sJ_G)i<VXuE$0Q!q;u=@2Zw-%3)M
z;YybTOYjy+t=rzB%wF=`^(4yrpTa~ukXLuXHE;H}&#v<_uY!<QBb)A8N??qq7AhmN
z1P!<>hqqrYI4CH2g2xowe-ma9Xw}bppzXidzJE(#Nn92e`*(DK2Wi(`NgSfUp*_;4
zEce#9!e(PPaO<15Yyat>mZ-Kp2Pxx;vrZ86JLvN)3!?ISFQ7Xdz<pmIXt%xusj%!q
zemVVU8r0{>R79A8r<IcZmEY%*_7-i&p1vnL+n$-jHMB4%)Wshomuc|*@W9TU5_8({
zUUTOhV<a4WEz3J!05#AIUC)nWZ?gzGFW&m_$74#hC7C(somqMmt_B8JLxBsq&YE`O
z#gXM!*;BE(r$ONger^fTpNP~C0N43>6(Kodn9+MG%q#}@6W+8tUl+Sp8hnN0gY%mE
z2_XKv0thIl|J(;8;A8ZeVu2EXRO{vr3)6a<Cm8$dDQ4Y&_N+(|1#Jt#9I(C2`&+~Q
zdcWqB&wEn^b)4C+Z{wO}smBAd1bAn#JJj111clk*RR9<zipaG7X>9YXYIg5@MYbR|
zmL&L~Vb-pH)O~x5simc5_~X>C$UFC+zpp4h$x6O08qumyOVEA(EbmF5o!86xqvj%c
zLMeG30%hXLWD(}a{i%(UnYN)7wY!ebBwMG6m)YV6B-rC0JREKm5zVKr&LRF>MYq7>
zu;ugx>am+_UXX~!<8qSH*AE<ZCUOo_eL(0eT$TQPznAQWuIs(|*t7Uc7V6`7%&dRE
zA9j^2`kWgg?;Kh*BQ;|PAm=z{_243|NAHh%a8$__{PM*1L-WKSpfOk2_~cR3HdGh!
z^I_ei+<!4|vF|KH{J^Ud4)mFA4%BI365H+q|Hty4Ct^;ZUqPbAB3sx0Wa|1_@x}$X
z1(Lz9TRmyCYe<@G1ke0q4nIxc>M7$M*wfZw+_bmT3LIAL`Uk~7vGMYCoRlwKmZ|bA
z=+#>Q+dkZ~diKU6fZ^8lJwI-1$|}1?$~-nq6cxqI(0>u25-4znC~|J%3rZ$DpEwF$
zOSA8qEBVl~(S!RYu-onRk?G#+pAT0+fk>HKFa!WdkD;miEeGM(fq8ITMJ0DHuVO(k
zi8(fsE9G+|<#QMveY`)E%H8Xly6WHl<(JJgRdPp8hZgQL)`DQ<g^P%K_lonk@EAMa
zBcg|Wkau*|w%#KKULE+6#*Y=qK4zZhwAIMilQwt&i>2olw;1LcMjpQPO8)A4N-y)?
zgt<;J>gjww3EF2&)Tlwx>VqV*rj}Kl-$^qJCfJglpSbD=azaN<73G(-aVqIX-%`}0
zwWDypaDsxs&7lvFHOv-y5JWD(7?_B~-jdjzCLtvMX(1p_IJoa|ZMdbpZ+VW{`pM0S
zS7D)C@QiPH`%$nsSrT|(vfcr?K4ZJEn*m_tJSmeQ1v3etwRUpPqCUJ{CCvCCxY-mm
zq0|Gslq(?uc7LM(8;i`aWmgZsTn%(zH3Nwj3vcKZ`Qt&eW{eXbhWl?_D=jvd#!5Wd
z<#tm{ZH(;OjAVqef)oaV;ZepJ9~+Cx`bTin#L)fU3x1!fLvfX?C+tW5NFNLVbrgar
zfaN0B-ugPiDqAy7gi=k*?+o13GXg5h^@==T`Ph^L{w=74bTl_p*nC01&RlGAQN?g5
z^-8vKupQpqMdWvGM7&_4JHT`jdm4z)GY0fE;o@s@bsy+i_Dy_KQI|UYyfSQVZ1Ai&
z)mS$fzb<~hdXr|Mx|~8EKmA%w3hVQ_l&QL(#AxB_?0uf7MMc~G`3B2Ts|maw^zo-M
z4MK`7o!yDQIkCkm%wB7Q^MV2by9BVaCbc7j5?W15ik_R`i-!AY&O(PBmP^sNaeiVp
zUoH!W(x1@m^_&UgPg$b<p^pQ9wng53@y1vCPx=I5X0k9hFb*{n0$}UEj{ZYtFu(lM
zwBY4k*qtqq({ZIDxklnk0#Tw~%n&T3`wB8{W=+?O7?_`%{D1K7kw198(rgUW?^ZT(
zsXG0Rrn-!giF`-CzaF~&Rc^ZS#{pkIed~;G|7P=dml5+5t!Tid?fPi<bgedJD8Z<?
zo?S_#o(xKtlpo}__1!(Jd?A?1R@oXq2&}2t?XbfDYU>Dgc?G2<=i89X+sZv28Ed^T
zC}>cjW-CaPy?L<(_63`P5kAjgcXwf`<oWkC8NasABtQvOEc+@5`qI7zd9*#!=MI)m
z+#(2-An5diP6Nc8zFloZ(O2`+i{V)5!rDBB$T12eWi!2YW*v!=JiA4!WuZNL9Z7Yi
zsVwt@dsJ|7e{!Sdo1*#$LD0IBgI%wEc9b)If@ULsmWogL#0M=t*XzOiQ}6682=rp&
zG(`^)!H9XQ-gn9)^ESV~)Ve#?Vofyr2uA%9CZydH(3+k8FmvJOL?7|z&380H{tRT=
zrlq#GLBlA;f1d(OOX(HjeACRaQKA@bb~EgPeiU@z6I^8_holF5-2RXYoK{9PJ>#v<
zvhM~yC8BrHu;$s^-HVS})@#DdW*VvEdjQ;(_~M~);%Q>n$oj}kqyMX=r)U^REctKe
zo)sRO9Y<+>ZZBl|9^~IYH93F<kSyKE^ZiMG3Ih$Z0bh&h1hFwu`}>XA&}GLzN0&iJ
za1^RMy1fgOJ-Y2U0t=$RtGm`rART1gre$TMO5org4Y-Mn-znHCxm3Q_;y3Gcb{7oI
z9^WQm%K|@zquXHF>|c-Sz)9<sZId(d`nHEUFJ|Oa`I?vQRqt=1a$z1dBsu9Tun3Fw
zG*qs1J1pM9B0wQ+d?PY7P9@l8eK5-3uE*SjAl$S5$rs=4x4jO(UYrq{jquDoo+hWV
zqRnzkm1TIfs5L13GN==`^78s&5n8*A9*b(Tpg@H80)I*YB6}U35e?Sb2U}BRbms@M
z#ABO3r2fYA0;V%pxgS^*he&YG?xYPhH*anHdy>+2v2w8bbUzg!aGE9oJp-6apBEXs
z=^dgP#AZe3pOL61Hy23s!PHrb;qd+n4`3-!3b%GGQ0*YBvQU@RVJ?5|C<Q$X>IT9w
zz-lTt9{hf?q<h%xIY9X+@$rb>-Z>8%HfH52+ewqC;dSTBhLT1BD+f(yRLUOona!xS
zfAosX3E`*^rug{+qcm|OsI*XGAWa$&8elrjZ4lK8fgQsRy;~jF7RGJrf@R@8O7$S3
z3t(P`BEetWfzZ0b;Kv>4?YzBq6q5q07tRj6N1B|M)|Q+HK<ZS4?VXUvGE>p2KJ^*+
z;rbn5VCPpcR%#fG{GIt&sv@*-T%mMIXxXJw-AdKzyt@Xwg1JIfWm@<F?|sif->>|5
zqQBzHU%VXDW88niZIKm4Rj4@0@xC&7z;V-n&K-)64$kpjl@du`f4KVL#bd){t2a_T
zAz`6nGrAM)FvLDJvxwideN}ZrXey$z-T4;oe#rexHQ@9EuDgTyXNK9BNbW9K-{TN2
zpp*f0$=+Q0L}%`fOcxzTyg*<;_SsZWUe6$<u$k`~?$5I2O&y(6@c@OmPYC8ah=9Z^
zAWrL$BlZNQGl~lUkJqQ)Fj!J`ZZE8&Go)Q>YiiVXXd#xf%+j=6;rguvTmoE~eN8Md
z4o_98wJ_k)KN?5{W+SRsNVWht3q~>3{rbF+9H_buTm~Oi$6gD180=A46nqq$m-#>8
z7O*`!u;l+)DOH2~_Wf$oY+9ty`93sKtgx6g*~#{R(>&YNTO@=<Fixq{*?WL!rPG_S
z^HvMz-f_1)BmZ*@_n>o#$v`yKz?>Z!cPtjO(XzSt<U(x<rF96kb)}WENKpmlvo+CY
zjNWynt;oG#h`yH=rtH@3u)?S+AX1Ot{g5+YIY9qvJ;!7G$md_M-puguCpI?O=g(IH
zg)>RF&Lk=-E4M~-HvRIbD8c`LfBcM8PFr99i}l<4EZhZw7o#^?l#?Iq_|0k?Q*~6j
z-wuh~OO{=pWL5h8^wg!wRjEsWfVA5)_lMpuwU^R)rcX>((>b4{JB<jkTxCRI#my(L
z+QKF>pC?Kd1aWmRF!g%lohes}y&!1#X04h^lXo}oY-A)9TQ6rYP+_&{M5#NS)T9Hh
zT`8eWjFhEesP~$gQA3l{PRPKD4g>I8t>01eAmP8Cy}avha$W@mElzYm1k@J=+buT4
zVsV1pz0^cp?jb^9r$~St)Ai?J3Xr?80#)&TKcIYNP?fOW_?;R!A^>i039yU<KkeGq
zA_P%K&yO}audqnq3><<=YfwoP(7|cS4~f0}<rR{izE=Arh0~bMu@C0)%R>PzPENoE
z<Z}nk{u$+R8F0(rOsqh`kCD7UdjfDJgQ@d(fC0<4pLM*xST`&Sy!&kZ4L@8SPtN+S
z!Cv~znYqwwK0ZEP0--l%X5$$WQj(Ix{_Un>xtb#F>KW<Qnb<sOIuXl~SydG|*G-Q{
z1m3Yqy<Uab_z1NT#23kz=`V-D*O;7b#xw)pKYGj2;{U=^IHGrI@><~$>qjY<^dKV@
z*Kn3>L*AV|YUhZ1Y}eBBWll!ACAkvsAaQ7eNbmng)OSa-9e)1@HLG@unl-DnirO`5
z(^51>?IL#VJwj>C8ntT{t=3BIE%qKo?Y*}kMi9yG?eqD5&hI?uILRM5k^6q0dtdi;
zU-!9-!^y;v#KiM@1;?HubJXuzNgy*XGc;WOR3#HsoDrBDR?WFDj-*e~1vgI&eX{N&
z*c`9j@<m*KI~1$?+yg%=H9}3^8Xc+%bfKlTkg_i5qEeGFeK0IR5FZ_>daA=2)JJKy
zYpt-3;)T*VU~6iuX@Dd!^6F^G^-x|%Y{`3y_j<qTAji+mQyv}HM=4eNSoGT*U7iv0
zRn)O{NtOZ29$x9f>tmAHW7+nu()SVDX-C+QR_rwmmR_-7_lhCEBUB)FhX38SHrC*x
z$0W})hIWgJ{+*n-nWX%9NEW`kyqrr<F$@u&ou2O9Z5U2XNfCk!+f*86Z}|e7`g>A;
zRG#1k)uzVNrz4xb$9ThI@5-h>shA611~Jsr>YGmY1TTS0C79ju4fP?;e?Lv(U`|S1
zW|i)>OS~SG$O0WmqLCj2*S+1ABM2Hzde?q3e3LdTc4B+y*fja<<D6yS%S8hdZhT?U
z57d261zv_?BAv_xc`EPB-g{5&Q8>;cDkk=Tpr%Zbvb_Nzd9-X~vZz7gU{b~OnAe+X
zg<l;EUOAh>;?~yIQe$MTP|!;anE7=nV%a(9gqrDI!D&!oM~4EsU$*X}7PfLpLZWh6
zM_AZdU!bB6wn&TVh<=+pUKmV+)oRB!-vkc+6n6aZp=wULi?!UL`Y?#Sf9EGJqPFEi
z%=hU>Ax!OwXP|RXvZRcYvvY0WdwFZqSUR#-Kd<XQlT@H!mwyPgTDnO#)KOTu<)ukq
z>~W4Knj2JNf0n$qc3eDYT(sGj`(y;E&I6wEECv1g@#BY|Q2H-`x_bWb%fEW}t$4g`
zyxuekSxHGY5abhZyPR*rR=w}8?a!qCGzk{cR2iXd@}O4+o%dQ5((%Ik2D{Wc>uLEi
z_=Vj5DM!oQ`*P31C*$Hy?!pxBd|u)^XGo1kZ`O>~n3&50NhSKNzZ8`;cOhR~NNnPw
zA+k<6biVj%R$m1>bN^BV7T?IxP70-0q?|S-w{KcXGh2Fl)3QiFnU!F+GaNs?eYoa}
z%vF){I&|F+COB=F8zYd|I2!g&gX_dT8nc^9n1!>mz{(QskwPez0oEKla&x?OjKF+>
z#|qmFXR<n~BRHL$;h%D@Kf%Lk&CrRH^|rN2{6TqA(wZmb%WPGj!0wV=*zqjmVC<+*
zjJKCp`Eder)AjfwS(BPj8l6*P%5G!BcqrpVLSp3dL0-1K^L^~**(!8T-2eFZo+SHE
zK&tf`i!bn!`<SqbP`wnKjXG1(pNlY#>)kaXq{bNS_|s!Az;QBK?@yIL$rEU;*tl5J
z0i-eDWhk}r<?btKPk5S;hbuhK(sTex(~<51jR#444P})>L$6KE%(&Tf056pGiYwR)
zxOR2~^d^O~s3<S*@#7Kqf9eN!D)H~&CS?yF{jm@b`9>Yn`YR8wiS~{9T%?j}{A0K|
zuEya_GQvK=t=Bt7&|S)`V0gUAjPIQ&Z$WC9aK9qczcN9#f%Z1soDWPr%^u8$@86Vg
z^vcIyzE$^p{O{3|=yVo#v())_UKt%HpDje(>rBG4zOZg7q^J8*3hUJHf$~S`u$xbz
zpLeY6_cm0eDn_gaP8OdaXLVs{JDa0d66A!1JZmG&>QAc)(zq#x^FnHxTv)}84Y8DC
zpIx1$AFe$$yL{4}pYS5#D2|*H16%T8!mf;<8Ea~nB$f7fUZ^&>u6d$WWRb|aptWjL
zOdY1`7jUDTD<VqEs?f-H3`4QHWDR<I8YEnRio5Q?`bc*dV>gRMW%{lf_0T0PcZVe?
z>x5x_EUU6tt7mehWtQA-I^y3y5k_DsTn$UEI#*?dEv04bR}+J7!UMd8<jvwTDX_v{
zKK<p$Za(<or{VH6Iy{u@+V8|$KlMmp{f<l;3gKw3&A^5kDXes!@GLDV(gA~ckj(9u
z0kLi7Ad#nG)ARFIAi6Kg_TJv9$mHbY7Sqdt?lo5eRu-~wKy)Vz%jq3V(FPeJ`P-We
zOieG77(XX&^Qf^x)ZQ*q%ud9K#u+>kB4cPCJQkcf_{ZnsmFW=1?H^)QW9F;GmS!Io
z$Fwj0fqq0n)Y^|nmfhR+fs?I#bNA@`ne+qJzG3xV$uM3%h8bRnGP@6ltKjmV(1^00
z_1!^^IT4}x9=RtenhGDfM~aHtvuc-=v#rG|7fomWU?}YJ9rkv;pZanz*ddyGUEtQV
zL$;zzAqR7Fb(q<`#{*Py?a;S}<n$PoaCYOHK^Ajy#$}Zt6wHe#dn~lz*1@$2+?+r^
zWi6NlmKSLmh!OL1y{G;DY%2Ey?VdUT*6qP!hSSug4jLgIq>dgyRWV0uU1Yp#$gVNo
ztA%zVaV~ww><2>oD_u6WJf1HsE_Q!mfLY4q5Z<4MN<jqc|2V}tEFiWY^i4kx|BZ(;
zNsTeNHaQ8BJ7#ePem)xpad;5$ZSSh?anw5=aK`<YKi-0Alztx=>w~-gHGTY8IR5*D
zAgtMRgcSXF1o?`b$Q@awy?sG7yoKDkx~kU-`L#4gx$ecBpj$@G`?B1&XY}K6iZXF4
z1s^q|^I2lRg?bM@+-UWn&OWM&ev*=p$~5!S@`KA>Nhg;eoQk2YOtG{b)(HMB(Ok1C
z>jLT~iZh*S1Amw4l%;;w*y`SY6l-kvl}yxmni^}vi%R~q1Q84!+A5q>Xs{hfn}6k`
zCCCyy;%9rIF@Ef|7{_t2*;we_T~y?X%y3@*;=Ew5mqdjz@>GltP(6~(Nv%8oB(Ult
z(r$LW0=I{->-x2N`1nL%&slCP(X&8!-$X*(IJ@)DKMtZVqsh3&S3UZp9}avO1!vJ<
zEqhpKuoeOR6(w`bg|8k#m$d4Yo5;}KrOeg4k*OvI-O(=`Vb3+A1}sXg!7KNeatx|B
zNG<2{P>6dG?@z)*<pN7~7JoXXSeMRONqQ1<A5dXrPf^a+(n@HX&HS6@1#I)<sE2Yt
za=6~nDrrx8mhLv_DQW)#Zo?_tYhaG+ajc2k?CI&b+41<s$Hynnlgz@xVxy#O1#-I~
zi6XsX3Il^TuKc|qH~UMhdG2}CrRs}RFl~y2nfN~nS{?4)Go+w`(K~cjD!fHC4wo~G
z7ulwfpgT+)6j>`fe=`d9^O_D$@pBLT9_p#;Y1coP_8-Mxij4eZoChn({u>0chbX<2
zu$0VU(?%&=5m%9ZH+7t$56@SaZ@wlI6&3xvSB;n>vXQ0je;?YfCX^#xIlVwzC_Hv!
zEIp4Ph4oqTgANzwdi1gT4n7wP-qe^5FJ>V$bOUgK&`X$1H2ktptKgc1MX(ut@)T8X
zhVn<XN1L5$d6*n2^2>D)R}A|*gh8v0;JIs-o<C4n%o_ISPo!3y<A>>Mk|hVnZFQ3k
zEh7iVBbulFvlC6a)ib{Hm!}vEPRrE<Y-ORjd9xq_%e}(>0Bad4?$0=RkpEO>$lj0w
zYn00UL0{#UV>`Cv6ZBEq^(-YeeL^g@JAVX-E*Vpr>%OK`3H`{XqP>R0Gru!i5uMPs
z-0YDpl3?6iH_!`^2qRhLsI8)ghK2;?sE6cGN^0uwGKWe@gS6Ct7k<qFbyetBDI3@a
z!tRr*kRQTXUFJVGqmIMwn#~QA4p$XcKWj*t8d_YWkaO#PIXMGT^6=vR#hz;>7^<oG
zrsSIw*lk8a^qNxRJL4F^I)U!@(xx>E&HIxK8P!n{>o<^_5jzlT$h0=}@fMqq_|B%e
zR=1w$IeIw%GbCz&xJM4GU)S7xFWB{PzCLj-?C*-qNi)>qsBQhvr4~=5Z1E(sfj;<)
za}e@g6J`q<QdGo&al&$;Wdl$wU&xN(=yL=}751|($4U<$y1`=H_Pri^PSe-Cb+<I=
zyw-BZ@Vch*Qf*D|10|V+NW&*_KsWgjTU2(mnNcgRSbA|^xtPio(Rsfvcm784D{40!
zdfH5;v!qc}L;^@l7*I%AEJ0C`J(=<<{8#|nmndEi*NkZ#OV#{!*jx~XB^Sd0Tv<t6
zV$q%vA>p;zzd5A=-htg9I4nu$dGKr#(3?L~X%B_M337p=Vh=Fz7YPh6KP3#62f&wq
zv#D1=z$-saLH0bxp++Jk??6RSk=u{AdQ+Y?O-&~TqkA_I0@VUmkk5aj<rMw~+l}NI
z$P(*kuHy$y;lKH-+`~8#$;6a#u<Q1D^4<`_mEhGRu>;#^%jvVgrWe~G<h`*Ki+3Vj
ztTJjHAX_v~L^<}X?2@C;<o`~s;KLFsH-tk555V&7{9ny-=9Xkzv!t9Y?Zi9#`zvH_
zOs^}R6HlbW_Ac1y+piiUbgAB>D6$Agj~6jPf_uARH6efkHDoLtA8Y2fF;E8-vVyq<
zWJ2I4`Z9iQA>rcxIU+OIb=u=k0+>js1wY~9qtv_|W<)!8+KY1mRU$sLw=pY!)AW~1
zxpu5K6ZYc#;`ltP_8HA_Um}9$%nz=B&Z)>A|M?S>$nCZEG#c?bHn7rxGe+y~D)zU)
zqLSoU=h;U$3npT$DoQpGJ>?)6w&Qpn-lLMwV3-14?K-_rIf1-vGBq&)dzusn!OZ|y
zR1Ba-m+Y<G!F1s#W~Qdh6qHFiGqxiAdU|@lcn2KC88;jH-V4%Md7Ahm*cr)E#jZjz
zaD|Yr_E?DnDU<h=&!7GMMxQxs#m%tlG)oDcZb9?yzA1SyLgg{|fEU-Va6aVK`Hmj*
z8%=rC!}$lQ9If@{UL7+gApY54hn_@%5-kqIM~{$&S2xU;=~q?~qV!U`+ePqb(7KW^
zo~OxLmbaH+mS%ZPO_V9j`=#|u%}ys;f;uG}XKevl)n($1ZNFC+c5|7Ug>?XK3IL)<
zouNJldTyK;yNCz{l92%{vT{0TPioq4bIp#yE*`*H?LgRuEwf;}v9G(Wg8rukpbO8}
zo;wjj*{rif8?*ARPK~dcEzbR`e<2}soOFa;=z)U4b=SjEX_`L`j7*eZh}Fa{IHNHu
z#w5j#Nh-wQ{Xyo>eY;hCadX2Yfyqe^p{_4eraePqXq3k+iiIqG^{L5lYK)oaQw7`0
zu)r5ebXXoYXYWRzcDPLH5md+vlDH<DHe%x)@k>uV**AL%L_?XZr2P+gPCFh&pkHm~
zxfQ&+3=9m$Q`P+=*)NR#d1gHmeqA_TvV^d)HvAe?_lhidw}HQ?sQ+_^1u)gl9R$Rf
zv$2!@!m8y=ZKS=+^|q-~$+nwYYFmROiBr$rJ*0pp(W2X*S0<HnZLXEx(^RJ6NS}dI
zrW5tQD!RF~nK;Lp$9HT9tLEJ{iPoW?PqN)=;1gyPiUj(Fh54D~By#sNo{`#^Ic9ui
zRAeY5;caUbswz*?9kxvu$Uml=t6jovHF!wYeDT1mW`=UG-LODV%VAS=yV0lRynfno
zshz$`mqXVKJb^l|UFy6wmX9>SGGSvFwx)>~ONJFQ^=Hb#9Bh8t)iMoO{mw$i%*?zB
zMGrxv;8-&ZiK+j=NV9vX+Vfb6Z&FjfA^g{nQAOi;D@@9W8ow3_xHT8R#*?)YAPtR<
zN&mZ+=MoFicA7aaO<3x(btQjRY5mdwgZX8?bR#4%;RjWx)Kgs9<OGZkgwO<(z}a!J
zChEc}vJVx%1_$34UYhg27$4kCizwn9pn0xER~qq)i;XL<sOZTA0+=g%<_S*WOtt=f
zB5mV`KJG~!s2J?8;05ygWSvhsMdq8#!nBn$CFHqFduLbHhUd|F+c<QB$mPiBCF}^#
zfZlpU)`1th7cJSzs+lRrc63x)&|POarSYYio3BQ1!c`t~<0@ScHIk)dt@T-)1kXv5
zxXeb^mU%UTsCFOiMQx}Aq^wp|x<v1m54Zd(OY}&(GrvM!dX+!_7~&zhK`33@5Le2q
z(ZMNwKArEgKYEvr|DG1OJ5k^dcw35lI4G+o3qSCfHIPgs<ox`=sma%$0c_~Io_v&Z
zgk?p+QJvJNM(CFF+R4(TQJv3m<n`CJ&}=et^5Y%oIec{-ej_C=E^Z76MZ5G*KWhD)
z{uEo6W_zZaO5Po-!f#52fr}l<GLjvmEaO(odziaieB1)Q(x#A0s!HF-Xqhq04m%Ea
zTK-gf9pHD@d9mdHMntgF+=*2t&{fmN+m@c9$I?#F{!2e{9_B`8m?<j$<cG*KT%Vth
z{PTQ)IP*j9cu4M@`MHCH*`9QnJx_o21T-;IX;Yl{cz0o8K@!`>f^K^cWXyQMp`oEo
zONfkXqRPC-C(?l7D{w*9hAH}Bu+>mj#%2HRtQmVhv&AHN9L{W|Qnzi}_S69NH&Ym-
zmp)8y;h6%T`uCL$1a+1?32gw03XUg8PfD&1cXMidR8Mj9NZD*=Gw;VuJSnGPCL|92
zyT|>lL*s`dzpH7Oj%n1UA+IWHqUK7>+q8<_#jEk*S9;)2{uk%vm5tF2MR~#%d@Ff2
zS}ehf8ul>3hTuI*9t@L<aG4oA2oJ#d&tYGQ))G$PVSqqicNOd65h2igVvSze!Z^n$
zvl|DjcEI2J+ydeqF)R<J61$36o251Fbd*7~1bgUfzFrkKEy=0+CDLieh+V<Y_nzk%
zFZ`|r1S@}hEZEQjy9`3?XVT;x%4T)myI?3rCudRjvc)Ty2Hb)SxG#el){i>pJ?v{d
z@L-^z=$l^}j^~7=r6ITNat7_Pn$gg&YXYCIx|^H5Wk&`VpK>SZ^h*Q!@?F4n>FMhi
zUj_^h3=DW`)9h|<6WuYlb9WbBnwjYv$&^S0S_!wp!^2<vcpH}<Z3+{ki|bK>O)&_%
zvkd8~g%8dzH62Y0oL`4RM=}nH!km93DtDSFe@Oza^jphZVsh1}y^CXia;5+3u9QF~
zk4uG`#H`T52<gP{aUMtBxpRoGCYyBDgCP+$kbv=-{m_*Qy8V7jRzc~8US!Ha=uGCd
z=G}nlCZV-*6_zeQ*r8NXR`!m5|5ct13mh@$Ww_5>PLq+<fCVd$m0nt(UtAmy5A!bu
zUGw)>kX}i}!yLGtt*~&PIkdx3eK7;j3+FZ2o6DT8$`P4Lxi)fBzsn8%BNZsx*Z8Jc
z_U{GJ=Oz!KO{3z<ix8-@QOZ<~3`VOKH}h!e!+}3FHcs~ZadtpOq?XAJ#!{IOv!t+a
zQQ59)%Ul99RYfD_>n(E}Z&E3-KcZ1V_s^>lD#X}@Eh-F)^w7WzeAf4R82d`m8Vp9}
zJ%)h6L)SN$0GXWB&^B|;A-yr7feJTi=3?MNnaO5T*zC;A@15U;*$*|j645}zMc3@?
zyJru-oNR1ttfEljETjZCGmeu+hK4&#OiX8hx6%hce;k!JG8kI9B_>l}QE`={k{YD7
zMnTz1r7b+5@Exb?BKPnyk)oN*WBMw_!sz*rO^@ocRJ{uE|M6swNmvOp{G{;@Eq;@t
zL`I)DcN*7(bL|0g+SM(QW3_<kk_NH)d7pI!Iz>iQhpHM?47WmuE~+QM(wFN>nNr?l
z8XXp_3dTK&=sYF$i*&0S6C)?9qN0aD!&%$mVdHe8H^M5tvnKNPa9mJhM`W&D(d{Ex
z-fV0+%T4PC?ibS1oroI@yp<*B5a|O@mMCsZ4E>eo9c+1D#U`q+#`)WJOWiSd)hg!O
z5w@)pJ3IR%yJ@<!aK*)?;uVvd2E+UaEB_#twY;?G$$ULh)XU4e91cBtaUZ*Yn7-qn
z*mL{MZzc&PxQ3}Bx>fR_sKem}S)Qo(1i2h}c7`d|@FfA9!N^~kLy(Q`Ze@V>DwZA@
z0KCyv`=`5}uqj=S<JGPoGma_3!eDT+K6rv5u7^H&(M5dU)m^{>DwA^ofa08VLNNFY
z=Tv`cN+4)`e$zQh`x%~<plih=EfLZXqBljpuy8|4p(WbM&<|^uCmxhK%SSkGByA=*
z^&V8gl0MEjls-36ZPBYXXqJr5suq&uV}q$?Q^efKB=xwFQYRVpT64<zeER;tj?6Ue
zqQISRE?SgE4CguX;A{n6>t;6rKn?#XuMaWpNy)k<E<sGSKHJm+gDq^fOy+&B$&~Y-
z6&0Bp^svpuAgaAyaiD8wwNSDzFwm34oK`J>9%hM1oo4|8c$~}ya2jr)Aq--s4vXxM
zPem#Z%3zwVZRTU4rt{nD7clV;v$a;hld$N<Zf*i!D_UNEN$IR%XPbK7`crCQX;~10
z^pO=gwxjhvZ2EHS6Qi>P$22oyjhr~p+-SlB_z23`kDq=2VDaY18lZ?^&7=QzO|WHc
zIDB=}(hPNx%+dp#k#&mo1n@9?0l}6vVHoIhoGiviG-m`^!F%_|+n-6hJU>qQtj2(&
z@B+dgl}E?S!g3M)S)O2U9=7Lqw0;3Sg|h#Rn!=gy-5xOz$Mf%DlRGVqrk0u(m`i4J
z!YMTjwhg3uY;wSB3#DA{a59=C)*S1Je?a*#XXV#g_nc!<N&`dQSJ2Ukx5>Xgb{((8
zAMEK((KSK_O7zSj>I?=<Z0ABV%^7is@V9tuBNeai7+d0yok$o_QVy5FEZyDliXDo@
zy+zN3R>U9m$!9k~4i_PS90(4N8$}TTGp6di5xL-S(y%W&w$2F&Jo|_+Z0<%FR&R%}
z6B~z}j$7rHy(D&gfpkTqE_w$J&4MoP8$%B~(W6^3ajB+3T^-myBUi0%_*05=CE6fO
zP0borSs=d@LCN}S_7s9?b2P=|41=+{>t;z8ix`>ieD?kQ!_~!Rf0k{a;3Q!68s$vu
z?}8R4;y5P%nJ)$pM9K~$1Ih@)kVQqCAYcK>IB*`2051>trl^R2KGOU^vt--};IzoY
zJ0PE2{QWb4EmxV9mG$1qiO*)Uscdi2N@(XELFmWy>p^MIo3#5co1Ln#(`#B7F<)&*
zKI4i{?(xI)Wz@02%yZnoUi%QQw#MzFT_?PipbL&U;XLXgOWXXp2Ug(G2kZFXkU(v)
zfIn}K73h<{<3Ux)9SpmNQuXH+_mqNd2@2w|!m{w4mb7+fC8tQ<e$Q$=J&9Ecpp?_5
zF)%S|tFPSp)6fuAU7b8RzWji2?V1HN{8N}QR#~z)_SwTYBg8#YV%6FCQ*GhmE^X56
zI%_;);5Nzx`$cvP5cEQAaxTS#&^<vkMk7ItBQnTi#MSxO!9lIdTJ_ZNSgL6ozyz*!
zJHXbCj*i}<rd||Z)0;BeMW+qd=&}{FaXZmEOtEulplF?>=TV3=l9KI^6~Ji$k+%F4
zq&41>Ba$)X;v?SP?0-!c7bo~I?i=d#Q4H`85MyhKZ0{oOVbv$55CL1~P?M>%lE+aJ
z!M?Dm3>!mHfdMxla~N205zo;qJnQdQPqsEp-tq-_#TSfZ0HUh%x!NhLe@r3+R0ctU
zl;t{6T#3XfDJlP~gyi8%gdhL~gIu&}lwTC>?&_s%84Vt)iDlp5E+$lRPr8_z-sEr8
zMF+D%iQ;!Qj%$QLPBtz==>&#N?ZLE7!>u3X#Sl(eLQdVmckBhrHj)NLYb3{#!(uIv
zD*K!*;T#G~S9A7k=63gVdfyn^5`7m{Y2dP*y}~7W<#;AinK|~rVy-lB_O1>0T+}z2
zuVGWYL#8q_0;c!xCbGjf{dJuUlk2>lS*|b09J7?Pmj`E`MCFA8Vgu683cP&x<XQb;
zJ?7#OH9}dMI3jcQT;n|b74069U5=7nwjN=99v>@80;E(T`pK2MA6Qw7c|{h#b{f0C
zsew`fGIe4s0AX%J%kqXm^ZR2c<bX6g@O(|&9dZwNx~|f`$Hc|~dGs9L+TKs)y82)9
zfre^E4r*J*13o|rYk`dP%amEixtII?I!zCBz@S~!>waipR+f_o#C~o9>1>e?iB68I
z4}+$gy-hxft0?&cob#K&T89FC8UrIE1=DpPBkeL5@2p_vAPd(3)gkZGa>=CEz16!9
z8Ry|j<WXLG_H*2BFGP@K6UDMw&T_jG5O|p4hATajDfQZZP+idzf>y->g3u6~f>B!z
z#=FzAvpQAP)f2Mro3Ahj&d?0t^X0X*`T#!KRR0a2gu24onDZ^9FOE4V*Nmnsx2T9Y
z7^5O{(radBXmq`imQeLR`$^$!Y-=zB^T3r5BCT4tB<Cd_0Z)x{6HZKZ9DCuPh1iGI
zJ(SO{tA{L?n{QSZC&u2-&<-<Z#lNe3!k2*(jb#?QYNbpWh0PEi40HrsU3Acm#SOVF
zjs$vs&(;&wpW*TFI=QZNemJt264~Wh*KRS#y}>?bJ|HSj5^CGTw8YKwc9M{|#iRvj
zWH>^+Q$t-KInh#vRG17mVyuZZFlG(If{PZmv$5rCz~8YIxl*~lMqr3{4)XpYn0W`>
z$jr<135x+#r0z^#s*<mbpNsnj@68N=?xF$xoTa5@==u5ipO%&nU54-8=~T|d02I~&
z;-Y?P?->YRE<GbbCI1F1X3s3u&q<z~b?u2~Dfm=3@t{Pn@Xa<UO{TEk8B#F+;IEaH
zB_hpEtbwD<I`NA*q3y14B{vr=i*n}=PDsH4Zr*_LLNt2(-+ff<_3PCo{QDxGP7{;~
zf17zEgSZuXdJi4hXDbY7tZ1DSsFHr+zEpXs*k>RcHO9s|)1ZdB%SX|#v5xy&Z10!s
z%m|5yj5Ap!Mj&Yvp9G#|>+B~)*uol=SQ7eWkRSGb1NrB83t#Q(&s(7t+5fDiRAE&1
zkwD8`S1ODW12MKDD-1gIS?c0@D}3m6!wEkcQ0$0-eian~8wfwRzd}U)nS14;Pe8!F
zAsPTTKA6j`ot?s*pZmKL#gC&t-hx;@8Rj@&UtfBVZD3%QN<QV;bzqY9Z%`wtA>J>5
zFMqn3l@<?q*@fQbct&L=EhoyBK0`0W^cSr4H#ku3Hvw1r)gA3=Hj~bLVJkz0?wU#=
zr!tVE*Mq*ncmv-Vq^Yy->}s?$n{A|(4gE`24^B9NwNtO&<b!7sR`PV5M`@N0*Pq$K
zriHVAUbo>tIltbxvluy~*<gKf=%!b;-KPA@<=oZ+MY{L?n*19*SA`6Yf^x!c`(2Rh
z%ePK0>r!R=8kHODa-mwgE|&`z-756*@tjfd#Vn(MeK28Av#?t%2rQ_P02Q#k*snOz
zvX3$Mky43$s1GJn#x(e}N;qsfew1+`kh$%#F)Dy&^O0tDPqE%bUm`)lsiuCBIIRAM
z^;>ixK=_xWXN<GlXO+j57%3?(ZVs{s=FT<$)|-?b!3hR~1G64eR2c4hz}t~6v1RXS
zmST2Fggcd|Fn4t2K76#HiKeGrV{C|PY6=lwTy*mydmpLINd1MujBMAF5S{+)Mk~`W
zGrK#HHevlE@(Z~n!)L8S5*z1fibpfwZoJse1_F2WAjCfDhQ+<i?h)e;9REo!{c~=m
zefwK+6Q6^o792LCNg2=x(Kv8qsD}^6N1c^^keCy8O6VLu98`wZVr5%AyKl~GwQMck
ztq+@~zX>M7+$;gaT*&{7lp(tU2kW;(fd&8Tj)SQ$`+#FE%vD^ZzJo7~$ZiLId2DPf
z5NSyuKcz<|78<=Tf!(wT@GZ&BSG&aqhKAa-0;cOg-MD3{DIU0(Mod)HN1PF$D{uKS
zz_hsxz!X~@#ZJ&$6a89otHhs#Uxe0`(H7hU-{`rk$5q=Y4YM6mQ`tH%cp4c3f4Fxc
z+r<Kk-A$Ok`gVG!_^$J&{S7IYvd=lnq~J1Ze82P7t)@_d`<rkl^E7l+#zl)?^hCSZ
zNkVviYHD$Q**VLcC87ozNbkhNVSVzAQZv`4A`BLGc9pU&8krj%Cgo^7IEGv2s9>Nl
zNG595hYzRw3zn1P%5b*#Z|#1g)%nINCn<?lEM4g;en#kD^1CvQtJdxGBZLqqfNcM}
z{KMY~aRINx&t9yfyrm*P=?-oo1*SZQ6bpdDtdh11Y-+87w|)sx+}0|S77w)ZO!!Fa
z0em6=3PHhff%}%AVD#7zjhW$L&9bCCpz01(-$iuQEkqt#gZ`^U0U&@d=+Z^}jxeqI
z@206eYxUomhF?<j^{_W7$FH_Tu?7bPPILrsj)JLQUo{yYo?mo%CviRv-I6<~$?W(X
zJIhPyzwmyeMp8}Wt1*WAd&#6cMd(y)k`}cfVNc*+k3!!38vYe$`@Oy68Z>E~-PUvA
z&<bh%%a?NlRs()pH^FU8!7+QZ|7b1M9%YtVKHKtjs&cg4r?cxvIH=q?HWVAsA)s)o
ze`ywaq@uXbn3O7N`2pSeZ_nuw+eOy~Ij(P-e$CbzJWFf^&S&2azb^u~vL$DZ6|;!+
zBbFNLGYu3XiB=U=8!j7<^1j=G>yenBzr;6i+30Da4+022dp5w1NdW&k0g&ck@Wf3}
z&K9!%ovEoFFo+1<%O3ad`ue&q=tj~ee>5U0Z~5TB38*mb9v!`5Vq`S;^t=yL`=qlp
z?}MJxk=F4JH1Gn2lc?ytR!7mbhB9BF^rnuexRUa)kBh9S)iMx|%!Dn{*M?+IMwOpI
zAq0Z~4LdyAkK3)n<OD}kxJwd0NfVk2KIIEHh$YX8K{rTS5B9P=v&r@HI_P`wNBL0B
zk*9boHzA<hi&M^mh%KtLd+#QA)Z>p%OAF+uCNGUQS1s1$YXZM>0Ox~0ovv;XjzsKt
z@5k%dvH%1I$(t4EYA)u0wkp8<y7kUFU0(w_2&#TAdeWEC#7Wr@8;{wZfE2rj^fHG(
zdd?jjC6P+;<#F^KGA!3A8JhhzM5It*6eMmV>Hk(f>f*&`UmFq0x=))HIh!Flq|GKt
z5&s-TbwPj1%jH2RpwKWqH`g&dOt#eE8U10gsShL$ci+-HkJJkI7#kP2lc2)<9Vl&O
z%m6YSb3G71rUHyM0qX!#`ssiWVf@+k4WrzDWIASsCV@gD$ihsESvfCBsX`BeWHJT{
zs%oTfH}VR;<2z$l8XyF_Q^J~Sz}BCc)X?OyNkGRN(JHP5*^mUEFb*zlAzo}~gz^Lo
zR&t=;u<WffYm48kg|JeLd`x?3Rx1=P{My8e^CqX3^U;2B{J&mU+j{w&5(q~A?WE;Z
z#WwD1i=Q`5xxdfKIUuvo&IMcJrp<OCkgU9)#7ZX1sdt}Kq$RG;gR@S5#}W}&@y!$o
z02VXb1V-(7s-d({2z%9<bO4#$E*Mk{#r+|B^yOf1(ZrWy)KOPMSus#F0~qEXZ?m?1
zl@y~Q-kMB#g2B&0o*o`=fw+4G1PpX}TwsiUGqddFdSX*`H88!b>A0JrBu8X+y3BXs
z6TKVKMO;MS`CHIi*p#r=LnUpR%&q#OfvXhV_S4`|EszN`;j?3GV*>n{-+&}z06}5(
z(PVt7)d0PX%>lLJ$o2JnhgbbUu}}v8-Uw@0?DD|GTRVtBuN41Y(uptG`}Nw+`I>5d
z=e_vK+T^xMU0&e6R)w$-&F^~}^#?IjVim%J^|2Sc#D>-k%FslWMUj2Vk15rjP$k~-
zQLRM1Uy<=$JM1Kc@@)IEBc&gQU4kegIF4MeXs8+*Q`?TsRN`y+m*+GLWGVib$gC`7
zYN5pZIM5y5#bHoa>Hpx9Ta;q<YxEOzPeidbKr~RPDSlDa7+~VBZe&Iv!pvmhq$03P
z03)vf)EB@4$9a2u1NjR<Fc30^`Ar(a^vweA`?V70`sT(k8w!D573wlFGxvAX`MLZe
z{2UMvfa3HhFp%}*0TIt}z2d1@dd2-&V`&&FsXEBc|61meZ7<~X2j@cUp0&Wp4#YXL
zvMRIvW3GhC=lGZ0qwVn{AN9D@7;ApXY@(w&HcOlD#V>f>Wp^-O<$#<=4DRubeo3*K
zapZA5`^Ng{VBg}Ay5wv&V|HBd>{AA+Bx$=-V%#Kr+rMEFkb9agHKg+i?QUg4ljht4
z?uivKAJHx~6@=|>R0@Z6<+QmMtNu0TcoB`gwtK5X+u6$)V(iPS{{RvG6<OZ@ZZgC`
z_AL;$XN@-=voaS-4|p-+PNVew^hvI-jdb@~`9o5IbG3ZH$&s)HVlSYwx91aP1|Qak
znJRf5%swY*1u!l^qBOXy;NrEetULnvi<63PnuYd)bb^#TA_x{Mkx+TS>kS5mc>|bd
zSZ%J7$qn)mmzxM_@aYFn@5a`0nuvh-2h?BA^cks5q6tvfj=9YXMP_)m(w#|<KjU**
z9BW}#j01yKcB`9$Fher(Oueu1PAZA~8dB9+`seA_d~H--1p|9E1YxZtIwd){t6as-
z)3xt%9^@0z5x;j|N-oTK1k#9l8K<|f;@pN0ajq>-+#vj(m=TD)Pkyj*ncAcE-Rw&A
z!@BJh1Az^Uycu=)G5(lbYK@-LFRFL+CkiM(X%b`0Es3$&j>K5g?3Ddg<6C^f4YR%7
zZP-VxvKdVz=wU0Npu#eTAB3L(Tsu&q2w$=RdAU0K`Wo^H2vAcVV=%X7`Us4n63zBM
zl)wk23YaMqfKvHQ+J`d4w88gr<g&Ny0SMf)_6$~1ax^yfwf-69O%MxcklK+BwB@_l
z^e0FLt4l@3lri)7$x3IZvage%YbGPEJi+p$7Xi;_`G93#o+H{NwJ(-wC1f1O>FKcz
zVa(qbX~Y9;xlP7!rjowy(>?MdW132w@iyHn$Zn=L7t?r9ZKA=SGtU{1J5Oww1@*bE
zGvatyq>6hgW8mb^D&k*@pRf(}j5*yPs}From{A}ygIZ2`sq>eRKYeX5ByQW0k1hJ&
zij_wjryn_SSdJnpL7J)S1!ej9w1vEk9B>s~qGHYw%WlFEOaHecXC+k>`Rw@r#fN-1
z4zz3)s+QS!YU3X0$%uQ|-nZ|xyMV;_UUT&L+v=vKm_92VfFwNW?j~4j_NP_n0rr;1
z&e#vgr@yMmXgDg`UYxPW6jqp|<Kg0x8w?rwO{vNIqNsuwM{Wor44!%p;Gpro<EO*9
z%je7vHeoI`9ou`SABM#=IptKm%ISjf3X64Xc7kf1zkWeXrSuu)g-<=Ic&OpC!kZcA
zq@CLJt8aN=bM7b3Or9aV_k8u<;Nu(*&Q=(Frcj+8O4|f!%e4_}Utj-PlY~<sVe^eF
zlqw9W%4VfaXmpZvT~fWl%g<<Fa$`ZmhVXWni%^lKS&ze)AUi#u^V(I_Ny>h@PGOR$
zy(ua9a`p9>Al7?`r_V(9NH&AaDn4{16fHCG*fz2ir~WhPkN;0lSW0@0N_F}l^2<OH
zW63{bXO7n&f+jC0it--+-8<WVpnZdp2dZ8^fc6f@JTQ={AcwNDsmU0q9A&{w8VNu{
z3f2IRX1J(QS6f>MI+~q*$il>AA(VdPAqfVKGk|R9T_>+}<>THIj;}d~WK3yMgarJ#
zRCWPHHa%6LajT>pJ`R-Yt7s{o53(CCqY3*o-U&LC%x=zmN1zR6kj0TOT5ew%iJIer
zO}}dEQ<H+T@`28~ellwlKYGbc7THP_&9}EDy#Cl&d|N|Jgfc<l(wZU!?@lF7HB|PF
zny5U(D^2nbH|JKYcCyMb+tQNXm%GneT~=K4!;6*9qZ^^^-|FrwX30cl+#rMm(`Vj{
z*UWv(drA{Fy{q9sO}U?kMkM-*OHGg6o=yPhjsFLh0Dx~S@%FtLjXKIK^ZeWkP8J-U
zw_H@T|02xV5TF@tL=dcR0rk(h6eUp9Av1aRL_Yd|T7V{>1n0%3$gOPu;mK5!mVop!
z)8;7P9oZDjthORs7Rs#H3Ajo7+tbd+_j|?V7Z7i#6YA|oV-*1*>p%tL(;pusYC^C(
z^n>&rc(Ti$QD}~|VQ>F{HMP@t!uFaw!8o|S6`+%i)EbMuCYicWLp<GVMsdDJl=$|2
zEUrR{qP9?S5h~ELv`Vm22w^F=KRmxuiev8hV5Mj|__5~~X7bO9Rv?Qf7GWR}`92Y+
zw%td(AZjTyAw`=AF=e^UMUZ9TbjdGL<pWC{ikv|{;@M@MJ;;i#jG>0aJqgh}G{YFB
z-oO11zLGr`cE&l57x-G3vB&N%6d;tMGQOztpOg$p%Zw)fm#U2iwZkWtX;84@lYw{l
zfjY$)d9nqlXbAz_T&EB0qx5uu3dCCm^xsy7kQ~(p0F1EQY^&^?YzzQXE50y@#c+6F
z(7uC^N=E=8gTdB=uRsy$xBRc8Ob)H0BJxri0C>ekPXNuRAsBosh&P#<F&CE}-#ZJc
zyVp=QoT!{K#}H%j9voIFTtl9jz~i{Yjk^=()S(i)W0?5KX;D9FOKeV9+;4J+g1g!v
zFpu=5%7>PL8R5`l@#T-Kpd1%I@;8&aDjmn8!T&bUch64SsQdp}vy16+D+*u61Sb%@
zcu^gfhR`-+^OmVfs8Y~SM$|58eb+n@!w;mss@KoC7xmeeomF^?!!W0NCFUV9mb)Mf
z`rExE>%T_I1sFP6^4qlkwG!7z_(SaGO{jFbCN{3`7?lB}5`)G(KWKsh!1^u1o~_8Q
zIU7hR$|6+ng?ISb*{K~M5NiNs0)*0E&H-x-0Gb2iwQ6Bcwb;cT)VXhw)zs9W9L%mC
zeo<zBXJWz$;rj8`%frKJu|&0UX0RzqW&|m%s}7X2H$W%611B?%SLd_oXYlG?Z*iBa
z?s7whf~RKlK4X7O!YogEIn4?8T_7E&F1;Kp<WY=q1N?LBIq9@X2X1uQBOf``ggD9!
zOfADj=_O1UC?KX1c<Ww)@(k(Q+#{GEf4z&~cw-BXS!v~uS)EUJD=RYP%!5qU@$1VB
z`E-YCm`<Hi@LL}AQrxp=Gu!ToUTCNMz-!J=QZ)bm7hOV>*)8{YV$cq^y#>SnTkv8>
zZj9QL!dl18QrX__pRzqaaYmq!Z!Y*NSqJ$0M*X*&XvRchpCUjPJ!g)a0MZFS3uA9%
z6Mk`VK@Sq(;~Qnc9<vlXOqD&dEPoIHpcOxWt9CtJRRXm(`(McU&23u=wE=PnK(ZXj
z^8Iox?=gU<ffkJ)Ne}fsJ=qD)|GxQJkcrd#bizx~fsRkqzvmmeY|XRys&Q`EJm}h~
z0_6w~?dFVSIz8!D?W-bpqt9Pg3--0D_&vToHrbc*(b<Nqb)!b3&NAfhGo{W8F1kOQ
zG#wF`^DwWR@}bIzQiFJ5e{-S0hF>HKWL(bT)Z0XIn7*r**Qg7|sy+LwQE9aSZn_<)
zPT8BF%ID!X(qmjl2X?4VuyTCMpNP6Ft<F$5hrtM6eU_MJ!Lb)L<_9A&7EmSufNtwG
z%G>jn6v*%b>cJ%FMuLZMtKW%50}P3MqjR>*9Qj2>MQ1O<NP~OUTwi1imHbgrQL%S&
z`Z5B@@BT@@QFd~2nz89hOQ|rsnK0u7)dgG%nKgLyk&N!0-S$ej`1tfH764*VIuNAN
z@Lp?E;u|0@)+*G+zv<Kl87FU~23mUi_<>$dsgac|;O*3PR3pVSHQ$k9wL8Zs+ppfU
zo-@teoFlIksYn!=`*=7no=B+-_wx6PjwRgDCEDJc&YPi0gh#KpGgvc?R^f$C)l#}N
zO1_qgtut<Pf*;vX2Iex%tOb+fMJCMA_D<}8_yR{9qg`+wW0LswV_99F4!2XP%kh6~
z<$U&8teHXf7%7s&Zy@=i0NQE&;re@$*n`fST%PMcuj>x{XjhjU#DI;*q6(y7VjH)|
z^>(q?qjiI!Ur{-)xTgjam8x+!p9lAoqCmfZ+oPX>0L7d&+k41Q-T@R)H?PR5sITwy
zv!IwseyYD83G6uwK{}xBk!ej&O$md+@IYSP-V<YEI`@LR_PFV6^@zUbh>+yATpSKR
zw-Fa5C;Y0Oh?9FKTA1is`2#26lhh@xilDuC8G=@Mrb9cqyqI5FH8Y?Q?q0fI`}^s(
z2D@tidLNzH##SSx*ocx7dghjlqB^|aPRiL4(wz|fUiiu3gWWM}F&>uDJojRe^8c)O
z*gG=4Ku&PN<-=2`Wh#{R%_}D8kkS9jV+V2Ec(c0hz0Ngv9-2p`6^y*DVWJ2$qvn{B
z|6CzZFjA9vT1uf}5r1;?B1u9Svocr(ce;(J@T~uyS9sQc&+Jk)Qg99G<`JMEQdU&7
zT2%DbFa=0WHwWpTGm>2bg}|or@;1dz#ZExO20BWJ3+QYL&91GfN%LSoe-Q>`6dO<V
z%a*Us_5e!M+1XhaP#`WZ%K^^K@(}{Ys{s%yB{?p-)Y|uglXcj^Q({$AkX5B#gshOh
z<Ts8-mGD__ad_-z<?FY@^z9s(9eDN%Q8L6;I8HKw>4T<zIkpT;Kh~9V;vG%Ma^40u
z*7+GZt~=OfGAip~f4`#2)j59yJKr~F^f7S@vtpQ?kmcGK4{D3(-*mi}09QMC*2M+e
zf!DAsXbD|~-?4+-4>c5>xiFp6Ocj-{v=LSVwZK&kX9M5&UxnoEX^$VUE)VR_9uG8P
z+zdWYTTbiW`ndnU4n%J^naP|h`e~V2#t;_*^v2U<jyopmg1l(Pk)YW<kvlOG@av%9
zg$0vaCTYQY2@D{O@E|N}nQ=WX&@uM)()H%bQ}pR=nOdCLcbzg*7Mcyr>bQTZQ((&Z
z7SMDaUR;yNl`e(gL~INI&VOT?Xh|YnYMDAoSQYQkMW9KLt|NB;#(l_l<QY2$tJ)ZD
zc~-HKG{nkzgM#ymG(qQPW+tB?DA}pAM%-uChfA1Xk3cvf@bDk5V1v*QUR1%F>zxRi
zfT;$9=JzMp)>aSTT67jUmt|B-RMg04#9TA_<-s(?J!w<qdKQN6ne3n~We54~p!zqd
z@uUIm$2S`V>6L$s(*hP0KDrkmK1g3c%B110^6ie*3BtkuGnMJy?W;q5R{wVRW!9}{
zvtzFq;U32pmhDN7xc~5Wm;{4owi*Vv+>tN+c=`B_M@K1Tk2|R|t<!;qx?F&WYw+Al
zS=jL1=)d1|)P9!~^hp8~41hO#&V!5V+x8UD^73*k-5VxAg5R<7mo*m0Th>CG#yG_q
z;8t3ohy{l@J{UUlA2Dll^8`+8n_s<9X2Q$P@1Y5@_!LBPkXc;3S7XaRJEqq~PA$yG
zs_^Yian-x+tW+xTbu-dDpYE@F)_X8r)w+`HaKy%V@DrGOl>1#CsN*I!e5#<c5jDR^
z%?}K<Nr#SCUegShV#{xM)@}EnSd+Gv?%h?JtCNo*dKbtzEu;C7tyZ*UbYZ4rMtIY^
zlwDcNfoe(23R_jff9EU>liE4X#mEhN@#^k+g)dsB*6S#MPc*;#VR_Jv6?VdZsc**`
zSJ|6I{1pk>=shsU;6Kazss_06RSQMSvjW%U&){CcDg;9b$`6|J^N;U=09k3hS^Us$
zZje?$ppTCM5K+_1=>bvzP&xs#9a?;j*?^X<2A|`++4=d-$;p)DnI?z7$jJ;b=O>^#
z|BEt-pOcf5|9}Sqe9}TP>l>OR_{o3{0FQYp6^VgEYzZ9V>1Vi?!%i|oLy3+|PqsJz
z4ql}-wWa0x9t`5CQ8|Q~`o?a1W(7vQ_4i;w`gsphX1JJYNN;*K#_}d=ESHt6;XL4Y
zZ-qSTtMF=OPTyYo>M>8Mta`N)Lvy`>pCHxqAq)cJ*Zpad<Br)JxeO72IywY@QI&fm
z@UCZCD6@Eg+tjxMv1&DtAkEbm@@cRnG(lhCZ&1MpaTc!|_UJ_K#a{E9VFJ8J${hrT
zH@7%jiQ&7;VH4^3G0g?jZ}ypRZVvQ+>iGZLubP-J?4Q_hGOSg%w)J!D_>7~Q*a-3+
z47cdV56){B`Wpfwpy#uxs>+HW=B%v^=R{f`l*=N62l^Ww{PXp2?`yG@{^X|tXS-lW
zCnrjfF_3m#oS&lrbv$q-Zbik%KC5=WPk$z%ULNmg@Ts*+8T8ghR}k9yq#lIIFM79~
zRXfDWo~}xjFoGHGub&7<`(+@Vu6yL@9gWN@Ia>ufmLI5chJ3yQS=V`zq_MlJY9!Z_
zn6U5tE;n^(XXe$e`T4AdiZdY*4|@lq*#I8zy?7c*Y%sXLg9uG$5B?I&{*^Rc;;7-u
z<d5CJLCf7$t|h|2g_n6J7ZXw^o^JF~#d>DpS78^<+s=;?rW<f*J(exx&n+Q%@V#*t
zqj>hMv;~D`1$v4;n-+$z<Y#w9v{1D<|25rDvV7fX(_2=>mIsI}*p5i(10gC<()e%R
zhQ|Q4Niy^?lRos8c>hiqp4fNC?^FDD=gWbLnA;53#H7*d-sS`O1^&MKFN=@Q_NFd@
znPj`+LEGW~HaEF!41b>Par;<X|KMU1mc-v7>`S{a-)`7#D4W1w7Cj*{LT8Cgj9%Ws
zJImAiZ&f)qGY{zQvW?S!r$#aT!~KCDW7f@m|FulKoX3fpPCV0M4BC3mRbsYPY<Q8N
z61&r{fqRHsfG6{DU5*Vq|C{1Z%RRKHYQR@c*dO?pfO5I-O+Av=m3d#6Uo{6|FRj>u
zd=GGWaSM2RN-;!{QK|-E90|HdJZf{?hQj`Pl)ihP?WdOx^IE5#bt<|~u4r84Ixw`G
z&AW<O_S#bGBTZ5g+U65Hn)qaID?s5Dw+bh2bfY8{=Jn!j(h*LC<v51fSGyw?8=+B<
zR-5bvoxP=3ia=h51R!$93I)UwxCG-OFyL@r!pg8)OZG;DR;dlva`gmYKkwuk62+8K
z%q}(sTvp7^&b9+%d6f-QTvM!@T3TX{eM&$8NeB>o!dJWlI?2|3E@EPC*;}3fZzY;>
z<G{v7%(_I^t!|+rLO92?dtO}&dMsy?)mig{X=rkds1x_Cxbb!!0qX<lMaQszJ%M7H
zc91A(8*0VL4=RX}n&IiUnbr`<NP?TuFc+Ldr{1Jfy!1Ysj*7n9ofWIE=j62or~~n@
zM18MzA0ruD>SYou1&B_>_!;j$5&eUcJ<`|oDCD}+d6|;ktfCV7`ey9n@nd$5&BU9Y
zUFU<+Gi1c4<vsQGi_E|@i@-O#6i?Si9%{TyY8!+VAM~7LRw}f^!F>PAKgKlwFX4s9
zLA%Zz{x%BjH9&HGH_X7`T@-3MwksHN7JsWz+7w#~p!UrM^m~`H)eeA_$^bKVW@Kb+
zUOv-vt$az8>pQ!>F_2nbS*ZYW0kmb9Z57!f01aLO;0D;dEZ^nBam|^%fljeUX0qQw
zzxu4uQF^`STDGcd_bNgI!q01E(k#0zX2aeOe;TL-?)Y*`5b>F_$YO7t0r8|>zfQO^
zZniL7YYO`6Bmr~P6tGEnxq9YApU-N;oux5dNlev3`qgT-b7j{>6H&VrOuehh$EpsG
zH?Nlel$ALok@F{pIpofHTE+nzOp9~0fu84l_ip45rhv>Fx?w`}^3ER1-I%XF)~(5<
zSAh0?-oE2V?Qa#&$M<)ie(C9z+Yb2F`ALaxo{8(Fajn|du8aR9zQ9C`-@^Yf<x=&n
zXk5TEu=jWbwBiEAUi@uBG%F(y+Zu|Vocg_xTKrg-?Cj~8JT*B<2SOYk3W20=PRBvt
zyoa5goFuw%AP_*+<$naI1?=73#~-u+>?yx-T`Mra1rJo+&;T%f#gVE2)%WB6+h$X(
zbd?-Eu(k3Zd(rf!?@MaGxcv)UvyRa-oO1ll>PIt3X7en=K(`f;NLhz9Q#ps)*H6?}
z>&v?j#^%;)VqP%s_R9xRZDcZcGs~z+UGli_kBNGTrE19a|M-w|XSVX)ijBc=W@50=
z)h<1yK;c~6!3DQrJ=)U6Q%KrvN4;z$^LYRR5a<ejsWs0E>#Xp`(ms4;wBPT}3OCC^
zg!6CrU9C&7Cq5FQx}5$S&mH%OSu~{ou6j_ex3Gw&u&~0!q-bYKRYFp2;IW1K*MXcP
z=abvxJ#cl476SwSo0ym^hErhQf;VnULQGj9(RoJ%&?_y#0zhd4Xpy#;W(K(COXSuB
z;Q4}<34`RoU?q^t&KRe0z1ycS8AZj+%P&$e2C{IV&)Nr&)Zr`x(7Z(B7C3Pws@<#8
z*90w_!g_$Zu{I5$&n_x+c%C!jD=mo*G%2NNtt`D0kEiZ$I7w&tv27K9EFFDFY{O{9
zC)3veebg}Kk;1M>$jf%OJf%Zq0RFS=XAE3+KA-M*XKD>Z*^n(zUee=eeWa!}t1DSh
zuB}R-saJDW@78Y3+nYJ`;`_I6y$RJN<Id!`t=)&u1V4Yfi%WT)%(1+GcpW)DTB}w3
zTC_*0_@i_T{#?aFh6MfLUYm&d^<?n~%DjJgVIcN>UoZa$&%GY4?DNij-FhK(@6>$@
z9sR)0tW^MLT%IGD1ISaLa4uzXo8Dy^6Jvw!4wVD)75jE9Aq%#0XT1w(fKq_RFb_Fk
z_8SSWZ-Pp51dAeirLTd=u{b}!o|VPa;&t#a+jo=R6sRBpX<m7q_urqd?!Iofy$#wW
zrKPvg=RT;#|AOE7!-pauRs20_+X?cqvx}?}ybt2adk3SM1QMXX8X3OXNFe-7rB5Wd
z7rEqA3VYdd;HCJuG0{Nmq_i!q;6WF5k*||1KM)O%6eCq6U+-GAND&Gh)WOqCaRviU
zzU&q{*{$EdbFdX%yDXKX)t}A50oOQTRsHCpxNqftXTIu@fAMRXeI{?k9jnAMqk9Ha
zAv31qlM0*1XC79MYuivaHt_<r8okXcU*(L=(m<47Z1lLt$%81!L!I?skp>RcCXk|s
zr<^E|SHU-!3a%5IhaEl7q~L4IX|VsJ1JiD|<Xq{0V-U~+Ytz+K2|#86K!EUYsMPoQ
zx2<YGePB6OyM2!U56A*1tc0|IQaEXFC9kf(zkdv*<TKzt6VJ%r%+cJ<w*r~he2Jni
zxk!VIytv2&kR=;pe_xRDxGS30*V7aHnu{8_s=!W>YHg_h|EPM)sH)oTd-xF20tb*T
zX#^ytyHh}<TUtt5>6Gr44hcm%q(K4cZlnaHyWzljFYf!f|L^#XJ%;0a;EVgZ_KG>@
znoIL@mlp<!r-I8v-mzzzmSvbQ8LS)*H(Q@}moyW%RYdUI?ll~yx8lb-`V{XcPu@hi
zkS)Y+Ri*5sm6~hXpy}Tt7D!D;{L0L0I4<XFOsk;CAHpsR7qZqc#8h|QWIFTV5c_Jj
zf>S-#>llZHlin9#`#_z*YFMp}DqiZX_TXt;lJU+eiOd#RoH4{VC)YJDJg$aL;KLxw
zi;=@O0iBn|e)`dl>~j1klqlf{%Y?ohXo!zPf}bm>pn5@t3x%iafdI81>FG3`dec57
zXSK@zYVv<8bJZ)qtz*?+a%*6u<=fycY&5EL5W`d?XJj8qG&~I0;HHO7TJr!o=VfJ0
zP0(hJA0_0yi;IR~tLGEIDiskKy$|>qo><0K=%wCj^b{Fl@ckWvZp!g{Vcux6&iA|-
z%ryq31J8IWvVp*=9APpPh}?_^cY5EYq~x8GVknrb?n%w2uYzKTrzj?l$v_u<uLueD
z4a1j&F;Z*-SFpZx!sH{{sp4je`1Cs6&gsI7+qCGP^19yDHoJ$q%5g;cMCS1gtrq_F
z0u2-$)$MgbERtxquP*}fkO(i1Iy;BpWfrG<mM062k`CWp=%}h#e`aHTF@5XEjAq~W
z?Qk9Wc*kbuaAu?Tty3F+-axu828;u?#GuZHiP5RC?$b2K9!@mVRyu>+n-Uv-k?Hti
z(nOiComl>g4~#$ji{8}LqQm2^|G{x6VI#%A_;P>gJqTg|E|KKB5&X?RYzJtGAV(mB
z1MyH@RaG9PAI#}|T#5Zy^=?uX0rK3q&5n}E?5sBW1Cpd+X?!N+=xarr;?GsJ#a1uv
z{ey#(`+L!|h<pIqqCo0E-oLr?RT=te0XAjRZhjbsycf)hu{xcj>Jcw%?xkg5EXzPg
z?~{n>Ip;fU5g<}3`YBJ)*9%Qb8jGviTZs#{Sa2>XPp5FEU=RQ0COFrUphjPb>z@^p
znYXmhD3va}Cr~T*cUtSEHaZUy6Q7ri9?C2%z_IZ{m`3`j`ZY?4;q+j=4i&EF_cjM{
z0z6iit9u%Bhc#9~@&sY_@Sh&!7j5WXm}I&XdgkN|Pruqp&HhHVLf(v~ytm7|-#LGz
zE5>tkWzOKnC(+br)iQRSb}A&Wz;ZjtXfdZR%S)B|UxPEw@bF7({-08l2(C5ZEb8UN
zmHs=#=!tX<mrlWlW~5y+;fx{hzdr$5HY;5%BsJX>W)UqU$o-y`*w?eW;Iki??3Mgh
z8vN8e<0k+voBXVly4ARuy+(B%PqkW{?HQ5dcmIKw0Em}4)0HP(1-}8~0t&jfL9Zb|
z$)z>f($zM6Y7i}pIzwv3D|=~GMlIOK*8XZhLfN;XhW^7G(w<w(A$h(xL=puvhXEBz
zGcx7V@k^*>Ou|9s-HnpC;<z)n_)FS^leqZskU!Xy3G2NY<NJ5+=BxOrkMSl^WHnyy
znuMzc64pD=e!XA5`-o}H!0xraU+ZoXjK<39N`y^TSy7v6A8js5c)t-wPbc`b{oBCc
zbQ4$GewQ*~quEpS>j0yR@UD=|I~pi|*7KB>)($#~tjxtg(IjVF$&<^&bF^K)&n=kv
z__TB9BwiLiz=)7fR_V&I_}}WOK>bHMGZ0w<O~~cYHK3O@5+RV=%Y!@7--*)uN?Yev
zhA9?6RyuWa)8vyI1?>?=d)*#K2|4N^b2OhRH{=!)d&K`~QtxSt^9BY&2PS(<2hb%M
z`J8LIfh6VoH{I&$bE*+dZlk)BFl7cAk;F|=4;aX@(4B@*AJR`&6qjr!_6cd~wpo);
zlJq0g+uO}Jjfd}ZY8MJr^o<KZr9V_aGraNM87XIHru--~>(}Lypqh@SFIAL_H{rv6
z)899T{56RB6%leKetL_je+a&3b*Gf9y!BIS;lQAb?xzxZFY7s~?0(OGe(GkJGgCxo
zaN<gX-&#od4*A(YDA)UG8h<;rNiIE+!mKRim!kDu7H97|hwK~P?KhGL%4taCK5bXo
zwlby0ZtkHaVE>LPI&hNtRki-7@8{{v@mO=O;Xem~9p}kap>u!e?xKTR{|yNi8R+nr
z47A?=tL))Yfqq=}DW}(wK#BSMtUs61DqRfd)h_{`kTU}K1a5uB^suYnjV_?_)Y#wK
zJG!{w#X&(r@dpx-WOm~=WrvRa;-flzSAZ=|V~iGyo|oPL9UU@c`KpHx;?Kv&_rcH4
z_}jN{2t)PiLT@OrP#(<8o()v<R%CPZr?vOF!t&R1WjW9`Ib|{A7QQ*u=9)!s7v&&d
z%_c_&jJV|;UhVVVv0*>%P*KSE8UK0fU215zz_R-9C?&OGIvQKDbe2r}BddTisnCGV
z!~xFeZOqc-!Oam;5=44aDl<O0@@$87{CtFD*#3N+zg@%TNweqrV3rcHuFC0R&WD0r
zQ6lrfHfR0uUHsF96ibbaX@41?Y_ec3F7H2an<^_#HHHkv6Wa67C2%9B*hYlJoNsT^
zhr|TqN>Ow^&cfpUJ~zN3^a+gLENq=i1e%gn<NJS+rO;F$v|G#`INVXVO0}4G8vs0Y
zK;d%G)pC2oZMyKtkS)Xdv%Kpvgh^meWC~&Jc{6x31RW8Bw}6)O)z8(qJZ&NX4C~C!
zxWpXgaTRevR(5A9l+M=vbVv49M~&o&#g17QLQ2-w%w(kNn3Znm&n>4$(F|wmfVBf9
z1-U`RC!#5#p!g>pq|5r0geXZApPPwfE9xh{zl|<PUnX3qLzf79I$xcO@1}rieR5r6
zg!i2{wlp?F<RIoqN5~cV`#WjcBtixkrQLev(fUVOi9dFz5?T<7Xla;Ruj#yu5RK<m
zhrK&yfA&+O_3iTbO{?!9#~y`@i2G~IF52v(4PT{lr>fSA*L?25WQEeabxWLDi2ooZ
z{_;m0+9ywQUp`Fwpv>BapCM?ZG!-6DlgYZy<Q24dHk5f^)-pnqpQlm&u*ImV%Bnbx
zH!tzr9$=Bl2ZjQW*@_8Aj-n6uS%gIF_Z9o*2DrWJKt~LE@D~t3!WuH~oqK|2pBs9-
zx@syj)Ss)Tude~ro*)WCzJu<`vW5g)$z#xxBKQa0qKbSC(U+~mR{8r?yW#}2490-l
z226L~11<m*7upuOJ)qapP!&E#2BH)WNYURm3GjLBR<kB+<xU^cn*#$G#FE%pY_SPQ
zPnuTZCnwoej*pd5_|4cZ;+)sYB$b15e@4D+31(%GJYtKrCh9TP!>0903oZ!0pm%<0
za+V}mi$K$>#UGk+=X}z5_z@e4Cym+!5rt&a!QynsU7BE)`AY#BC#zLVp!j-xvW?Vb
zE@LV!#P}s)J#Xcy{d$-*ih@f)<@AUZ-j&ZrV35#YJ`1eF!n^At554vsLdVVl-xu49
zx+LdNgiwLEP>IX{xExaX*Pn(={N8mp%8LEIAIx@3sNU-C%ScGO&=#XRpu=U8{t3kY
z6K==zt->*%D4+kQ1u*RtBh$sfxqyqeSO%`T>wa1|Ar^n|bz6Pco7h)~;$Kie%RnRQ
zcP|X|+Qg8vyO68J<vT-^QBRUq<tl_cLkHxJ2f71v6Auszh$_Y{@1f1j%@JW&-x`))
zNt-*GgGs2rUWOnTd5Umz@bp6<hll%y6`FUSoVYA4=SWa8ojSAd)37VAnO=(GdH0xR
zxEn;5k1Q%<%()vd3gI0!@bG_dWi!895cpK~i(~;o3NP0EwH)I-Ly<$u3U4$?b0@FE
zX?hDH>q#bKhD>sSjTQCsMfSFER<L~wga$DSl1N9*ZMF8OH<uCxGb_4WRy3Y{kJw&H
z|2L*5-tQl%!F#-W=*Fk>l@dDhz3yRFF6_CA=ptM=R&;aQ)cs`XX52Qf_@uH^3Tru|
zs6OhyC=&@Z!xj@wi4x`&U#Rz)`;C>`E<*Rum8PO`{L!BCU)^SCOGN|2?_k=jVSiaH
z=W)(*OZ;a$-_k8E?AhHHF_aD#7MAm|vG{QzJ|`gffs_EH1wfgv0QSPls7Rgls&LkS
zRPZD71KoQco^yrX_TiKPz|^-6KY-qk3tHv-JqjSO0In(p?jsLEqul2alH0fFUz^HV
zAez~m-j0r&4N*?vSh86fin_t(O9FDlteF*`3+O4ejZgKfGN;}yh%+>tcNmk#PVHKX
zdNWcxE#cN~ey7aq`@B~_A#hEXOCAsrP0*&<J4G8lAl`9FL=rW~IVXpm8U51NSiq3k
zKM+Ao$X{2Nj+2<b#!3#KXBI_;?Q<1EUp>s79{Q16%<i@WHZE$Z(7Cv5a#~3>Dxb*^
zXr(%R;eYhR%orcyGag(QLPV@9Kl&r6KK5xd8i_#rDZA{vFCAj_xk{eC@=GVqH{UE9
z=|u6Z1{h(O6c6FT)IR>m5lmoSZag6VIPHwEpDgE{Kj5pKorf7jW4m5xLtkM4O#vS^
z2?S(0fF`_vP61Z9w!Xe-dS)g)?7fwhoXGj4#)T<YfD!o%0zs5ue|;?g6mkJQ3`zUB
zetY*r+g2*Q@u3{dMGv9Xfo(KBKvNV1bm#ZAtV+O1CxZ*<?q{aF1$~;IZ5q4wOc^}E
zs(V3F`4m;h2ibIsW|e7?+=ZK_nsx5^V+kC7#`+FCi;x-H(3ym40m6i;LW_L{R*TDX
zFg;f7mP#ivkS^2UCgGevHpSW=3gI!|fNVExbg-g_c6ltjm;37I->h(~1m2x4PE0xG
zTHL#MD&hIZf$mh4#DOKqxTnuD?B&<84O)pGZ?Y49+a+NBtyX~6+ULAGO0$=977Y)*
zctYR%NQ`JUm|lAH^vsH#%zXKi=i}oK->co7XODI`xOVU3P7)YVg^jCx4v%87VfuD-
zuz}_OiskZyf9pB*d!&!>heBCUWPbbd_JV}<A9UqG$$LmqcD|DfL~Uipvc^a&K|x4$
z52CCUfL{v())ZW8pmw9j3;G(TX17C%tG59}A3E(***QQ#_`BspV!+=;!W#{Qm2FqO
z2Yv>1u;kj?2&v>;F|U>6)v~G%usXar-1qsI9uv$dqU}7edw?yE>9j8&{WIRm8BJW*
z3QM8in|q}?rc`LbMT_cPLaTg%|7x#v0`Ph2?dLB>sH3M=RSq{G42C{8CEGk#*_>hw
z44E|Ow>h_-V)G|@lre_>XQH!n>yP-x!f35YhiUIT>|&Sa&Z57;iaV>EAqOc}nG!uD
zAT(38E{u3sdeHNu!dY?Y2y#cI;q?Htj4CN>v5rD{`K=FD=XLzAxnFT<s*-#9*;$6l
znoTk@R=D4f&Q9$ucj_gUckzqsj-Q5VihU0apziSVj}7)?{uhX7xBeHnHLe9y!V;Yi
zm)eTjNK$p^rvUIu(c9KP0$xMLI4D7$;JXJ*j1d?UfeZ${*%JxX*ViwjVkiKDIFU;!
zxo1r;!{{|Yuy{}bKcqlS&2CN2QlJg~G_u)9*n{>NxT6jY3iy9Yw}k-d^#_2F0pUaT
zCJE$4j_Pvu5Q85-`SUx}=;v=P6!DUs1jYSF+}NN2$-7DuY<oAq&x~BiS-pn8PWU>u
z@i^<K$>$273BBiMgls!Z@9VrGxVdiIaed=Hyunqez0~`5fS9Ak?x#Rq#^YMT(U*Hk
zHQ36-?^et5YvL#S0#q+)1}~6MXlVmqHOY{W>&(BJ9i3ksN=YdHjr57yJ?zB6Qf}AY
zj^$7Owl<!HKDTj7M_@Y58f8A>Tuj5F`0b0?nUHTBF@t^mEO);@E!Nc4RkY}!-OMst
zaDS5==Bs;dz7Z#C7ST^)V&%B4Ka6Ooux@%W&+UE<pY_U^RZL(L*%P{UIi%NR)zT!&
z*!eV`@k!QHR@DG)?Z+(c-Xm0wmPGpw6ZZ9?vX;>wWOFq~MGpF8?R+fyOS5JYWJ+A0
zMz^973hqphenQO$dy+VDXA9yn*mm4Xn{>_Z5>hWuEM>{rxxj++UUSXMmV2*)UWe&c
zK5pM(0jIV@^X$Q>-m8)S^S~RR@PUmDc%#l>c7C&|WfW(RA@|&uFUk`<?mVP(r>8DL
zl(GBfT%3R$Z*|}Q1eQKE05Nll$3N<XcS<TIj*hB0D`X8UhqyZ^z|JH*eZR9aU~zV~
z@?q=v2iO%S7<;DX4t>Sfh=sIhujCOL7jQsR_2o;wy}rBcTb<%spSzQ}UxR7g!z?|C
z&?0HFi=d(3DyutHrC}^~>u|(Qw{|IaY6zYGCm)Tr7P1o_ZfI4sOR&+nRO+#}{Fpj>
z;!boDEYCa6@bwlNWtD@GmAFHYSJvxG*5GgE<^$P<X(8Wf2;E%&-mmc!hhabUkK5IT
zHend4buE;VqNxtBt+FCZYi-opuLgzHht^V^Qhue7oP9RxnHRVpv_y^{KdTfZ`eqIn
zqvgfxcd_)5myrjY3M{wc(HiE(-wg@juSGvuzN0nN6u4swInaMeKD$eJgC!cjlhU7Z
zoO8_n#S-R4Pt(YC&;7p#-m<c+=XJ9)b(+((aSfy6vR~k8B73XFuuUHOYg%Qc&(_xV
z0tPcUz<ww#LFn2F6@xvcA}1dO*hzEUhEF;R3Zx^09qms1aDRUeM+_DRN~W!fySnxs
zuy5#Kx!v(_snzy39>I7XSV!q@VIi}8VwX{51I-Rie)Pm%H>KX@)7-`etT^DEx%dxi
zPHqp9&k)vpwU}NF<#jE=$S0fZh}Y;$$kdW1qP9{5K_mFYjQ)5h&hI95xlNg6nDmJD
zOQ7917d*^8F^ne>)|Au{UENMXhP?~2>!VueWX#L-RIU(r4FOayIf#0v_=4X3lrGyc
zqK!J!)`maj_gDTENR*Qvn>a@9C{F@ff`r%GKd(K)xKq;StW1WL+2IRiT#}*dwZe4G
zX;0RmRwQ*nRX1pj%!lx?v@S-HPSizFdgDxc{E6NYl=jp6KX!X&D`b0kKa5Dr0yF>M
zIChHt`?5D^*TmMAw{wmw+N@w!uwR~jzpggfBjJ&er^^{5mZ}5QJQlj7d_PMNRw}X}
z#EoOT>B?oSFAzEiWlTXIy5H9q4sN@n*!`7RyK+c#UU6Z&r`Ot}ry<&x5C|Zvz;M#_
z(b1@==NX!&<}q00)cWDHD5(K5=q;K$C(qV&iN@yUfqv&w<>}>q(k*8GS3`w8Ypj*L
zum&$*|LQdflH(f-Z}<XK`Lz~`D8K5aiI2eS2bGc$=5i^D#Z-3uFe86ri~U0ArZu!m
z@S313sC=@IR2-Mm16SVtC6(}O;?tT6)J0yUO7uCgDgo}K-){<tIh?5Dq!2AdcyH8G
z(=yG;<+q6wDTG?h@=b$(J*PV*d0Wb=PN#_`X(UD;T2zbc-FwN}hF~$^fQ2|FtuN+7
z5EdUK(z*x@6X-{IW<2SB>1OCtN)+#cx5a}X=X|}USAkoKq_CS9O&x@+VsHDc=IVm%
zC^icI@6*db0ykO$zy0hzjQQ4#@9w9MRgF>LJ+q0M#j0@5-_cwjUcY8Y)YaAHbTd2!
zz^cRe%NiY4Sl#3U{S3ORy=jVdxme1v;o%s*ZZJ`|p0m`YU(aWR>&Z6y&Eb$CwG(KJ
zAxD6AL0AEqW->D?EB!$?21Iz;T3W14zvMS|rl;K&@zjHWnBZDS$m?9p)(Qm?J#3Q`
z2Qn^@^bF#JSK*J6>i?Pt=>wug`^3cOMA{_$#z0zmL;409H-0&y6Flcgw4@tzwDE6^
zcDl$+cZOcyFVvE|<HT3>u{y9vpH{?9Yl;exWDw^X`l0VjSd%;K@ub^qhv)XrQalxL
z?_-pdeSwW%_2`U$8!_NWfQIlXqmvNMN}(f_j(pE+T@iY{lh-R`gbm4Y%$-t*O*sAp
zhz1=&H#6IK)%Jn}k)NNiTvrh6W7Mj~vttyU^+{K<UAGAf6qze^_6YXw@cy`Jfx`c9
z7}o|XQ{}3CRgVsb?s;LxM#J~eCR>_DUJzRPbIK-1pQkG6?k<*<mCb^rEGi~ul|G9P
zc^C~?SXglP^P>W7)XDb};;U~9sg2ZKu7Ye~XuwVo4Ea>Gx3h<`j*2v3_=8;|SkPl{
z(FW<R$syji;k^b129^3^QcD7Mi-Kf5#AYML?XW`o1;1e|Y;9O)UFiY=ht#xxk_%F&
z4gZS}8W|E+1ao5ZlW)NcW~hli>OBKQ*ehXN-p<mnjy@u16A7!uOmjD$Yeh0dQ&k)(
zsh1LZzuvWF>9ob!M3PTKpYJva&ZCRB?z^spJvuQNb<46V3rrb#?+p7Md8nj6>G5R8
zI>TB3vC$a17wp9}O!bx~Wm<<M;i-9uua}^Slk#L|XzlQL8Ahg4vOGqGAdl`3oY>)Y
z=9<SaY~F;6yM{pNDd~?KzJ)z3KR#XzF<HMweEjCBW9--ef{7V(%TDhV&MOO8anBIQ
zpxTyXS6RpK7i&4?9b!rpmhTqoQQ5Pz?#&vpB|YrBG&P+T>Wj*Er}t|hQDs8>IV0EW
z>s^SI00DcLv-P?>Ff9KPfrEon)!aM)$$gI2K6zomjy54n;-EJHta$!_zg}wdSpcCZ
zytn1{pxNEcZ3@D%cC5n=@C>S?uSVaSLwbl$ce=OX(v;U(V<9}<0*LSVoe`ZdM9?UY
z;#e_df+5SiGIN;lzD}pl-`+*t8PA|1y3_s%KGe4|M(h(R)<&lAR$WfG7{sP|FXBy=
zjV93lsiT4HCd{$j_6UKqat)eF&B!~EF*~`SJFjI1UHP`5a;p?hGb~sX{AB~*WLJ*%
zto==-_`T1fo0C0K4%^Olq<GsGXSB0^$@OLx*HtyuK(y_Zzc@^%TgP}p@%;&p+As0c
zj`Gw}y?hyc_wSPH><Ie5YyH_Xjl%T7Bj`H7g7zq^awc$sxGlD3O!4m}S5*vtO9Cf>
zFJr=XV+r7eN2(RZnfE^5i|ID<M;A%#7QI>SnH6cOBfEbLZ@K`A(H0DB^g#B$={L-(
z@CN~0VQFrz3NUAJjDqd`7oVS_)%^kYz6EFtz`YkvSH3!4`$Y%=OHI<7nghL^oJ{+M
z1U)}|ut9h?!Q;#O3SzIRd2c8Q0g2O{H$%kG=(+E_X)&2=md~r_r~%|OR_I7*np)!d
z+)Sqai~fWJ<Rb$1u>{aCe<s{Q$DbBv-m>9A1;}$P4g8@KKFs4E1sTj%vIL#nRgTaK
zv;L?B4dFixxzD$Y8Rw7tUTu}@X}>Ls{^5sOpf&brCyRY-;<7(YKegYMVSL%aID-Br
zDPlYd*)Ig0J|cxYzs7k2CMBvwlY#hey;jXDvE6h7;Xa-u`VqHK3O6-qJ6+s(UvvZ5
z5dOS;o{njo)uy*7TsVBpTRn8Nq?`cV{_N(G%M#?qhsQ(czY4_<;pic3gR)T7s%DNz
zjmSq+vo9p~Da`~=w9Tg?!{@1NzyF*b;7fP$IsEo-o<nKqX@2yex&(87kd;}#r52x3
zOiAa&0S@k>3FiBr<ts8Q$nNfLOKa=U<-uYNXdjfN4N^V}h>10TQv*6gA&_}r_3)^e
z&DWoMV4Pd&rd(`9PAt=|NE#cWs(oaE@oP*{JmH$An-rjX1)~$+Jh*m~>5cQH?bs51
zlJ|}u&kADp>HtNyLwqSOP#KX}E1=uvB|$)!6%%!?dwEfK=hTGs{y^|7?i}x)#UrDq
z2#?=BVe&M~yLpMuMv58JuGAsH#IkakP7`DQms@Jw>aG5CwF|31ob)V4fiaI-48>F!
zX*P(p4W-)xC2E}y9r2BAx+xp-z4)+r=Ggc~3uPca_QmPN_(=ho>hX;D`&H?JRG~zC
z62fQG&LR2p?D>b}m4x2$v;zNs8JP9=;Zl>p{V0z{hI@)DjD&B2$<>}i#5E(sYD%W{
zCt1RLtB#6u2gnf^`<MsYBOBj$B{Hg(HB*~k-sc+NChXomV~?t5cavaxj0XiTTJ&lK
ziRBi=l<Tdnu-&GV@Hd&^9W*V2{DP#>%7!!5*&h||S^eFsbTYGYT49Ev;>e^}(s>nE
z&C6jZBZ+Yxdh)a33^C8sF%g;>GQ^?l6k7NSz5Ja>a|0jK_&uE!iu`~2Quj_g@}Grn
zcqt;T4>VKWiJ8J)#0iThc?IA99OZ;$ActjRq4#x3JW?#yAw>Itf^jJug{BnkOU^%c
zNgS9P7mS(2x{l}iiZpb2FM9fX&Hj-Lb|2V&Q^3gn^rZ}5>0tcWtEv{9N0JxW6$K%V
z!o7KA`<IU`8r}%}IV2@>9>gbQJom1|Jh7!Bq|(S!E~R|wK&K|ugMsh^H6qH-@i+=D
z4+;?K(CYf-R8W0WMLgW@VrO%h-@uiXrDeWDcktXEjEXIFzzni)&2w^y-ao`eQ|)Hh
z04SiuJ^_8mL!d1OSnu2%3DRO>x&;_#wX?I+xjdluJL*J*9j*REDE2zl@|g?llLbKq
z;tvo>Q2~KfFtUT<e|vez&8=^y42)JSzt!ynCr)l6H^Wr0EXm?;U|5OGr~DnQvIYy?
zdPoVY(k*PR2JT^DahF5H1W(}q?13qUQq|c9m1OstjIM5oST62WvSL_KjG(Rb4)w-S
zxmlj)kfIYmzK_`ppf=jlen!_apZwIHzpuWrgT|t^2rADE3HvP?pOchrWIP?47wnuZ
z`1&1Y2Zr>9Ek>#WHJz4EX#MMGlfqsGy%=$5b_XURv(VY@+i?v;HBW<qh!UK~-c`wa
zsVHwqpoxh|A;SIf$a+*Ex!zduS!M!E^#~zOQ#W$!pG(XAJ){o@)YY{3S4{Hw`4!Ve
zH(e2u7a7U7e_iZ^@n2{PAefK^zUuM&KM$Op`u;AU-u{03D^W3=_@Ga|fw<K#0?+i1
zN{zwu4~+)%edce%dyNbXW&ydpW=U8F;soq#`_0#j*2^VsR8&;pk14<Dy^S+SR?qGe
zsz&Oeot2Wl?<!aa0izXRAg3buf4DxOZ}+|)$BWMzvP=ov+t{GTk9RwS_A_d0TFlqm
zLu#EDCW*}ks_k;bgsu%CL{&jeERF{(r4rO6{8cF2x1AF!Xl6;~W?|kwPCVC?y@KT|
zx)^skKQu2_*YV<R?*ws6mIGcJ2z*6C@TTaiMN{xx!4nUOQ^zo0#FFvE;13i-ZJof1
z8h)SPs4&;_s5I_FL{MxmGvYb7{`#*`D?I#kg)jos79Ycp<01_4FH>~n{B#Vc3Etgx
z#>S60qc`3jyPEZ)OT^d5)JkXfdhOGnV5sjnVRcd`;dCn6k%FQBP&4ZAtQJ)6-0=C^
zhMP%ZjQcfZ36MSgzFV<JYwjOr=Y}3HFFXXA?#X{c%)`HLCVDeL4&}Tz2Ct{RiA3g3
z#za$d`kRP#Sg+WNZNmHpX>%~dI5$6EExk^Z&pwbqCFVO=VbuCedJ$Z00Jb6Nc-~%U
zvZF~H=)R`;0mhaa>6w6E&4X$O<j%*C7T>%1@`?&C8OSVHkr#B3K1=9tvoOuxhIZLo
zQr2B%@H~c{=rku{qEeAoAO?MybPTsKK)#c1xD*{pT~-GF1&h@_)aEQP=(I_;%cidn
zub2D6!jLgcv1%~FwUyS30!hN_F4%#5R##^P8Zo1SCWV9`aq&J9fvhi&ZnO6|$gXV1
zy0P^mO->@q6kEM7D|xAJD`OlsZxVzy&Ow>ihKgY7@lvwl&oSb-n~{aNTQy?FZ5b{{
zDc$j~@+qBg%BGikM3P-)18<Ej=}~V_;wfd`3Q7NE%(o83c?qSQlI=7)(GO&8VKXSw
zFxO&ynrCb%`cS68`>#?@NZ@(P<=+3?_jdO5WB9i<Kh7Muc~zQ-8w(4^Z^^T*=NNa7
zxpxk*=a1jp0UsLBnOoZ14?Wy=Fr(n2P5@i-Iy~Ol`SRgx3o7P$CQnK9xwTcq(nk~a
zq`tyif{Ax-agnXQq2YsI);vhHm=G|y^%uBKMmaot-TW{lVh+@RSkO9$KoY;>P0L?4
zD=EbsJzGSq`x9%7@ZPiwE9|uOA@=)16pbpQ%Ynpjq!6LskDHQIGm*lB@R@&&LZ<Gh
zpXDSp#2L)gd+4eXRA)?7k?m=(YsGrJKg6>5yx1ErlGlOs9GOBoy*Q~QFI@7R=;Enh
z%JgM5;j`KIW4%Ef!?~SSVcsN~RjQwkXT2n$k#rKz(qwL9CsDnGzOd2fnh3wRP%P)k
z`1Mu{mnyMIa`<T^(E{%liI`-*1?D}G6_bznF)xKE!l*fUSz%93pfFTanh-r9KeZ>n
zo_;{*DKf|Bf?>(qd#?L<5ZwR&2j1G<{`%y~DsrOum#VMoB86QvXU`(8twm#aQ~8iJ
z57*l9EN(p5fo2JUyO>k>LCn*f>}=<S`m>czq>uV2@4)I9alRUBx~<gTZO)HMi<6#H
z3BOk(Cnx7<!W?wAwf)M`Ljabh(fgl(p^|UeqCR>EB?zwz#!3*?xKGi<7kP%zfMif}
zXpq)S8LZU;N`n`ll$YAwb{E^9$WQ4CKn=xLqDKM<ntfieKx7j$-LE7zHQVwP+Gi>f
zCWO>>I(&}t(=Dt~FtE2+eH296b8r##cgv7^GWJ$2lyszaXD2**hY29Rh8YBZ7XFgO
zaiPw>zq&YwHq+M^e`j-SH)pNQzHk2H{}fKvKmPcfD2uMp-a1FqM*-fNh&5GFulmC(
zeh6Xb+$GswBfT~@-2PS88}GIcO7?^>e@{WIzLaCCT~;3pSmYwty;=Hybs+bBI}+^n
zKvlK<sv<SAdvnVnu&yUfwhee|;*HV!e+>Jy;XD`hYwcs09?e@|VuqOuU_TBJGq^zH
zwzRP5Ca0j_ge)yCz5t0b?PW1*#mSv+z1S{=Bm<45<r_<{ckfKV;+)FX)@YD87m|~o
zXrz2@^|`H|1Lz?U5s^C(uR^RD6BU$9Z(f7iGro>*zCL-On9bk4(csg@8>iYdV_4T?
zy4{xOVb~Tzio`h5WOOOn`#|^^wac$N#xAEPxaa}GzeNqj-01q~piiAijkV8<EeH?I
z#-PGSUvXqd46B#1gLvqB<cT5z*w4>B#-?`tbDLqs;fAp?Xei^cq-0Mqv|rE&eP*l`
zq4(<I5*OruwiuB%NfS8MmiG&(^EoF8%W}ch_cE&jB-4^#iYPwf!67FI(rx*>O1g3L
za!wzXu@RgTR(z6}enjFrqlG=gjp!PjziV}nlAyUey-gmfHEibUZ$R-j=%M?k?V%$1
zf6YC7X)Pzrf5Z9y_H=G<c9FuIPdmcT5qB{p&rL~1$HQavIU%N$^k2Ytp!oZo?<CLt
z{#^@{g0P=d_oI&q2bY#85f*QQ2Fo&czuNmvV@kIBfC{D?3~z!C6eu%mK?EU$0IQf*
zrL3Hs1+WkpK>WuTxf)BV4H%bLpzV1)DH;9HWNy^t=$WZLx*8VHK@zt@hB+cL;v#Ne
z&?9g1?svRWTV-=6+=wc5+2$2ac0uHN^zx2mM=-(cy#fhmx|cQG@YeZjdt1cE=EN)X
zKDJznZc%8#C>J)1=pr8q7t2}Cdy3?i6#PV$ovoGnKX<CDYhSiUhqGYl70$aLeM2|A
zB<V|!dDK~9MawI1k9VFmE4wh~*L0ZW_qkIKnwP-t{gHZQKL<IG<D(wKmB~bM0Gxnc
z@P{Uy5QkANM~dL6jF0V)DSNuBGqX(Oy(qsat$(YMimZP?E5G;Py0;s`^aqNIRb%~B
z|H^Upq*b%(@1!JFLiA|3+zk2N@%?~QdcCeS)YmuLA<Sz4OB5y53A_)NL~d(x?xGNm
z4i28D&4J!$Z-1ZDr|$)7D6gkid_%)3%GcSsxxBl(J46WZ+=>MrT>W61UGnt&9{_bd
z@qY`3E8hHl%R@R9*`5F9uhRq|PBaVZ?O7n_?}f{OqcfltS<I9{FsZAqzqlXD$ne9A
zA+k8qkc(r(m4XR93MEH+W0g>-F@K=B{}cV=Bxi^+lfBr}fx@UHvUxr<>YdavAFm~K
z_fu-s`KSeS_ak0q(Yi9JCh3h#WkZiU|EEloovd}CXPmBO%drk}QOA}--RrAAN5#GR
z?;l-vo3}p3O{F>sdAb-_Sk>NTfnt}@`+}!Pd+r&<NQrku)@0~wuTn9b>nv_84uAEr
zZ=20c-)dX`0|OD#D<%>Ctv{Ngqu?9`PTv1%0US}_#f-+Vp=&#LFfwKvWiwE1Kx#Js
z<;$mf`_#pLuYJ6OV|B<7zz1d24ZxzE3vj~$BHr?VuaZQ|f<|1JG<t7-{?pxn-!*#%
zm{&vb55=MCZw`tQTjMR;*Zw*Ju@=l4cNP4MibF|o*bW!n-`{`o?vMbH32+xipi*g)
zZMZN+&($+Fu6WMQE(Z#9uw};bFRA!c{eG_@Rt)5|g>DQa>G1c`%?Ja_S9qxlp%_gm
z(s}RO4$)R+$)x>lnC21D1e$j%3qrAYyd{S>Dw_G&t{8$ZGB$lX!>6a4mrYo`Fox?;
zH$45WCPNtpQhyslo+-WqMii^b=~RKgao)-0QuR~LkL#8v&Q-e5&dw<M`)vxa=h@L|
zq!66tdnOs63bef$cwex6^or#vDbA9VnV)k1vhch??pza3_#-+0?oJlDoLuOiu<?MH
zh@JhL65)$$aAyH{-^54`OsZkn6El~yhiC2hyOS->bGd@C@gdeGX^)1=#+DX4pcmAq
z;R3Guk47CF96mLbgQlq3K@-)*-CY(`+_K^2V(ljv8zid{(dh~#MGyBmF){Iti%Si^
zpx_Uo!xjyYB$FWh=jZ3+Kr>^jWLcip*w)fgCRY$|fHkc$F$tW%AhLr7eaPGgFHIZI
zmyBVKU%uQZIVRge=;D7G#Md=)Ed-e2?FM|~?l+OO;;2bMM0P}gzBy88L`zz~kQo#2
zWlCm$f1gZ3JF}z~H|G95p(NR7qH1f763Hy-K-G?NZbu34_1lK0h?8bS`=}p%RwFLT
zg(V;~jUW4M7ME%tqYTiYJ>Egzr^$=%#L6nqy<^@MdYs8TTpJT)CV)HoG4QYc{zE-c
zv6uL7P0|0*IxaiXuE95dh~YzZ>lt&z?q~co*aVl8ENr4Ul`h{J(0ZT%E6X4U$@B|g
z-t%Y_sMza(g8*n1Ye52h3zS%PhBNM5>9YXN=7cl@!Lis?kQj$zeHv@qp9`0EDS7F*
z<{*Hwg28)WW_AROZthlb{CdGl|7Q=Fx4V0fwE2c3S9;p<`#r`~37wKLM2>@tFUG}4
zAlUy|Kjc_QAKvO^xb1Q(r_t!cu%Yl4$roqET8=rO-N{%TXhduihMp^oPMQ8qgA`IR
zx_r7LLu^9HWU$@uurZYUGb@!&t!)JPA!0($tLB~zf3<S6R=OVsdDK-BgNxmn7>6o|
z*6B^&j~38)cb_({x-hd4k2~;JUII0<S1if+aUIchDvWQ%MMO;H_x!F{r9wNGrIdu)
zCGE+rr-@bh_s8(XR_Y3*f=g!ABJJ4oxNM{0t|fJd!jqTwTq}M?R_35F550Q`5K`3^
zu-l%0k&(|!3&$gX!NG@eo_0r0tWhDXRI`E){@ZVQ*VwT7cS?s-ZuThypXq6&q#r5_
z@Y?&<Gg5vF1vo%G(~CoZ>UD8>c@szUDp!2{+V5h2vyD0!A8RYy^ic<h18s`{3WT2+
z-z)uY_gl`)%<N??0FmW4fsE<j)5eD!+I~eAEsNs+ZCB5dI=RnczM3_fy9iW{#z3CG
z{0qWlF#!aWNOQ7oo{)9QG~}f0T9nMb%T&^0GZA)4J;q0<3ZcOgR?{)hW4;DOLVhO}
zzcTif>y(#PmykxnL?#%I#T9vqsLxtl9g1S9NFLK7<nzQvqa?#Y+7LJF%mV-!fi!q0
zIpx_n*%9lmx1W+c1GHg^+narfEi39KVfPyM@d*ixPx9aI3Di4De^g{-D|XNy*y&S?
zueo1LWO>~2cA^rGO!~sP(+JhXm=7Jfjf&o7CrAX;b^lg%$-e3tde~5&wdH~I<Jc1A
zFJ3(W;SN1kb?j(Iz4i7zPMov5m|UbtvL#iLwqK~%($e(T5AzkK<O2eFXM|Zq6Pjv(
z`f&gtyB1=nPVj)~0oD;BR#39Iu#l+0?|1MGCP<3le|P7D3k3qumG$*tP-8@bCbG@<
z&eI8KjJ%J#iMsD@FOPxs+M7m$H*RiqC0`;SqhQyUY1C6&wqy$h2v}(f+!jFDEu)Ux
z6se6U9(lbtF*Rk|ZjiKLjN75c$3@<TQh5~>J@T6=KUcgq!uie#2Q5N@j)v~lJE!Gt
zZb@5*32Mp}^~YNA%mjOFwt<*kU#L*gJVV5RwBJ}3sa-Da)7ShcqVs`B*8Ge(B<5Ey
zJGR1geP-$}eM;I2?KpJts0AmRPCQ#s?V@m%Q5LjB*Ts@;Xmn-7p3DmOas5%wz#xV?
zg@4N&l&X(+B0iB}C#I$R8jy%_Ab5_<Y8iIdCWM>iPj|mA*1hyaKf0kd8n-Jm^b+wq
zWzc(a*k8n$AMlk~3-A@-%oG2cCp}^3#MXKLp3`y!d^kedIyDu(KG#P?#aV-35|JO*
zXO89nxo(<3W~?b)mh94Ix5**A_W?fz9R2lmBOunQ0HC_m=n@L(u)Uo7?VJ;!l!Ny;
z!cdSpP^r9uW7)m;!i-a>8ZV0fwrfAA%VGDohx!n2;DPe>%O4?+gIS=mn<L|Mm^Hrn
zZ2Tvm3Ck@urXHeqxn+&nQER`TrP*!2K<XMB(@$G)f4IJ#xNKpYqaIADrYP)>`_Y}$
z<Ew!MZ&RdK4Ea*@yS+gSf&>nTB!iUH7+H_SGgtkWm1=2HY}2GAO*E-93KSD_B$BVP
zSGis^xjnMO@KIWzBt{f|F$h&a=O7?K(MSGa_SgV}B#X)Hr$Ud)Bhr%l;NBNZBBmJE
zU(9G?cX7GKtDA{<%ykITugX~D3h>XMce-;B3E!M21t!<M4D%IuI4|vyJ5&qUM4w%R
z^D5}{y{lQOK-ACM4Kc~JkbF&pO)eV8d`RTAHCR-y!syqV{g%9szxt=m8?3F)NolqK
zrvFOv>i@DVJfqvs3dL5{xXtq(zhO96q9M~rKjpL240qH4shm+FHzX~L6yh$LGms^X
z<p1>xm&f7K3)O7lRgedc!C3$!_AyYHi{5O}3Z1?FF;X+O5b0fa0pMGN2P-%Pe|?TB
zX^&%F2oo@2?FVO(4CDaG874(Wtb|k6JYN8<33<V-4SCDAYrQ{D0>*ltrw;7goRhUX
zuTAg6wFEs5sG!olvrbHfkBY?gvRu%|dd!ig%5};wiG$B*10kIOR}uHF6f+J4=KSTf
z_U{^KY0TJ^SUoD0DnxR!6kLz~sL|QJR*g4!dpOH*1etW7p<{NIaVH@U@~u3-Am%T+
zjc`?idjgLiCXrWSc-8W^NYL5&(c)_F5yr{c&(32j9#f8=uE}QusbtlkZ7U&u#IOvH
z8k>El|072ld6A}l>aV7STl4s3GMB^*&WRi&1gU-i5Nd~WEZ}7u574OqE|US<EO-51
zp$h!fm6*UitX=Op(XTBBhrZ>6COMgmFJJULjvMGaxTC^Sq$hFJ^$BE@r0bb5PJtE1
z1z3k>58Mbep8$)l^nb7tDxb4>Kj|dj7&p|3{oNKRG=3Mb<P8_{&e>TKIJ&++S_x?N
zgSUavpz=p1#;u+f;N>f;6R<&82{F0Tm06+bW7g&wMS!)||Ikwpv@2hpnMGAWK>url
zkOuG@N<)Le`v4CurqDn#JHMzFZ%9H}7_g3z+`&pPoFHL;XU%55TzG8qSjE$+N3pHh
zU4)ZySWb~QqWOr60fE-}P1f~0<j!hi<v(0>W%Ebr-LCJ1exfwL%1j^cIvl9!A6Jka
zf@|3~q39%ErVCUACE}ycef7=X%XFk_9kP<}@v2(3_Az@L<UX#SYEj)vBhecCoh}R-
zC|c;MX2x8tIPr?_j4busM@YoGh$xRes|xc=e4;>92*dQG`?$O7n*uf#H*-E)5$Gz`
zC?nQ$Ot!UR^AlYWM#sGx$8Nv4e~QaBF;4ma2k64}k4AhUza3F3K?`m!nj;e8^<~Wd
zTeAZvFrE4y*;Qo23gM=V9opFVoMVj-arph+6xdofI4)a4-UCSxP@nDvq2g3FG=zfl
z@xEFOJzEW>8lU;V$;1nrZvgVM@2cKsV{(O-oyQ&+;4r>`FX72y+pU9}ySo;rOPvnu
zL&<rww^s)0c0>-~odUFGZkk}nR4n9mPa4MJO)$Ox*tGHYTjLbByF;M%r2ViM*d0tT
zh0vFawWqz$j3@)ifRpTm?m^`&d`L_n;-0jzsc7B)jDMJJdE&k)aK|>mecd@yG<LRG
z(}w>@&q>G-2k9z5!II&AT+I_nXc0R}Y%O$&E<8MrW%(p)5Nc|juHggr+HMJzeq|}D
zpQbBaP~syw%-butNaV-NOhIp3L*fn*$@fz{S;B1DA6;N?>gHk;ExF@4H|)9?CDDcZ
zjE)377ZitV^V4m3*1Iip-M8*P<n7NnQSkfwC_i<Mf5H(QY=y}9n<ISpXBqa~f4cS0
zbZ!Q2P2R!FTvnDb2#0j7!ShtmJUJ*VQm{t+c#uc{oAri*v0m6t#r+o%0fDN-zF^>b
z^1;gL*UMrJpDgb6dcVK>wi&Nw9f2k9?DFz2&^fiXw*JZTSjqzv2AKe6lmiLB5a0%$
z_b>qju)aau>h0Twl&}(}frPLUh&U(?fQ@wChO+`#qQ;40p-cFjTT({d#MkM*Z@w<t
zFE&hTaYdclDzzJTRsKZM5GByRD}J>Ge{bNY5Y3ZGMi%V-9p%ikc)a%EOzGiW1-d*O
z##jc^v2fv%Maoy_wJ>>k!T8TJ6^L5Wl{BFT3>d+0b5ey;H1KQ17*?Xf=<Ag#>vlrT
zS`qU~A-GlMl~y^zwNv<b7whr0NQ(1eeEA$&oes$Ax_f0l;dpp67st}ECW+!&O<AMb
z=Cm&?k7V9ZDIkf<b=~>PI?+N+J>2?k#g8h`qM;Ywy4U-dbiQeCH2OZD4_>L-CH)V0
z6r)z^@!NVh5;)tHl^U@dueYZ&?AmX{F4f^AEhYV-YUM1do33{lPC{|WCZKuy^^0CY
zhMWa39|ugwgNNWJCne1zv0E$nU>l(Luhzuw&0y1xcPUvfi;a2!Za_Q;_8CMQ;37h}
zC#ddMsm7P@n*C;cfgL;+WOH-#40i4E`@0j8*i|RaXgwPzH-K?87V5!4K*@+8B{rm!
zZqZ;z%PUJdwupRCVIjmdQ?sTu>KYlrj(6s7{2;j~nKRTwAJrI%p)$H6PFIwr)QHr*
zUP6WTb5xH|r#>=>99jzs(RN69N4;JgRZ%qByN#01m}@s+J1H(?_T1gmL4N*3M_Q6o
z0uAe^!zHMEFFsCFQqj}^S6;JMJxs<kRWt#jsE0yxNmD)E=`(SHfsR%sA8rCU37DDD
zygM&3-YGeL)VUzmFY4L)ngxlG&?t>b=(G3BYpGA_`%s?OM^CVr^e+NMeh^C|a3@Pl
zj^59mu2IKOu~*&s8?IGF`gm;x)5M(Yq|LbD!i_c`q({vELc<k%fc@L~0-$2}x2|?X
z>|52Di|!h$Uw*sJoPOH}M|C~KYlOLuV<OMysaY9K!%9FN{l?i-Yi}!C5O4FThc#8H
zxxRk7zk7wq*t-+5cX3fKA}II=RJDK#asIh)t7}QK*mmH7=0ye_yTA8!0u6I4rARg4
zw~-*3+1XrBPUtZhH8XziTctA#cHjuE^^sCW3oSLNWOpa)*H|_hP#S0Ez#ZSw(jTk^
zl%xxy5ecXxBQt5^S2pu@c8)cDn%`|c!Ro^9!OCH#WBz+%c`je=qHJs=kMpNJAT2<=
z$XOX_OsEc<2LsFLZ}qOK>q$WOIScQb0r}(A7aARI9`9P!TcWZF2=Z(NKC=-TBCWlj
z3n>xlOiWdY)z6I_RUi(HYm5#|N#(>1o_Ue>jE0$+@d8OmsLy1eot!S;Iwz4coHrX8
zQ$PaOSaXdDp)L$55<BdVs-f{-P>^q?Omq^J&|!lpM`0`;vp#c%7d+17d8gh!k%)Mq
z_wzZObu6(0xs)W80yUM+9i*!nl;JDwp5gzaJ&iqDw(rblJ^vedt(p?qt&y${s5#)3
z^P;B~2o4JJQ^HbICen&*^mZ(9UqIf2HUZpYAj!Lo9EG2-!>a{EMR_j|mm47OfrjZ}
zcC>#!i1fSh?lf7DW3CU1+TPwC0R$}hFoxu|-)O_%9s}2VLZCy~=<8Fki7Fi#85sa;
zw!y9zZ2*qE0pL&fpxXq`3xCjfsOzRAa~8SQ#A<CFV5Ib<?X(JsU5)IHZHWc$5-+7U
z4_VoD6=AChnyr+|3*|UUO*ktHW~Ujn=k0$tM?-%1l0<%BAU}+b#$;O?@^wMW`PFOL
zPPQqbag_jZzxMu*VH8X|?9v4#Dw_P&bq@M_fnE3WgyXz;x~?BJ?bd#Y&nd@JdHTFj
zL&;LvU7!m42EC-XPP~v<Os&TYJ;q)u_TfoV_@x%B9V;GirNbjDXtI4AQ#WBYd0F$_
zd{jkGu_ylKPJxP(@O50HqPqn*yT^Ztd)@*3YJc_sbig%_{XR5a-K~vK!6|<aJ^LU%
z*~&Njed81+6g&xZHQ*qg=5M^IvPP(V7>@*`wT${K*b{J-VFm#n2xLG!v;Q*`=Q;>S
zlnE^GAU2+$Ig?u8^9&s&X@zv`5Eg@qO7wm!_C72&Huid~K+b?51f1W4i1>m00?oUD
zkr62k*TBX&gaZ)p2kPn{Y$kquQ($TzsIJWsyPjLNUAV~c3e=1t<uV&~3JYwo%~m(|
z7HG(MHFKUG@jhob7-6Zq$wv!8d}edSVLc|i?CAh8WXt05?;Z2tnN}pM5bVh|v^ItD
zfCSZ;7<7M0Lbdg?fU!REj%OIo*3r;~SFS`y>Xr1RqM6Q$gq)vIDku6dvx6-x>9ylD
zxr~yK^V5#-gsS9ee0tU&y`#&(q4OLKyoi5H<9FoT1jo=!)h!usU`JrwdQy*D(RWRP
zL#f@kyW(Z^$>j8mu4nh~aZ;w}d%0+IJ*#&bHcc}Tx96>Ok7yM^HjncACehPgFZ<uI
z^uV>d{T6uOXIH1c#Nvg54&ICcq^YDC$$F7Ovc2ubxzTR1+eB(HD*plPPYL_ZgyFS0
zOabKQ-JriXj{t7Jdc~*!<ka;JA_|H>Sf1p~dKn2YQTKbW7?za~d?m$^k&)xXQYsTk
zU=)xYq<>7y=h2+iD5i}%tg?W~a^1z(QkjSXcYnT~qH~eN)dR~G^caQ&-8a)-e#cVJ
zw(4DYB}6hW6H(1RO})Am^3xhF=MoP1b2~@5n9XmK*|%*q>pDG@SaYGQt*AYoSDGrY
zYf;&YG<z7kp5TkZ^)`Z7B#$BCgFw>Ky$2~QA1F-DZzrO()y4<5cX4K)4t?tO2@z>+
z(sRdi((EV-`{Q%RFO>Q5WiaQHWoTBN9TFWG>Ke;@^t|k$dEv6`EIy3);8umCZbjp$
zN!pi?W+>M{gq8k&YnOpbc5beBiP(W<YOG=5*N2Cfta=gUSE2gv>y8uJN<M}=(%#R_
zPY{j7z?%W$QOi0&xTx|>q@YCjS(7VKs1gmAbZrX&ND*qm@YKGys3Uk|D(VD(r@m^V
z_yaRX?B$jZHCf6GSP+2N@s{){8=rFFZ}a*$IhI#!yDEZ3MrRMv20$Y~6CVi_ed9on
z7V#^VDi!q50EB)H*xHCWJ1td)#E5hj%ktEL&%&g7&6q#H0W<;GCYzoyLP>MvS@kDn
z20$7(`k>`c(G}0oTFw<y@FH>%bTV&7%Ck6AL;AzZ%LeYMqC22@lp?uB2&hiS-wie8
z@Ex&GWUkS_yK)>gZS{D$@t8I(3+hM)aX%)`<EG#b?WLm$B<SiFwZT;ka_13^FA5(X
z_oWNsYQfe)4}Z%}e#5qWhW_!=aB3=}p2vjt+zoNIi0hYcCZ6jhtUZP6V)vkTR3YY;
z52MSJ)vP*ZpLcHriBToY388R}81?S#{r|h!|I<${2l_1-V%=L;>39bmIApa$Tn``j
zw=h&6!SD_!B%KG8zN_k|SOD1B609<?0ev%|Y+q}3gXZ^v1q9gi3Fw-e$@H#@*iix;
zO<$2fOaOxjNSCFhrN3YT2q?%vP<ntT!1ZpBQLk*idmA1G_IB*Qsfzn0y8!yPohDwu
z=17C3hYz~gLT)z5ZuvMHggav>8z56Vj*&>)a%5luEGuJV&8~86T!hCYg1P&xkJ63*
zLZYCJwj4Zwi3ZBd^ecg~`Gh8CtCu|T?}gh712M&Beqz@@;dXoT5n)PpYvy>Z%*-VL
zfBkNG>4_7*u9*{x$WUSz5I~DC5c{Z^juNZ$7=%@*16*lDL*qiuD0=9IQGNwW4Wo$?
z^WR!09PAM#7Qu(eT~pdx7MuNAsBpY5@6dD^5MqLQjdbm$#11^=Uduf`>F5i;!VGF<
zzo~wf8#a}n7$N`smD!Ik;&|d+ZT;BKeBJNwr~cDs_x^)0#YaDM6Y$JGIm`ZjmX<Bv
zzBdg-An$(P#n$zvTpb&&w_o@e1|~mH{N3>TYA4w^O(XI-01<n!w-*KGTbW~{PS$?K
zegL|Kmkjtz%ge<N)Jw;57vh<={c``Kr;T&c8`!Hrq7629tQ;NTLew;$;6vNr9|w-9
z47?5N1#7Q9b-ytMnFVMFErlr?hI_fPzLtLZLQf;cbWroiWEg0O*Z;h^!08z5bV@4d
zU%`CG6cEbbyXhZ*mA{xx7qqN_?72+&T4=kc^E!mz&0R{IDuAu@Yq+o=);^3g;DbMt
zPn~yLIj!j{<<)b-30Y6HPL}sJKaLUjQ#4V39!NdH?IKY}$Ndyl_+^%*`boHGL|GwA
zxJ<d~6It2}`Q<`%1$;4763+}w|Lv<9WI>E`yaSXcAtw@U2`k}Qv<vQL8*FKrOw`DH
z@#3+Glli#h^x`Pj2~IJA;aigNV)8;a!MzK3BHBl-AC+y$2Q6|^yMIYyuMIv6f?2}8
zYH{CtxpCjqUjGNig2VW|0$16DyEdl5@2<Vw*Z;D{e^64^O-cDNm}hS|b5Gi}@3{Cv
zMF^Of0LyXUMs7%0vI#T|$H!F<>Gi?o{pLmxSU}BhyJ9q2zWFQRansbWv#`}=Z<Gg=
zY0Zs|3XpzP(d({Z%bGXBlw|zE*;!c+g{gp$(9iyUjG;{zL~+nd5J$^C;%<<B%})!3
zJX`!hb>I<j@CTPYTjb8>_+WbHealUbD=|@0a9I)~{-!kPI)s1|!Wu&cEe>04vo(I~
z)k(MV|55c8P*HAizwppfO1GeNcL_)ih;&Ma($XQ_As|YJfOLo;-5{xSw{(ki!;o|L
z9N+i5_gk!WP!G#>&a>y)|M->Z;V)@1+Nkn8Pu_FX{W@_;H5iA>_IJ8(RpRU0>2d9&
zFFRW&LN|QdCt}_+Kj;%@ph<ju=V))n;8>Ftnm8+v(<3e3vKgGoZ>ow#&ZK(A9%R_Z
ze9RIzd%0;(B{5HJh4d3M#3B8iS-v0r$Ex3&S#GE;&xqdnNY`n^g#9JJz>wfv(qW!`
zk&S%sOi)V0CJ~|Hnt0`RnC5$qNwju+dLru6Wk!8tXvcsF?dOCvkq(Dssy`#QibLo`
z5MRql2xd3ps|^`G2r(MoYJ=~c!Qk<cW~0yJm=pSXA4{WT+oyF;zq1D$jJa7mOYl(!
z-~iCrbRj0V{fV!tL%?<ar*f#5ukRql)6DGW0dV7iG|WO*Tjw2jAHMDvSng)@V6Xv<
z6R>;@OUMJJ)GEgteF@`9EP%KC3XE{1kYZrq&qWf2fQBIomefeh>4k9~Shij%qhy+$
z%EBnwzz?CJ<y;Zo<;j12Ie|kH8~Z8nCt<R1!>b^|_M$pp%n{DGyqovGY{D9XBA)or
zulpH1vrW7TbTvIUtQr4WzwLk5#`@$NowSm(<-?rN`jF|=T)|qu@jczQGI3lG$`(~W
zs_n|0x<I18arU&lir10BIQ&n~?MeD(-lgfYp`vkky_ugZ^H$QF4fMy$W1EZ1xHs>Z
zYp9U0k+NedGIL~}I5jA$D)xQi8_K&w|HRyyVY2Zqvz_?<y^2T;+{UCIb}88Z{|o~$
z8~w1Dqc%fM_~ANJ*4=ZVppOCkTKByiJWt!ek~^)?MlMfXaj`k%WYSENNY=;Se`)E5
z*F>^~4WNe@{I}@?_Vdwz0bzbw#0*NV4RGoDI<YMzQeCvvn)E{My!(xX6&$e)3_M(H
z4rfx$JOb{Uiwg_<0L`cXFTg(dt&x$D0Ms0?vvM3b9!>BoqqKvQo~skk)~-F#0HkCW
zwwVUXaNpYvE4bo(UBC|2=<=mI3XS3PGXg#jNdn|#31*iVVw47-P+DB{QF~_E2QdbK
zv$VnS-2F!TBD&FMR%eP%r^7ZOKI^m5zEy$FC{kQm2j}aRANL;;*DwsV>@DFeJCbe;
z#LRSS4_?IwwAeZ0!&_+lrAc}T<FIJwrlpDYY^&Zftm2WsV)*!549h+7w+wm=RE43k
z-Z3`YHK$C8zp(hO_mSR|_RSd#_PPDKl32)vHig!H)z(qy9c}K-36k7|@POJ^sW^Om
zSMS`8;fD_cq#mC*3^o~Uu8(JpHykp*hKL<o-P%6J+b*{Ma{N!;6HtJdA>dqO_ibla
zZ8mf8!!uala)JfJWQk2T*+g;Ai}So(03L(7-O%#mM`EK|S}wCbZPm%r3Q$HNWPpgB
zA7Dxx9v*hmTVVY!7r+dh6OFiUFQQ=@1B#y#(vWr!C#fO_KSaR?(m`urPQL85_1G1D
z?`JSm3)WYwV4VdJ3qaHdniO^jUBckU9y30`ah~9Jkv&*uaSNHuHDDg+BGUsD^Jn)$
z@DPEE>M{>u<RhZp{0~x7#MtJv`IDDC<5QF3Tj!aH3m%L1Q2(4%V{5!OvI{y;EMz5&
zs)&dLlDxM&pD`-SNgVF5Q+!-r<^M`MBJ4Y(Lq(NkwTV?zV5lKN)9i!tAUDcN1<ev-
z+*ZPPKKxDS9U!J;?1d`C^uCI-J3`XwPv9JUYyQkZ#v4=oD{@O+bupbiVH~Zth775S
zr}+<&lZP%}{cM9t-jIsYjhWD6G2y?Fx!`^A+VJZ6)80K4lh_4}&&)FEy^KLJZn!u2
zwTe5<f^U33AcY<yZmJlI|N9!j!+P2rk3c!;o*Pk7X@iMgXGj&v{#~SEL|?28mu(RJ
zO`z`M?#_6Q)99tOAQFZ!s|D;$lnU_hVP_MnEx&2}VNd<QIV3mLVzo`}zkLrw7qaAx
zcmQU-8UXZxpK}8nb0#LHE;~Us1fK;Q1t}oLx!ql#_v;(*x;{%)>IYpdkLx=S>QG)<
z`UyCl2UQTs;(}z$;y0Fh!JS;PNZG)p+2GKw^>SW|sQ$TWh~|X`F;o`kEwhGN^lzV!
zbOmm*Vn-Wk;s;~rv)Z_u$U%m85g$rs=OY%(kRU}5nts*KYi|<meSo;}z<pw$BvLmG
zWqw+#iW8IH@oa|9oo|ksjT1)tROO3wamaki>nHhoK|z+nU-5VSdE4%JS;W+=w9@$V
zb()(gHBsYVy=`vXZ_d8Fz~G@c8EUZKtbA#zeG|XpW%1mCF5t_$Dc-E=Yt8wmoO$P(
zJrjYYAp~7=egDtR1&(0;-Zdfs{u78gZ#Q6oOR~nYV3+#<dz5SHgrL+%!5Q-s#*Cn>
zT{njv7<G~aHUb{Y<NtUp2-j{qJ2JgD$bXkewcg+~{t;^O+x2*W6d1ARCV~bL^M$EN
z@I?U)ORL9WCg8rHLr7&`gT)0HMfQO=1N%G8dIX{LL#}SL99^TLb#ZaLjfn*&79Cem
z6O#Sb>D6&{!a9wfttz=wLxREYowu>XNHC*=KUImeSmvp|{b~w6*CN#e3+fvm$G>_Y
z9o8JvJ(S7+=@iNwq=>;i^Wp&x)pmYC;zwE}^{nSEif@0OKYmP!gD%Aty(6;ti+YbD
zLf*KyO*B*dOKy);@8G;R3yNEZIt!k;x{sUtOUhQCAJP^Z1hl7q_>yS27)-~_WnW>R
zEd@|-s=qM*4KA~PWw!iS-JE(>Ex{KyG3)rPygGU=E89DQFPrD;#(y!({8X4D;rFNk
zw6-TQ0N8c&VTdy0Ksy-EpJ~KIcEMttC;nHUCG+SXhzgjv${g316mYS?09uIM{`P=X
zj|2dZn64{FtJo<KYM$v9K5HN}8CZ@>w@HlHGv~DdXz3u}-U7}z2?WG74gByt?p!{f
z2W&>LDqr*tf&I;kv12mcab8|}<xiS{+)i`bL9>#eD&FzmTGmaZ3rG@y3fIZa4GQW>
zHb_s$0SZwqKxb@dXm@F3hhzghdzS+8dx#y&45!vUs*3#^Gu9Ofeq1dHK)Crd)rmj=
zQu4q+qkT$%n4aFvyWBTZA?bv8LC=pHq-ZfI7LB($MdW+s?rCskmXp!HAEf6yj?b1n
z2|wi9384#~n9X4J+0cFv#Ex7!c{<eNg4v61FB|!|#(29myTjBd_jCT4^LSPM1)gnw
z$79xB*$(9?i*2Eg-%xv*H48RkuF3!MtzDm)|BP`yVuW*4y>J=No{QLH5j;M5W<(!>
z*JZY)jq6W>*4GPPyC45valvHKp(}UX@+SMsQhYXn1<Sj(JzwM5K8)AQkEL1!k+P50
zrJm!oBEdT_M4!g~&&K?J*h$!7AO!wId%*X<*M*d{`s*M&X>cJk7Ru#8cI_)_V*CCo
zJ5cmL>oI<|iR@)3i2_P=@||hA8pt5nnYTEvzrR|G;)3n%4c@O{NUQ+0Kx;!o_VRV<
zGC)LzmNym`7f-<1TusvuC)u}8v@YITv`fHNLXaWiAmHr;3?^Vp%Qjb6P-yd^(58QD
zBr64M1;c9V-uzixTYJNws)U80F(K$+i~P!H*<X|x1^8yb%t)8V5QyItwSp}9j6%6?
zX?Ee-p0<f2nm&Jq4z_eZoN>;Tt$OeI(_a}TV{g-I?F6M?PSB1EEZz!Hqe_)_ELOq#
z@mF*dMR#%|_BL%Vyx+v)Fp-yN+k27j`L#L6IsdnZk0~jtS3k96xwSm(W#%<1sDG%?
zlAUrPv_hJOilHj<rnv_J!S2E?kT{f<g?OCUbs0pi8U4=hgXUhFL5ED7t76}D4ix$Z
zYBo0nBVGtcfFj)x^jH2PJ923P$YPiE-_PH4A02k|e4MZX{N6ENaUcEUf-nO`wdeNC
z9uMa0?9-dd=E3gua<<_F=>KgZi#R@Xg4`K*Gcy^+h8i%QH|WXk0}u}etl$BR<Zk;A
z8Pd8RX?`Xc+Ue*+2l+Ml10)>-PUPx@sssl~6k6jYCL-`R1=Ne0%1U*8+X2w#f_^vU
z;7vsnpp1bIuhx(gc*<-_S7;5WYyF)z{JxT0;N(F%U^`O|?*|0PHeAyw3yCiwXMAoU
z(P_b6vASmQ7i~e3awtz;R=a$ed>3{tN%jOeL*S!DNJ<9x?E)<QC5^EqrpS2oL&N8t
z<Jl_b?GPkfv`_VD2a|;?&y3%RO=-^t$a`cVDGKj?>d?oq$-j3w#|-^#E<b#ryJMSk
z$cardQ24Xoz;Cf+VI&hdqUVxha(q|ylkCPW9(jnd4hHU2oyeFX%6#m7>#~%|Kh5GJ
zR;yb!GX%v6fY~Rv$ZN}UQ94{%a8E(e8=b$Ldt?W1@D?*96&Hcnc-3mB$r#x>t&nH^
z*b_wh+5kt{W?lBV+FAj+>JP89r$Cdt+f)ZQ1eK8Q22mNRpeG6lSk6ta_+ww}w?6N2
z(Oa|x_yc!;9Pb$+qo8Z@-=Fcvoz~}9mI2UoIM4g;b!RE4=lKpXv1|}v`GR{0!PtrA
zc`uiTKe~u3r%r^L&5RY`+Q8lIG}fZKf2agFktPO$;cN+00Vxr0AxFJIwBACmIFnYy
zl8}$`aaba3T&7Vc&+!w=TvZ-4(wmo}$cNUV!p7Fo%3@kmaAU<;)HL!-9+Buc<YwI}
zy_>n)&CWkpnwzj-sZ3&Yx>81|Q@NByVtO3THpjFWLqPfA0Y(f{lbSb_kLUf(*u?}Y
z#fz-Zdm{BXpAsaJW8F7m(%K2r3n{B9>puT76QxITSfQsAsdN_KzhfNxlpQ1c+;jdf
z2Q{gM7csrJ=iZbL-F?!+zj9Fd_}{R74&DH*wnO~;R4!vNiM!*juB$dVFlAU+{u~5I
z9pDQ97CQudD`frvXnXwA`ZCaN4v(4Xcl$b0PiS5J{fEIW3jBM+WCr+kIlKue(Bvw~
zWL4riPht(+HK=XJlx;!a7f{?Ck7hrng#P^WW($Rb0tNIyu$}_Ez~7*Xm+j7hiDJRt
zkPRCO#H!U*RckXyQkQSO2FwyVkYoc(4BEE<CwIt@ZhQ3<!k0C4KNYq0we9C1sZ{Z=
zZ=W%KqdK%96YXx@t!8}Ak<ZdLf(v~2Lw=<~jrIj{8bO~*rv@|gO$s;<qQ<YAW)h*U
ze^IQ`E6xh>UYx=n8UEtDqR~`{#PLnF=}R4r)=?xf<qtc3HkReuj>=NE#Ywf+yL+DT
z9^%v}zu>g|2hp^mJMJR&*ma*2!=HRbkt0a<6a3gH)X}8zAfz?duTzt)G37VDe3DlC
z{;axqZE4bNam7T!&q{0GT2qvp+K+>g?2Fj@v{oPOuhJ}Kmm}c1$%xJOqI-86Gllp+
znv>Bf5G7IG@&Pk1=aco*)0r11)<vy?f$8jW9AaFDX#KKp);S?yhsQ0eUIX}*nSiJc
z$Vp@#Jk|hJ*w4D{%ff^FfZyK$b8yl@yZZY2R17<~k-eWK>_E_^K1;Unjg=J!K()~z
zO+J?n$3W}525f=~YU>)@_w|o~H=Z|OVFTl^O<(bH5bLwO#K4~Fg_>=h*3I>DH93#@
z6OTYsa~=qU0^h<nYi(x^7k#%b98qe<Wgp1$>Z@In$1$rzABcw_|Dyl8`ve!dbJ18b
zb3T+KgB40iXecdjGe6cUzWM?xQV}UWM-ulqw`sifMrnSk4a2@mA*Td@*55L7^Te)4
zDa*AE<%gks)FOHh=4@OPdNdTS_7(yqWbeN2kGGTI{#`z7<_Zyi?M(c>PqcQ6xXO@&
zw98E4_3e+Cf)mEg{8o#k0;S5tUKaZSaoV%5e^oX=wX)HSUi85po%7x&c=y6+;-CH7
zbENdc;F)V#SKxo&s*Nuz<Bm-rp=iO7xBGLqGWA41+H0d3+(6(G0_tupbW%+yPDv5^
zKEh5fc>r7}e1Yz^wgc2OG^c>VH<b4x=68!w@1Wfm2ioCSAOGF?%e99&^PeMbqmm$d
zz_A2KmMX#M5JMyJ2e8YIPPaz(_vh>PfxHrQvLsQmy9Y#d&`CgI0*ENZW&GCw9->v1
z*Sm!=NgXMNfYi2|N6MuVFxX!0P{i*E4BQ>R1hTADyGp<6$*2DOGfT9vTB2Qh#9{ZN
z2FONEh>Xg+h{&z0rE01-^-2vEMN{pqfw7b<9`;80gg$lY_ET&r`u@AWkKH|j_Zgl~
z_0B*N`x}i>k*ebKc#lyv3%3OE7GGMA@<;VQ=U?gR5FeT4-}PMuSt!rFY*y&krDtG5
zYm>Kdi)LL~AHeRrR;qgVkiT7tb@WkK*cqza082xJiZB7K>TcgL?Fk_VMy?=KyCufx
zNjQaQWn+rab(uNK2l=x9YB9X5<KK56S#2_rysh2@V1$Z4e^!PcmdAa}(QvjvH%xYG
zsw;cpsU4siHyd&qc%+PiTSE~Fbm#&AL+C~vK!&IX*cVbWLST27%k_hHT@F+ZQT|+Y
zImdS@LYB$tp=c1Ge`f*aV$SgUyAy!Jp?$FhtbsgB%c|+*DyQdsI@5FdjH$2x6x*Z~
zm+b;H0-`-%m(*;g+Zbs9%*`xvQ#;8t%fFY}FL_(-)<@+wl=iB`maI@>ipv+NnSRX9
zG8Y>cWSGwpLLx?KF?;^3Y|t>wMV$oW+Tu<5+p~;_rgo>WLE0<_p+XUc)7Tb`RE#QV
zKgvfn98EYDap)VL<{lyAOh?{O_DZw*yf?;+!Dgsy=_gU=yHgU-m<_i(Exc1u<)9&+
zjLMLDGp1)zU4GQn+p4ou6fzVG$Njs~Bk=eV4|R>_Fh%o|6n8(1ds*!NN7j35bPZfe
zc<-HSC9MCGHHEvuo*j=&XNrqHyFYem^emoX@rW9puVPQxm?lbmX>Km3j?e`IP|{_a
zn)p1S7j!%qfK&F$SXmShXAtUjiQCmjSL-nne-P`{wziQ4qYYh;(g~09L#G?@ML;ga
z!v~pO$9{8whYWrMaq}b8O#lMog-pI%1da|!z$G4Znw`kpfHng}!VZx|<S{)Q5U_D#
zqg;6Wv$)v2<7L~(vk*N_64k6MD)?`GpPlM3(?fM}vkl&d&rQ+opB(gRa88k83GXxu
zUl0po`F-<-T-){)RpGl4t-AACU%gDyNi5qqK?x;`&kQ6qHAXYEHX!gy6&O=1nsofM
zp3U~6z{FlE{j5i_o->;9#g$^cxuGoYVhrleu!NzpN=!3WJj7=;x02+lw^r>Jp0fS^
zuBU{upoUrEb)dsY((bMF_Fz!1C{6NVMEA4WgiDGzo-zDuvJz8n{!H=q_ug?cCGN9x
zuwVU2blRN0k6O!?rH;k%W(8`}{{O>3R9JxR{x%?Hv;h%t^d^t`<xIcqQ+&PD5OYAD
zFE0LWVBDE)VC(dZ8YGJn;o|poWj6x(h9Agrx>@VO_Hl9P1PJIRsIB*~^%yS?j~Rga
z{|0+L^7_NYt|v#&e>_2LdM6C}qtCMk2M3@U^oV;NK@e1pguY+MpsXB4k#g<L&ZbHU
z9lT;pbtVl%h|9*T>2+Y<C#j$!uNQ`#k34Li?{?@+o1NHV%7XtUbM2pd`8dkk>JUAJ
zP6In4IF`-Oi-wFjlpL2z&ZWfA9=|>N!P7IM;G}pu?~e?)ybf&v-=$};cbZh*G}2vZ
zH}cD$^$uSWU(al0(`=6gDb~+mH%ESv`Nb3?FTYHm`>b<J%HI?9dS2}rCYJhpO*D#Q
zrV%Us02(zY@%$-q00F)T&iah#advMHEj*Ay^r1Z+OJ2x(-!tkSwJNv$hhHGL85@6j
zrkP&33<eZWB-2-fzR+aek-_NH#gAhkDBIFm<dh2z_?oq&dig(^hvP#<1Q*%r_Qq`a
z>3!;c^%hf)gfaO1ZT^Y*!S|OjKJJC&CPj`BJBjjqouW{PHJ}{N1D&s{m)9&HAZLzj
z)iHk{32XtuQ9!{b2y!U&ATFhyRb?w+I0kz?^Tw^w<*faI>pPE1e7^Ock0kN|!3hXS
z5+p!$#TtNByFe-V3z%l!W7liojSCYK*&!)U>493bNI#!d+MZ^is<k(O6b)3duS~PJ
z#l(ZTSxZ~M`!Zvwbh$9M0r!c^+=E2#b(nfsNgdG_toRmx-z%Y-^#1k8_)a>W9RD83
z{Ush*pT+K^8SS@BysHF%{;RQAe;Iq+Gn)Oj;*ZI)8;zY0TLj;`jkz%0yqnFbjP?HZ
zxQt$u>m;3~?eBSN;^Rs6?)2GIzasm0;{>xWXrbfb#b0SsB5S;U{<cw#I7{)HdqJ2{
zdj{Zbr6u#9(C*$p-{97wPsr;(!qwyepEYLZ-!n!$=K!vwk?GGPAO-bWf|E3gFtj;H
zPML9{w+qO!yE()hfu1sthBOIV+RZiQH!z>Q00}A(ZlFB_W(Db&%K^*&7qeD?OIhg$
z$g9tVg-s#AkBa>7D{V6Fj>|VU#!FA#D6!)ZFGE5Cp@^_>1>z$Q_IQB03c65Ww7P(>
zLIjACeMB!o9D<QisoPsq0jluz;f5tzadAID1GTg*Rtr;-RLzuZKUPlb0~jikI^Z5$
z%KKIjqDD;P2MYxux$Li<Ortxp@PgjlL}#D-Ka8<-n(=}t&m{-Gpd6hFy2f!qTcb==
z#y8_K-QhjZh2pTrdOdrF>FzyY{<LXZT%-MKTN3;CIdh9Pp*Ux}S8-YO24a8W?DK`D
zjAM@C19Sa;9V%{IxXT2H)!4;x6-y>YdtJWNfqlB^$-4c8CGV9Lq?PvYy@x%vz0i)$
z#_qLgvK>7Wy@uS~)$+GC`h5(83yK((WOK3Gmw~<>dVNyqGH54=Mzm;E>82m1D$oy`
zkwc7aI@jP-{9r=%H(V-N;#V1)Z;pu$FeT5IvV#m1kQc8cn(GJ5x0~v0D8RD$dlQ)*
z0$m0j;T)K$d`|xikpy}jwp{K3yXt44RDgy@@Da6G1=uXyKU_r+Wo~?V9=Lh@YOPOq
zbs-M`N1+JWTUs&(W!Vos5YZcfzQ}-<^%D<(lL{cF!y_Y=y6oJkO8L)dX&VjLS_yDJ
z^1Kgn;P_C*-bWTv#g1*eKf9jgckQ&>VsgE^e%v3>JLpoG#+ihVjLPEibu?9+`Z<b9
zpM3zvD3RpJe0{-95}nu+jPSt$?Iq@S;~$k2ii}C$eI%HrqgC1XyYG6Vm(awu9!6P~
z-dpf8S!-TqGmh$#mua2!`E|~ISi_L<3VBTn7Hw|%L%hKpz+VX)`7M`PIZ2xT(IMZ;
zK;cZzj!9*y6p5Dd99d5t`fCaM!-?h`bya$TUW?6`qavCPCRWQzvC5$DtQ%Dlm5ZS-
zo`&&-O^dL3%R0_KzChb@!G6i+KL~CF1}8ZRX#8;-5S`_F;juvRr)n)w`Ol+Dr|QW5
z!Q6L7lzRHei^>IHSOa;Q_V%SuX?+kyVWW@G_4JQ2WMyJP6C`5;)PWrWxbq<C+7$Fa
zFIz-mElaI4q@gZ6!Wk;ZN2@Xc_~;<elLrL|xc|Ul4K5y7+fiJt){sOn@A0P(-Rjdo
zp`cE0TJzH?ui4M%7PIdBNte<~w)hp2v7C*jmMMO>cDTHBi%pu>*B`KF5$d8Zdp4||
zVKp%o&4J1d;Wmoax>0Y>B@>3Co$>dy`XQYg1b_Yd=+SS7m;;I8pM7Rrkz(E^yme2D
z=!2dz_~izfrp*y9d@H_5VMGtsGhffdWqB(^t6W=PMlS7XlEwXs2sMF6=lXij<PGVT
zTnk}PZ>9sgHxs=~IwzMP8U1(9tQoH7tD|ibkd=+o3yAL#Srr@ETP!B%`Ps`adxvvX
zf1L_961+w59{zqRQYq!K_W4Uhg?QXggJUi$7IOIWYQ**Qzh6xAGokRV+qHlIckf%m
z25fOJN4%YfIqY1kj9(I8no%@F^?+81iz>1R0iJ;bW2D}-Q$y_}K#_^QV++_U{|vGg
z$$--MM7QXfm>4RbK^OV+cWtT$S4P-J7IlD6d4KftkquC5f>}ZNt0u5gLBfA6m`)4~
z;=sEl2?bKm4`bF)=&ylI0`S*#d5STb;mp;^>Lr7f31A=hS8Y_WkJWL2pp$THX>D!u
zQU*(qzQz0j8SGUdhK66@07orsDhnu0P{Eg!7JH0EgcsU7E}7?_fNn|POG~>U%oiDf
z8t(_a<HfXoe)X^~CGlm*hh$q%SHbb~nvC~uWKWpNtLqA;>5@{>-Bk7#=vW^gy`NKl
zM^m8~=-)P+?U0CPC+$CH*%DYdQ0;9;Uuh6GXDWYRvzTM{H%s?NsfzIHh@Tc|9n*DB
zw9B@7`UOR*Iq%fQm(=P$zi-{G)AZdjtE>#p_qz=@L+mV?p11tpDghURSs}~s3~!Ob
zS2kdMaCPk@j)C~pS?+3<51pSKg7E-p#(*fyX1>lyPtRt>n5ATQ?iRk+qWqERr8~`q
zPh2W|<ofSUSz5CG^M$qSc49q}99bFCxNrg-%qQ77ssdKqx#<qP?eo(x>mAc})K%=#
zsHcka7=+D%ZrL;Jzqx0))r=n-4m{3jVIDqnuWl}G7KfXpk{|o_MhudIzrC26Glg%0
zT+(Axf=_(O2mg?c*7%1hFuxhTzH3#9r>~c?;K$!)A6Q70^7HpE1K6vT@ej`qugvwe
zwP00M)gd5y0UnnX;5L-F>Qe<qE@a#bI(&W{jG=;K2tmwBX(@+5hRXKgT}#^wMDJbM
z*cb^)8sJ6g8X0w6T|EQF%Tv4Ou(dU0s8&-9(8TYYdn-YK=Y1}7Fi*EKvigFNs)JQ*
zBJNE|Ehm{G%i!095&3Ufm)>{q;E4EUDM!6VvbqkRV=CTPPhg5tb5HUqlF+8eg^5rz
z)$G)YUeA{z|6=)*Hd;>fT6u83YE>ami|mtdcm+RZp4t-(uYAY_QRM*LQkeaWQOJ&G
zJxfrX_LSO{&tYgVmQkXizecfo>Qo|h;4tkk@KgR4Ynb&?H%;2aho3fPnA#BO;Hf?3
z>*R)kdt2V<w4LN16Xs9&C-Iy77A&#)+(qvXVav7i#{oSckMeloI6$p#9Zryv{rK=I
zy$7Ddbzy(2D*H@{lXL0TV}{fb?kGCT2i-Uzb?Y$a{jK{{fyMq~Upzg};1>|*7s;$T
z!H;3O0Cf^f2M6NTwk!m4Sz_eq5W6j4*dQPO%NO_q{IQa_A(!wv2?eJ1ePD6od40wb
zkii%t>4)Q6KuAjZjDYmfTfnyk@8ZtizYl=f^%&p;ZG-TvF<@5;<W1kErlvlpP64d|
zKh;CJI`tR8RtB7ib6O#0pzzCh=7B2u=ykF#`e#VlCt@CLW)Rj7w3h}*5#AvkK&>ry
zTR!k0A1(Hc)4+Kwt$I+n!CVoh4$CBEn1QZi`kKo-NNZIQA+dw@U@3j7nyEnNXe<R0
zQTXOu=Az@HNJ%om%_QVGSs7b>ueZ5B?O_pO44fB6jqwkpcHg(+%r_=6Dw-bkFQc2u
z%u?9pNc)7J92h9`2yQ+iu7+1y>rFD)u-PpBqWr|20uv^UNB<J|!P0)+HdXouu1;h+
zMuKC6+wC&qG#<kT4xdIV?(V~u@3&#_=YImwCGF1Ag}#<AhMjh2P$qVm?ag*5HAJS-
zzZ?e-JD&bv4pSMLiv0v-SD^_+upv3c)2C{D@M+1spRRB10z2_S5H<*CJ+sTpTvG6*
z%T_B$U~BLtZe4*v!)i&=UML=d%3S`xA$aWv2W2AS;*3NI0=12e--d^WX(2mcxZgQB
z;muTH#D@rw;Sg|^<wlJ2e@dW_tY(keTh>*<N!7C{C8V@wRG843b#x|@EuNvYd;Z%S
z#ufQj1~L$4)ax5&E?H`rL<gIWUH+<;gQ`d6O=@4y`=i7$^{C-zvs}kwVlvBy2i|yT
z8wyOp0>AUmh8Csx>dpLIt!JXNM$OFouUdFzBRDrvX4>b|48P7xZB^HHmV_{`>+UPB
zY}r!SU-^c;;XrdoxwjXd{QEo5*faHixd4*sh2Fcc$xq)YqCM0yKRJ2Lrrosfn(4ie
zpO1#mYa*Vy&}iX$zylGF+qN2C#P6fbmF{PEQzYOa>;n#JMuLuzzsBWT(b$%d8f+>Q
zpPB6DSGhC0n>J~G?)*(Ooufzb)Wy?>&Oncb095_&ZyQTeXr6nUgF7iFV9UcF1F$`x
zLH0n1JOGehH`{DN?&tCigb&$Lu~=Q5Up$4}0>mi-Vk(|B0nW<%>~CCul@br%rWZB2
z+2qtz5=BhUm^p7GxaLSr3=I=S10eDAF9{&($rf=Lc*)HnUYReLk%#H^ZR<6Q_S(n-
zy(_Mc+IAkjZ`=L6(D9p|>WABakkD<5c0w$fJHsT8QG(0aTtaXIZXrp|0`rsf&t5O*
zKQ*{IQHkP7*NVt&{-*t+;N;LzLiC=xs`bQrlccO@X<Aj;tsL_Noh%)Pu<g;400B1t
zS*C|vG0FR8qqY+46NL@)-4MPAB8amMSCPt$lc4}P9un14j>p=a$E>&o23}9HU-p`u
z*vVOYB0YwC+|q1p!`jy2qBV4F?`~;s4`6V=4R~<-(Cvs#+Wpbqc@&&ndxgv+>`T;>
zwD}btugon=ZnBNjtA+jBf{Fw=h+bNuH~0fcjRq?nEfCZ32i}74JV4*b0V4T^<-=Wo
z-?iwnTl@Jf0)8N1ePjY&e<7IQ>!i3T!#j1J`6V4bwNu0)LOy9;zT>2!p_xF;lL!T+
zD<D~cKH8F>V*A+hOBPT%fmU1@`UAMHMMU(hSE@|#gUr4wQ*Nh_4q1}^c=|pgWYZI|
z8E2|p<_{mIn-;|7YO&&MN>7EX%I`hJv+kNTB<H0DB#k7w6<_x-oI3g43TN4>3ZnmF
zj-GtAKZ&ZS%N50Je&WMS)_>_#eS}<&m#jwKAfmrp+8>5Rs&(}v<^E5VN|0B=NXz%0
zJL~*_SZ2E(7VmJ!CpEoXhWEJJ>zk`PjqHxEc{C*JY6(X(`Y{OHYzf9`Mbg7+-5=)I
zd=KrHXI(e=NO?JRqZn4qiY5}bS4d&F*${vCbQN!eeZ^AiEYXO`D6d_*5>+@wxJW@v
zfnlIZoJ7TjVd?M}oEQgjWXs2GGscM5!{hew<oa-#?w*SeecfFoedPXbc9#@R(rRlR
z-N`vKY#FmIjA6PaJiJ$Msuxc`d_Mv)hvs91NC{?*)MjwM;Z6MuV5k-lV+tNDZu{Ad
z-{T%0ly;BS(~MhSG6)V321rK04{1lzfdb9sYLef(m9wwE=*`!oqa(G))YNNz2~7N1
zBR0ILMWANa*47pvTnYiaPRrZPY^G!m@0zyfN6!X(;PKsaT1$7)a1fiy1F1J71FzHz
z^^MjS5G@|`JbBy4NZG5Nw?`czZRh3kV})9@OIYfG&|QU$LBi>dFj{LjTaW@9uzKk|
ze{*zGCD@<EQS#E5{Kh0QT#aO}oSzpWODlFxkTyBznG&~XP9~ogwm+X#Hg}bXt}ES;
zGEt4@P{yowI$Lhh(zQq*_;pGEOLEoUJgr9^+keTk?##|mfEY`G!nI52#za$8+1Je=
zAlytWe_8b7@gK3FeZ(XGR~5WP?(5<2ZkHi1uooV~XRgz6+ZvlZPcahu&P^m2IQ|Y}
z^)EY9S?SxNw968_yL{Ayy*-d2bu+|V;L^-j1eA_$M6!PXvMuI+`}>#kpflAef~)yY
zdE^gDvD%)Tx32HvIM8s97R0YC-yL|6LmobSI0y&`pb-M?Gtd0|Jg6lg{KsVd_Vx?#
zk-56Qo?|XJvlE<v<|k=<dyJ}AJ~L3wKB1Sq2|1yE>C#*k+vRMxCd{crwYR)b3d{-;
zW!23s6Z%So9PdvqPuXuOg=iPBFkGLiQ4vV@&XW=c58_ywSSLqRn{?j+FAGKwd$lL7
z{k}m1P|WwCxV5iU)*S7p`Zkj)!aPy2LdlmDa(*tNN{0*-L%lE_T~%m@v2U6izYNfs
z;YDfhz|_HbX&U@JiSpy_W!l;*R++}cyt~32L6DYgH6tm3j+{E5qM}8+)M6P&`G^`B
z)v#{Sdlc=4?A(Hqygkiu+jQQFUeA8X@s0tmj+0fEo|=5yBGX<PJOQ+QW5JJy1VTb`
z`rU1{qtX?&+&}2xdF$|K_<xO6$<O=$j*U9=5EH(ocR#ybvXy0QWb`HbWO9P@1M_!3
zYFTv^XzH~7mRBYS=r|Rdf$&l)YoRz@1c*~TJe{>Gw5rxqfqL89D+3zOU*YI;fQKLb
z9iu}OmdN$bS<ij`EI<(!zk_zDoXQ#-wsEb)gwly6)KFnDvB?8OD9h~pJRbnl!CAkI
z{|tKFYEaF=$ABN790GzDHX(yf!jllCWQ*DUeubso^98J6*T++*S7Jk_Vo~eDGx}EQ
zL>8QH;_eKZ693p-?`)31*B+5nZ(m|ZP?=j>5cD}!NUIb3Tn%CUoYuT8+^N4|+(lWr
z-EOHf&(JCzBt|Q?GN}~!Ikfa>E1uRA59=EX=ACArV$SckScSegL}7Rp0$q-~tcM#?
zvehEWYPFxT1KyH{(UL$Pj+9JZhhsawZX3oDoTX7N2~J{78J$G4`>fh`%w(+%wIRg%
zd7@(jZMY7ulq*UU!ZehzFhV-;%wBB)k;Qs8O6`1ai=TF!d*9Mp_z4J+6&vb^6|ldq
zeNR5n`d&b*U;H~|n0PF~<sWvWe`lsBhB!4)ilX5mUzVNjFF(Jn{Okwc98tZW7aJ*G
zL{)2g-<gGze7Gj;eu-&$VU!72qfk(ctRdc&x*LFx14Ku%Yy~wM{a>=OC?T-D>X8#5
zX!;Atpr5TqGE>1Y>gws)3wXJIR#qTc{?{yeLSu}WN3}0G_O8wq*mGm3si<N<34X}B
z+p_|VmIfeCqd^|gi08M#qS_*ArddZ^4;6r_g9If4Og~i)`ReiXpzn32>gfY9($3DT
zQ;l(Q7kaYlM9mNKrwb;HlyhE9Py745JHMA;l1*2xFo5|5sVl@zBU>-Lua8{8#=8=|
z{WHfJMjb`^P>|{OXT{eVu8%5@!mngV2?&&HR;N)thUD=&EAdI%zs6~La~?i^t-FJ6
zR%@zhQj?5rb10$p!H3+Apg#LRE`{KwjE%CubWA^)b%z0~{4++eE*6`L{4(x7XWdn1
z@lK4kX@{saoSyGOOObEeD)Yrhm<`^C)A`tP>KOIF3F@QajzP+6(};WSll^}eUf{^g
zXZR-`D;=FJxTUx2`4+PwUqMunlmNb)Xuy&LZU6o`L3d-AhI1`coD2up;(O>QZa~d*
zna62-kAfOoTc-nV9O3rBB@Us|M-+3&TZdednR(qiwyf4^(NNCDXj4mIFl6fCk%F`W
z3J!RoEYU-P$Z^pBfZ0QxC>7*WM6U}o(E=nr*Qz=dJr>-7%FyAS-{yMBfUpbR+l~XW
zZs#vO&W2^YL_HW$Q<2Oc%qvn2ZA%@?%I<G(hjs%ptY%}70-un{aMu$iU*s|UM$J6v
zGZ{+oG9_1d@c63Pmov;W6?eERM_+@W46TAq5!o`PGy^ZC^BX$(?R9!Q-Y@a*T4PFY
z^;kTO{J++yZGP+6>QhXX@LeUHejK|%IH*D1*Jh6#yT_#S;+t**FM;7AE^KNyk9C1h
zr@>1)73#O<Sb?{Nee~pNmQ^>OI-!hyVCSSge3_J8;z2`8CF@C2jl<h;z3(_atiskM
zymHB`<!Kt>J(OV@a#zi7OA#+bNet+Pn^rDmd*H7V5Op7Zf7~{GWo1<!aKC-Nd8N9i
zC%ILigYGq{zw6(2ctFlBc5YX7;R|G9sS#ED$^!Tn(ERY9IoMAUKw=r05IH?9;8byQ
z8UI)ja$EunHg2*bz$^hN6raIf4cnpb(LmfyTE642P`o2_0u(TfaDp%jBw4K|2bVX%
zT01X~`3+HmkgK0x24S3@k<k#q*2S|%TxrLnx@c9S^7k7%efcSpP_W%Ax}3id#6{;K
zrqggIN;K02q?x{r>#5x~-}_}Q%ZWpb`Hf8^q#m3k$T0&+iqe4e+=ET+4eZD@Y)G6h
zgLX^8o6KH0{pzYtP5#*69OD#1Lz3G~1xYNVD7vXoW}kP-X(L#oSUXRTGt+K&!o=Cp
z3V)4s;CHf^fB+3G*%yRaKbPvxzK0fwQm+0~&CIq}T-y0o)Dzbg@>I*NLv)K`jSYvN
zElV<}|Cn_ACk@KlY>CWmTtA!LS7r5ZQ?z9&i$VK4mg5JXq^v%od&10#r?s;aGko9T
zKm!e~Xb?wXB9pTYx2zDkzdYWBwdD*Ir$xg9wr@u~Rs$^gGL#(d7fVu1gh|!S7NMU$
zT^}+AH2NLB@wfgxL`ihvjsE2D-22;IGQK)^e0&gZG3s65ljsL<69XajyNi8;yPYYv
zY5=eUQm!x9aU$B{_1s8mYHA9i=8woB<pKKLg(f}bo2&+n3N>wQs;XJy2xCzyYU*O3
zMtcE?wMd;?SjY$WAQZ6R!Q4n4vyKRPg@$xIv9v^c0(PgH8KFhF(M`R12l3upj1)3Z
zn%cv}mNxDkTy&a+Hu#arH+f>t{NQic_qGwVB&=WSelasZzCH0KoR7hsnnWf2Qk9^9
zsjY_@Go*u6rxv+{?4daydNH8K<{jC|YXF;{+O{@KX4_$z-)cV(c^z;wIu-UKA5DS4
z6_@iO)Ci{1^dj+{=YGRw7inbcWd=pAd+k{FJxC+SkwP8%T|w8q?-^>(Pp&ORE-htt
z=|TRZs{98JgvU62#Wq+r*+za?vO3f{v}c5CrTi0zx()VYa1zU)Mf=yW%{cGD;FQB~
zoWPIMCWa=N@Uf|>t}TZXD<M~xX2rkuO}~dINM8brkz|Y1%9LSSpY0!YDZ^XPe8eX@
zeW=q19T##3N<Q@`xu)gA>UV@3bP=FTH29!1Ftp)sKh*fMoAf)A$(*w+5B6yphI_q{
zpbC61UVx3uPLISrPa|I#cqPX5*(?jeWd_pO0XdrPouA)hzUrOJn@zNf7Go}CyaF4r
zNXXqwA_BDpYijeH=L7cMq5x6<eKH{w5+Ni=bAR9@d~MV>nKb(LwP4(rP8S8}ipgE_
zpaH*Hl99$`m3s=qBT^*AhPk=F1_yIQPD|*TCDNq*<u6zHr>69obUI13Btll0y?0ry
zWllauqX+GE%;x_6!d>3fsKNP^^Pv8#ll|Q|aZxW-4HGVwR5Jm_jZbRa=2Qs!k5GJ~
z>E@c&WS*7A)7Uoec`-)RwSlyx^_n4wk;W?u>i^z>JL#5aFvRc1pV@f+&yx?>hh<H;
z-Txe@w^}w~Cz%2L57-l0oIZm@=gNPzDef{?Yrg4JM-85Q8NUHh0zE6xdVm(_%#^#g
zw7Dpqh@wDC1^Q=aM**OX+Xyxm53pWa>o7G1<H=z~i%u-?RwIY(IfgLE?CySP<>AcZ
zjEgvPb#iJ4d#(4WAiM<+>|OrMR$E#6`58$7NDK@(8T66j5)wjSz4hn%TAvV~FfMb*
zvYT3X2x&v>vDQ!(`#=J{bI5RG3`MhSMl<t^qFibl=jqtm>DjB<5{cF(-y6WIOeGAp
z`?yKU8m>Pdv5u^#_JkpS9{GmmgNH_>{GY9ChByh-Tst05lUE(n#GNeSQIBS;7(U|m
z2ey0&77V!+s3)B{)p#(ygURxzUWd?fqgh-_x~4d*BQ{CnsQ%ky$<T3k`{_iffqIG`
zYkT3`g8h6n?5DXq0b_MhM6V23%vZaKm_x7vBAcBu;%Mm0CWA?dHw)D17fThyDE_J`
zO7}^vJnr1>cmat!F@0-n&yeUK?_#)su8FCG7D{#a-`Ke2cm+!Rr-!wZh}YyDp6ESS
z$z9k<0OqJk7(DfA?__Pi&Hwb83vQper33lM!{~aD&6x&P@)TjpnS|=pJ(bO##?-t0
zRUpESeE`@DR`V;L@+&V^R``l!{8=?WIy;***OR-@#{^~xX#fg#u^R1Wd<~gw!oCqu
zt>wAFRp|P>@%HP{_QcnUa4Ba`&mzbuSTs%n0+EfYE1!s{s3v3*aJJuAb`2gN-&h03
zCG72W`j=mPid;GNk<{G3atAN6K#84eeCrPK6j%x%-<Ote4cgMryx|3lb2Y)n4_-9J
z(-JWx4ep)fN)<(%9Hln$WL@?*5%5oLH|n559kt&mm!xdI@RaV=`S3;n8&CRsOR0sY
zc7=ivO;Dgt>#EU!(4$O)SGt()NyB58byH*S1^eF|6x5)KHBc;6(o<;st*@#5`0!In
z@N55P_nno!xFfYEhurQ1BKrLcRXaO8nrsr<?}_<jST-qR6tD9z51gicAgcL%|GQfg
zl<akQox2EVdEq4ka9K`Ec9K(?%r>vP9=+tnb~*govfSb4TG%t{rM1(}RA7iyhI%Di
z%r!<L_ukyKqGy9@4({$}#2zub>FJaqYvW#E(d$4h?rUw_;@t%q1Pesq_RR~a03vd*
zL;=MEkKkxJ=klG>z>DP>2`?BBagKs0FM{O<fpbes-M}=V2FxZOc@W`-Kzv0w|1yWS
z`&ad>5|X@{5?S8vuI-`W)8gtd){#@N)_LLLVhxWQIAjdFATQaaY-_D+JswFSu)+>%
zTGMCD)_>4$-zKw3x8(J0kn~GJ#nDt^iq7=C6<By^e;IJ{d_kr7O<wn*B8tl4<g1b(
zb#nBwGQpY1G|6yg?8Ku)ESa)3tS}ax8+yA=%c5Gk)pJPvA=qH<I69-@b9>sO^V{+p
zr{U!3`=MHDlGECYt*(x8x5@}hlR0V*8XHe`4_8$SB@L)_y-4C1HJua@7P&XcL_BLS
zUUW|$!{d1$!{MJ!B`EK}EpQU>qp|6h<wK-tS*_(RZSlUV*N6v^Y`6EW7yjL;m<M6c
z3H33*a&3#*C~ye`ea$v7Flx%2yEp@shBH7f0eSOzKtDdzLlZEFFlzy70&!k<UgmEk
zAL1RgJ~)h=)T*KqB}hTQRLCBF15zH2PBs-mzz!Y+D4fCl1BJSIc}0RaK6Cmt;b@i-
zSM+u$RNwZ@`?-d~(+{-KxkctW1w`2Bw7OYlr2=dP*|l;+vfpdpYxHyTxn*W78k*c!
z%+RP&F)gF3Kk>y<|Gv@x6%Sdf9h}`$ZrOL45SF&ElDGq-PsPaMI(`$ZrCM(E3j%4y
zz;qt#`&K_5>n23*ZOE)`NH8g~gJQ{Czg{}>)8qO`6614R|Jz*qZxH6c0goPHqKC&*
ziI>U}Q-4P_8C9GUboXk0I;n7qp7xR=lx>N6xKp0)WS3UYQJAr)U-Mlbfdxrj<0N;2
zSBaRwB?D4acsV;Mz0eZn>R;IM&3}^y;w}Q)tiY?39(b+{D(1m3TnSq9dBorI;(8O#
zouTAkme^nFXBSVuDmEg(XA7D0=ezTlu=*o5;#!(G4wjJ$EXso80YtKMMwm>DA!!kA
z<uelsEE$F0f);}ofc$S_d(zOvgb#8GdMSU99spT+A#sflgaU;1e7_}E94)<R7(*d}
zz`pQyJL{eWtXd=y!+ZYn{r>WwRVR5st5{3nGC}z4adL8cT3Cdkhaj048`COl0_qn6
zIVO7;-g`>r-tIyq3x)nY_Xg+UgYlH&dpw(NseD9k#D|DR(*mMB`nWaWZa0^^30V<%
z+xwqMZK}{bWbccacH|B<#^$rN#DXaPSG=~px13?OTuC7}%%t9Lu`Q;sXEH_2Rztl@
z?*%P1vGRAmAU#9c>{u`r{(YjTQ<d+6^NPgCXq=cyOYHSjZE|QFL=Bh3rnlEIY25Yb
z1_@=uwM97`GKCWvZ1*m^@0I@2koI`#!|MERThfyi@w!O!lhi3^90esMLiq{bv-=*n
z;`W_r*bVsWS~54f;EiOCNj)i0I3elM@78_x3aymhAwEk1kM*AYQ<nZBZG}`1{M_Z=
z8G<TO2Uhk0`?n@YVb>c+g7-7}@U7jb`T*F)&^BBO`c0!hyCQ7hL9PNzX(BK9N3EbU
z)s{=}XE4OkM}qYF7wY-d?5+t?357O-WH@KO;v+sS#$}1)-~>V4eopb}3=sDK0u7e$
zU%}gkFec%4Ty8~}kNX0e7+8y)joi;l@C_@Ut*l6b<>Y%UxLhI3ks{E<y-GR-=`-MI
z&&|)TgNqC~5QwTE&=zA=AYPZYcW`jY-0}qM0(421g4{7{A^=q5prh0ejp!u<Ao}S`
zg5fG0h;Z~e^N8!^pq6}Z5$FW{XlA*aa02s~gFhAKk6+!MpN_!WmYd-#A<NX!ukOEn
zm}EpUY_f|;lClhZEmNYOqsFXn0(^69#|jKjNK%n4-2*n?e5u!>MN?yGZ@4vz<YALa
z3$0T_-DHCW=Qr9xxUX{ZY{#oR$dFL>wuuNw8J)(CUeyvKzioJLM+1AOoxdX2q<uHj
z+PQ_yIr;H%PQ_v)HYfHgi<i;(>hJX0d<<AQwbxcxCkj0ZG>Gm<E=p(6Lq!SbaioKy
zcsCp4v&E5vHXm0icL!0DQd1*6@2WpB^}k}-Q+>_f>pUsUiF#*bWWiK(8m76&ace@Z
z{J*bi0iuHW>5AUNLA#LAF$bghJj^JxED_*y&7^NDw@R=>8&Q>k(^MVOD9ZGpIWN3(
zY68-`|4a(NRE)VlW_J5Zm~im7L0EZYuM#6+OH<QZYBA63^0G3ec=~GqaoqymUv+i$
z&pZFDptT>_H^4?-?cxShst%v{rLUMd%|fA6r;Yn7h>-@sljyQXq~OEx00J;FYam`J
zEidQ$5b|w<G3NB@%VIvavgX9@IV3QF9%(Q8<N9Z?<nzj8f@o3o{Lp1zDEl7tK-i4@
zSBB#T^M}cKp>p`;vG2u1tq&zlkMm(Y4h|dbo01=&vBu=2S&6FTu-HxXYRfX!k94M)
z`ei0#R$5f|6`YCs-?RA<c51mrm;A7sHP9nIBE<hqrWzFLq%eb{YRHFj;PP7oGpy#p
z!+q@4UDJ2VpPtXq;-+0cBY66yV9iYGhv51Lwl3CH*8p2s$C%cr>=|j;8Nm@RpO)0d
z+Wph7zUEeSpR!0c4W0{PJas~QZZ>MrN3t#*je>eOAh=U1yg=_~sE3{{PrR95V1^0(
zpnzuZqcGX(wHE3-7<w`phWpVB4*N@#4mR|{2r8YefJe3e7NjP@V~FOjXa}?)DZ_BD
z<hxn0A`Qs0hyw5lI1Iaw&Q>Ukp(A(G7vo+DTi`f#(PML1*V>|3-y+ceiAlUT5Q%(c
zC+KR0gJ6ntrw^TgUIcN~n&oVQoev)w4h+1eYQVLA?)6E_p<m2^^K^~pF|NvTgDsPT
zqBIYgk1i3IODzKevh2;D0;Wz34Id<WU6<))JX^t_o5+;HH#-Xp2AS3LFDwNMu2`ay
z;EqUnZ3#vOcQ#Rs*dFIEV8IY&%e?Sf&qG_5lT3PKYhs2g;QopxBctW^IrkEz;v-XN
z!HNUAq=FuGvNV0R%!F+{0Y&SZi=-fVmDk>fdjWebc*vr@T=TV^Rl1l-M_3^puo8z%
zrw}g50eNE!OQr~QQU}A;7Z1JEhcRcyIna|<EFAQptjFI1=?^J)g0(iziSm57R^AF$
z1;3?0)h9nmV+-jU8#@;Yv#<Y%^bJRB{>3e;BDc?Gfd=dL`gQMaKwCyJ{w#XR`GB2(
zry|w2j);w7h2rbx&c(#@%J!}blNVP^p*pOdCoVeZAuC3~d~&D~|E=UcmogwGTM6g|
zq%#`++#I}xvZrmsrz2&Y%lG#Kq*?Gdo-6HmdM_f`Mjpm`K?iDC#O|ef<QZh~@X}Q)
z$jk)-fFMveK`+Vc^bu^@z%Q=eRQCQk^%A6xaoydw0>Rerz%UjWF)}<n2u>A|pLPoz
z45%QW&A$Rkj^MD`e!P-iQ-apV!6=i`-meLXSDshYM1tb!<m;;>aWgwI3GfQj?J5w$
zc6w#_+!q!r4!?Cx+VXPq_gBFa_4&EVoi=2N51Bf=G_#Bb&iF0HBStUqdz`;lu}4vY
zWrTcQWoeAs9!b-{{%d%X@6OWQ&@u&14^7ILyg?ka)MJq~c`K9f`wuJ%fwEY<y<)OZ
z+V}tquavJyoGiaAeAdFadec^LmS@{6jFhpS$%kH88z0t)5VcdT>6CDVDzB)8%^E*!
zGs&`+$T#}jR$%<-&wGD+Lua`H=$y0b9sO&=Xant68`$5;M(|AQww{LajA;b;eSc;c
z%)Oy399n_IQRDXG&zXm7*5nFu=<!(e&(d%Ib@nI!9a9gSBr6(D`P$#(zWn13a`?8d
z$W6!Wc9cYAIt`~j^UnihId!ln<rN%_a>X4AdPCQ3%og{vDRAzl?NbKc+Z%B(FMA79
z{Q+jPXW$(uDJjusvDh=8fJnyE7tZXa2ArtgM~VZ7_MIJ86BCmO(0J~-V>~TO@hoQy
z=JeBZK2?56^gtXrJ5$U{8p545vJHa?gC^h7gQE*5Gmz8(_iYCZ)}MOTf0Gd+sa4Oi
zgJlFhq-zj!Pn+-{HFaHVgeBU{!ze7cr4V^)V^sM;(sY{XAzw{`OhIjQ_xe=nYX6QS
zZg^fydTcR|e>yK4v2D(iv{2sp!&P}30!|ecuFd@B2MeMU4;2^r_2=wLPdU-wZ&+^s
zFBc%tPUm~tv=g%Ag>kXqI!aL7lbh@x6a8aw68%{F83PUvze=1-bOr-fm(a~n^ah5P
zRa$IiT7vJ=b4$jAlss6Lxii!Mx_#YnCmj9GAiZAdrb8RdQ@BA$x{*UHH})`Cq~(Iy
zDX1g}aBB?GOW(QQa;*TWjbl0DkV4#-Y3{jNmy+PAUr)Pk!$}>D;gLLrKQ!^W=wsED
zZx?2zJX%642_?-&aQ}E^?$W<Bygw<E^5JO#LFEp-MUnEEq#J<u>FesMNr(@UW+)&C
zn`}UC83py|H)t_HHwo->dVpQX?76(;w@c0z56(O(R?$T)J#<r`s|Q|pNkHE;1n8me
zE-r6?hUOeF)USq?Z<SlBtIZY`ff>m!dyn*0r_aDAgi3H6e=k`G-+~$4Gnqbe9&5yY
zeEJi=%sV72OL!B<`GPq3Ppm>LRcA{`;RCbV1Iq&wXCu=2y)4A6CY}w_{%o&Y_t=VE
zh~tZjnbag(ZxoI*kS!#aTo-$-we2#4i4HAZ{ULCu2x;kGc}>+{$(X~4nj4yf*}7)>
z&eiY3gC{1(Gjny_LG0Gw2QZPs;QnSdky-4!sG>gnMJx%B>9<qHtyRC`r(+&tuU=8b
z2pTrpB#kHCRqFCkDp;@#=q&d6-@Hy&zGK4WPz)cHbb8kBKG24HK6|M#rhuZ;Y5bjA
zr;C0_F%!$_!Yi81Ozi|3GPdSqP*|o9ljx=2*+WciC)z#mD#;%BUzmjavgCcaZuKy{
zCKN7f_EAh3zK5VG{Mp|&xd-s_3^Sv*g^M6N*1RA_tW7Cj>AR)FOTK2x&nUfWznh*x
zGG;gS0A$2XX70c%oIV723rw_#E(E~jAn{y4Z4XOdNr|cl2LiT8-JOnK(u<y?-rg-0
zFiv~YXcGE})@6grh8(!QZiXiL9E1bwC4XZdSOZ&I;EC|<vmWpqf&N?_-N))4q(X`S
z$oC`y`F;gDNl3hK^uVIj4fx|zF&zl=hurbf$$MAQdA8EpfxMdOF(<JlLxW}5qA@Ql
zoPjRor2YfWRIXXNW`i{2tN%mOS4LIUwe4=YrInIykS>uf0RibQL8K(5yCp>=r5lv)
zX4Bo>AT3CD?lXDb@BDD+7&r{}T65m_m9eR0Ouk~(#HCitn!bzjsf5X=_FqbriiT{h
zi@Nm2==5!hG=*5|!&$S|I}h}$a?^A@x!%W)+5TGma(BaJFMInYiYW@ga;n}3^+OZV
z${3RM{4?<lD?7=D?ty|R4^7D4w5xetQq#GqUZYLqSNkRhlE^$wZPLGL&Khs@3vs}Q
zpaAqaZU2o7gQ~r-BN`a@;+QNvAH8&SB#d__!@$VU#~08<YOcSU(;yv4Ut^m5%l$v<
z^QfrD^49tPK;Y0xuzW(eK|Jb@D-U5wDPr7;;T%BgxQ^dH++BUiBY2W{JVmzv-V~Uc
z+Cc)sH4qqJLZ0%S;rt5TXM~`L9u1MNPMw=cuk&-_Ds%3&x5EJ-<Gb)@c@Wfg4%ETT
z?q~FZuU}Jza{Dss%l-u?BoOVyaOMkXp*k4ih%N135ODWG)PZ8hnIZ}zbs3ozp3PY6
z+^cI{S(;0`UwN2|9{diZbq_4u+C}zSQ@nM!x7nU3XwnFB55TKK)oM`P(}X6VomY;_
zQ{7zfN)k4*@-$4T7uf-F^;vJ4zN(ZVWM()Uuf~z^Olb!#fvHh1u3xq8h053Jc!}#H
zcvHEJMFI`Tm)LhI4a`e?Axi`N$ymvJvpEZMR-DNR%rdnP<{un;x+iF(>iDz+@1xw<
ze?iG+UwJDxmghLq{8%L^!ZL0e)ZV*Z9mV)Rx!Nl%r+e7&A7A?3IK|awfAw~<jzsf$
z^U1##*tVr?FtTad=w)um^BojL0%<`-HGJuqEN0chNLnl7mNiJZGqxEi0X?{KkZ15m
z8$#i`AA&DOB%aVDpxnF$Kpt=z><W$cBPX>3QIt!&>1Q!Hxt=Q@E>tIciJxSzh#>Q5
zR1jk@!hxc=zqhx^z+OE4BpL)7k*62LGFhgFh^wa%XiRD<EAhCwftDAEk{lD+3V?cO
zAL8;Y<7nlAj8&6%8Y)Kz4hdwacQM<c`5lUQ@h!WCAnbmh^vc)UtogAbJjc$HNRW<%
zx%W-6$26jn-p~Aa>9;FpHasPBgjgQ)Rw2@3hWlApna>KebH7__UXNs2y8P6o_j?zt
z*E#)lzEgvUQzJz1nc@ZOyFpAGQJQ3|SC;oR)h|mu2DrJ8Fu5bXPKZh5Vf|8C)!aCK
zw$Vf=V%f&KrWaDo{sBiubMQKLixkTU+vzB>$_~fP%N~Uc;HLY#*U(oq|A9-mnwcBE
zu*tiAnBb^rib83tulwU=feJxI66$t$h;ai=A8Kjr_bc=shtFW%0wAh*1$Uv!0cN8`
zj@dC_;Y2d_L6F^2(DC-ROj%jk7XoQrrtV953@}GWE)wd4h0L|rxYNDemYPx3$ur@K
z4Ond`9&&s)iP9gBv0*r12c9~*5|_FjkM;=y<}`Y0uYJAM^`asc@KzuL%-i@=V?)Cq
za8~774#@qWl*8+C06FNKxBz4VD{c>w(vP4pa5$MmK1TX;B0G@9aw5B2Mc2#(!>fkF
zi7}ZKfB%$65T{zs!YP!ZG@2i~Pr-RD+UsyC#&iL3Q9)gz?92VWCV}?LczR|lF`xsV
zgUyaHGxQ(yxz(GWGJoD&1q_I;45V2%**O3B?P$|KP2~_f0G%$O$qa++xgZ4!4oNrF
zVlqp=(h6JL)2Yp-=-9)o=F6L{A7G3`Whc?g3^Gu~izca`3Rg4u;K1ub8x`d5qGhJd
zk9zOnWoS`Jo{W`+o<VKuAA36RS|}yKbkKo%p8;m{nlI&A<D5Ip{A$>`O26Uo8agz2
z0<|vOfT8#GR6cFCF!E#Q%kbg*jGY^E{@E9>?SB`8N9@~GYLJkhQE3ELd2yQZoZO^&
zaUsHzyXo<&tS-m^?jH0+>NlMIbVNS{gq}0Hq$M><Ke~WjDs86$IQ|-JdKvSEOe)5J
z{-fFZP7~M$L87PG(<I#L3ls6V(DIE39uvS*d=~|H)Z<zp_HlvlZNWWAmX!b3NIUV8
zZtpI>tMqlwT+9XlF9d~z)Imhg;Y%N&WPJP33%jQH3ug1Dm}u9T_rOCW4Y7B2CXDVi
z-OB#XRRt2$9iXcWY)dj5Jc?i^NVjHMtoq96f=&ZbA?xiLGDKAM98qqJ#rsDr*<dX|
zUgjg9uXEGeva&`YNI-RGi25ePo&i-WziV&YrpVqoJ6lB=$;qg3-KFTAbUBfZp0t7H
zj)8qW*0Z|CUVmk5tPDQ7?YNS*oDzkUh`zKXCB)`z2beJ2mTIxN*3!381FgxH+5ktJ
zQ8o)H8$#Z~qWrd1=SaRa-1IPAzVyV4z#M6nxE4-ES491k;bz9-Hg<o#4gOgl>y+JV
zUt+SCFm~_R6W<F!hljAfgh4T2vkZ21Q>%z&7E8YD*GBvIRs9!R*tWK%k7V74<OqzT
z=nJYcUSG^_wXF>fA@I_)(!`4DQh2XiQ4hYfYO}fl-3ax7c@_AaOckYikiUQMED5^n
z1$#(pYHGQ)r=49ikiX3}h9=CRlQ`pdP%b-cHrMs%MBCHk`JS*p1`7%bI%=sEf{4Ui
z%isFtPtrsP<-Wx4q}L{&_;G1JeR~lR>^d^m7=!1R^fO0jG)LfD{1>_!-}oe=AI>kG
z53{$tgCVl@@v8q*>6X|CT`$vy!9>KPY}Ih$%P}=gp+RDH`p!*~KeqI#f9c5Qx%GDb
zd$-`vO2I5=nTjZ*idqziq8OeZ<|0mN=v`YP-+m*b8=JM&e$6JM8ZpsooxxisvH%TA
zj#1O|mws9LhB!4~%6E%^(ex+{ku@`RR;%3&>rX32Ms@oP!FkSgRkJ>?UsuF8Sc?nf
zzk3Dg?RDvfFSOOwuLZm)o33jxM~BD6F4(`&!J$bfkvpTZvJn`o;^gcIAwlpPi@)^D
zOVZ09l|-7V0&FXj804N58*)Fo6v@(3EWWKXqeW4N7go%^t8e4X+yC3s6H<#W@h!Wr
z+2dm1vz^@;r~?aZ_k&vl7rp=>=w_s=GxOfB+H%c(Zza2G_6^%y1^OKiAd#D2t!`?H
z0OJ?X&<Vi%fq0j<ApcftNI`eMPYE^bCyi&VG8S?mk;|-og?1MtE=r1IUN$$5Hq7(e
zQV@<GSaehXY;65<QC8`&n5udP_a7pT$?RAMg=LAQ0J+^Wlno<_C@mNhlU3{5V=ZBe
zOt%i21q0dEfVt_zrJl{jb?xOiWmn=R7W(ba!hjaM=Hn<LrrkuQ$=cdvd!18#=FsP6
zDt<PWShiZ#aKDvw+?@G}`DO{O@dB~L?wGCTNBvcBH)BjQ$CaII_zAJkR=I4+1fs&Z
zhU#<EalR(U=xJ`0k+7Gr^GGf9=mx6VEm$%x+Ku_vA#H+-=D#I#AI;&vU(VFFdfc<K
z{V2Ot+_{Yqdgtrq<8aA9KUz?Jg)+eHZ-UoXJ}V0e_AUHE5uDZrG=N>p0X>JP$^Qw~
zlS37f^BdAoxgY>NtGw}g1_+84AhQYU19*7~XxjxD8o?_I3nqC4Q1B6fY_~n|J)bMg
z2C*++fsn0MMJi(Dzy;|ju8}*)^?hFPb^m)G_$%;L6jMyYR<AJNik{rb@cjlLohr@{
zz$kTYoFoCcVoW~M)txu3Tmb8!v6d`IjKzTfQ3<AB6{{&El@_hROP*=deZ+x`#na{c
zQh3xG(a->um-=1$Y5a%-+@bX0)JiWR<dR2V>!<6(FqxpyY({!QX$lW{J?0eUKW)B7
zDt&6mgVI&X>8)aQ9HE!iDEmmPyul4p4)I$C4|rddlaL3NxwA=j|76S-?$N0_Un3f@
zB;5=B7_lij+;T^-?F(d%zNcUOy^yK<h*w505VU@JTQ*D-XTuW}4(YYh$~7#r>*He_
z3~^XYN+#e$8Wm5O5U|i^a&fDUx<_tqp^akIOI*S&{6oB^l2&9%jGdQf3d8PgXHS6b
zA9%X|Cvt-``oGByO8dy5x6Cto2D`f5TlZ~rySx4S+2c%&k6umwr_gAcH6u&jK!3Ub
zjYYixcM?mU{u)tE+(Zu%IPiDeOLG_}dXj{~squRql)4W;*p@Nz0ANfiw`S%OFo8rx
zVc|=wl*Vy^&6ESgyn=RA4R8l7HMx!gbo<Qpab%U#maD$8aR9bPagXqb4f`W{%#h&~
z(An8pp3&I9_UiBR(gW4+sEqn=4~!sfK)Ma@2joG{US60GD-aP5G%1`A(6nU)EWruD
ziI)uq4J5IsUeoR&E5Wqi?Z!BxJ70G8h{3Qg@rUoXF-^>~ubqxN9N#wjWY}IEF;%yl
z0~~hTq=NE~;NG&S1w+(GP24{nDH2TNl!x}+qi1hfVA{WSIr|h@gNr}w3A?PyqlY>5
z5?18L>}qOSvyr;$;C|MtuxV?rnO1)f@B!I%z4#36zcos)N(-Y!CF+$2wd^9$k*p~6
zwD3taV^elrQalrKr&V9%y`i<lWNoo#W<<D_(bCSpE}=Ao>Sx(4Db{z+*{D8lxkqaX
zBt%a-POkA0b=~!7IHcI=WW<?z-*72n&HN8Og>LxXv~Ku%(foJ$fULTct?3&8o_2Q~
z!gnm=T6}3V4d^jsWzYF4n5dFd!{@@U-0LuOS@s57yD{>U&Zj3UL*k+$o}|=`mk99c
zaJU|30eiys_I6KkS=l}?Un8`EfVeSQITPR_{szW5Abaro`edrQxZw4^Kk4-XlDgHq
zm8;0KT}QDpTQ0Y+=Ua5QcWDxhF?S#;Wrsclr1~j>PiYSrRL}ROiyR$mfj0#*W-ky4
zB9~L&Spx0026R=ckgZCKZ&v}461W}c<nTDTvl^R})7f){Mm5y+AG1AL(kFDAAUubM
z5{~wOlyqD@cta4|Ileuxupp}Rquo_@9KlW+y^uxyj;(p;?+6>yse#xZWgK>mXA)H_
zzcUf86B=Gl8@Qq#nrtSQ`2^bAb)<bb60*vEA6xm+jislK7*dz7EQczMmZ|SulBQT6
zI9^q~N{5QY(whEZT<lIWr(8M<ih)T^4v(x;_PMBEpsA?cy+GsqxoLq-aYA`Rb(ga4
zf+4EilO`VMf4KmvUDGJ|_%_PLNbb=*ePp|ef^EAh!w|@Sro>tGCDQik5vDhl74V23
zyHB?W@h(NgUHh9c@YD?H#`iD4x!5?nZ%NGsBvR1k=8upYdjTGG#K>`eetzIR$ParG
z#-De0BY}0581kfsyL%8>jCvs=Ag~6GNZU6o7I&E`m@Ay#ayAom>eV!vbFZA<d<7&t
zE~I{00&)&qsm`EY)Y-#B9uQa>07?S%FEIe)P$40mS-|;r0_3ED?QM$BXg=lhD4M$3
zQH6(5bvyh!q-S+~uA+d`kDRVjj{8>Sfbz#M%8R_I1Dpj{bicb2NMU@<g%N3_rVq=v
zbt5(T_#G^3+zK)}c(Zk;{rq_5GB^8~Y${%~!~E%L>N1AT#DeGTiy!@1gROsd7=%mO
zf6H!Xv}AcpX{00TwL(?HEX^K!O>2DGBl(U3iV<ZS{K{hWj+E%Tq75H0O9}GcoArtz
z9IN|Ug@!sJ6yCtCZz2BH&}m~U&c=@Wm$16F>HkTvfSafImk}$B+uwo-#{K?9#7*?4
zs=v_%{92;Y6?!NTE`dlP2FAedxWu8HMkD2>m*Szj*@po)v~taq9EAaco0iEWO)R@E
z*zVv^J8>&!hz*0w1o`UMKps+j1s?5B0%Ut&4g;DulFU#_4^S2lre&Z5qGSMZ{<MTm
zPQB;fOd8%%yPN3BP$KyOc^v!`;ak(vQgSL(z&c0(`Ka@pDNkVZ3>XnW0R;<$ha`%c
zKc?zUhzgjXA%`u^Q|ZR8Sj%RYh5C{PA63`a(J>^pxOA1Cb(>uRf18vFL7wHF{dZjX
ztQt)g>njnm=w2vccZ=OymGdkO^3QqWZ=&cKAQ<o=;qwo6H;r;k*|!G-nu->!)>b$j
zQSf?g%6e%o8FZ|w{cOC|wiv@~ytZnN3n~N`1R7s%=*=`WC-XN`G%b;a2euDU3!=>t
z^b33BCQGICgh#ZsKSBJ%30LU@)n;&8p(RG7QH-2Q*7e%!@dvzrXnS&s)CevxbIXnF
zct5_R2v!`t4Y;&@Is5AGvwI_BFj4={M*_RpgiY|>nw>#sz$9UC?-ny6+9c$A_cN^z
zm-&TqNEA^x^J5U)8hywJoqCh2t;sHZzzi?Ax0WCrm$#@Rm8^BK67ENt804K&A3@h*
zQ?f*kBkuJ2ON<vP0Lu9TOhBebgtY3VMRf52twu71Y&E&;{jUx1ev$YOJ%y8^F^&+6
zxSvYBeEAY2{VK)nfEuFoox>4{MqgO#|G)$O8&$}Z1&`_w+3+WByC1Xr7uh_DIfi9#
z<$g%T_S06z$i8z`_f(W7=&cYE-PM;{ZfKW1gooeymbIu6*Azsnuh?(s{DCIE)XS5D
z?D2u|TPxOBVWxO2m3<1O=UefW%;UkU!XP`9f*%wKq*SiYo3U(G(Y70@q&Axtf>@SS
z=QR#AtF4?o|9nUGhucz?`jR&2P)Legf^0Hoh~Hv`KAm9cjAg~mw>nM<Dr`-Q#wlw>
zk7PSfhsIwOtq%GJ@XLf>9;yBmO-MZ8lFQi|B=rC<Nhff9_QH&wGrF1PT7dD+juOU=
z8*>nQdc*f<-qW>tbH<YfE9f7-h@N!v`CStdwF?x^+DzS`z~oH;q<(h4;>%sNG8f4R
ziiE<{=PqSerSBg`(dgx}fdPb%!{jgZ!qL?*$k$>l{mIe!=X;nem;eCU`5TOR1_p2@
zZ%@DmxuVmaalgqxgo%6)GJ4~+<WL7f;tnSg6;4)pAgg{|5PN(3%+S!1eMXS(I|+nE
zk3iwF3zS<VF6%Xb;sLM&VBiB7!@;a*XKT9$*jrQxAauF7&xVJw5S0JN_6QMShW;Es
zy29cvVjYY$699bhK;@9)Gpz9A)<X{re({fx1;bBAs_tPeX_$ikYxI6HLQQDYkg?BP
z?z|}qN^tiXDg+<QY#xp-?>dj998LitZ&zg?Pt(w~k4|H62T4Y%A7T&AW>6j!!Qn%X
zclK~bf*QmtmB&&OnI@p!oC^3Cm8!(Jhrg}W`LlLx!-f2gtk7aiufoagwHaG6A@zr@
zOfE7j)bAWTHo{rB=86jJ1kIk$PD&y}*XQ?FJ&ZJ*EIE|qXJ2sQ4L;U6S@L$l=loSd
zj;bbPO?%LA=KL&Aw12=ts#wZXoSVhgYpl(#Od<K~(@A2xvT}Fum^$K13*PMJQ^IA1
z28?x_SCyWo&lpea%kg!0RXQ~Ps4i&g$CaK?KI&etdctP=U~m+GwD|L%H_s2&FbO*v
zf~l{IWt!b*?B8?8nvd>8%tseY_P>}nao8Ao<BAl-8FKK3pP1)A*$`MsYi4X6i5i0i
z6P4$7mU;@u4vW|91)OZN*^Dt4s{$hTSWUndJY>wlcti{G(Lh>%%Jj5`x3{+q;QxsI
zo&XAf{@Htb4}*)SCJJD$r=Y{O;>A#+q{5iOw`;Zs!U-;w`8?P6<if$EOn_*@1F!A}
zpyUT_plA>qyBCS`PvVMYs4uksO$U+LvaF>LdGF^VcJR0H5MdGo-7#_(@hEO}U)pv&
zH`kG2JY=Vx3-e9iVdG+=WUKn>+cS26n(!w4w1to@W`^W){(!OZ4hOflMa7QiI$p*1
z{3Rg+u(#dt!AVff6EN-%@aA35Z68v{hpBywceK%*Q<PZbwk3%~vs9j64Q>z{zIou&
zBLw!<dv*1HiD>b2jxWmjh*DJlPE1^4skala?-Qp7Y}XMR=V_=6j;?ihIXEHQKiV8F
zt{J?$b3|I2etD_*MYK}1r^A6}@!aAgMM`9$%v{N0at_N2WOP!tsE@M@N9+0YnyC-1
zw)+KEKI2IXE`f8z6M4am?+7~!H+&ZXY7RVO#{a3%TprE0e~sTp=$jjTJOhR2Kb2ZJ
z+(jzPVMKmHD5xhXud2<+uS>H&+q^z#l~&o*7v7SpxL1_QYcfwT`=>8$L;NIhYSH%*
z$si?&eQU!Ipdhs%gTo8-NZXGOcd4{tJ|Ga%&dx3c`0~K+1|*o?XMq&=e*a1{_vyw1
zzukA^*kxNJuDp6hxNLAc!8El^p#LcvFdJa}7-;+sKmAkqX-4TD`WUG)R1BuYDL0{f
zA1KA>CvI0ZWzH`^J)z$Kj-Qwa`D8QV`Ow@$p$~`zr8!~_&PZOassZ*doZoykaojZq
zZ<nhoBL3SKsXZwirFKiO8d`F%r1Kx(ZoH>rTEHY^TnlnH-j(g9Lb^FX#`e2?9i*qF
zd15Q0q~>koj|3lV74H;m$MU(ZX4!&_KtO$9xFP#>b+WPLyWsrG!8!K9wi^53bL~%k
zyi6B)zdmWJ%cS1b4~em1=}$rRw3~mhiN+W>v)fmN%r0Y2*(-R4m?9{c!Q9*zG0W)=
z!tJugs|aNLo9-$jQCccg{Q9JZXXmD#SlktDJ?|&e#nZk9V;O{Lbj5ypG^eIE9U`_q
z6H?p}9X>t3Ip4mGU>(da9C?6?w`L$&Y3NVuY=eBq7nP|v`zka#uXL(!Xu}?BPAVLC
zCd3bRv(iU!_SI{z)c0jU+$yvMW|a}zp5o0@hB0w1sn>xvsj8wPD=ai#l}tLu{bEnU
zo&FdgBDcUC^H2J03vt$cmG@jX(MSBRL6>df3RRc}##>W(2tVi2^0EfNPe2Pj0c2r?
z%@qSp%n2mV0NjyJS5J?|-Sy8$E-J{ly?{C(d%=SB@rYLaNqW9k`de8iVcdczykYJ`
zkg%34#N<U3feG~<eZ*l#8m)}q3;(IK*G{ogVyPMgS7g+ETIm{yet+znr%5qI6g(cV
zV+GucsV`XMyRn6kUN9>{x??<>oD>J+-KUAMF5JTglJic#vjo?~ck$8v6LCkD&%)d<
zsePLhTXd{c0e8@2qR7->MQTjvSjxHihh~lKc}^ZzuvmCQh$#&#JhG)%{SIH}`(gq;
z%FVa_TKFr33DjRa(Ouu{5hpKNk&xPKyq%aUxvZ<5Y4lh^*P3f$e8n+`=1*j9(?nRa
z_YPrLC*w2)8bFS$p*><fc#MX*^y%?x;or5<=FzoL?$aIzWl`|0y0^p3AWrkma(?VK
z;q(<rTk)cIfk8;mr4?>B4=E@|U}0|%bedT*x;<^6@uk@=r(XrWIg|Bzh-6d=TWu~0
zFLzBCFtuAIC+s{z1ZKy`{36H)0E1gxTzot{9A#)^WKIoqoz4W(TP*<)H;{OL5RdmH
zdC36IT6%xDV99XTzc1nej^e8r<^|n81%)4M2yK8qz5u42gTup9lZrM#h5?<aS~{=7
z4@BT~E3VN5c>V%W4j@}{0HEJJB=l2(09_^z=;QyDW+CIuhf!U4v{(qHafK_lZEc<F
zB(yjF!23OTuxu5>FGnE3RCxtZ`F@rU@kJ`OuH&r?>N_~g^4M^hJZaG6VfwOc##>*q
zVRf?Tw>c+Y<(53j=uR|qfAlh|Qs7yr_j?)L@e?EDJvzd0J+nL0<QQwp-k4LxiP>CC
zF`>;u`ZNdW)E&1b`2ECe&8GFXE_gz(N!K)(Xg;{9_r<vjCH))tS^EFA0C{v;^A6<S
zR`}g|FyfsZkiJHAxh|sHWZf}0J~w;VF=HvGvv8&xC@&hqDLNnS=MRSu)T*B5@>$vs
zFq9q-5jk1aFuUgz+fqJvl?&(QE`7gAuUN0=XZ$Zz<l@CN(y-jQ4NW9!RQEvr@9VGD
z%l}-A<nMFa^>u%}O0Y5Bj7R2bh^Btmd5yXcIL-mU3uM%6_`VJM27{8^kK&tNm(0w+
zkV#>maC!`0zDWtyoFj+E#PUPB)BG;~Wh~Ks%uG7J@DK(-V8_e9G58{gO<!G5#=IwM
zMG)Em6+p~8Wk7#)YC%w20MrA>eib{2KSNJJwFn631y-yl|8-8>(|eEbMnyyZ1jqo2
zFhFH3aQId&Q!+U`j}?D+scIYc?e7FTSB=~x+k=U!oDl<=$iunX?V&4lP(3Z3UcEF4
z9U|;=pR_Kp-Tx8TwLm4q?bC?%?;oqlrysNG5X$FT8gsQKcPq;pyQQ(A|3<RlGk?%#
zu?|v09P5<lmpg&7F*8&jeGz${F@MWlJo9<plp>-v?B6$<oTMPGaI}IHDG4dQ;Cn!&
ze+?YJ*7{L@m8ClVDU~)lY)Y2t;zL%s_g#S?OMsZ(fb9oZ1I{6D9feVU|CRrQ#Kp?=
zvTZSe%}gY<iqUXzL~w_tl_(E$3T7s9XH`H-nuGn7wN&bl&C}HI;P>!rW4|L&K82|M
z7E(Tn#E7ORzejvFn!(e?_IEa^phh%dikN8f8C#s`P}%J21zK-fkaW%3=B_<PbAo_=
zLosiMT8+-pZSo(wGmrY)n~$V5e%OZHSjOz#EnK-tMG-0Q3{f$?P_%*S&0^)m*E9X;
z2zYyar}=1Jhw82MXl^<ZIc{W;1|6>Y7r{C@a?0b)ouW7bDYxJFNQxF$#Tt7A*W_n=
zKutp*`VrbtM7>EY@l(ri(71YL>F6qICK<@ZwceIDadkX|r0r(aE2OJ@rtg!ZTI|aj
z8Lk$xla;!05)2k*un3i9$%|ASfV6>HZwFU&T{{6F{0IbF5&~pKSlvbadTB`6;5Im~
z>0KY&gGOvq5r^_a_bS+20SSZ%c^bM$(}fWrV1*q{aHocVz-@6LqeF+3l$JJfhk)ap
z`qQ_cKex|bw<{e2tzHUa<4XySFSPW*xZJT$RL-tM*~vo<RUwF^e)Or30c&PIE(lf@
zjygC99$d_y8|b`63Bl6d*fr5=_((3t5AF+W^(D{m=N{N5gu<cOZn1G55LN7KS)1BR
znZkdYlAWjdb;pMHrA^%N{gX;qB-)G>$n_r|B^rKZw~tZA^&|wBI3Z!|TUi(2(wl3m
z4~ROY#IWQ<9aOI^l;#$3IU>Cf`?ciX=2z>kXiPAze1VzjkxruUF6vLy-(336;!i>v
z$QP=nFZ_0|66C}u1u%{cwzKD!T$Fu-LlX=9*co3CMVDf~j&vew`z^~mQFzJf*N7GJ
zX*1!}Hz$i>(SjRQa_&EZmU;dJ1_G}V_k2x3x4chhPxH8L#+LgfANRbDNCs4H@*I<~
zB_E>x#%G<laOB+m=AXMz{cgr(IO-34p}PGS|7Zo#Enjm6UEE9Hy0<n<j-}%UH3?FW
zeyQcCXp!V_#h277!+PF%Y2vOZ1t8cH3mza}jssB@75L&gaa>?J8(~oZ)zsfX2{rI&
z08u%_7);&(HKH*#&s-vA_1!2{n9YMa>h^FM+;%g-5A5c!rVoPH6EFlgf%XB21t?Vc
zOsfKE1HOZGfbi-X85MvLuhJZo26EU;2{vO1=hF8VcizNlaT8Cvy7vvMKzjnBfZ&w*
z1exaLvcfmCfw6h6aVd8kslY!}9i3B!^@z<0|Fr}1_#gSpmak1M@CcU4jc8_aZ#<*F
z2{mcYP%XF=Ss_B?yEn!y&WYrsvISZxq)!Ai#}QP=^Hq619?SmPg;So>my&4VBMn)R
z8dIyx3emCBo+5DaJUo6UIl}iMaZ$A%k8LnSrcA9;O8Wdws9mX;TmbUcQuFN*^o9L3
zAEQ=6XH)U{ySfsYv<YK?C&g`fnGQjn=7@X$Sk=IC49!)vWXq7r_Ip?nC`Ij5jtnBH
zW}#xjNwOsmu4J>rB@K-SL=t9eeAClBVTJSzRL1q*3bMB~ZS2=jILDZsvahhj4)D$c
z<q8^1ubJcqy3}6OO7Q)G`g+yk3-a+0(U+c~FC`a0N6xryPJfP6a(@y|8Qn2I6v`;)
zUMfwk5?<;WUcA7d5B_ZPoWJ1<z9{nVFTRH(ZN{qePHba*S@TNgk<KV)xRl7izMqIM
zPCX&_qg+_GtNbvt#js51g{%~aU_1t4B|E6@A{jfNu-QPwF0?NVmq(uIDWgfuq2azr
zt854;Cr$vRi`)hP!zCVE);H5eh=1t=pj}gns4!&JU969>DYUO0q(NeQ){U1E$a+r~
z_RNQ@@%x_fgPhGW<4CHK8jrin5-|6v@f~B96c>+yDa7M=P5gX&n3Uw%*YKayULw)A
z4<cDfM5@X8LF@XN>+6P+l{=V&JFJ7L5f<+GINiB8f7r4k)R}X>A(!UZp6=4yoVE<I
z&?HD~2Hx8~Y`s>TJZ;3xBhX8ZTTnr)b#U(Qr&U&@&sui_u}~Bold?>_;p-LzzpmkM
zqh!Z9R8ImW4#vE3VpPvF_xMUlW3iA!^=(l4qzzaG;}4nqPZpcej}~n7PuTvwvf{+a
zZJ#x+5AK(@a2%*EthipTmNy`Y%xd2eUp2;D{a{{ONsACT@OC&Sz7D~d+mp?`6>bSN
zkV8Ru`_+j>#>eW(daJtBk31zV7`Fm*2BsIrNO{gAcwN)`BO$z<`|*~8Y9qe)oFr}J
zNmmxTw6L4nWg3}4QsRNiD1TDgVcLxPdn(_WlW@=94URs%H_$#HdK&Wq4-N*5w9^ja
z7bRl4{p*9UX(#umbgNh>9Kk-TcM98cb9p!ri?cXi#fKIVMv+s_4PqUrq?dk*;BB>h
z@%x~hl;FBGFN&I|JT9X%)1iwTAYK!TQioxI#x#n;6}~KfB#-9lE)4i+;hzd~ipZd<
z)`gz~1>zdq1&$G^E>Kkh)B?Pa*4EZ-K+io9&MR|sPZvmp?p{MF0MDMj4$?xfvES(f
zDXwv}Y8d&^1pAwsupqVv#~%bumF%EdfC6%S{&&)`*B*?a0R04K2cFq3SQ+;~JY|eq
z0pxp>{O`k6C<Qo4fJApdhAt0mee*0Val(;gaQ00xwvMt8YJN`4J(RAr5H8B7D0S%}
zg-fo<(_+ds1C2lQ)&mCwA#B+uz2n{tb;<cP^!tV?2{ri3KN1|@s-haZhm41!F%9-x
zJ?YE+i`fOvLRXBBA&`sp6>kDu_>h?Jukz!eaU^hJWZl^4s8cv?eY&a&%nOLzMY2(C
zL=Ctf;?rhrExKOkWU6+(`mmA6cxA@Yui7xHd7Vg~HI%k2j<wocYgPV&^hM=o<=F%C
z058eqMRCjAZZ0jZqj@FF`!s3?K6)PYdqFabnj>DCM4JW=M$a%w@x%clbcZw6%}@7>
zE<Fnjs8L5OUsfo-*q%?ZSQQqLxuV`J@(=u>XDp;wjZBUS{m$Ne_I~q-yy4N|pz_|r
z0o7IMce6<GvGLW?t8PB&lM<o#=D7c@`d3k~1H^CbArOV1?gNm>{#8a*4ospnXa#~p
z_7`x8+f?#H1m3@}%Oaqkoi(rY;rv5=kkR=CU!VX+e5@}RLmO6c3q{moWot5!cz)35
zLEEtvB->$fMvU^+dUbmz6AQV`fsE8z%kocxt_(5K+6Zdp939ULUEH#J8;}#_PyYIQ
z;X$vcCR4-GXPLYQhKwqJ{D8Oy{9a&d0nrK_QXfmp%9dSMfL{u7Tw>?_jsl>tpb{HH
zmu3`gKrZucpT5jRfupcV>)4KVnR%t@d^TC=7DaFCqxUaMpp<}sHpuUwABO-U<aw!J
z1K9lj{;-s|hA^rpRSI}2tw4hwQYzIa&B?#&SYIWHgYujE4C`a@e#>PvwMqa-v_ioo
zqa5D$x<dAlRysQYzNF)u&`U3BGP3r~v1zqdNy6o+HxY~raXZhcR)XQIHV-osSJAu^
z;jg9~RY_8V&*=lRZJxi0U7;n2=lag_?eIPiKgiK6X2Z~qPSeT)vkg72tL07}*BF8z
zL-y8Gf``$hlPg9wH;$w{>9gQiC<nbX0umC!clfzBKY(;1OYwY)t3VVkl46^S4JSus
z8OF#88SpA>{Pn?F5?6+jgqO%Ks-IVFQ_DF=f`~6qyf<JiYm)s1y~*UW(aMjUHp1Kk
zn2cLZ{|I;0hQ*po3~EKxv6|l6<NML$>EYOM{@6d@)+#!z4VN)hR**{8AKDzzq-j0%
zMs*c-MX>2IZniO*Ky50jt@+-$c&YDwN_$IP3~gOh=Xvojz<uNWx2SM$lD}GUEG*As
z#c;wxLno%3p;q4WvU(XRU5Gt3SFpM(-j=9M*@gGHtsqabhHr@@(tn)81zY5nhaZLp
zOaFEAW>M6*%zIJo<-Vo`0djE1)WQM#JP4cYzoL}c{Xjcenm+GZEBeEak||aWIWY30
z5U%*d0vc|YL)r%Z$v$EEd>^cCz!!CEw5UP?b)LrQccQTqL>?}DT9zqM)H-j*VJLd8
zN14r+tpZt`I=D~%vRt2S2lbDLaSgjU?v)YR;MT*S<BfLT?^3+Hpvu%7Ol&h;_yJ0)
zH8$1^3au+#bTOWL)xYbzX#y0#4RI*+NS)oE<-bnv<ntF`zq>zaeE8;U;ho14E9|2C
ze3GP4NPMsV%zbWyQQPzIBQb_WjjkC__I?bGMcrcF3~AH>=4B>Tw#UKNmNa$*iVbFt
z&=i&l{5m~nX4J>^I)llVl61CsIbtQ#RxP_nKyHut9eDhMK-Fv_P;_5kpP0HkI>KL|
zgM{%A*!?JsRgS(Hhezxf#=+}%JR4i-jXO(({@qpx->wdvzLG*qhLAo$V&F<L=t1m(
zN<31A291h<3h{vrP$T}GyPTl(DA-m)t;;zilw9(Hgai_qGJ)!6!a>w`c2*T2fyGUT
z{8bh%J3TBECqUT~em$Sd)^UwvBH)l=4I7cxRENY+S4dcxQyJq>2YZRNi=Ze>-m5_$
z6r-+j5r_70of9KOW9n}B8U~IzS_7dX<1n4#=cVU9J%;7gGVRth{oIH>k}OE$RyV8(
zO!ZjRt&{H;Brf!pr+ncc?-!82{bYEA&J5c)te7d!uRU%E#e79#LA=fA{mCAEN4w2Z
zvEsmApm1$(_VTTl7Y4Q6kN$~q>zg<`C&e2ZuMtM6erGn(oR1aR8>8)&20z}UJsYT;
zdK|0h^#165MM6>WgDT#xG-A;By{|Oe^!oeJ;QAD<$u_RO2RLT@QeoDeSGlLp)VH9j
zA+<59EUl|@+loEqN=tRDF#WIFCywdISU0)%J0jI0)C)fz>26-EUj1~iw%M{yg~~i0
zw1{slE_jUG0kOr}jXYO@`#UX$D;iRypZxbLmuFe=_^WT4a|8An6E)_awJN-|o0v_%
zTJRMt^>?OKlzAK^xv3Lzy<c;m9~8YZvrQvkucAA7pD<|l>vYtN`sHZm?ZbVC^<(|&
zpk@&rAmUv#Gd*Wcn_SiZE{vL^m^A1jXqymP<~8|pc?%lCufv^s7{Qq!I={QZ1jQza
zdq`dA$A4QgM?+<kMt8Q1IsD+obPlM)!JN1Ck&8(Z)$z-hDuCm?0tIjtpw|BJ4hr*p
zsv=kient`BNB#8F)VQNnXz$;@mXL{KWvQmGbu8I(u$^CULD1ICyC4Q^W2|&U2ms)>
zKp=HDh*uTyzEuYmP5mG&?81lhr$RVRK%AKl<oo<*`n}i9P$)Y{+X0^D8SroMcm|^P
zBI;MlQHw4@`bi|P7(k#a8!Byw`!j#Hpy0=E3G7mKfA;Jp7yLpb6k|6St6Or9xuZWD
zWYZ^;>HK2)uJmZ=eq|gMkA*B9_9L6!dBBKL15e$7Z$TRu1<y?BEC^GPywA~-5T~Cj
zZHfiLvb|yc6S{IbV5sXC$CSKTOjaO7AMT()NT*VU`#`8$!&=NBnW4>j=EtfM{?mw(
zqtknX{`1L&`9O(Us&Xg$p>M|Om2@Q=k~Pl3O{~|M_bQ*}(2~Hr(l^OocaGlur?_OV
zhQ7+LHhAFYAl7ux{zPzjjSw-jLHK3#O#<v=>dncJb6b@AnD*wSgD6fKD-4YyVSgD3
z&LevBHez8v{x(%%Uf|p`Pv-H9DLto%K;G;b%WQ9hNO7z$C{;hVPVgN?vF;V6gnf#f
zbgcJHz2|nTsW`_vHDWNO$ESr6K29W!D-Q)Fn9+ZZT}UTF=eGH9b8%D@guGRhB6;DC
zpmAFq%WIc=y0H|EE6PTQcv^-2m^*F7L=+g}C}Y|{j)c4W-3{5_OVk)?b7-TWSIbE-
z4MHgeK@}7dfwWohFazU>JT8;70VM<zInYrgBN5PS^Q>U&L|S3}WNyv?{N-`r(E`DH
z36Nuu-wMj>2tZZT&Etcoa!N@VBLVq|FFwgF%R4N}`}lkX^(aVDcOB^J{7&I>-Cjx+
z5CgVSuj}Ki7AQ2D-KZ560%(K*Fl{Q($3D3kSo!13el>jy=#+ya03I)}O(00ZQATuU
zOB+gtkxrm$l8!_6anz)W^vC}?joH>s=Onp3TRh;SmW`|D(1plCS9=EsBmDc5j5=9~
z<8~1>ShaTkX}=zHI>^#u9THT;FGWe+p8k+G$;3nM<ZjJsbTwnHiOfndLpeDxyJ=Bz
zk4a?l1NjVHqZ?~*i>vFAx#4pu_I{!V{O2&=<JmYD6jWwI6x#@`)bQ-@g@s!L(Oqx)
z!uikQ3506(83wY{dYZKgvehf`q=op8R8$D0t7VE*bF<oqjMU({AG({(%|uVeIE1GX
z!V~GZ>8s!CyuOh49g)oK?Jf_{hWn*ZaGH_c?-8y2w^P1iT(L^s#R;=eg<-KQP3di~
z0=$BMxOsa|_+ZW~-tq1VRk7E?ok;`w(eJ6wizY#q4Y6K2rXT%o&eci!jg9zgF)^^*
zj1AA^-WEDrhUnMp8CSBwTcT_*v<Il#&DWfpj2K^p0`>fXUA<Gg4U9s!Mi}nR&Pl3Y
zgJx0i%z|2B$VwMSm3~<aK4i=r&T1huvv#7)Ltm0rtv7Zc<Z81Lt{uWZUQ_IzNZ%_|
z?@=AOwh*FOgoLZ}TU<ZdJ+#Nc@CxM;eZm3fISD!>O=(AZ@#OwqzbA+K_~|DOWn*V`
zsa=;QaM+PkVp9r<h_Dq*G6C2*5dhH5lNM-{k-Zyvp+VV<pO>>|5Fj8}m<iAj5@oX(
z;Atv^v{hAc--8hFeqKc^qI>6jWSqyw*Z?s&<0g*3Duj(aI3p~sZf=YRE^oje{hUM|
zy?BNQ9w63caAMKL<=;o5qM~MiS`<9a#vDWhUS87B)kGW#pwlVWW)1H)QE_TA5bltG
zfF4>oxU7)Gy|dH%`$(6j67nv;`kTm^5~|!btKkpO)we?LaoMJ(#4-Z<!B?{idbn{I
zrEX8liiOXGw4~t+i|Nj9<}lVu7W+f^DUle{`wL?~vgxz)<5pY<s^o9vT8Cp!mf<(O
zFBP&yd4E_tGM?BTZdYX18?*_L{}$3Vo2sf&5JW=MwqTOVIHv?RtTWYOVs>8t$h-A(
zaqueiii}zJg;gIq?N{C#AM?haqL?d5$eOk+D?GCy@=59MOJ=M(^N9=%(55FG69@CI
z<lS^WNdFMt4x3&+n~ndu^;He=i=(BN<7viVh973j_QGbAT#s*ov1YTL$_PGET&Z5Y
zxy++*(lDGixoDUW=R;W^w4Wid;A%JdQUghLy3g0%UE&+^EYxRc^L8hi874;?vJo96
zTw>&&5CcQUxjGnkm+GYaaxlxevDq<*ew8=Ay}5ezj*C9$PlJimK%Z}^-5e=H(H=|n
z2{+n%?$e|8TpPqrvsbfi&mjYbWxb9$Yiv@1b%)P>_exn5GNO_(U+c-F{f=A_`~IT*
zpGy<nNs*U_2RcBcMlmrxd?<~xvOp`>*K`V0%FjTy?J}AZ_2h(`9t?|!h`<vI9SJ$z
z-DUIw)xr=|kmEzeW~S=1eZA+tl56zA3i8K}hK~JscMIQFw3IUrY_YqgxfG&4aX|Uw
z4(_d1p9gdUQ_#1E2H_%)jv!J3v3;80ub~c!9RQP=_}ZA?pN)+iK)r#7?snJ`v3yzn
z0!%+?N(F?S#F&1+Q8)vnFUZj$n?CqBtm_wk^)XoGnmz)e@mT}Ew90K1v)Q(h{pFIy
z6mV7Yx#t{W8<`N#$r1+hq;S%TNBbBHWh8TFSx%fa?aPF$)ACt4jveuR%nWeiP0!U{
zX5R7r?QPT+{}Yzf5*cqVs^RB{sQgJd)izr*SihutMY4nZWl1#u#Rs!*gg7OMEr@cm
z986ka*-8f=y60}c5$KU35a+$Nf2~bS?1YtklGq~|%x<XiX)7G|C8he{_s8!N)-pl1
zbt%Q{o3%JLE~8BAXi5EjDicS~FzG1YTbe9bZT^Tiv*w;L9cY6ePv}#zK4?&Dbac|Y
zll8CW+VI$}j34mrU?CATeDwBZpiEutc_@X%l_8*U^hLeQ%R03k?3;v2JeE+9-jwx;
z&Z?pD)7@O)GBuR@#-j0S(NV%kw^k<;FbcFx6~(U_R_E0+&VyrNWZGur9ycheM}@ZA
z9oBI88*uK`@S1O2(fu3zcz5xOTYMp!DZS0j&6FgKytF)!F*+Xq+4B!bmylvf@eScF
zn!17Omlg%e2mvQcZO7Nw+Di2JV2-APfB|O9UI3F?b!B;(3A<xvMzg-91q+B$wt%7m
zbOpVFTf4s(0y%?m;EeIQJx7B8m$LqzHwt2)AhVYnV;(Z*W4Iaus;{0LgjVlk@2bR#
z#4v+j31?RZ?0#ovax%8r7e)@;fZC<S_uWAE2R7Z~)6)r6V>eGv7WEL!ubtVfg9)KQ
zI1(%#&!!`0fy7+?9ftM+EeTwf2R5AtcFE9nWh_zUNAhkWTixnK8&Jn$-^O<Gtfy9U
z=5~CWFOxR{=|P5d@YKSpMpyc?IsCT1J6Upam7t#J*yhLmlX^+Cf7$}9Od9`ic`{|q
z?$FZy4(t30KI%5dlNMM}6T^W7Sv*|HCp?zM9W2B%ZcFi>g~1hI7o5sln!QT3F2kNI
zVl?%Lj+fUmf|m$u?V`llKmQZ`dbBA1{p?)Z8k{ic^Lm@GfT-V&hl}R&Z0;w*nOfar
zd@ciw`DiVOBCL^-3qK$dR?$X@apylt-%sdzGULrV3KgHDoKanUmZ4H?d(QMIQ*;{M
zn|+$Gx!{>rd1bvR)uO-*LngA?gesLLt)$-HdEnpfrVsd{L3mF`+is>^Zd^@iU@+^`
z45F8hiCdz?Z)JO5k{Y`myd0JOY|qsyV5r{VNHZ*LP529^@FgquYn{nW;n4Od1aU+o
zf>yNRPOf>zlw)z%<Bw_nk6#P*j$ad|LN|dn8POtY?d*)3kB{#h{3dwuc<EP71To;Y
z0H;&|Pe`{3E+o$3l`)VzeGth&fjm7sAV~~PEcC4mA_R0(!~-!I(7==8fTCGYK;V9T
zmI2dOqK`d=KJG)o6orV6)eS~)@MK|$-X9}?wCfk(hq(>10=veJGy=RY&C@`>9Jl`l
zZh{-rz!3CeRM)sW7-YP3#D+L9sDflnWRv=x?d?wvuC5Gw!ep4pjt&k~+6NrJZ-7_(
z;MMZ}g_Eml*V!{VC3%l#q;lOaeUvKemwn`$gxWeoc$s^P$dK{CU*x@FAM&zcramk4
z>Tu+NE%4>tD^!OGR!kuyT*fu!(_4<e*u4#|Lg|9hx?%A(!ndU5VN)z>#pf?xEqoYZ
z$}6@Y<N?)O^e86o9ZIYh3OPlA8Sm*`ODOjHUl$esJtLN;tGL{EF36;nCt;F*{qCaZ
zk99F7^C)$O4xDN_y<yhOLTB9BH%k%A*KO@<(tqiE820<Wr<<AyISg2vbd7mj05~f6
zuB5tBS~!a?fcN?|v@G8FbKLAztl_|g&5yV%Dem36Y4ME|{@UXeIBc1=(Jza_*xVQ8
z6a52>(VY`#w4K=OU&3Y)_kB>x4Xu;1B=?#8r)|5ZE(LK?Vtq>rlpftv=ZP#fVMf%j
zu&j;?X;o+}?4xbp36AxR`J*-rylSk^F`9Pv{_yQYk}MpqrH_W3o>KTQP$^zQXZM2z
z*txF*5NuL;6!0Md+&I>cVzcs)e}7G}sZ4Z`AG1XQcXrH$Z>fxt&co};*&*9l)lo*&
zkT`G~ndu|+WwJw1AAG>`46NM9kH~@I5Qs26yx-F5Y9eG{+yW7o3FvP+KXRctpr~MA
zyb7nT)-8G&nDcgQFS~r~7*t^$|LH^lVd&3%Zw8Gzj9|A~<J?I5x21B>s3}Ots%_;9
z(N|+7e!2DKb&kTeVrr1Fk^l_I-2A)>B*(a-zM-MrO-Qr6khEVGRs8ViC<3rS!iyZo
z4$mP0A@Koz`b&i}!r^P4U{3|po5Y7gv8C#eb`!6xWV~Y1`5+vkYxgxqzu-*zdy`S4
z$dfWR?3e+Jqom~fQ6UyT9SZ+xM4Ce#<f8V(Ura&Dp|Zd3hne`3Wp7OOZAUOV_NN^`
zXogj$-5t1XM(eCKI^ko2{~gCNn8#EUtQYd+alfY1k+WFkpcK3g{@H>^i2eMGsbEUk
z5I~W8KR?;oOVkyhSmzbHq|xu-ycO^G|5^Zp(iZHn7t}Lp$EC>E)9%D`o^g8bG|Xen
zv9n4~PAMz6daqsFZ`U8Bbf$f>y$F%2YM#9;MiBg5eJo$)&%9MI!1Z0jwmu!P8MkoF
zMKjJE<s1)3(X1n?K?>P01|KTI@me)tZ@kuGCHyK%Jc5)PIZnuX@Sc-Jj0Of(f5bmJ
zAw3<fW;n>bth{IF!PsKxM?Nc|Mi>W`%lNoVf1%4-jpwhCbo%;4{rQmZnWK~Ia$l!r
z;7c9LT;WkFy5md21@-{A+|bYvN0Rr(Jx|XP9r5&^A<t*)B=gWglh0T0ahbs0CN&B{
z^do|2h9nROGJ|+Xps8PuS8re8@>m(zg`2wnAV7u;{NW~Ol%SuGgCr_<*%m4#={vWw
zBExd%q)Sj#MFaJD(1mXsA6L0K*?3#er?sH%T6Ti^So?I3F@%kJBZF4IiA^(450Bs0
zNJtRS=lO&QI6656)lU|9J>C<8`wR@q`XDOV)ZF~-KqY}O(lg*W<s^^JV;z(joCjF2
z9}zTyP|m-d5|~wiaMPw>vOa=|=e^Lngi+ip-LH(xwlBcC6Ws<0{%M5=*>w^G-P@EW
zbe~rtVBd?iSFS;~da0}2v|P&@O1{J-Kx3vNt{3{IfO+oSqqXpDGeU%i0YiQl^P%N=
z^%yS&eUUXa@n`01siJ8UcJoX=Vv6rdn0$X`s)HqMSw+Xw7`MS_{qjZASx}VQz3lw{
zMTcVp!L6Nq=EQ_mjRMt&6`;b<*!{uB43$KcZd&Hs3hxZHnB_<KHzL+X^)?w#M6ffk
zPE#u`FX?SP89JwGD@w-f2`zs*vmvCdBfp_JSCOZO2kL>Q;FCI?CXAgasNr7yI70LZ
zuRGcdd;kpLPnHbZe?bEI-4|IaEZRC$H|By_l@<C69-C{|F+skL!Xq>>Q}4ZZR)u@a
z%^|1cxa=^)T2@stn&(rK(x$_Eq0JKx2E?n(YEyNFj~bk{A|sK!`M4syr*_o=r{(u&
z3octtQCD`~eea@Xw=(>-K%)BSX&JNu>-7z`RK$cb1I+6gMWF096i%QQ3ckg-G(ldn
zjM0iLl9r}|iwCt%f-k}N6lWFs$sQ$hss$UuILCs9%AADRIP!i!kK<pPb8ig@ovIKk
zn^kk?fXE$Sp4~Jf`ndr`fxQ4D05=B!Tn~W&>j<4DX_vOeQFpg=18{pCL1C@;N3ch`
zjoy<JhihP8=okeWUkC)``oQ_^#TBJ|xQLxW=My{TPbU$(zLS65{l2WIPMJSLPAsI9
zR|urufxfPS_y1lKKtM+wDX2b+`0F%~l?N{-lM~}Ve69N9kG(cHH!&cEFC0WN5ICpe
zn*ER<U^Is>N;HL|bZS~Q;Y-O{JUGqgg)g3|0V|)krf`IthsO`40-9UBj4*bati)Om
zq6n9!DA~k-Au(gTXX=#_A7U$&oP@IWKJE~B)|ynJaHufmBywTMa>v#%J-gLA6Kv%a
zWAyJrAYM4A-5n`SPNmbB{Xj48TwQpYtWeX2&LX4KAQxv^Cd>W6i!XStlg+*8Gt1EE
zT!%6$!hW_WMp(nXBg{v~nB%qJU3T2ix?X`F>g$oRe;k6k709es99MCgXT|_|1h6yk
z(2!U&qjUI^vwYp%IEi;-{pIWCU3PVTUAyNt6o9$Mk3BGzi64rr*7nkk`zG>;T=dgi
zedk6}%U!=OHse~)PjIu{pYUF&mMd6NZ1+gXJQ53N8{w3YFf)8x4U2qj2IIYXzoNmq
zsH-GXOL9}jd3cig-Lh#XCF&~jUMmu}BJz}u``g_^E2Ir9KDL!6POlsOw4R)fR_<(3
z6t+gtPIO*rKl)d{LW|yo_Q%6>7x#K+-staK;qBiTjh-TCo{5sx2d+dncKy!LS`m>l
zkm7eoJ4v>M53D~cfNS5q!HDRFfAE1K;()WpnI?%NO{vpM1lxgsjO!3N9DKeY5d}ev
zC`twybwkHrT&e@`P!K=hYI<|T5ky&{S#*DUVJ#pa0IpOcVSg%_h~Ro+s%TD#HO{qd
zjS>f3P!#|1Rs7TAr9dK+{8=pL3Iu*_f)h-fN=ytxJ2)1;?JG9LCdeEBpeHQ|gSfuG
zsp<+mLh=Lg1#9c;5(JdCc6J*D89rQ)*CbJh9MQRy@S;dxsqsLV@=%}v5hkszcAyW`
z&QLP{RjI-EdOZrzSf4cfN!p9bvyJft$-wxcvet3^gh;$45)lU%Rz*$66Gr=dto|9d
zF_L2^0JC(T<xT#j45Ca^LIK%h{s!5bjc6@x9+j5^Ia<&B35aOJxfL(-5iKYz8id#g
zio4~0WpA1Y-|XEEq&hO(Hy24-{wb%l#vcFYFP+Wt!RFT`x`lMR+9OAcQa`tGhkWFQ
zjVj6vx<b3n=s6*aZJ6T@TsU5lQ%mlQYtFkfkdb%xs7k6h<}B3BTjPH_LCWpM>TZ^9
zsj>F+{PkJW%jiZG!8D0cL)uc&hC_m(RJ<W_^z*xiQ;_LkKVUn8-?_0I2v@etWk8PV
z(LL3J14m;MI8E5{oE5f2pWtg(|0|NIOuhF`klZG+@dUk@4K}0}Z$yqF&+Z9rm43wc
zfs49_1)gFL;LAQ9yv{y&bz^?4AER+=zyR~#D?b%XQ~Gtre=^pCF>w`e%E16@-lTzJ
z)U69>s&`RpPunsdB@Yy8DciA|IKdLE+dso}BHCm+N`N@Mat@1cRTB{wrYb!P^e6zC
zfMC0ub|-`k_(01H#el?4n1DR69YS5{<>n@a345C5KY#>T0HptF#eb65BtCI4_+V*E
za4<sIm<6Fb;HomyNtifrd3R6-0<(YdbNo5@`<Kb*{^V`5=T)g!-3l!-Bmlv8g<~>z
zRql7IP4c;?Z0*+nEA6}gss7*ppT`Q>BSm(yBNdT7B3t%WDyy>h&K4=hmMxSmdn?(p
z&#8>V;g})EUgvxsUhnUJ@O8VnIey@|9?!>hzwX!lx?dup3WPB`RikC{6X+)}8nDg^
z=`~>-0p}-%+j&!tjKGPIZ}2hL-7vsgsc2#?u`LRu686#jA#UQC{h;IM*UZf1qCg7Z
z%~Wbb>bNYqxJG9+8Tr2KKkfk6bvtud(E`rb=}4G)HIlq>*ukS$znsu)OaS#ZS{^Cd
zLnbfL1~Wn^>`T8H;72djO!milX;R+a>u&u}+h;LCC-&pMYy**QwM%R?Tb*8y+h5a_
z<8T5!BPnq2NjVun>#c@SU)Iy1xhwia*RLj*1Q>mzHGK4Tpb{|4iHwYfG#+9H12>Sv
zHeoPgLD8}}INI5_R@>;sqesS0mDrERU2_aZ&2*!=7<j&2*f77zqiCDIO8eP<f<frv
z$IWCESDml!`Itqkk_DTRVS<c5$q{A`ZG<Efr0z=1KgV!B^v5JW&CoE~;+oBCll7iV
z(iSlGT}cjFE+;4l!K@D7isa_k>Af`Woikn(m>*y>n(N_qbT!P`*ECD;MK<NFw>?^8
z+M#dR56MPYZ8SRRWlFQJJ2Xs-Oa@V}?lTVtKfi7xvlai4**ivWooS#06OSEvwcw%`
zgSEyfEak{xgzzpSo%@6xm#yHzMT2ocxY^v+*A3G&AH=XKq1m^-n)n?Xb36Xkv0R~U
zL#%nIo1L=PqGnrTK@woOo4?yp(Pf*EjX^epfoJEcGoRqg4>t}?sGtXP3c=G~@8UP~
zsF))dst6*YS5A231zw9XWoKu<iB4+XX!bh;A8)XcBy`#2a)<)o(6lILAlwHaaCmqa
zyS4RmJ;v#rf<n7k|ACO~7P$bxW`J=I=mIknWAjOK<bn|^8cb9fXGS={!QVV1fOY+n
zXgaim2dO@q`#D~S(#ZFWJVCuHgN)d^0DBK(HjCXqqM_uEUm(6fd|+1T!2gOtH^35A
zDV-t*|C|=e7vYD*vb0~FFB}|rfw^tbPBdYc?-?d=R1s7GB$w;aXCo?#CKHNml#CbP
zKEYzNUP1Ecx8__n&uI8N*E{Wr!=vf%ol}DZLxm_-N)HOD@UP8c+V^XirsO1|vL=Si
z{d14`!l#mkwTtP|etkD`%pQ8uvmUs8LBh)l#1)*f?mpQVV>ipe)t_qKNPa$WXY41&
zfsLw?AC$`meMoo&8DJZfVIHs!t$z$fwk&ZaD=7$<v>(R7EeBuSICk32B7fAq^-Y~z
zZ0((K?%_2y{@ilpCB>@W+GJ6@_d5gmYZ*}3e?!{^WYDL{bb@M$3o!HVp&q+emfath
z2<*6)$N7HeCzI=Sdf6z~pXf|Nzka9Eh17H%etRG=WZwrZM(>w)GbPmIia+IEP>e@F
z=YB-;Ad+<iDtt1h+%ndAu2GviTd(W&ukQXk6I@+38iV0ky{Gd4(IdceT9S&tG1V^z
zOMG)GFwSy4>rC5WNlpY$M*4KF6{M?l*4+4H@o)XoSZw7Y_Xj+nx!-?gnY5cRO3@O*
zYtoNgmLjPM(T=ZaW+@*3yn_8vpCrvo-=|?;bmxplNfOKj!7C{b00hSM@CL`5b~+Pb
z&oNycbo%DewS<88jk|WyoH>s71s@iSfz9X1UFHj70|Mh_0mc(Po<`wboTX_OgMJ+e
z3oENgU`-Fogv6Avsd_%r$*{$O_7`^@+E*zxLtbtD?Yt?pmv9kzd$kaU+jDL3jx&r1
zzZsE>m)A|&tBye}!2tn6o#e`HzT`C2R8+btp8}4tD%*@4E__@I>+9rDENCbP&Lp3#
zl!sp2=`Ofc)zm}={rdCgVi`IBIS4?0gD&^O33|G0I-MwBxzXmLmm{ivePCFBLS)3U
z0lfz!Ek@WhAzKPOpZzy^Y3JMbUF<vQOv>3u@wJE$872ab9jV79f{LW&D~<PO$FAJ{
zYm|e0#9|_-b`8U5A{gQ)JQ_Z-A#56>ukxNTP`|{a--d^*F#O>UD%zzC^xOUJ9K(0~
z?1J@1?FW*Nf4rH_3?XV?N$Mi9k(QGi?CE*v<Kv^|Q{qvT*tcmI5g+n~#yL)wc*rH{
znOz96;J+C3ajR4V`PlcL<Z0N*oW-Z<E1E1~0abP-U@`);5X~T3c&hD#yn`SOqq$Ap
ztw_Y_$<Eb~sV74qQuQ}mt$#1HrtON+|8<^LL73w5oafAiyq;NVFa3=JQmQUz*5@nE
zRr&zCwDIi6Y#0ZsxZjT#Y4t1{Bl=)OkhQ=H=RSYOp}-31s$(13g<?0w9k>1D5c#lz
z*TLqrHr$by62x;o1}{a-e9s?k5`98@laWvT(nan|fPb1l7Wo+{l}Zu_u)j99w+CCq
z^3=&<k*kWuS0*$aJxPFz-60H`3}e!#3pzPEite(}jigxufFVxx6)_~1GctH}*_7Zt
zFr}e6CG2!Wjx4xDgI`>{y_o>8-;e(}3p`zb=>tRx*jQjRKn|4cc|saZt*sQGGO3Ud
z0fm5l?#4X)l;f~G^LzKIsPD>8s>#)AF!OzfmX4C<EbJ2rjX1xa_DqHnA>j^jVn_!V
zdekZYNlzEVNn7Rt5wKP2QlocvZUe?&;JK-~9s@W)p6&!#=}Ta=78C-O`^?-NIRrEq
z({amNTU6f{s(82tTUs8NzrBB*s@xSkg_`PWPHJjusU{`>BtS7UpIB!^SGfZvvWgi|
zXM%EpY3<W$U0pKli>K8l08uP1FBe76>s4jA+|bs%KJdk+#-Nf1L0?o($hC3P{2o2@
z8CjsnioWOT=QqyUOYy8{MPv4Jawu;^7sClE6xr>+-dgyuI7Nv*c#D;OW<MmEEBCpW
zrFzHsH#YL&0vq%4Z)Ec~&8{YK<Lu_HS{E21#V`NcEXGIIGC77KY8+2Ax39(TG><J{
zuUQ*3t$VeQNU1rD`~8ByVi9(IP%^9jU^kjkoU`4SDhDC0Y`0LpeJjCt02szchV$5@
zorcE?baQvx8MrRV+O=l_u8qfk_s*i?E|1lvP2Nv(-`%TP$BxA2UM#7gjdopXcN_oN
z-v69XxtoUcD%puUD!RK?WGQ*vP<;@O&FQNt7#wU*`H^chs7CQ37&_Lm9}OB@vXvB{
z>uHA<Pjd9v{&Vkd<id%e1h<!l{PPmk9!km`T?4!;K-VCFdt6Yo`HaPzdBvBO=&yS0
z78&gfnNf>7Fm~S}@ZI)!Rhq?Fl9$Cr=W(7bH>k7XL(9*&Dg!j|h}+7Att~B=QGti7
zINV`Jm;&mh_;(-aTc82;nKYYI6K6OF=+_@y^N0m$I~?Sj0wBi_isb@m?H<eztWub0
z+rav$)|0&sS+J8`>C0u$50!(p+`0$-qXud0uNzw8JG)-rn2j>}FGF<JQe?W)l9FTG
z!a#1L7Q#hH3?_RKLfylTkUUV>0U!6Xv)vIl;J*YhfW;1u{@nBm$fRK*pgIchCwIYE
zN%YQsO-F|_L>Kag%jVu#X_Q{VkIwJk3AyZvpqMLilq$m9K19AO#PZQ8iZLllV=*M!
z6&_DItP+mz%0WbbW+{_KT2q>JSxuta3FK!gnxW2xTi>!Z%R>2U6OM6Dt4Tiuv*mIj
zKJ01}RWwX*W;8r5uTU4^=ZUF7ZF+HXb!nZIy;pCTP6nL<Vku7Qb<v<m#A5%QOaE_)
zW~s&?$$LIy^+MxOhHm$3>dppc^Vl>r@J=4s@{6+2?=$GKacabRRhyJ3vPkRfrKP0x
zt}kymzBCcKqR1lr88iDwiaGw}-}m3(e9q56Hmp_Y6#GOw=0`hngJ;fNxOjTgY*yQ}
zJZajp9NG1>+9qPWXA+o+#3T#xS(6)<*|Idr#b44)5b!4=39D39Ru@~pLGJ$2uAV|$
zTD(@r;Ul4198741EWU#BCjK1>Mu%Wkn(to#YG&p_<PaOGzJ_!k<rC<d%ekhT3~`F7
zi^@~Cqc)cC4t3&!t(^FI{|>QZ<Y7Tuua8i-6A5YCnUhuW?$N8jJbc~D<lq%f!m30{
zf^yubzw375sKyF2$4?%!<^R=^rbwByjE@>reyz5uzN+>%p85UjBp0=9p5wrG6DH#e
zqF;4J>0o0=$j>%F(UC+s_f&1r>~8$bI>5#4%GvYkWT9@nkr~sntkr}-BsOhwJ$@Sz
z;MQ(GBhFF(^(#FvmZ$N4btweQjfrYp>N)vB1wB5#FC!xy3=$GxN7V<cbOLA5Ib?cG
z?krT|@>P!@us#blxk^niRuug5XH|@>c7Sn$NTPw+2NVMAklde?xsXCKXvJ+)S(3Nl
z4v}*90Y9JaRL4-m=m@@9E;^uU(olY5hG7tmRr3XPteqdiW78(Ema$!Xxci>$mmjRm
z6<-$k-+2?GZ!AeCf@+C4C+C*BRL;nhIT<F3Ei~_nX6H8}0<9nj!Sc6+hhd`*?w3>f
zn+Pz75xial)OCN>uk2O73z<^Bo+MsVpO4y(vZ{;%{?IYm2DW4?Q$c85R^qM`^90%4
z`sw@t9To(Xp3DO|*)WIJy)h=H8^r|%1WbzggmGP7i#dE=ZIZNp?aGJIjeQV+#t<g<
zEnFhcs!hUug!Ljr_8$@v4bV3mK6+~PqxH)Xv6zs_`OH>ae)7MxU0)pNhL{!}nHUbx
zF92@l_lX`XRM*E;uGo)yjo-eC(5^YyII4A35xZ8>3jVvtOqxQZ%s~Y;VS>V^+Y+)(
z!m>~09iB0toCifO=8s|>!OX||zp?h3zXCC^K?X~WrJRH`-R#|?%4^=gLFqgP)-*s6
zje0SE^6*#$jW`Rwf1I!n>UdZAZPR-))x5E{E)5fRZx3A0XS<V3&1O5~B&@%YCl$W&
z*6FmoEhE*Jr!;J8s!?F<!6gEh=u?uCOCnIIefIqZ@(?#$+wVQa10B&xjz>V1(+gA)
z-A?QM4H&*1Nmgq*r3ZPo9L%XolRTnq39vFn8PDU(3C6T!pz8z?*~sGG)Y2lzeDFE5
z!v|XJw4QZ7E#mGbfTji$rLP74oFlV;4ClKSQuWBW=m@L!u8L#i38|sT)1L)bfvY3t
z?5s6<fwD>ZAkfE$w6irPg}41;@S*vC4NP0_l0#aq`a9!+GY7DA2PM{iXxv9Sh2~B7
z)u78dp07lF68oSonh^^I;<vQQiW@NtJj<NT9UZA)o-`Vb&R?o~FJ0}Lx!B$7L?5!+
zU#QEp&~MO|8W8O7KP^;h61LO1Atd?HD2F&V@9v5D({ovAHFO{_4a-!$_eL#iPYVWo
ztXB_DfvQeQGJ-}i&q`l7A+)Nfq?45J`8guU)k!5?1o6<0Mz=Zf#KhI;)5BhcqPfD?
z!v(o!Yd6~s{`8T5#NPMIGklT=CVTX7n+q+)Ao|4YpN_t6ok#t-wcZ;(0@^tltfj8>
z#4#XN`!uKqV}0o%OdL5GH9FA6I_z20$($lplU&-BZC7w2(RLoydE5@E<MS|f{-*2e
zedn2cZH|+ia~WdNIU^T3JmC3~*vs8uih&7U6ZbO}=i7@vo$aCA1#Ap0yk8mE#`fE0
zPyam6xOT@1SGPT^|D*NK+#HoQ?wZe4OS1$PcErQ{ehPxSBtcVHopa&r1ffd<8h*y+
z3hK^6Q5ZRgQs(PT6xKz~{%6Dc|NLj(DFd(%@EW0g#k^F>Hf8JD9}Vc&uU}O-3QjfY
zU7b`H`#=DKXrZ^ib~4kiR)TWU;DU?&t}~H)vbXWaFhU4uC)8)6I=wunzE4m2#3gIn
z>|@hFD*_b=cB31RE`tgU?LHO;9UL4GKu0b*9IyaKsDU+|_1x5%L&erLIxw0;)a6>9
zpMAhr1x@&zCMCzqaS^TlZq)&}HtEYxXuCw|^qRlSn{g2Z1>DC+JKShrFo>B2d2|T?
zG++A6!hro-1cFt4BbHWH10GWMB9=gE0dAF#VlK&`k8}?(fFX4qwk6F2lpV(YZsPBk
zkpTK-bI>Z8Uaki=wNC&kG@<jt&D%Q)w9&2R2M%N=(JJzRE4?>K40+^rXwi@x%>o}f
zx3=3!MohhLqr>m#feEV?3Z)RKtL063n`EyDVhE6l;l}}Nilh-K*LDX1r^CTP(N-DT
zZ6ivP_nz&Qz5!RPkBvxbREfcA#u#>CArI8+$iNjihH8g=@97~yQ@Mzf>9+`t0389S
zP`}r+kGs^YeGfrR@(+OHgG|PY2Hwr7ddJ^MNb!bTu_-9`l>j>%8@W+;fO%7!>$JQ6
z_+9piArAp(!((r}rxNkk19$&4In9Q5-00Hr^645D)^!D!0P4w=>j$q!mKZpw**>Gn
zwjHylPT*S7NnTsrZB(6q1_lCKUvKVv0w@*zZn{r3ueAt@qKP$;z0OXLJ87TX$s6gp
z!K~g}lfSrxMiW#x3%BC#9UEKSw)T}tc}-pvh@-?-*5ZsXs1qlk%Gx<E5fj?U9_YYb
zN=}bc!UpkRw-pRY6&iCQzdwmFUP6t~HxF?kBEZ!6Q+CR%6zg76U$mk{bKao%ON!o8
zx&+hFf13N_AV-a8?Ejd3$mEgT*47qLG5mJd8ALAdY@6!p3|&sA;45u@pq~J&W`#qs
z#@5!_x`30H7892sV7vVts9eLCi<8?-ifKF<+Ib<xnXIg?O#G`g&<ESNn{TLEJu4sf
zz)tG!lU%J6-p7QbnR^|{9!eSAr%bE%Z%OHVqXY+;5}Iu|n4Ve$paY*)MGJJ+8W1wm
zi>ll4VKq!48&D|&!MaiSw_iIR=YI^0I=_K73E-r{xkYmm-cJ-T6uI01vRgp=>8X3Z
z0cNWo8bh_CStk2@r0dBjAizMYz>3+XIk_+h#1)|F6#}i?5z$GmEKVdD`R3;CpydWa
zICUKb-I9ABIrU8XPDFN2p?s?FI(ZU*Lix_5E?Zd=QI}Z^DMf~4htc5P4>4s%+GY~t
zgeh>?n38Dww&sd~3Mb!_R;vkVig#!3-rn9bH!<<!ygQ={V7M8=<$m{tf<1i9-r!--
zQ^1o}-w+guVS3o&+@e9}Foqi1RyTg26kad5&?512HG_qg473hj0PH&>n3nDKuWp|!
z(|Rr1>()Rf1+cf}(J2c5`n(jQtfYGFbm$M$M#&j+CF(n;!I*83gXB=d^<c0gEP-jo
zp&Os7;ggwpJZt(AMj%7vmAW};ThbbTMhXsqk-MM__T=Jkmxd*~=kqS`#D7&cVdYK4
zciXO07;tS+DkUB|apRo_f&q7L&?9&*kEMqEY?@N>WvYBXSscq4IuYM_^u%4+XocCQ
zByZUJn!xU<QB)gjn}1C8u)Pm;=HT{<0S*r%ogsjLgcUfO2!k1YFI+~&uc+un`c$~?
z)euACy#)2zl{HGd(CV$MCv`L3tB5|X3_NAw7YldxCf6b>xp*loo9roIJSd>LUO8x<
zn<K;^`@iD-g6L@6VI?eB>%{ue#pZ^8p)UVq`A0Gz@onN!@pT4zY6xIDMkqI80{o<G
zZuwlvE=XO#)+zvc44@D|(vjP&?A~~AF<x*Uj6t(fn7A4|x>e%HSX&oQ&Q~y{>yZcx
z0ZdKI#w9wg;)&0YVCf>L(B;kbH*P`AHy<l20)Lz)i!0#$sA+4<GV!1K;|rP(e#6|v
z(#z86c#TM$rH+A)B^T~yvKde`5(T=>(=~4{^Gx}JJ0bpIV;gLkg63=J_~3xFjBF*c
zvTq(BjW0oW8d(S{odS!P0#F%7I)lKQ3I_1x4@Ancuhrcvlx0ZUnBM@o4xn_tK$ZgZ
z5c#a+&#5RdV@I8l(BH7LR_n`=sPLB~d-J=`eF&C6j}Ku!xaQH348JnO*~@jK4m9sd
zCrz%@n`a-4S$<Q6APSa8$_fU(z&xn7ea!v_Si=~wbL6RWB2%51SY$({{#-9NKUJ9S
zVuNkj4g-|%R_=UFXTdr6lm#-u^HoZ-H)Z*0$xwnS5Qqj(K*A12WcLuJe)3#D;WDys
zqONVT;9cRw5mhp%nyUX97L#W&{gsB6I=iF33ql9D4WRBm|7^S`;@zE3$<qtdOO$d_
zR_o6yKj4#6kV`qpQsDC5_e^X7UtggGo7~^8D|z|))vIeIXt({QUq$lJ;Bvx!-tZkC
zA&`Q?ARo3^Xecfh++?xLVfC!aw1k~B{(oOVJ~}D+9wWfkO*I>FhDLKKa|?TUdzS}E
zB~Syz{tXWUp4xJds806oI;>REa^^PGo4Qn;Ha`Lm<ypmGmc9p)l3gG*@NDorICDrh
z$}vA&2`y4FQCT*X{9>+>ed3lmSr{yJf$8wENvw86Y?rBSPoX?nkllpaQ(ta6KF=I}
zfdz7K7u-?4c3HKiPQdRKdrBx=QEpNyy%qz8Bts0ki27h~7RtH~!>S}4sy6)|2IIh;
z!hZIR-(46mjsK`!oDW|I%TR2MPi-p8VzF7^LaA$KcWDq)1BHNI8c+zl7guk<Q3^i;
z^eD)c$AD3O4A{~g>dbheFn%f^kPC>ewzal)KNI`RXSePek68G}j^AO&0JZrNgQT#x
zSULkBl4^q{kvz>;!gB~Y%u@T-<1`JuCfBbc10z6vnoaI}kDiGWfRQdi>DxJe3H#Gn
zM-#DzLm(l&NX)&?V#f#eK$ltWlb_%@sMPA3KS<vu7XUKm=VIw<EwfgR_!@#`N~&sY
z@JiHeXeSj}$gTPoe2ErtuBH6rMdG9m_d^)!6|tT?lgdgVXQ+GmY6U=CP(30xx`p3F
z;e>%wRj+R~@t@l1V;KrROW*5CQ(@zSwbquF7l`KKB=XNjSMENx0e=r5`Hw?XF#Ake
zwJR)fA6&p3gWYoa0erh*aBz@dOeud4rq+|fo~l`J5cQ50!<x`>)Uuc9y_SaXtJOpm
zSH@>bETQCoY%AdQqhYsFeLpR(0YzfUEqgXU?ZGafa0Tz8K+wrrF;w<WXnrT})w>XN
zx9u056!83QH}b4*;6m_|`%#z*0gE(a;aDpJTI$$r^joJEWf|0IqfJ@uw>>}KDIH9K
zP3md9oz>4U{F|*1CQ9h~PI`CCL3tbu3ycQt1QQbzP#Fbc>v#BTCdTAl67nipYEdN(
z;``#CA89#`Z*xA{+66i%MJ4ic&$8BNVx##F_y#ooN-#(%rlFb~pUQ$9I2=wD@)PI^
znB<w{Q-e2FR#!_dah%2+o&b&}5W>M{9^Aiw6{<?Wt!$(_vFv>BkbqwP-QIRSa%wsS
z<qRcAsf`Wqe1uODIR+dyrTZaxha_MZWx)O4T5Zd+ndzuZgXN-A6H^N|JmO@Je*1R=
zKC8*-v+;JDV(J)tq5tMs+CL7}s1=o)I*%*rB~+&Y9eQ);d#dr;<>k`)u+xO2kE4a2
zD?TO@4+k%NHILs*Zvd<=)@xqG%YR2-TTv-ebta*GQ!<<Pxt$N%H=8B1-}7~^psmYl
zyY;8HgZlwMIrsXb+3B5DZToTu+fUS13m}-KdsjMbi%Q%A0WxyO(z@T;IHi3ToVLUP
z_(liV;y<M8+)wB*-qjSVJU-UhZS)rpK9QU{-^MII_ZCj?b$GoEt*)O{qV^sXORVya
zNq~a58AN{W#olG+Ok24)8a%px^WMdic&v#dHoeRR6Mg>@WL$NmcTZBii0`+Pu&wE*
z-v#YLEqm6y>2u&25bO4k4WPEyf*WIof{_6}Pp`M`pn`n}w71skhPq`ydH!lQS(DpH
z@@Eu_vPL<bd~A0J1N`OjS-`U2tlf9(x1KjWkfHm{ViqiLR5pUyC8t)#xR(XF!BDO~
z9pJ0IR$4kZVbwHpD6QijsP8^2_}(-dvBx=4rFSQ&#x^#2UZO`Q;)U@D3373RtKDF$
z;|1vn@#0CH?2xSLIbQhO7O95&IwBxv4X0!?2KDAa45|aaZ}xiYYA*S=#M1x~T#zT#
z1pXs3uvsnCf_Snk^g(viZ0pOM8R=j*H+1FKAl*i1gdlmb-7i&{zZ|TQ3LLY}kKq}U
zg*VUd#8?&KFlN3x`Htm+eFbT)zxJC6R0-a{!pS~(ps_U;jxLXt<}{Rl{&7e;H(+yO
z2cbpN7oI5%)PM9GvHL{pywlD7zbaa=f;phx(eC$X&5vCkPZ`lET>=7pne?8esh3QF
z+TQVWa%QO@KWc3D5c9lZieIL3c937beaMVCS|V^I{y=)<8l~Hre=>VI?k{pbei`Go
zAFQn~6c=xC>eLIRF7|2`wX6TeHIHwfj_*h;BoyaG&b{mq$T>U0N9w4&a6IW*#o88X
zKSa$3S8NM<JU_|`G;(lU!m}p=74uOF^$4fu+?~_P-N;NqH}{a?J9DIdZf@gwPK>q!
zD`AAMT>uZfGx<Rwb>(SxhoJljOXTd?c1If(C)Gbg>7YKAuOO&gtSbB)gG0KYP0Wyp
zUmjUk#qNy{$5o8g==ef^@!J@o57OyP0pjURG39Xn!HTSpAD0xZ&z}A5a&()8S>Qiw
zF1`E^kCGI;ML54DxX{FktLQ%z2wC=<PfBs_KQ&{`kXyXA^>})78fiL#AkQLS`YiW#
zgl@a#-C^C6(e~l3=BeT5D@VsY`wc#u4#Ui<A0Pi79yK(6vAN%T`$S!)sd?_YU^}(g
zd1_zyhFyV-k~6Oa;v-%5=CpIJ1aes&HQA4M5;Nl6jXx_stYfbmGG5B@#iyK|HswCe
z-HTMmW*aWY4SDW1cERo!%Kv0BIltFF2Ufv^<oGfYY<l&Co^$Y2%HNYZJ-UBag17ri
zCwO#sJ1*Wdc*Y)!n&<7){u}?)KL!)rSo6N3`(lfillSbwo&G7<D5AxC`{;NeBeGfN
z=1Zf&*I|nG8{h2DJu|A{{W7}&V!t~Wi%Jgz+h^RraL~AjGc(-iFpMll1z+bI!FJW1
z3vavrl-E@?|3UhGqrmu2vXj2XF?ukt+<N_FodxkXXu=a|$C%wQMeX@KXyaEY3m)|?
zwPD?N6E8w)DX~a9Wn3EGf*UC>ulRR|_s&Uw|G3E2UewUYLtN?J8NqR-a$O^q&h}YP
z>A_ps^d`ZU_KIacF(kj}+e3j}!O*5>mf5G)Ft5sUZ}tu{Gs1(5_XaElX#5e^1HINK
zDglfkZ@%fS;xjksXS(f-v~PWn>Rfe}P(b?1JB9ugY3kW;^vvp5IyN3$O2BT_)r+!v
zdVZ<F{s|m0K75I>swguS=k7ZgGk-{e>>+1&Ln@IbE}CxrF%L9g@=IPjHB))-;DI=c
z)eG;1$z?hfv+&lPuk@6%w>Te!R-V@3Mv`+_tna-#x*|pAr{-%H)PBO&H)*J0u5~T`
z3|YI46vB7pCcvA1Hl$LN)s0|Vm*v^#m(>kcrUu4o4=r9(Im=u9w-wx5vrch?u;uR&
zQX!`Ny%@sBx<?s2NfHZ>yu3Vf#h4rydAAC++pKMqg{4{3&mPHW8e95{A>jvYU2i3l
z<E@V#9c}x<zuKJQ)8i9cyEsZi0+p;gdOFmvH3fN|1(eU3$@(ouRqisrZC}w~Wrw>a
z_isNh^!e20c`WE=q_6WKuhMJg*|Xw<^tdu{Y>oqprL`ovR07*!`qSAGhx%8xV1A@$
ztEMu$TP@twio*WCg*RC!r;LSHTkf``JpX1@BY&rXn|ZvyNvx}b(QR??_>%1CiFNh5
z(dv0bo`UD*z}VLD$I;z^uaznL<+UgNe?%tb$mH5xC&HZ3V-o*F7nGL0H%-u3)Ow3?
z(ik%6)IcMuwD*v9=H6sL$Db9?K<r4|v=nZ#-*2l)D*G<hdUFDmes+3WZ(-AE<fOai
r;|}6~vFCrc^uI9l|NHSoP7O~z7&ahfVA-z+fv-m@+R7D*HgEn90@Um-

literal 0
HcmV?d00001

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index 7a58f43e9..ef1686989 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -141,11 +141,24 @@ if (isset($_POST['contName'])) {
       @unlink("$userTmplDir/my-$existing.xml");
     }
   }
+  // Extract real Entrypoint and Cmd from container for Tailscale
+  if (isset($_POST['contTailscale']) && $_POST['contTailscale'] == 'on') {
+    // Create preliminary base container but don't run it
+    exec("/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name '" . escapeshellarg($Name) . "' '" . escapeshellarg($Repository) . "'");
+    // Get Entrypoint and Cmd from docker inspect
+    $containerInfo = $DockerClient->getContainerDetails($Name);
+    $ts_env  = isset($containerInfo['Config']['Entrypoint']) ? '-e ORG_ENTRYPOINT="' . implode(' ', $containerInfo['Config']['Entrypoint']) . '" ' : '';
+    $ts_env .= isset($containerInfo['Config']['Cmd']) ? '-e ORG_CMD="' . implode(' ', $containerInfo['Config']['Cmd']) . '" ' : '';
+    // Insert Entrypoint and Cmd to docker command
+    $cmd = str_replace('-l net.unraid.docker.managed=dockerman', $ts_env . '-l net.unraid.docker.managed=dockerman' , $cmd);
+    // Remove preliminary container
+    exec("/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker rm '" . escapeshellarg($Name) . "'");
+  }
   if ($startContainer) $cmd = str_replace('/docker create ', '/docker run -d ', $cmd);
   execCommand($cmd);
   if ($startContainer) addRoute($Name); // add route for remote WireGuard access
 
-  echo '<div style="text-align:center"><button type="button" onclick="done()">'._('Done').'</button></div><br>';
+  echo '<div style="text-align:center"><button type="button" onclick="openTerminal(\'docker\',\''.addslashes($Name).'\',\'.log\')">'._('View Container Log').'</button> <button type="button" onclick="done()">'._('Done').'</button></div><br>';
   goto END;
 }
 
@@ -168,7 +181,8 @@ if (isset($_GET['updateContainer'])){
     }
     $xml = file_get_contents($tmpl);
     [$cmd, $Name, $Repository] = xmlToCommand($tmpl);
-    $Registry = getXmlVal($xml, "Registry");
+    $Network = getXmlVal($xml, "Network");
+    $TS_Enabled = getXmlVal($xml, "TailscaleEnabled");
     $oldImageID = $DockerClient->getImageID($Repository);
     // pull image
     if ($echo && !pullImage($Name, $Repository)) continue;
@@ -184,6 +198,19 @@ if (isset($_GET['updateContainer'])){
     }
     // force kill container if still running after time-out
     if (empty($_GET['communityApplications'])) removeContainer($Name, $echo);
+    // Extract real Entrypoint and Cmd from container for Tailscale
+    if ($TS_Enabled == 'true') {
+      // Create preliminary base container but don't run it
+      exec("/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name '" . escapeshellarg($Name) . "' '" . escapeshellarg($Repository) . "'");
+      // Get Entrypoint and Cmd from docker inspect
+      $containerInfo = $DockerClient->getContainerDetails($Name);
+      $ts_env  = isset($containerInfo['Config']['Entrypoint']) ? '-e ORG_ENTRYPOINT="' . implode(' ', $containerInfo['Config']['Entrypoint']) . '" ' : '';
+      $ts_env .= isset($containerInfo['Config']['Cmd']) ? '-e ORG_CMD="' . implode(' ', $containerInfo['Config']['Cmd']) . '" ' : '';
+      // Insert Entrypoint and Cmd to docker command
+      $cmd = str_replace('-l net.unraid.docker.managed=dockerman', $ts_env . '-l net.unraid.docker.managed=dockerman' , $cmd);
+      // Remove preliminary container
+      exec("/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker rm '" . escapeshellarg($Name) . "'");
+    }
     execCommand($cmd, $echo);
     if ($startContainer) addRoute($Name); // add route for remote WireGuard access
     $DockerClient->flushCaches();
@@ -272,6 +299,153 @@ $authoring     = $authoringMode ? 'advanced' : 'noshow';
 $disableEdit   = $authoringMode ? 'false' : 'true';
 $showAdditionalInfo = '';
 $bgcolor = strstr('white,azure',$display['theme']) ? '#f2f2f2' : '#1c1c1c';
+
+# Search for existing TAILSCALE_ entries in the Docker template
+$TS_existing_vars = false;
+foreach ($xml["Config"] as $config) {
+  if (isset($config["Target"]) && strpos($config["Target"], "TAILSCALE_") === 0) {
+    $TS_existing_vars = true;
+    break;
+  }
+}
+
+# Look for Exit Nodes if Tailscale plugin is installed
+$ts_exit_nodes = [];
+$ts_en_check = false;
+if (file_exists('/usr/local/sbin/tailscale') && exec('pgrep --ns $$ -f "/usr/local/sbin/tailscaled"')) {
+  exec('tailscale exit-node list', $ts_exit_node_list, $retval);
+  if ($retval === 0) {
+    foreach ($ts_exit_node_list as $line) {
+      if (!empty(trim($line))) {
+        if (preg_match('/^(\d+\.\d+\.\d+\.\d+)\s+(.+)$/', trim($line), $matches)) {
+          $parts = preg_split('/\s+/', $matches[2]);
+          $ts_exit_nodes[] = [
+            'ip' => $matches[1],
+            'hostname' => $parts[0],
+            'country' => $parts[1],
+            'city' => $parts[2],
+            'status' => $parts[3]
+          ];
+          $ts_en_check = true;
+        }
+      }
+    }
+  }
+}
+
+# Try to detect port from WebUI and set webui_url
+$TSwebuiport = '';
+$webui_url = '';
+if (empty($xml['TailscalePort'])) {
+  if (!empty($xml['WebUI'])) {
+    $webui_url = parse_url($xml['WebUI']);
+    preg_match('/:(\d+)\]/', $webui_url['host'], $matches);
+    $TSwebuiport = $matches[1];
+  }
+}
+
+$TS_raw = [];
+$TS_container_raw = [];
+$TS_HostNameWarning = "";
+$TS_HTTPSDisabledWarning = "";
+$TS_ExitNodeNeedsApproval = false;
+$TS_MachinesLink = "https://login.tailscale.com/admin/machines/";
+$TS_DirectMachineLink = $TS_MachinesLink;
+$TS_HostNameActual = "";
+$TS_not_approved = "";
+// Get Tailscale information and create arrays/variables
+exec("docker exec -i ".$xml['Name']." /bin/sh -c \"tailscale status --peers=false --json\"", $TS_raw);
+$TS_no_peers = json_decode(implode('', $TS_raw),true);
+$TS_container = json_decode(implode('', $TS_raw),true);
+$TS_container = $TS_container['Self'];
+if (!empty($TS_no_peers) && !empty($TS_container)) {
+  // define the direct link to this machine on the Tailscale website
+  if (!empty($TS_container['TailscaleIPs']) && !empty($TS_container['TailscaleIPs'][0])) {
+    $TS_DirectMachineLink = $TS_MachinesLink.$TS_container['TailscaleIPs'][0];
+  }
+  // warn if MagicDNS or HTTPS is disabled
+  if (empty($TS_no_peers['CurrentTailnet']['MagicDNSEnabled']) || !$TS_no_peers['CurrentTailnet']['MagicDNSEnabled'] || empty($TS_no_peers['CertDomains']) || empty($TS_no_peers['CertDomains'][0])) {
+    $TS_HTTPSDisabledWarning = "<span><b><a href='https://tailscale.com/kb/1153/enabling-https' target='_blank'>Enable HTTPS</a> on your Tailscale account to use Tailscale Serve/Funnel.</b></span>";
+  }
+  // In $TS_container, 'HostName' is what the user requested, need to parse 'DNSName' to find the actual HostName in use
+  $TS_DNSName = _var($TS_container,'DNSName','');
+  $TS_HostNameActual = substr($TS_DNSName, 0, strpos($TS_DNSName, '.'));
+  // compare the actual HostName in use to the one in the XML file
+  if (strcasecmp($TS_HostNameActual, _var($xml, 'TailscaleHostname')) !== 0 && !empty($TS_DNSName)) {
+    // they are different, show a warning
+    $TS_HostNameWarning = "<span><b>Warning: the actual Tailscale hostname is '".$TS_HostNameActual."'</b></span>";
+  }
+  // If this is an Exit Node, show warning if it still needs approval
+  if (_var($xml,'TailscaleIsExitNode') == 'true' && _var($TS_container, 'ExitNodeOption') === false) {
+    $TS_ExitNodeNeedsApproval = true;
+  }
+  //Check for key expiry
+  if(!empty($TS_container['KeyExpiry'])) {
+    $TS_expiry = new DateTime($TS_container['KeyExpiry']);
+    $current_Date = new DateTime();
+    $TS_expiry_diff = $current_Date->diff($TS_expiry);
+  }
+  // Check for non approved routes
+  if(!empty($xml['TailscaleRoutes'])) {
+    $TS_advertise_routes = str_replace(' ', '', $xml['TailscaleRoutes']);
+    if (empty($TS_container['PrimaryRoutes'])) {
+      $TS_container['PrimaryRoutes'] = [];
+    }
+    $routes = explode(',', $TS_advertise_routes);
+    foreach ($routes as $route) {
+      if (!in_array($route, $TS_container['PrimaryRoutes'])) {
+        $TS_not_approved .= " " . $route;
+      }
+    }
+  }
+  // Check for exit nodes if ts_en_check was not already done
+  if (!$ts_en_check) {
+    exec("docker exec -i ".$xml['Name']." /bin/sh -c \"tailscale exit-node list\"", $ts_exit_node_list, $retval);
+    if ($retval === 0) {
+      foreach ($ts_exit_node_list as $line) {
+        if (!empty(trim($line))) {
+          if (preg_match('/^(\d+\.\d+\.\d+\.\d+)\s+(.+)$/', trim($line), $matches)) {
+            $parts = preg_split('/\s+/', $matches[2]);
+            $ts_exit_nodes[] = [
+              'ip' => $matches[1],
+              'hostname' => $parts[0],
+              'country' => $parts[1],
+              'city' => $parts[2],
+              'status' => $parts[3]
+            ];
+          }
+        }
+      }
+    }
+  }
+  // Construct WebUI URL on container template page
+  // Check if webui_url, Tailscale WebUI and MagicDNS are not empty and make sure that MagicDNS is enabled
+  if (!empty($webui_url) && !empty($xml['TailscaleWebUI']) && (!empty($TS_no_peers['CurrentTailnet']['MagicDNSEnabled']) || $TS_no_peers['CurrentTailnet']['MagicDNSEnabled'])) {
+    // Check if serve or funnel are enabled by checking for [hostname] and replace string with TS_DNSName
+    if (!empty($xml['TailscaleWebUI']) && strpos($xml['TailscaleWebUI'], '[hostname]') !== false && isset($TS_DNSName)) {
+      $TS_webui_url = str_replace("[hostname][magicdns]", rtrim($TS_DNSName, '.'), $xml['TailscaleWebUI']);
+    // Check if serve is disabled, construct url with port, path and query if present and replace [noserve] with url
+    } elseif (strpos($xml['TailscaleWebUI'], '[noserve]') !== false && isset($TS_container['TailscaleIPs'])) {
+      $ipv4 = '';
+      foreach ($TS_container['TailscaleIPs'] as $ip) {
+        if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+          $ipv4 = $ip;
+          break;
+        }
+      }
+      if (!empty($ipv4)) {
+        $webui_url = isset($xml['WebUI']) ? parse_url($xml['WebUI']) : '';
+        $webui_port = (preg_match('/\[PORT:(\d+)\]/', $xml['WebUI'], $matches)) ? ':' . $matches[1] : '';
+        $webui_path = $webui_url['path'] ?? '';
+        $webui_query = isset($webui_url['query']) ? '?' . $webui_url['query'] : '';
+        $TS_webui_url = 'http://' . $ipv4 . $webui_port . $webui_path . $webui_query;
+      }
+    // Check if TailscaleWebUI in the xml is custom and display instead
+    } elseif (strpos($xml['TailscaleWebUI'], '[hostname]') === false && strpos($xml['TailscaleWebUI'], '[noserve]') === false) {
+      $TS_webui_url = $xml['TailscaleWebUI'];
+    }
+  }
+}
 ?>
 <link type="text/css" rel="stylesheet" href="<?autov("/webGui/styles/jquery.ui.css")?>">
 <link type="text/css" rel="stylesheet" href="<?autov("/webGui/styles/jquery.switchbutton.css")?>">
@@ -675,6 +849,16 @@ $(function() {
   });
 });
 </script>
+
+<?php
+foreach ($xml["Config"] as $config) {
+  if (isset($config["Target"]) && strpos($config["Target"], "TAILSCALE_") === 0) {
+    $tailscaleTargetFound = true;
+    break;
+  }
+}
+?>
+
 <div id="canvas">
 <form markdown="1" method="POST" autocomplete="off" onsubmit="prepareConfig(this)">
 <input type="hidden" name="csrf_token" value="<?=$var['csrf_token']?>">
@@ -715,7 +899,7 @@ _(Template)_:
 
 <div markdown="1" class="<?=$showAdditionalInfo?>">
 _(Name)_:
-: <input type="text" name="contName" pattern="[a-zA-Z0-9][a-zA-Z0-9_.-]+" required>
+: <input type="text" name="contName" pattern="[a-zA-Z0-9][a-zA-Z0-9_.\-]+" required>
 
 :docker_client_name_help:
 
@@ -903,9 +1087,263 @@ _(Container Network)_:
     }
   }
   ?>
-:docker_container_network_help:
 </select>
+
+:docker_container_network_help:
+
 </div>
+
+<div markdown="1" class="TSdivider noshow"><hr></div>
+
+<?if ($TS_existing_vars == 'true'):?>
+<div markdown="1" class="TSwarning noshow">
+<b style="color:red;">_(WARNING)_</b>:
+:  <b>_(Existing TAILSCALE variables found, please remove any existing modifications in the Template for Tailscale before using this function!)_</b>
+</div>
+<?endif;?>
+
+<?if (empty($xml['TailscaleEnabled'])):?>
+<div markdown="1" class="TSdeploy noshow">
+<b>_(First deployment)_</b>:
+:  <p>_(After deploying the container, open the log and follow the link to register the container to your Tailnet!)_</p>
+</div>
+
+<?if (!file_exists('/usr/local/sbin/tailscale')):?>
+<div markdown="1" class="TSdeploy noshow">
+<b>_(Recommendation)_</b>:
+:  <p>_(For the best experience with Tailscale, install "Tailscale (Plugin)" from)_ <a href="/Apps" target='_blank'> Community Applications</a>.</p>
+</div>
+<?endif;?>
+
+<?endif;?>
+
+<div markdown="1">
+_(Use Tailscale)_:
+: <input type="checkbox" class="switch-on-off" name="contTailscale" id="contTailscale" <?php if (!empty($xml['TailscaleEnabled']) && $xml['TailscaleEnabled'] == 'true') echo 'checked'; ?> onchange="showTailscale(this)">
+
+:docker_tailscale_help:
+
+</div>
+
+<div markdown="1" class="TSdivider noshow">
+<b>_(NOTE)_</b>:
+:  <i>_(This option will install Tailscale and dependencies into the container.)_</i>
+</div>
+
+<?if($TS_ExitNodeNeedsApproval):?>
+<div markdown="1" class="TShostname noshow">
+<b>Warning:</b>
+: Exit Node not yet approved. Navigate to the <a href="<?=$TS_DirectMachineLink?>" target='_blank'>Tailscale website</a> and approve it.
+</div>
+<?endif;?>
+
+<?if(!empty($TS_expiry_diff)):?>
+<div markdown="1" class="TSdivider noshow">
+<b>_(Warning)_</b>:
+<?if($TS_expiry_diff->invert):?>
+: <b>Tailscale Key expired!</b> <a href="<?=$TS_MachinesLink?>" target='_blank'>Renew/Disable key expiry</a> for '<b><?=$TS_HostNameActual?></b>'.
+<?else:?>
+: Tailscale Key will expire in <b><?=$TS_expiry_diff->days?> days</b>! <a href="<?=$TS_MachinesLink?>" target='_blank'>Disable Key Expiry</a> for '<b><?=$TS_HostNameActual?></b>'.
+<?endif;?>
+<label>See <a href="https://tailscale.com/kb/1028/key-expiry" target='_blank'>key-expiry</a>.</label>
+</div>
+<?endif;?>
+
+<?if(!empty($TS_not_approved)):?>
+<div markdown="1" class="TSdivider noshow">
+<b>_(Warning)_</b>:
+: The following route(s) are not approved: <b><?=trim($TS_not_approved)?></b>
+</div>
+<?endif;?>
+
+<div markdown="1" class="TShostname noshow">
+_(Tailscale Hostname)_:
+: <input type="text" pattern="[A-Za-z0-9_\-]*" name="TShostname" <?php if (!empty($xml['TailscaleHostname'])) echo 'value="' . $xml['TailscaleHostname'] . '"'; ?> placeholder="_(Hostname for the container)_"> <?=$TS_HostNameWarning?>
+
+:docker_tailscale_hostname_help:
+
+</div>
+
+<div markdown="1" class="TSisexitnode noshow">
+_(Be a Tailscale Exit Node)_:
+: <select name="TSisexitnode" id="TSisexitnode" onchange="showTailscale(this)">
+    <?=mk_option(1,'false',_('No'))?>
+    <?=mk_option(1,'true',_('Yes'))?>
+  </select>
+  <span id='TSisexitnode_msg' style='font-style: italic;'></span>
+
+:docker_tailscale_be_exitnode_help:
+
+</div>
+
+<div markdown="1" class="TSexitnodeip noshow">
+_(Use a Tailscale Exit Node)_:
+<?if($ts_en_check !== true && empty($ts_exit_nodes)):?>
+: <input type="text" name="TSexitnodeip" <?php if (!empty($xml['TailscaleExitNodeIP'])) echo 'value="' . $xml['TailscaleExitNodeIP'] . '"'; ?> placeholder="_(IP/Hostname from Exit Node)_" onchange="processExitNodeoptions(this)">
+<?else:?>
+: <select name="TSexitnodeip" id="TSexitnodeip" onchange="processExitNodeoptions(this)">
+  <?=mk_option(1,'',_('None'))?>
+  <?foreach ($ts_exit_nodes as $ts_exit_node):?>
+    <?=$node_offline = $ts_exit_node['status'] === 'offline' ? ' - OFFLINE' : '';?>
+    <?=mk_option(1,$ts_exit_node['ip'],$ts_exit_node['ip'] . ' - ' . $ts_exit_node['hostname'] . $node_offline)?>
+  <?endforeach;?></select>
+<?endif;?>
+  </select>
+  <span id='TSexitnodeip_msg' style='font-style: italic;'></span>
+
+:docker_tailscale_exitnode_ip_help:
+
+</div>
+
+<div markdown="1" class="TSallowlanaccess noshow">
+_(Tailscale Allow LAN Access)_:
+: <select name="TSallowlanaccess" id="TSallowlanaccess">
+    <?=mk_option(1,'false',_('No'))?>
+    <?=mk_option(1,'true',_('Yes'))?>
+  </select>
+<?=$TS_HTTPSDisabledWarning?>
+
+:docker_tailscale_lanaccess_help:
+
+</div>
+
+<div markdown="1" class="TSuserspacenetworking noshow">
+_(Tailscale Userspace Networking)_:
+: <select name="TSuserspacenetworking" id="TSuserspacenetworking" onchange="setExitNodeoptions()">
+    <?=mk_option(1,'true',_('Enabled'))?>
+    <?=mk_option(1,'false',_('Disabled'))?>
+  </select>
+  <span id='TSuserspacenetworking_msg' style='font-style: italic;'></span>
+
+:docker_tailscale_userspace_networking_help:
+
+</div>
+
+<div markdown="1" class="TSssh noshow">
+_(Enable Tailscale SSH)_:
+: <select name="TSssh" id="TSssh">
+    <?=mk_option(1,'false',_('No'))?>
+    <?=mk_option(1,'true',_('Yes'))?>
+  </select>
+
+:docker_tailscale_ssh_help:
+
+</div>
+
+<div markdown="1" class="TSserve noshow">
+_(Tailscale Serve)_:
+: <select name="TSserve" id="TSserve" onchange="showServe(this.value)">
+    <?=mk_option(1,'no',_('No'))?>
+    <?=mk_option(1,'serve',_('Serve'))?>
+    <?=mk_option(1,'funnel',_('Funnel'))?>
+  </select>
+<?php if (!empty($TS_webui_url)) echo '<label for="TSserve"><a href="' . $TS_webui_url . '" target="_blank">' . $TS_webui_url . '</a></label>'; ?>
+
+:docker_tailscale_serve_mode_help:
+
+</div>
+
+<div markdown="1" class="TSserveport noshow">
+_(Tailscale Serve Port)_:
+: <input type="text" name="TSserveport" value="<?php echo !empty($xml['TailscaleServePort']) ? $xml['TailscaleServePort'] : (!empty($TSwebuiport) ? $TSwebuiport : ''); ?>" placeholder="_(Will be detected automatically if possible)_">
+
+:docker_tailscale_serve_port_help:
+
+</div>
+
+<div markdown="1" class="TSadvanced noshow">
+_(Tailscale Show Advanced Settings)_:
+: <input type="checkbox" name="TSadvanced" class="switch-on-off" onchange="showTSAdvanced(this.checked)">
+
+:docker_tailscale_show_advanced_help:
+
+</div>
+
+<div markdown="1" class="TSservelocalpath noshow">
+_(Tailscale Serve Local Path)_:
+: <input type="text" name="TSservelocalpath" <?php if (!empty($xml['TailscaleServeLocalPath'])) echo 'value="' . $xml['TailscaleServeLocalPath'] . '"'; ?> placeholder="_(Leave empty if unsure)_">
+
+:docker_tailscale_serve_local_path_help:
+
+</div>
+
+<div markdown="1" class="TSserveprotocol noshow">
+_(Tailscale Serve Protocol)_:
+: <input type="text" name="TSserveprotocol" <?php if (!empty($xml['TailscaleServeProtocol'])) echo 'value="' . $xml['TailscaleServeProtocol'] . '"'; ?> placeholder="_(Leave empty if unsure, defaults to https)_">
+
+:docker_tailscale_serve_protocol_help:
+
+</div>
+
+<div markdown="1" class="TSserveprotocolport noshow">
+_(Tailscale Serve Protocol Port)_:
+: <input type="text" name="TSserveprotocolport" <?php if (!empty($xml['TailscaleServeProtocolPort'])) echo 'value="' . $xml['TailscaleServeProtocolPort'] . '"'; ?> placeholder="_(Leave empty if unsure, defaults to =443)_">
+
+:docker_tailscale_serve_protocol_port_help:
+
+</div>
+
+<div markdown="1" class="TSservepath noshow">
+_(Tailscale Serve Path)_:
+: <input type="text" name="TSservepath" <?php if (!empty($xml['TailscaleServePath'])) echo 'value="' . $xml['TailscaleServePath'] . '"'; ?> placeholder="_(Leave empty if unsure)_">
+
+:docker_tailscale_serve_path_help:
+
+</div>
+
+<div markdown="1" class="TSwebui noshow">
+_(Tailscale WebUI)_:
+: <input type="text" name="TSwebui" value="<?php echo !empty($TS_webui_url) ? $TS_webui_url : ''; ?>" placeholder="Will be determined automatically if possible" disabled>
+<input type="hidden" name="TSwebui" <?php if (!empty($xml['TailscaleWebUI'])) echo 'value="' . $xml['TailscaleWebUI'] . '"'; ?>>
+
+:docker_tailscale_serve_webui_help:
+
+</div>
+
+<div markdown="1" class="TSroutes noshow">
+_(Tailscale Advertise Routes)_:
+: <input type="text" pattern="[0-9:., ]*" name="TSroutes" <?php if (!empty($xml['TailscaleRoutes'])) echo 'value="' . $xml['TailscaleRoutes'] . '"'?> placeholder="_(Leave empty if unsure)_">
+
+:docker_tailscale_advertise_routes_help:
+
+</div>
+
+<div markdown="1" class="TSdaemonparams noshow">
+_(Tailscale Daemon Parameters)_:
+: <input type="text" name="TSdaemonparams" <?php if (!empty($xml['TailscaleDParams'])) echo 'value="' . $xml['TailscaleDParams'] . '"'; ?> placeholder="_(Leave empty if unsure)_">
+
+:docker_tailscale_daemon_extra_params_help:
+
+</div>
+
+<div markdown="1" class="TSextraparams noshow">
+_(Tailscale Extra Parameters)_:
+: <input type="text" name="TSextraparams" <?php if (!empty($xml['TailscaleParams'])) echo 'value="' . $xml['TailscaleParams'] . '"'; ?> placeholder="_(Leave empty if unsure)_">
+
+:docker_tailscale_extra_param_help:
+
+</div>
+
+<div markdown="1" class="TSstatedir noshow">
+_(Tailscale State Directory)_:
+: <input type="text" name="TSstatedir" <?php if (!empty($xml['TailscaleStateDir'])) echo 'value="' . $xml['TailscaleStateDir'] . '"'; ?> placeholder="_(Leave empty if unsure)_">
+
+:docker_tailscale_statedir_help:
+
+</div>
+
+<div markdown="1" class="TStroubleshooting noshow">
+_(Tailscale Install Troubleshooting Packages)_:
+: <input type="checkbox" class="switch-on-off" name="TStroubleshooting" <?php if (!empty($xml['TailscaleTroubleshooting']) && $xml['TailscaleTroubleshooting'] == 'true') echo 'checked'; ?>>
+
+:docker_tailscale_troubleshooting_packages_help:
+
+</div>
+
+<div markdown="1" class="TSdivider noshow">
+  <hr>
+</div>
+
 _(Console shell command)_:
 : <select name="contShell">
   <?=mk_option(1,'sh',_('Shell'))?>
@@ -1053,6 +1491,210 @@ function showSubnet(bridge) {
   }
 }
 
+function processExitNodeoptions(value) {
+  val = null;
+  if (value.tagName.toLowerCase() === "input") {
+    val = value.value.trim();
+  } else if (value.tagName.toLowerCase() === "select") {
+    val = value.value;
+  }
+  if (val) {
+    $('.TSallowlanaccess').show();
+  } else {
+    $('#TSallowlanaccess').val('false');
+    $('.TSallowlanaccess').hide();
+  }
+  setUserspaceNetworkOptions();
+  setIsExitNodeoptions();
+}
+
+function setUserspaceNetworkOptions() {
+  optTrueDisabled = false;
+  optFalseDisabled = false;
+  optMessage = "";
+  value = null;
+
+  var network = $('select[name="contNetwork"]')[0].value;
+  var isExitnode = $('#TSisexitnode').val();
+  if (network == 'host' || isExitnode == 'true') {
+    // in host mode or if this container is an Exit Node
+    // then Userspace Networking MUST be enabled ('true')
+    value = 'true';
+    optTrueDisabled = false;
+    optFalseDisabled = true;
+    optMessage = (isExitnode == 'true') ? "Enabled because this is an Exit Node" : "Enabled due to Docker "+network+" mode";
+  } else {
+    if (document.querySelector('input[name="TSexitnodeip"], select[name="TSexitnodeip"]').value) {
+      // If an Exit Node IP is set, Userspace Networking MUST be disabled ('false')
+      value = 'false';
+      optTrueDisabled = true;
+      optFalseDisabled = false;
+      optMessage = "Disabled due to use of an Exit Node";
+    } else {
+      // Exit Node IP is not set, user can decide whether to enable/disable Userspace Networking
+      optTrueDisabled = false;
+      optFalseDisabled = false;
+      optMessage = "";
+    }
+  }
+
+  $("#TSuserspacenetworking option[value='true']").prop("disabled", optTrueDisabled);
+  $("#TSuserspacenetworking option[value='false']").prop("disabled", optFalseDisabled);
+  if (value != null) $('#TSuserspacenetworking').val(value);
+  $('#TSuserspacenetworking_msg').text(optMessage);
+  setExitNodeoptions();
+}
+
+function setIsExitNodeoptions() {
+  optTrueDisabled = false;
+  optFalseDisabled = false;
+  optMessage = "";
+  value = null;
+
+  var network = $('select[name="contNetwork"]')[0].value;
+  if (network == 'host') {
+    // in host mode then this cannot be an Exit Node
+    value = 'false';
+    optTrueDisabled = true;
+    optFalseDisabled = false;
+    optMessage = "Disabled due to Docker "+network+" mode";
+  } else {
+    if (document.querySelector('input[name="TSexitnodeip"], select[name="TSexitnodeip"]').value) {
+      // If an Exit Node IP is set, this cannot be an Exit Node
+      value = 'false';
+      optTrueDisabled = true;
+      optFalseDisabled = false;
+      optMessage = "Disabled due to use of an Exit Node";
+    } else {
+      optTrueDisabled = false;
+      optFalseDisabled = false;
+    }
+  }
+  $("#TSisexitnode option[value='true']").prop("disabled", optTrueDisabled);
+  $("#TSisexitnode option[value='false']").prop("disabled", optFalseDisabled);
+  if (value != null) $('#TSisexitnode').val(value);
+  $('#TSisexitnode_msg').text(optMessage);
+}
+
+function setExitNodeoptions() {
+  optMessage = "";
+  var $exitNodeInput = $('input[name="TSexitnodeip"]');
+  var $exitNodeSelect = $('#TSexitnodeip');
+  // In host mode, TSuserspacenetworking is true
+  if ($('#TSuserspacenetworking').val() == 'true') {
+    // if TSuserspacenetworking is true, then TSexitnodeip must be "" and all options are disabled
+    optMessage = "Disabled because Userspace Networking is Enabled.";
+    $exitNodeInput.val('').prop('disabled', true);  // Disable the input field
+    $exitNodeSelect.val('').prop('disabled', true).find('option').each(function() {
+      if ($(this).val() === "") {
+        $(this).prop('disabled', false);  // Enable the option with value=""
+      } else {
+        $(this).prop('disabled', true);   // Disable all other options
+      }
+    });
+  } else {
+    // if TSuserspacenetworking is false, then all TSexitnodeip options can be enabled
+    $exitNodeInput.prop('disabled', false);  // Enable the input field
+    $exitNodeSelect.prop('disabled', false).find('option').each(function() {
+      $(this).prop('disabled', false);   // Enable all options
+    });
+  }
+  $('#TSexitnodeip_msg').text(optMessage);
+}
+
+function showTSAdvanced(checked) {
+  if (!checked) {
+    <?if (!empty($TSwebuiport)):?>
+      $('.TSserveport').hide();
+    <?elseif (empty($contTailscale) || $contTailscale == 'false'):?>
+      $('.TSserveport').hide();
+    <?else:?>
+      $('.TSserveport').show();
+    <?endif;?>
+    $('.TSdaemonparams').hide();
+    $('.TSextraparams').hide();
+    $('.TSstatedir').hide();
+    $('.TSservepath').hide();
+    $('.TSserveprotocol').hide();
+    $('.TSserveprotocolport').hide();
+    $('.TSservelocalpath').hide();
+    $('.TSwebui').hide();
+    $('.TStroubleshooting').hide();
+    $('.TSroutes').hide();
+  } else {
+    $('.TSdaemonparams').show();
+    $('.TSextraparams').show();
+    $('.TSstatedir').show();
+    $('.TSserveport').show();
+    $('.TSservepath').show();
+    $('.TSserveprotocol').show();
+    $('.TSserveprotocolport').show();
+    $('.TSservelocalpath').show();
+    $('.TSwebui').show();
+    $('.TStroubleshooting').show();
+    $('.TSroutes').show();
+  }
+}
+
+function showTailscale(source) {
+  if (!$.trim($('#TSallowlanaccess').val())) {
+    $('#TSallowlanaccess').val('false');
+  }
+  if (!$.trim($('#TSserve').val())) {
+    $('#TSserve').val('no');
+  }
+  checked = $('#contTailscale').prop('checked');
+  if (!checked) {
+    $('.TSdivider').hide();
+    $('.TSwarning').hide();
+    $('.TSdeploy').hide();
+    $('.TSisexitnode').hide();
+    $('.TShostname').hide();
+    $('.TSexitnodeip').hide();
+    $('.TSssh').hide();
+    $('.TSallowlanaccess').hide();
+    $('.TSdaemonparams').hide();
+    $('.TSextraparams').hide();
+    $('.TSstatedir').hide();
+    $('.TSserve').hide();
+    $('.TSuserspacenetworking').hide();
+    $('.TSservepath').hide();
+    $('.TSserveprotocol').hide();
+    $('.TSserveprotocolport').hide();
+    $('.TSservelocalpath').hide();
+    $('.TSwebui').hide();
+    $('.TSserveport').hide();
+    $('.TSadvanced').hide();
+    $('.TSroutes').hide();
+  } else {
+    // reset these vals back to what they were in the XML
+    $('#TSssh').val('<?php echo !empty($xml['TailscaleSSH']) ? $xml['TailscaleSSH'] : 'false' ?>');
+    $('#TSallowlanaccess').val('<?php echo $xml['TailscaleLANAccess']; ?>');
+    $('#TSserve').val('<?php echo $xml['TailscaleServe']; ?>');
+    $('#TSexitnodeip').val('<?php echo $xml['TailscaleExitNodeIP']; ?>');
+    $('#TSuserspacenetworking').val('<?php echo !empty($xml['TailscaleUserspaceNetworking']) ? $xml['TailscaleUserspaceNetworking'] : 'false' ?>');
+    <?if (empty($xml['TailscaleServe']) && !empty($TSwebuiport) && empty($xml['TailscaleServePort'])):?>
+      $('#TSserve').val('serve');
+    <?elseif (empty($xml['TailscaleServe']) && empty($TSwebuiport) && empty($xml['TailscaleServePort'])):?>
+      $('#TSserve').val('no');
+    <?endif;?>
+    // don't reset this field if caller was the onchange event for this field
+    if (source.id != 'TSisexitnode') $('#TSisexitnode').val('<?php echo !empty($xml['TailscaleIsExitNode']) ? $xml['TailscaleIsExitNode'] : 'false'; ?>');
+    $('.TSisexitnode').show();
+    $('.TShostname').show();
+    $('.TSssh').show();
+    $('.TSexitnodeip').show();
+    $('.TSallowlanaccess').hide();
+    $('.TSserve').show();
+    $('.TSuserspacenetworking').show();
+    processExitNodeoptions(document.querySelector('input[name="TSexitnodeip"], select[name="TSexitnodeip"]'));
+    $('.TSdivider').show();
+    $('.TSwarning').show();
+    $('.TSdeploy').show();
+    $('.TSadvanced').show();
+  }
+}
+
 function reloadTriggers() {
   $(".basic").toggle(!$(".advancedview").is(":checked"));
   $(".advanced").toggle($(".advancedview").is(":checked"));
diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
index 48b203e4e..d2c61317b 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
@@ -292,6 +292,16 @@ class DockerTemplates {
 		return $WebUI;
 	}
 
+	private function getTailscaleJson($name) {
+		$TS_raw = [];
+		exec("docker exec -i ".$name." /bin/sh -c \"tailscale status --peers=false --json\" 2>/dev/null", $TS_raw);
+		if (!empty($TS_raw)) {
+			$TS_raw = implode("\n", $TS_raw);
+			return json_decode($TS_raw, true);
+		}
+		return '';
+	}
+
 	public function getAllInfo($reload=false,$com=true,$communityApplications=false) {
 		global $driver, $dockerManPaths, $host;
 		$DockerClient = new DockerClient();
@@ -299,6 +309,7 @@ class DockerTemplates {
 		//$DockerUpdate->verbose = $this->verbose;
 		$info = DockerUtil::loadJSON($dockerManPaths['webui-info']);
 		$autoStart = array_map('var_split', @file($dockerManPaths['autostart-file'],FILE_IGNORE_NEW_LINES) ?: []);
+		//$TS_dns = $this->getTailscaleDNS();
 		foreach ($DockerClient->getDockerContainers() as $ct) {
 			$name = $ct['Name'];
 			$image = $ct['Image'];
@@ -334,6 +345,39 @@ class DockerTemplates {
 					if (strpos($ct['NetworkMode'], 'container:') === 0)
 					  $tmp['url'] = '';
 				}
+				// Check if webui & ct TSurl is set, if set construct WebUI URL on Docker page
+				$tmp['TSurl'] = '';
+				if (!empty($webui) && !empty($ct['TSUrl'])) {
+					$TS_no_peers = $this->getTailscaleJson($name);
+					if (!empty($TS_no_peers) && (!empty($TS_no_peers['CurrentTailnet']['MagicDNSEnabled']) || $TS_no_peers['CurrentTailnet']['MagicDNSEnabled'])) {
+						$TS_container = $TS_no_peers['Self'];
+						$TS_DNSName = _var($TS_container,'DNSName','');
+						$TS_HostNameActual = substr($TS_DNSName, 0, strpos($TS_DNSName, '.'));
+						// Check if serve or funnel are enabled by checking for [hostname] and replace string with TS_DNSName
+						if (strpos($ct['TSUrl'], '[hostname]') !== false && isset($TS_DNSName)) {
+							$tmp['TSurl'] = str_replace("[hostname][magicdns]", rtrim($TS_DNSName, '.'), $ct['TSUrl']);
+						// Check if serve is disabled, construct url with port, path and query if present and replace [noserve] with url
+						} elseif (strpos($ct['TSUrl'], '[noserve]') !== false && isset($TS_container['TailscaleIPs'])) {
+							$ipv4 = '';
+							foreach ($TS_container['TailscaleIPs'] as $ip) {
+								if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+									$ipv4 = $ip;
+									break;
+								}
+							}
+							if (!empty($ipv4)) {
+								$webui_url = isset($webui) ? parse_url($webui) : '';
+								$webui_port = (preg_match('/\[PORT:(\d+)\]/', $webui, $matches)) ? ':' . $matches[1] : '';
+								$webui_path = $webui_url['path'] ?? '';
+								$webui_query = isset($webui_url['query']) ? '?' . $webui_url['query'] : '';
+								$tmp['TSurl'] = 'http://' . $ipv4 . $webui_port . $webui_path . $webui_query;
+							}
+						// Check if TailscaleWebUI in the xml is custom and display instead
+						} elseif (strpos($ct['TSUrl'], '[hostname]') === false && strpos($ct['TSUrl'], '[noserve]') === false) {
+							$tmp['TSurl'] = $ct['TSUrl'];
+						}
+					}
+				}
 				if ( ($tmp['shell'] ?? false) == false )
 					$tmp['shell'] = $this->getTemplateValue($image, 'Shell');
 			}
@@ -824,7 +868,6 @@ class DockerClient {
 		global $docroot, $dockerManPaths;
 		$id = $id ?: $name;
 		$info = DockerUtil::loadJSON($dockerManPaths['webui-info']);
-
 		// Attempt to remove container
 		$this->getDockerJSON("/containers/$id?force=1", 'DELETE', $code);
 		if (isset($info[$name])) {
@@ -938,8 +981,10 @@ class DockerClient {
 			$c['BaseImage']   = $ct['Labels']['BASEIMAGE'] ?? false;
 			$c['Icon']        = $info['Config']['Labels']['net.unraid.docker.icon'] ?? false;
 			$c['Url']         = $info['Config']['Labels']['net.unraid.docker.webui'] ?? false;
-			$c['Shell']         = $info['Config']['Labels']['net.unraid.docker.shell'] ?? false;
-			$c['Manager']         = $info['Config']['Labels']['net.unraid.docker.managed'] ?? false;
+			$c['TSUrl']       = $info['Config']['Labels']['net.unraid.docker.tailscale.webui'] ?? false;
+			$c['TSHostname']  = $info['Config']['Labels']['net.unraid.docker.tailscale.hostname'] ?? false;
+			$c['Shell']       = $info['Config']['Labels']['net.unraid.docker.shell'] ?? false;
+			$c['Manager']     = $info['Config']['Labels']['net.unraid.docker.managed'] ?? false;
 			$c['Ports']       = [];
 			$c['Networks']	  = [];
 			if ($id) $c['NetworkMode'] = $net.str_replace('/',':',DockerUtil::ctMap($id)?:'/???');
diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index 0883c451d..2bd1a8b3e 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -48,6 +48,55 @@ $null = '0.0.0.0';
 $autostart = (array)@file($autostart_file,FILE_IGNORE_NEW_LINES);
 $names = array_map('var_split',$autostart);
 
+// Grab Tailscale json from container
+function tailscale_stats($name) {
+  exec("docker exec -i ".$name." /bin/sh -c \"tailscale status --json | jq '{Self: .Self, ExitNodeStatus: .ExitNodeStatus, Version: .Version}'\" 2>/dev/null", $TS_stats);
+  if (!empty($TS_stats)) {
+    $TS_stats = implode("\n", $TS_stats);
+    return json_decode($TS_stats, true);
+  }
+  return '';
+}
+
+// Download Tailscal JSON and return Array, refresh file if older than 24 hours
+function tailscale_json_dl($file, $url) {
+  $dl_status = 0;
+  if (!is_dir('/tmp/tailscale')) {
+    mkdir('/tmp/tailscale', 0777, true);
+  }
+  if (!file_exists($file)) {
+    exec("wget -T 3 -q -O " . $file . " " . $url, $output, $dl_status);
+  } else {
+    $fileage =  time() - filemtime($file);
+    if ($fileage > 86400) {
+      unlink($file);
+      exec("wget -T 3 -q -O " . $file . " " . $url, $output, $dl_status);
+    }
+  }
+  if ($dl_status === 0) {
+    return json_decode(@file_get_contents($file), true);
+  } elseif ($dl_status === 0 && is_file($file)) {
+    return json_decode(@file_get_contents($file), true);
+  } else {
+    unlink($file);
+    return '';
+  }
+}
+
+// Grab Tailscale DERP map JSON
+$TS_derp_url = 'https://login.tailscale.com/derpmap/default';
+$TS_derp_file = '/tmp/tailscale/tailscale-derpmap.json';
+$TS_derp_list = tailscale_json_dl($TS_derp_file, $TS_derp_url);
+
+// Grab Tailscale version JSON
+$TS_version_url = 'https://pkgs.tailscale.com/stable/?mode=json';
+$TS_version_file = '/tmp/tailscale/tailscale-latest-version.json';
+// Extract tarbal version string
+$TS_latest_version = tailscale_json_dl($TS_version_file, $TS_version_url);
+if (!empty($TS_latest_version)) {
+  $TS_latest_version = $TS_latest_version["TarballsVersion"];
+}
+
 function my_lang_time($text) {
   [$number, $text] = my_explode(' ',$text,2);
   return sprintf(_("%s $text"),$number);
@@ -74,12 +123,14 @@ foreach ($containers as $ct) {
   $template = $info['template']??'';
   $shell = $info['shell']??'';
   $webGui = html_entity_decode($info['url']??'');
+  $TShostname = isset($ct['TSHostname']) ? $ct['TSHostname'] : '';
+  $TSwebGui = html_entity_decode($info['TSurl']??'');
   $support = html_entity_decode($info['Support']??'');
   $project = html_entity_decode($info['Project']??'');
   $registry = html_entity_decode($info['registry']??'');
   $donateLink = html_entity_decode($info['DonateLink']??'');
   $readme = html_entity_decode($info['ReadMe']??'');
-  $menu = sprintf("onclick=\"addDockerContainerContext('%s','%s','%s',%s,%s,%s,%s,'%s','%s','%s','%s','%s','%s', '%s','%s')\"", addslashes($name), addslashes($ct['ImageId']), addslashes($template), $running, $paused, $updateStatus, $is_autostart, addslashes($webGui), $shell, $id, addslashes($support), addslashes($project),addslashes($registry),addslashes($donateLink),addslashes($readme));
+  $menu = sprintf("onclick=\"addDockerContainerContext('%s','%s','%s',%s,%s,%s,%s,'%s','%s','%s','%s','%s','%s','%s', '%s','%s')\"", addslashes($name), addslashes($ct['ImageId']), addslashes($template), $running, $paused, $updateStatus, $is_autostart, addslashes($webGui), addslashes($TSwebGui), $shell, $id, addslashes($support), addslashes($project),addslashes($registry),addslashes($donateLink),addslashes($readme));
   $docker[] = "docker.push({name:'$name',id:'$id',state:$running,pause:$paused,update:$updateStatus});";
   $shape = $running ? ($paused ? 'pause' : 'play') : 'square';
   $status = $running ? ($paused ? 'paused' : 'started') : 'stopped';
@@ -179,6 +230,95 @@ foreach ($containers as $ct) {
       }
       break;
     }
+  // Check if Tailscale for container is enabled by checking if TShostname is set
+  if (!empty($TShostname)) {
+    if ($running) {
+      // Get stats from container and check if they are not empty
+      $TSstats = tailscale_stats($name);
+      if (!empty($TSstats)) {
+        // Construct TSinfo from TSstats
+        $TSinfo = '';
+        if (!$TSstats["Self"]["Online"]) {
+          $TSinfo .= "Online:\t\t&#10060;\nPlease check the logs!";
+        } else {
+          $TS_version = explode('-', $TSstats["Version"])[0];
+          if (!empty($TS_version)) {
+            if (!empty($TS_latest_version)) {
+              if ($TS_version !== $TS_latest_version) {
+                $TSinfo .= "Version:\t\t" . $TS_version . " &#10132; " . $TS_latest_version . " available!\n";
+              } else {
+                $TSinfo .= "Version:\t\t" . $TS_version . "\n";
+              }
+            } else {
+              $TSinfo .= "Version:\t\t" . $TS_version . "\n";
+            }
+          }
+          $TSinfo .= "Online:\t\t&#9989;\n";
+          $TS_DNSName = $TSstats["Self"]["DNSName"];
+          $TS_HostNameActual = substr($TS_DNSName, 0, strpos($TS_DNSName, '.'));
+          if (strcasecmp($TS_HostNameActual, $TShostname) !== 0 && !empty($TS_DNSName)) {
+            $TSinfo .= "Hostname:\tReal Hostname &#10132; " . $TS_HostNameActual . "\n";
+          } else {
+            $TSinfo .= "Hostname:\t" . $TShostname . "\n";
+          }
+          // Map region relay code to cleartext region if TS_derp_list is available
+          if (!empty($TS_derp_list)) {
+            foreach ($TS_derp_list['Regions'] as $region) {
+              if ($region['RegionCode'] === $TSstats["Self"]["Relay"]) {
+                $TSregion = $region['RegionName'];
+                break;
+              }
+            }
+            if (!empty($TSregion)) {
+              $TSinfo .= "Main Relay:\t" . $TSregion . "\n";
+            } else {
+              $TSinfo .= "Main Relay:\t" . $TSstats["Self"]["Relay"] . "\n";
+            }
+          } else {
+            $TSinfo .= "Main Relay:\t" . $TSstats["Self"]["Relay"] . "\n";
+          }
+          if (!empty($TSstats["Self"]["TailscaleIPs"])) {
+            $TSinfo .= "Addresses:\t" . implode("\n\t\t\t", $TSstats["Self"]["TailscaleIPs"]) . "\n";
+          }
+          if (!empty($TSstats["Self"]["PrimaryRoutes"])) {
+            $TSinfo .= "Routes:\t\t" . implode("\n\t\t\t", $TSstats["Self"]["PrimaryRoutes"]) . "\n";
+          }
+          if ($TSstats["Self"]["ExitNodeOption"]) {
+            $TSinfo .= "Is Exit Node:\t&#9989;\n";
+          } else {
+            if (!empty($TSstats["ExitNodeStatus"])) {
+              $TS_exit_node_status = ($TSstats["ExitNodeStatus"]["Online"]) ? "&#9989;" : "&#10060;";
+              $TSinfo .= "Exit Node:\t" . strstr($TSstats["ExitNodeStatus"]["TailscaleIPs"][0], '/', true) . " | Status: " . $TS_exit_node_status ."\n";
+            } else {
+              $TSinfo .= "Is Exit Node:\t&#10060;\n";
+            }
+          }
+          if (!empty($TSwebGui)) {
+            $TSinfo .= "URL:\t\t" . $TSwebGui . "\n";
+          }
+          if (!empty($TSstats["Self"]["KeyExpiry"])) {
+            $TS_expiry = new DateTime($TSstats["Self"]["KeyExpiry"]);
+            $current_Date = new DateTime();
+            $TS_expiry_formatted = $TS_expiry->format('Y-m-d');
+            $TS_expiry_diff = $current_Date->diff($TS_expiry);
+            if ($TS_expiry_diff->invert) {
+              $TSinfo .= "Key Expiry:\t&#10060; Expired! Renew/Disable key expiry!\n";
+            } else {
+              $TSinfo .= "Key Expiry:\t" . $TS_expiry_formatted . " (" . $TS_expiry_diff->days . " days)\n";
+            }
+          }
+        }
+      // Display message to refresh page if Tailscale in the container wasn't maybe ready to get the data
+      } else {
+        echo "<div title='Error gathering Tailscale information from container.\nPlease check the logs and refresh the page.'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div></td>";
+      }
+      // Display TSinfo if data was fetched correctly
+      echo "<div title='" . $TSinfo . "'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
+    // Display message that container isn't running
+    } else {
+      echo "<div title='Container not runnig'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div></td>";
+    }
+  }
   echo "<div class='advanced'><i class='fa fa-info-circle fa-fw'></i> ".compress(_($version),12,0)."</div></td>";
   echo "<td style='white-space:nowrap'><span class='docker_readmore'> ".implode('<br>',$networks)."</span></td>";
   echo "<td style='white-space:nowrap'><span class='docker_readmore'> ".implode('<br>',$network_ips)."</span></td>";
@@ -211,4 +351,3 @@ foreach ($images as $image) {
 }
 echo "\0".implode($docker)."\0".(pgrep('rc.docker')!==false ? 1:0);
 ?>
-
diff --git a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
index 71f59bd75..82013ec44 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
@@ -32,37 +32,65 @@ function xml_decode($string) {
   return strval(html_entity_decode($string, ENT_XML1, 'UTF-8'));
 }
 
+function generateTSwebui($url, $serve, $webUI) {
+  if (!isset($webUI)) {
+    return '';
+  }
+  $webui_url = isset($webUI) ? parse_url($webUI) : '';
+  $webui_port = (preg_match('/\[PORT:(\d+)\]/', $webUI, $matches)) ? ':' . $matches[1] : '';
+  $webui_path = $webui_url['path'] ?? '';
+  $webui_query = isset($webui_url['query']) ? '?' . $webui_url['query'] : '';
+  if (!empty($url)) {
+    if (strpos($url, '[hostname]') !== false || strpos($url, '[noserve]') !== false) {
+      if ($serve === 'serve' || $serve === 'funnel') {
+        return 'https://[hostname][magicdns]' . $webui_path . $webui_query;
+      } elseif ($serve === 'no') {
+        return 'http://[noserve]' . $webui_port . $webui_path . $webui_query;
+      }
+    }
+    return $url;
+  } else {
+    if (!empty($webUI)) {
+      if ($serve === 'serve' || $serve === 'funnel') {
+        return 'https://[hostname][magicdns]' . $webui_path . $webui_query;
+      } elseif ($serve === 'no') {
+        return 'http://[noserve]' . $webui_port . $webui_path . $webui_query;
+    }
+  }
+  return '';
+  }
+}
+
 function postToXML($post, $setOwnership=false) {
   $dom = new domDocument;
   $dom->appendChild($dom->createElement("Container"));
   $xml = simplexml_import_dom($dom);
-  $xml['version']          = 2;
-  $xml->Name               = xml_encode(preg_replace('/\s+/', '', $post['contName']));
-  $xml->Repository         = xml_encode(trim($post['contRepository']));
-  $xml->Registry           = xml_encode(trim($post['contRegistry']));
-  if (!empty(trim($post['netCONT']))) {
-    $xml->Network          = xml_encode($post['contNetwork'].':'.$post['netCONT']);
+  $xml['version']                  = 2;
+  $xml->Name                       = xml_encode(preg_replace('/\s+/', '', $post['contName']));
+  $xml->Repository                 = xml_encode(trim($post['contRepository']));
+  $xml->Registry                   = xml_encode(trim($post['contRegistry']));
+  if (isset($post['netCONT']) && !empty(trim($post['netCONT']))) {
+    $xml->Network                  = xml_encode($post['contNetwork'].':'.$post['netCONT']);
   } else {
-    $xml->Network          = xml_encode($post['contNetwork']);
+    $xml->Network                  = xml_encode($post['contNetwork']);
   }
-  $xml->MyIP               = xml_encode($post['contMyIP']);
-  $xml->Shell              = xml_encode($post['contShell']);
-  $xml->Privileged         = strtolower($post['contPrivileged']??'')=='on' ? 'true' : 'false';
-  $xml->Support            = xml_encode($post['contSupport']);
-  $xml->Project            = xml_encode($post['contProject']);
-  $xml->Overview           = xml_encode($post['contOverview']);
-  $xml->Category           = xml_encode($post['contCategory']);
-  $xml->WebUI              = xml_encode(trim($post['contWebUI']));
-  $xml->TemplateURL        = xml_encode($post['contTemplateURL']);
-  $xml->Icon               = xml_encode(trim($post['contIcon']));
-  $xml->ExtraParams        = xml_encode($post['contExtraParams']);
-  $xml->PostArgs           = xml_encode($post['contPostArgs']);
-  $xml->CPUset             = xml_encode($post['contCPUset']);
-  $xml->DateInstalled      = xml_encode(time());
-  $xml->DonateText         = xml_encode($post['contDonateText']);
-  $xml->DonateLink         = xml_encode($post['contDonateLink']);
-  $xml->Requires           = xml_encode($post['contRequires']);
-
+  $xml->MyIP                       = xml_encode($post['contMyIP']);
+  $xml->Shell                      = xml_encode($post['contShell']);
+  $xml->Privileged                 = strtolower($post['contPrivileged']??'')=='on' ? 'true' : 'false';
+  $xml->Support                    = xml_encode($post['contSupport']);
+  $xml->Project                    = xml_encode($post['contProject']);
+  $xml->Overview                   = xml_encode($post['contOverview']);
+  $xml->Category                   = xml_encode($post['contCategory']);
+  $xml->WebUI                      = xml_encode(trim($post['contWebUI']));
+  $xml->TemplateURL                = xml_encode($post['contTemplateURL']);
+  $xml->Icon                       = xml_encode(trim($post['contIcon']));
+  $xml->ExtraParams                = xml_encode($post['contExtraParams']);
+  $xml->PostArgs                   = xml_encode($post['contPostArgs']);
+  $xml->CPUset                     = xml_encode($post['contCPUset']);
+  $xml->DateInstalled              = xml_encode(time());
+  $xml->DonateText                 = xml_encode($post['contDonateText']);
+  $xml->DonateLink                 = xml_encode($post['contDonateLink']);
+  $xml->Requires                   = xml_encode($post['contRequires']);
   $size = is_array($post['confName']??null) ? count($post['confName']) : 0;
   for ($i = 0; $i < $size; $i++) {
     $Type                  = $post['confType'][$i];
@@ -77,6 +105,31 @@ function postToXML($post, $setOwnership=false) {
     $config['Required']    = xml_encode($post['confRequired'][$i]);
     $config['Mask']        = xml_encode($post['confMask'][$i]);
   }
+  if (isset($post['contTailscale']) && strtolower($post['contTailscale']) == 'on') {
+    $xml->TailscaleEnabled             = 'true';
+    $xml->TailscaleIsExitNode          = xml_encode($post['TSisexitnode']);
+    $xml->TailscaleHostname            = xml_encode($post['TShostname']);
+    $xml->TailscaleExitNodeIP          = xml_encode($post['TSexitnodeip']);
+    $xml->TailscaleSSH                 = xml_encode($post['TSssh']);
+    $xml->TailscaleUserspaceNetworking = xml_encode($post['TSuserspacenetworking']);
+    $xml->TailscaleLANAccess           = xml_encode($post['TSallowlanaccess']);
+    $xml->TailscaleServe               = xml_encode($post['TSserve']);
+    $xml->TailscaleWebUI               = xml_encode(generateTSwebui($post['TSwebui'], $post['TSserve'], $post['contWebUI']));
+    if (isset($post['TSserve']) && strtolower($post['TSserve']) !== 'no') {
+      $xml->TailscaleServePort           = xml_encode($post['TSserveport']);
+      $xml->TailscaleServeLocalPath      = xml_encode($post['TSservelocalpath']);
+      $xml->TailscaleServeProtocol       = xml_encode($post['TSserveprotocol']);
+      $xml->TailscaleServeProtocolPort   = xml_encode($post['TSserveprotocolport']);
+      $xml->TailscaleServePath           = xml_encode($post['TSservepath']);
+    }
+    $xml->TailscaleDParams             = xml_encode($post['TSdaemonparams']);
+    $xml->TailscaleParams              = xml_encode($post['TSextraparams']);
+    $xml->TailscaleStateDir            = xml_encode($post['TSstatedir']);
+    $xml->TailscaleRoutes              = xml_encode($post['TSroutes']);;
+    if (isset($post['TStroubleshooting']) && strtolower($post['TStroubleshooting']) === 'on') {
+      $xml->TailscaleTroubleshooting     = 'true';
+    }
+  }
   $dom = new DOMDocument('1.0');
   $dom->preserveWhiteSpace = false;
   $dom->formatOutput = true;
@@ -86,29 +139,48 @@ function postToXML($post, $setOwnership=false) {
 
 function xmlToVar($xml) {
   global $subnet;
-  $xml                = is_file($xml) ? simplexml_load_file($xml) : simplexml_load_string($xml);
-  $out                = [];
-  $out['Name']        = preg_replace('/\s+/', '', xml_decode($xml->Name));
-  $out['Repository']  = xml_decode($xml->Repository);
-  $out['Registry']    = xml_decode($xml->Registry);
-  $out['Network']     = xml_decode($xml->Network);
-  $out['MyIP']        = xml_decode($xml->MyIP ?? '');
-  $out['Shell']       = xml_decode($xml->Shell ?? 'sh');
-  $out['Privileged']  = xml_decode($xml->Privileged);
-  $out['Support']     = xml_decode($xml->Support);
-  $out['Project']     = xml_decode($xml->Project);
-  $out['Overview']    = stripslashes(xml_decode($xml->Overview));
-  $out['Category']    = xml_decode($xml->Category);
-  $out['WebUI']       = xml_decode($xml->WebUI);
-  $out['TemplateURL'] = xml_decode($xml->TemplateURL);
-  $out['Icon']        = xml_decode($xml->Icon);
-  $out['ExtraParams'] = xml_decode($xml->ExtraParams);
-  $out['PostArgs']    = xml_decode($xml->PostArgs);
-  $out['CPUset']      = xml_decode($xml->CPUset);
-  $out['DonateText']  = xml_decode($xml->DonateText);
-  $out['DonateLink']  = xml_decode($xml->DonateLink);
-  $out['Requires']    = xml_decode($xml->Requires);
-  $out['Config']      = [];
+  $xml                                 = is_file($xml) ? simplexml_load_file($xml) : simplexml_load_string($xml);
+  $out                                 = [];
+  $out['Name']                         = preg_replace('/\s+/', '', xml_decode($xml->Name));
+  $out['Repository']                   = xml_decode($xml->Repository);
+  $out['Registry']                     = xml_decode($xml->Registry);
+  $out['Network']                      = xml_decode($xml->Network);
+  $out['MyIP']                         = xml_decode($xml->MyIP ?? '');
+  $out['Shell']                        = xml_decode($xml->Shell ?? 'sh');
+  $out['Privileged']                   = xml_decode($xml->Privileged);
+  $out['Support']                      = xml_decode($xml->Support);
+  $out['Project']                      = xml_decode($xml->Project);
+  $out['Overview']                     = stripslashes(xml_decode($xml->Overview));
+  $out['Category']                     = xml_decode($xml->Category);
+  $out['WebUI']                        = xml_decode($xml->WebUI);
+  $out['TemplateURL']                  = xml_decode($xml->TemplateURL);
+  $out['Icon']                         = xml_decode($xml->Icon);
+  $out['ExtraParams']                  = xml_decode($xml->ExtraParams);
+  $out['PostArgs']                     = xml_decode($xml->PostArgs);
+  $out['CPUset']                       = xml_decode($xml->CPUset);
+  $out['DonateText']                   = xml_decode($xml->DonateText);
+  $out['DonateLink']                   = xml_decode($xml->DonateLink);
+  $out['Requires']                     = xml_decode($xml->Requires);
+  $out['TailscaleEnabled']             = xml_decode($xml->TailscaleEnabled ?? '');
+  $out['TailscaleIsExitNode']          = xml_decode($xml->TailscaleIsExitNode ?? '');
+  $out['TailscaleHostname']            = xml_decode($xml->TailscaleHostname ?? '');
+  $out['TailscaleExitNodeIP']          = xml_decode($xml->TailscaleExitNodeIP ?? '');
+  $out['TailscaleSSH']                 = xml_decode($xml->TailscaleSSH ?? '');
+  $out['TailscaleLANAccess']           = xml_decode($xml->TailscaleLANAccess ?? '');
+  $out['TailscaleUserspaceNetworking'] = xml_decode($xml->TailscaleUserspaceNetworking ?? '');
+  $out['TailscaleServe']               = xml_decode($xml->TailscaleServe ?? '');
+  $out['TailscaleServePort']           = xml_decode($xml->TailscaleServePort ?? '');
+  $out['TailscaleServeLocalPath']      = xml_decode($xml->TailscaleServeLocalPath ?? '');
+  $out['TailscaleServeProtocol']       = xml_decode($xml->TailscaleServeProtocol ?? '');
+  $out['TailscaleServeProtocolPort']   = xml_decode($xml->TailscaleServeProtocolPort ?? '');
+  $out['TailscaleServePath']           = xml_decode($xml->TailscaleServePath ?? '');
+  $out['TailscaleWebUI']               = xml_decode($xml->TailscaleWebUI ?? '');
+  $out['TailscaleRoutes']              = xml_decode($xml->TailscaleRoutes ?? '');
+  $out['TailscaleDParams']             = xml_decode($xml->TailscaleDParams ?? '');
+  $out['TailscaleParams']              = xml_decode($xml->TailscaleParams ?? '');
+  $out['TailscaleStateDir']            = xml_decode($xml->TailscaleStateDir ?? '');
+  $out['TailscaleTroubleshooting']     = xml_decode($xml->TailscaleTroubleshooting ?? '');
+  $out['Config']                       = [];
   if (isset($xml->Config)) {
     foreach ($xml->Config as $config) {
       $c = [];
@@ -266,7 +338,7 @@ function xmlToCommand($xml, $create_paths=false) {
   $Variables[]   = 'TZ="'.$var['timeZone'].'"';
   // Add HOST_OS variable
   $Variables[]   = 'HOST_OS="Unraid"';
-  // Add HOST_HOSTNAME variable 
+  // Add HOST_HOSTNAME variable
   $Variables[]   = 'HOST_HOSTNAME="'.$var['NAME'].'"';
   // Add HOST_CONTAINERNAME variable
   $Variables[]   = 'HOST_CONTAINERNAME="'.$xml['Name'].'"';
@@ -275,6 +347,68 @@ function xmlToCommand($xml, $create_paths=false) {
   if (strlen($xml['WebUI']))  $Labels[] = 'net.unraid.docker.webui='.escapeshellarg($xml['WebUI']);
   if (strlen($xml['Icon'])) $Labels[] = 'net.unraid.docker.icon='.escapeshellarg($xml['Icon']);
 
+  // Initialize Tailscale variables
+  $TS_entrypoint = '';
+  $TS_hook = '';
+  $TS_hostname = '';
+  $TS_hostname_label = '';
+  $TS_ssh = '';
+  $TS_tundev = '';
+  $TS_cap = '';
+  $TS_exitnode = '';
+  $TS_exitnode_ip = '';
+  $TS_lan_access = '';
+  $TS_userspace_networking = '';
+  $TS_daemon_params = '';
+  $TS_extra_params = '';
+  $TS_state_dir = '';
+  $TS_serve_funnel = '';
+  $TS_serve_port = '';
+  $TS_serve_local_path = '';
+  $TS_serve_protocol = '';
+  $TS_serve_protocol_port = '';
+  $TS_serve_path = '';
+  $TS_web_ui = '';
+  $TS_troubleshooting = '';
+  $TS_routes = '';
+  $TS_postargs = '';
+  // Get all information from xml and create variables for cmd
+  if ($xml['TailscaleEnabled'] == 'true') {
+    $TS_entrypoint = '--entrypoint=\'/opt/unraid/tailscale\'';
+    $TS_hook = '-v \'/usr/local/share/docker/tailscale_container_hook\':\'/opt/unraid/tailscale\'';
+    $TS_hostname = !empty($xml['TailscaleHostname']) ? '-e TAILSCALE_HOSTNAME=' . escapeshellarg($xml['TailscaleHostname']) : '';
+    $TS_hostname_label = !empty($xml['TailscaleHostname']) ? '-l net.unraid.docker.tailscale.hostname=' . escapeshellarg($xml['TailscaleHostname']) : '';
+    $TS_ssh = !empty($xml['TailscaleSSH']) ? '-e TAILSCALE_USE_SSH=' . escapeshellarg($xml['TailscaleSSH']) : '';
+    $TS_daemon_params = !empty($xml['TailscaleDParams']) ? '-e TAILSCALED_PARAMS=' . escapeshellarg($xml['TailscaleDParams']) : '';
+    $TS_extra_params = !empty($xml['TailscaleParams']) ? '-e TAILSCALE_PARAMS=' . escapeshellarg($xml['TailscaleParams']) : '';
+    $TS_state_dir = !empty($xml['TailscaleStateDir']) ? '-e TAILSCALE_STATE_DIR=' . escapeshellarg($xml['TailscaleStateDir']) : '';
+    $TS_userspace_networking = !empty($xml['TailscaleUserspaceNetworking']) ? '-e TAILSCALE_USERSPACE_NETWORKING=' . escapeshellarg($xml['TailscaleUserspaceNetworking']) : '';
+    // Only add tun, cap and specific vairables to containers which are defined as Exit Nodes and Userspace Networking disabled
+    if (_var($xml,'TailscaleIsExitNode') == 'true') {
+      $TS_tundev = preg_match('/--d(evice)?[= ](\'?\/dev\/net\/tun\'?)/', $xml['ExtraParams']) ? "" : "--device='/dev/net/tun'";
+      $TS_cap = preg_match('/--cap\-add=NET_ADMIN/', $xml['ExtraParams']) ? "" : "--cap-add=NET_ADMIN";
+      $TS_exitnode = '-e TAILSCALE_EXIT_NODE=true';
+    } elseif (_var($xml,'TailscaleUserspaceNetworking') == 'false') {
+      $TS_tundev = preg_match('/--d(evice)?[= ](\'?\/dev\/net\/tun\'?)/', $xml['ExtraParams']) ? "" : "--device='/dev/net/tun'";
+      $TS_cap = preg_match('/--cap\-add=NET_ADMIN/', $xml['ExtraParams']) ? "" : "--cap-add=NET_ADMIN";
+      $TS_lan_access = '-e TAILSCALE_ALLOW_LAN_ACCESS=' . escapeshellarg($xml['TailscaleLANAccess']);
+      $TS_exitnode_ip = !empty($xml['TailscaleExitNodeIP']) ? '-e TAILSCALE_EXIT_NODE_IP=' . escapeshellarg($xml['TailscaleExitNodeIP']) : '';
+    }
+    $TS_serve_funnel = ($xml['TailscaleServe'] == 'funnel') ? '-e TAILSCALE_FUNNEL=true' : '';
+    $TS_serve_port = !empty($xml['TailscaleServePort']) ? '-e TAILSCALE_SERVE_PORT=' . escapeshellarg($xml['TailscaleServePort']) : '';
+    $TS_serve_local_path = !empty($xml['TailscaleServeLocalPath']) ? '-e TAILSCALE_SERVE_LOCALPATH=' . escapeshellarg($xml['TailscaleServeLocalPath']) : '';
+    $TS_serve_protocol = !empty($xml['TailscaleServeProtocol']) ? '-e TAILSCALE_SERVE_PROTOCOL=' . escapeshellarg($xml['TailscaleServeProtocol']) : '';
+    $TS_serve_protocol_port = !empty($xml['TailscaleServeProtocolPort']) ? '-e TAILSCALE_SERVE_PROTOCOL_PORT=' . escapeshellarg($xml['TailscaleServeProtocolPort']) : '';
+    $TS_serve_path = !empty($xml['TailscaleServePath']) ? '-e TAILSCALE_SERVE_PATH=' . escapeshellarg($xml['TailscaleServePath']) : '';
+    $TS_web_ui = !empty($xml['TailscaleWebUI']) ? '-l net.unraid.docker.tailscale.webui=' . escapeshellarg($xml['TailscaleWebUI']) : '';
+    $TS_troubleshooting = !empty($xml['TailscaleTroubleshooting']) ? '-e TAILSCALE_TROUBLESHOOTING=' . escapeshellarg($xml['TailscaleTroubleshooting']) : '';
+    $TS_routes = !empty($xml['TailscaleRoutes']) ? '-e TAILSCALE_ADVERTISE_ROUTES=' . escapeshellarg($xml['TailscaleRoutes']) : '';
+    if (!empty($xml['PostArgs'])) {
+      $TS_postargs = '-e ORG_POSTARGS=' . escapeshellarg($xml['PostArgs']);
+      $xml['PostArgs'] = '';
+    }
+  }
+
   foreach ($xml['Config'] as $key => $config) {
     $confType        = strtolower(strval($config['Type']));
     $hostConfig      = strlen($config['Value']) ? $config['Value'] : $config['Default'];
@@ -332,8 +466,8 @@ function xmlToCommand($xml, $create_paths=false) {
     $pid_limit = "";
   }
 
-  $cmd = sprintf($docroot.'/plugins/dynamix.docker.manager/scripts/docker create %s %s %s %s %s %s %s %s %s %s %s %s %s %s',
-         $cmdName, $cmdNetwork, $cmdMyIP, $cmdCPUset, $pid_limit, $cmdPrivileged, implode(' -e ', $Variables), implode(' -l ', $Labels), implode(' -p ', $Ports), implode(' -v ', $Volumes), implode(' --device=', $Devices), $xml['ExtraParams'], escapeshellarg($xml['Repository']), $xml['PostArgs']);
+  $cmd = sprintf($docroot.'/plugins/dynamix.docker.manager/scripts/docker create %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s',
+         $cmdName, $TS_entrypoint, $cmdNetwork, $cmdMyIP, $cmdCPUset, $pid_limit, $cmdPrivileged, implode(' -e ', $Variables), $TS_hostname, $TS_exitnode, $TS_exitnode_ip, $TS_lan_access, $TS_routes, $TS_ssh, $TS_userspace_networking, $TS_serve_funnel, $TS_serve_port, $TS_serve_local_path, $TS_serve_protocol, $TS_serve_protocol_port, $TS_serve_path, $TS_daemon_params, $TS_extra_params, $TS_state_dir, $TS_troubleshooting, $TS_postargs, implode(' -l ', $Labels), $TS_web_ui, $TS_hostname_label, implode(' -p ', $Ports), implode(' -v ', $Volumes), $TS_hook, $TS_cap, $TS_tundev, implode(' --device=', $Devices), $xml['ExtraParams'], escapeshellarg($xml['Repository']), $xml['PostArgs']);
   return [preg_replace('/\s\s+/', ' ', $cmd), $xml['Name'], $xml['Repository']];
 }
 function stopContainer($name, $t=false, $echo=true) {
@@ -520,7 +654,7 @@ function setXmlVal(&$xml, $value, $el, $attr=null, $pos=0) {
 
 function getAllocations() {
   global $DockerClient, $host;
-  
+
   $ports = [];
   foreach ($DockerClient->getDockerContainers() as $ct) {
     $list = $port = [];
diff --git a/emhttp/plugins/dynamix.docker.manager/javascript/docker.js b/emhttp/plugins/dynamix.docker.manager/javascript/docker.js
index a1a3a0d20..71e4b5ff1 100644
--- a/emhttp/plugins/dynamix.docker.manager/javascript/docker.js
+++ b/emhttp/plugins/dynamix.docker.manager/javascript/docker.js
@@ -1,10 +1,11 @@
 var eventURL = '/plugins/dynamix.docker.manager/include/Events.php';
 
-function addDockerContainerContext(container, image, template, started, paused, update, autostart, webui, shell, id, Support, Project, Registry, donateLink, ReadMe) {
+function addDockerContainerContext(container, image, template, started, paused, update, autostart, webui, tswebui, shell, id, Support, Project, Registry, donateLink, ReadMe) {
   var opts = [];
   context.settings({right:false,above:false});
   if (started && !paused) {
     if (webui !== '' && webui != '#') opts.push({text:_('WebUI'), icon:'fa-globe', href:webui, target:'_blank'});
+    if (tswebui !== '' && tswebui != '#') opts.push({text:_('Tailscale WebUI'), icon:'fa-globe', href:tswebui, target:'_blank'});
     opts.push({text:_('Console'), icon:'fa-terminal', action:function(e){e.preventDefault(); openTerminal('docker',container,shell);}});
     opts.push({divider:true});
   }
diff --git a/emhttp/plugins/dynamix.docker.manager/scripts/update_container b/emhttp/plugins/dynamix.docker.manager/scripts/update_container
index 501c9a42f..b82feaf5a 100755
--- a/emhttp/plugins/dynamix.docker.manager/scripts/update_container
+++ b/emhttp/plugins/dynamix.docker.manager/scripts/update_container
@@ -170,6 +170,7 @@ foreach (explode('*',rawurldecode($argv[1])) as $value) {
   $xml = file_get_contents($tmpl);
   [$cmd, $Name, $Repository] = xmlToCommand($tmpl);
   $Registry = getXmlVal($xml, "Registry");
+  $TS_Enabled = getXmlVal($xml, "TailscaleEnabled");
   $oldImageID = $DockerClient->getImageID($Repository);
   // pull image
   if (!pullImage_nchan($Name, $Repository)) continue;
@@ -182,14 +183,25 @@ foreach (explode('*',rawurldecode($argv[1])) as $value) {
     // attempt graceful stop of container first
     stopContainer_nchan($Name);
   }
-  if ( ($argv[2]??null) == "ca_docker_run_override" ) 
+  if ( ($argv[2]??null) == "ca_docker_run_override" )
     $startContainer = true;
-
   if ( $startContainer )
     $cmd = str_replace('/docker create ', '/docker run -d ', $cmd);
-
   // force kill container if still running after 10 seconds
   if (empty($_GET['communityApplications'])) removeContainer_nchan($Name);
+  // Extract real Entrypoint and Cmd from container for Tailscale
+  if ($TS_Enabled == 'true') {
+    // Create preliminary base container but don't run it
+    exec("/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name '" . escapeshellarg($Name) . "' '" . escapeshellarg($Repository) . "'");
+    // Get Entrypoint and Cmd from docker inspect
+    $containerInfo = $DockerClient->getContainerDetails($Name);
+    $ts_env  = isset($containerInfo['Config']['Entrypoint']) ? '-e ORG_ENTRYPOINT="' . implode(' ', $containerInfo['Config']['Entrypoint']) . '" ' : '';
+    $ts_env .= isset($containerInfo['Config']['Cmd']) ? '-e ORG_CMD="' . implode(' ', $containerInfo['Config']['Cmd']) . '" ' : '';
+    // Insert Entrypoint and Cmd to docker command
+    $cmd = str_replace('-l net.unraid.docker.managed=dockerman', $ts_env . '-l net.unraid.docker.managed=dockerman' , $cmd);
+    // Remove preliminary container
+    exec("/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker rm '" . escapeshellarg($Name) . "'");
+  }
   execCommand_nchan($cmd);
   if ($startContainer) addRoute($Name); // add route for remote WireGuard access
   $DockerClient->flushCaches();
diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index 05c913926..564ec89d7 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -48,12 +48,13 @@ if ($_POST['docker']) {
     $template = $info['template'];
     $shell = $info['shell'];
     $webGui = html_entity_decode($info['url']);
+    $TSwebGui = html_entity_decode($info['TSurl']);
     $support = html_entity_decode($info['Support']);
     $project = html_entity_decode($info['Project']);
     $registry = html_entity_decode($info['registry']);
     $donateLink = html_entity_decode($info['DonateLink']);
     $readme = html_entity_decode($info['ReadMe']);
-    $menu = sprintf("onclick=\"addDockerContainerContext('%s','%s','%s',%s,%s,%s,%s,'%s','%s','%s','%s','%s','%s','%s','%s')\"", addslashes($name), addslashes($ct['ImageId']), addslashes($template), $running, $paused, $updateStatus, $is_autostart, addslashes($webGui), $shell, $id, addslashes($support), addslashes($project), addslashes($registry), addslashes($donateLink), addslashes($readme));
+    $menu = sprintf("onclick=\"addDockerContainerContext('%s','%s','%s',%s,%s,%s,%s,'%s','%s','%s','%s','%s','%s','%s','%s','%s')\"", addslashes($name), addslashes($ct['ImageId']), addslashes($template), $running, $paused, $updateStatus, $is_autostart, addslashes($webGui), addslashes($TSwebGui), $shell, $id, addslashes($support), addslashes($project), addslashes($registry), addslashes($donateLink), addslashes($readme));
     $shape = $running ? ($paused ? 'pause' : 'play') : 'square';
     $status = $running ? ($paused ? 'paused' : 'started') : 'stopped';
     $color = $status=='started' ? 'green-text' : ($status=='paused' ? 'orange-text' : 'red-text');
@@ -96,8 +97,7 @@ if ($_POST['vms']) {
     if ($vmrcport > 0) {
       $wsport = $lv->domain_get_ws_port($res);
       $vmrcprotocol = $lv->domain_get_vmrc_protocol($res) ;
-      if ($vmrcprotocol == "vnc") $vmrcscale = "&resize=scale"; else $vmrcscale = "";
-      $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).$vmrcscale.'&autoconnect=true&host=' . $_SERVER['HTTP_HOST'] ;
+      $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).'&autoconnect=true&host=' . $_SERVER['HTTP_HOST'] ;
       if ($vmrcprotocol == "spice") $vmrcurl .= '&vmname='. urlencode($vm) . '&port=/wsproxy/'.$vmrcport.'/' ; else $vmrcurl .= '&port=&path=/wsproxy/' . $wsport . '/';
     } elseif ($vmrcport == -1 || $autoport) {
       $vmrcprotocol = $lv->domain_get_vmrc_protocol($res) ;
diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
new file mode 100755
index 000000000..4b113bd58
--- /dev/null
+++ b/share/docker/tailscale_container_hook
@@ -0,0 +1,313 @@
+#!/bin/sh
+# Copyright 2024, Lime Technology
+# Copyright 2024, Christoph Hummer
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation.
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+exec_entrypoint() {
+  echo "Starting container..."
+  echo
+  echo "======================="
+  echo
+  eval "exec ${ORG_ENTRYPOINT} ${ORG_CMD} ${ORG_POSTARGS}"
+}
+
+error_handler() {
+  echo "ERROR: Unraid Docker Hook script throw an error!"
+  echo "       Starting container without Tailscale!"
+  echo
+  exec_entrypoint
+}
+
+echo "======================="
+echo
+echo "Executing Unraid Docker Hook for Tailscale"
+echo
+
+if [ ! -f /usr/bin/tailscale ] || [ ! -f /usr/bin/tailscaled ]; then
+  if [ ! -z "${TAILSCALE_EXIT_NODE_IP}" ]; then
+    if [ ! -c /dev/net/tun ]; then
+      echo "ERROR: Device /dev/net/tun not found!"
+      echo "       Make sure to pass through /dev/net/tun to the container."
+      error_handler
+    fi
+    INSTALL_IPTABLES="iptables "
+  fi
+
+  echo "Detecting Package Manager..."
+  if which apt-get >/dev/null 2>&1; then
+    echo "Detected Advanced Package Tool!"
+    PACKAGES_UPDATE="apt-get update"
+    PACKAGES_INSTALL="apt-get -y install --no-install-recommends"
+  elif which apk >/dev/null 2>&1; then
+    echo "Detected Alpine Package Keeper!"
+    PACKAGES_UPDATE="apk update"
+    PACKAGES_INSTALL="apk add"
+  elif which pacman >/dev/null 2>&1; then
+    echo "Detected pacman Package Manager!"
+    PACKAGES_INSTALL="pacman -Syu --noconfirm"
+  else
+    echo "ERROR: Detection from Package Manager failed!"
+    error_handler
+  fi
+
+  if [ "${TAILSCALE_TROUBLESHOOTING}" = "true" ]; then
+    if which apt-get >/dev/null 2>&1; then
+      PACKAGES_TROUBLESHOOTING="curl dnsutils iputils-ping "
+    elif which apk >/dev/null 2>&1; then
+      PACKAGES_TROUBLESHOOTING="curl bind-tools iputils-ping "
+    elif which pacman >/dev/null 2>&1; then
+      PACKAGES_TROUBLESHOOTING="curl dnsutils iputils "
+    fi
+    echo "Tailscale Troubleshooting enabled!"
+    echo "Installing additional packages: $(echo "${PACKAGES_TROUBLESHOOTING}" | sed 's/[[:blank:]]*$//' | sed 's/ /, /g')"
+  fi
+
+  echo "Installing packages..."
+  echo "Please wait..."
+  if [ ! -z "${PACKAGES_UPDATE}" ]; then
+    UPDATE_LOG=$(${PACKAGES_UPDATE} 2>&1)
+  fi
+  INSTALL_LOG=$(${PACKAGES_INSTALL} jq wget ${INSTALL_IPTABLES}${PACKAGES_TROUBLESHOOTING} 2>&1)
+  INSTALL_RESULT=$?
+
+  if [ "${INSTALL_RESULT}" -eq 0 ]; then
+    echo "Packages installed!"
+    unset INSTALL_LOG
+  else
+    echo "ERROR: Installing packages!"
+    echo "${UPDATE_LOG}"
+    echo "${INSTALL_LOG}"
+    error_handler
+  fi
+
+  if [ "${INSTALL_IPTABLES}" = "iptables " ]; then
+    if ! iptables -L >/dev/null 2>&1; then
+      echo "ERROR: Cap: NET_ADMIN not available!"
+      echo "       Make sure to add --cap-add=NET_ADMIN to the Extra Parameters"
+      error_handler
+    fi
+  fi
+
+  echo "Tailscale not found, downloading..."
+  echo "Please wait..."
+
+  TAILSCALE_VERSION=$(wget -qO- 'https://pkgs.tailscale.com/stable/?mode=json' | jq -r '.TarballsVersion')
+
+  if [ -z "${TAILSCALE_VERSION}" ]; then
+    echo "ERROR: Can't get Tailscale JSON"
+    error_handler
+  fi
+
+  if [ ! -d /tmp/tailscale ]; then
+    mkdir -p /tmp/tailscale
+  fi
+
+  if wget -q -nc --show-progress --progress=bar:force:noscroll -O /tmp/tailscale/tailscale.tgz "https://pkgs.tailscale.com/stable/tailscale_${TAILSCALE_VERSION}_amd64.tgz" ; then
+    echo "Download from Tailscale version ${TAILSCALE_VERSION} successful!"
+  else
+    echo "ERROR: Download from Tailscale version ${TAILSCALE_VERSION} failed!"
+    rm -rf /tmp/tailscale
+    error_handler
+  fi
+
+  tar -C /tmp/tailscale -xf /tmp/tailscale/tailscale.tgz
+  cp /tmp/tailscale/tailscale_${TAILSCALE_VERSION}_amd64/tailscale /usr/bin/tailscale
+  cp /tmp/tailscale/tailscale_${TAILSCALE_VERSION}_amd64/tailscaled /usr/bin/tailscaled
+  rm -rf /tmp/tailscale
+
+  echo "Installation Done!"
+else
+  echo "Tailscale found, continuing..."
+fi
+
+unset TSD_PARAMS
+unset TS_PARAMS
+
+if [ ! -z "${SERVER_DIR}" ]; then
+  TSD_STATE_DIR="${SERVER_DIR}/.tailscale_state"
+  echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
+elif [ ! -z "${DATA_DIR}" ]; then
+  TSD_STATE_DIR="${DATA_DIR}/.tailscale_state"
+  echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
+else
+  if [ -z "${TAILSCALE_STATE_DIR}" ]; then
+    TAILSCALE_STATE_DIR="/config/.tailscale_state"
+  fi
+  TSD_STATE_DIR="${TAILSCALE_STATE_DIR}"
+  echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
+fi
+
+if [ ! -d "${TSD_STATE_DIR}" ]; then
+  mkdir -p ${TSD_STATE_DIR}
+fi
+
+if [ ! -z "${TAILSCALE_EXIT_NODE_IP}" ]; then
+  echo "Disabling userspace networking! Tailscale DNS available"
+  echo "Using ${TAILSCALE_EXIT_NODE_IP} as Exit Node! See https://tailscale.com/kb/1103/exit-nodes"
+  TS_PARAMS=" --exit-node=${TAILSCALE_EXIT_NODE_IP}"
+  if [ "${TAILSCALE_ALLOW_LAN_ACCESS}" = "true" ]; then
+    echo "Enabling local LAN Access to the container!"
+    TS_PARAMS="${TS_PARAMS} --exit-node-allow-lan-access"
+  fi
+else
+  if [ -z "${TAILSCALE_USERSPACE_NETWORKING}" ] || [ "${TAILSCALE_USERSPACE_NETWORKING}" = "true" ]; then
+    echo "Enabling userspace networking! Tailscale DNS not available"
+    TSD_PARAMS="-tun=userspace-networking "
+  else
+    if [ ! -c /dev/net/tun ]; then
+      echo "ERROR: Device /dev/net/tun not found!"
+      echo "       Make sure to pass through /dev/net/tun to the container and add the"
+      echo "       parameter --cap-add=NET_ADMIN to the Extra Parameters!"
+      error_handler
+    fi
+  fi
+fi
+
+if [ ! -z "${TAILSCALE_ADVERTISE_ROUTES}" ]; then
+  TAILSCALE_ADVERTISE_ROUTES="$(echo ${TAILSCALE_ADVERTISE_ROUTES} | sed 's/ //g')"
+  echo "Advertising custom routes! See https://tailscale.com/kb/1019/subnets#advertise-subnet-routes"
+  TS_PARAMS="${TS_PARAMS} --advertise-routes=${TAILSCALE_ADVERTISE_ROUTES}"
+fi
+
+if [ "${TAILSCALE_USE_SSH}" = "true" ]; then
+  echo "Enabling SSH! See https://tailscale.com/kb/1193/tailscale-ssh"
+  TS_PARAMS="${TS_PARAMS} --ssh"
+fi
+
+if [ "${TAILSCALE_LOG}" != "false" ]; then
+  TSD_PARAMS="${TSD_PARAMS} >>/var/log/tailscaled 2>&1 "
+  TSD_MSG=" with log file location: /var/log/tailscaled"
+else
+  TSD_PARAMS="${TSD_PARAMS} >/dev/null 2>&1 "
+  TSD_MSG=" with logging disabled"
+fi
+
+if [ ! -z "${TAILSCALE_HOSTNAME}" ]; then
+  echo "Setting host name to \"${TAILSCALE_HOSTNAME}\""
+  TAILSCALE_HOSTNAME="$(echo "$TAILSCALE_HOSTNAME" | tr -d ' ')"
+  TS_PARAMS="${TS_PARAMS} --hostname=${TAILSCALE_HOSTNAME}"
+fi
+
+if [ "${TAILSCALE_EXIT_NODE}" = "true" ]; then
+  echo "Configuring container as Exit Node! See https://tailscale.com/kb/1103/exit-nodes"
+  TS_PARAMS="${TS_PARAMS} --advertise-exit-node"
+fi
+
+if [ ! -z "${TAILSCALED_PARAMS}" ]; then
+  TSD_PARAMS="${TAILSCALED_PARAMS} ${TSD_PARAMS}"
+fi
+
+if [ ! -z "${TAILSCALE_PARAMS}" ]; then
+  TS_PARAMS="${TAILSCALE_PARAMS}${TS_PARAMS}"
+fi
+
+echo "Starting tailscaled${TSD_MSG}"
+eval tailscaled -statedir=${TSD_STATE_DIR} ${TSD_PARAMS}&
+
+echo "Starting tailscale"
+eval tailscale up ${TS_PARAMS} --reset
+EXIT_STATUS="$?"
+
+if [ "${EXIT_STATUS}" != "0" ]; then
+  echo "ERROR: Connecting to Tailscale not successful!"
+  if [ -f /var/log/tailscaled ]; then
+    echo "Please check the logs:"
+    tail -20 /var/log/tailscaled
+  fi
+  error_handler
+fi
+unset EXIT_STATUS
+
+if [ ! -z "${TAILSCALE_SERVE_PORT}" ] && [ "$(tailscale status --json | jq -r '.CurrentTailnet.MagicDNSEnabled')" = "false" ] ; then
+  echo "ERROR: Enable HTTPS on your Tailscale account to use Tailscale Serve/Funnel."
+  echo "See: https://tailscale.com/kb/1153/enabling-https"
+  error_handler
+fi
+
+if [ "${TAILSCALE_EXIT_NODE}" = "true" ]; then
+  if [ "$(tailscale status --json | jq -r '.Self.ExitNodeOption')" = "false" ]; then
+    TSIP=$(tailscale status --json | jq -r '.Self.TailscaleIPs[0]')
+    echo "WARNING: Exit Node not yet approved."
+    echo "         Navigate to https://login.tailscale.com/admin/machines/${TSIP} and approve it."
+  fi
+fi
+
+KEY_EXPIRY=$(tailscale status --json | jq -r '.Self.KeyExpiry')
+if [ "${KEY_EXPIRY}" != "null" ]; then
+  EXPIRY_EPOCH=$(date -d "${KEY_EXPIRY}" +"%s" 2>/dev/null)
+  CUR_EPOCH=$(date -u +%s)
+  DIFF_EPOCH=$((EXPIRY_EPOCH - CUR_EPOCH))
+  DIFF_DAYS=$((DIFF_EPOCH / 86400))
+  HOST=$(tailscale status --json | jq -r '.Self.HostName')
+  if [ -n "${DIFF_DAYS}" ] && echo "${DIFF_DAYS}" | grep -Eq '^[0-9]+$'; then
+    echo "WARNING: Tailscale Key will expire in ${DIFF_DAYS} days."
+    echo "         Navigate to https://login.tailscale.com/admin/machines and 'Disable Key Expiry' for ${HOST}"
+  else
+    echo "ERROR: Tailscale Key expired!"
+    echo "       Navigate to https://login.tailscale.com/admin/machines and Renew/Disable Key Expiry for ${HOST}"
+  fi
+  echo "See: https://tailscale.com/kb/1028/key-expiry"
+fi
+
+if [ ! -z "${TAILSCALE_ADVERTISE_ROUTES}" ]; then
+  APPROVED_ROUTES="$(tailscale status --json | jq -r '.Self.PrimaryRoutes')"
+  IFS=','
+  set -- ${TAILSCALE_ADVERTISE_ROUTES}
+  ROUTES="$@"
+  for route in ${ROUTES}; do
+    if ! echo "${APPROVED_ROUTES}" | grep -q "${route}"; then
+        NOT_APPROVED="$NOT_APPROVED ${route}"
+    fi
+  done
+  if [ ! -z "${NOT_APPROVED}" ]; then
+    TSIP="$(tailscale status --json | jq -r '.Self.TailscaleIPs[0]')"
+    echo "WARNING: The following route(s) are not approved:${NOT_APPROVED}"
+    echo "         Navigate to https://login.tailscale.com/admin/machines/${TSIP} and approve it."
+  fi
+fi
+
+if [ ! -z "${TAILSCALE_SERVE_PORT}" ]; then
+  if [ ! -z "${TAILSCALE_SERVE_PATH}" ]; then
+    TAILSCALE_SERVE_PATH="=${TAILSCALE_SERVE_PATH}"
+  fi
+  if [ -z "${TAILSCALE_SERVE_PROTOCOL}" ]; then
+    TAILSCALE_SERVE_PROTOCOL="https"
+  fi
+  if [ -z "${TAILSCALE_SERVE_PROTOCOL_PORT}" ]; then
+    TAILSCALE_SERVE_PROTOCOL_PORT="=443"
+  fi
+  if [ "${TAILSCALE_FUNNEL}" = "true" ]; then
+    echo "Enabling Funnel! See https://tailscale.com/kb/1223/funnel"
+    eval tailscale funnel --bg --"${TAILSCALE_SERVE_PROTOCOL}"${TAILSCALE_SERVE_PROTOCOL_PORT}${TAILSCALE_SERVE_PATH} http://localhost:"${TAILSCALE_SERVE_PORT}${TAILSCALE_SERVE_LOCALPATH}" | grep -v "To disable the proxy"
+  else
+    echo "Enabling Serve! See https://tailscale.com/kb/1312/serve"
+    eval tailscale serve --bg --"${TAILSCALE_SERVE_PROTOCOL}"${TAILSCALE_SERVE_PROTOCOL_PORT}${TAILSCALE_SERVE_PATH} http://localhost:"${TAILSCALE_SERVE_PORT}${TAILSCALE_SERVE_LOCALPATH}" | grep -v "To disable the proxy"
+  fi
+  if [ "${TAILSCALE_SERVE_PROTOCOL}" = "https" ]; then
+    TS_DNSNAME="$(tailscale status --json | jq -r '.Self.DNSName' | sed 's/\.$//')"
+    if [ ! -f "${TSD_STATE_DIR}/certs/${TS_DNSNAME}.crt" ] || [ ! -f "${TSD_STATE_DIR}/certs/${TS_DNSNAME}.key" ]; then
+      if [ ! -d "${TSD_STATE_DIR}/certs" ]; then
+        mkdir -p "${TSD_STATE_DIR}/certs"
+      fi
+      echo "Generating Tailscale certs! This can take some time, please wait..."
+      timeout 30 tailscale cert --cert-file="${TSD_STATE_DIR}/certs/${TS_DNSNAME}.crt" --key-file="${TSD_STATE_DIR}/certs/${TS_DNSNAME}.key" "${TS_DNSNAME}" >/dev/null 2>&1
+      EXIT_STATUS="$?"
+      if [ "${EXIT_STATUS}" != "0" ]; then
+        echo "ERROR: Can't generate certificates!"
+        echo "Please check the logs:"
+        tail -10 /var/log/tailscaled
+      else
+        echo "Done!"
+      fi
+      unset EXIT_STATUS
+    fi
+  fi
+fi
+
+exec_entrypoint

From 70a9cea8859efb39b1f9599907d96c387f76c3be Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 21 Oct 2024 23:10:41 +0200
Subject: [PATCH 077/174] Fix missing newline in helptext

---
 emhttp/languages/en_US/helptext.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index b26d3c33b..8321014c2 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -271,6 +271,7 @@ devices and verify checksums.
 
 *btrfs scrub* will repair corrupted blocks if there is a correct copy available.
 :end
+
 :info_zfs_scrub_help:
 **Scrub** runs the *zfs scrub* program which will read all data and metadata blocks from all
 devices and verify checksums.

From 68910922f99c77bc54dea4fe392e8ae620535efa Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 21 Oct 2024 23:13:23 +0200
Subject: [PATCH 078/174] Fix variable

---
 emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index ef1686989..b2d8da1c3 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -181,7 +181,7 @@ if (isset($_GET['updateContainer'])){
     }
     $xml = file_get_contents($tmpl);
     [$cmd, $Name, $Repository] = xmlToCommand($tmpl);
-    $Network = getXmlVal($xml, "Network");
+    $Registry = getXmlVal($xml, "Registry");
     $TS_Enabled = getXmlVal($xml, "TailscaleEnabled");
     $oldImageID = $DockerClient->getImageID($Repository);
     // pull image

From 435b8be89ebff3e0fd0732448d47e6d30cf5045e Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 21 Oct 2024 23:16:53 +0200
Subject: [PATCH 079/174] Remove old variable

---
 emhttp/plugins/dynamix.docker.manager/include/DockerClient.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
index d2c61317b..94324087d 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
@@ -309,7 +309,6 @@ class DockerTemplates {
 		//$DockerUpdate->verbose = $this->verbose;
 		$info = DockerUtil::loadJSON($dockerManPaths['webui-info']);
 		$autoStart = array_map('var_split', @file($dockerManPaths['autostart-file'],FILE_IGNORE_NEW_LINES) ?: []);
-		//$TS_dns = $this->getTailscaleDNS();
 		foreach ($DockerClient->getDockerContainers() as $ct) {
 			$name = $ct['Name'];
 			$image = $ct['Image'];

From b8b0986da2ce4acf2f6f876751d0c370154c75ea Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Mon, 21 Oct 2024 16:49:41 -0700
Subject: [PATCH 080/174] update .gitignore to incude ./share directory

---
 .gitignore | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 30f6930f7..058cab56d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -58,7 +58,6 @@ games/
 info/
 lib64/
 man/
-share/
 
 # Auto-generated when emhttpd/webGUI start
 emhttp/languages/en_US/helptext.dot

From 034f970b0c94d7794836bd4af0dc0d0bea611f1b Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 22 Oct 2024 05:03:56 +0200
Subject: [PATCH 081/174] Update CreateDocker.php

---
 .../include/CreateDocker.php                  | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index b2d8da1c3..8e76a5c9d 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -182,6 +182,8 @@ if (isset($_GET['updateContainer'])){
     $xml = file_get_contents($tmpl);
     [$cmd, $Name, $Repository] = xmlToCommand($tmpl);
     $Registry = getXmlVal($xml, "Registry");
+    $ExtraParams = getXmlVal($xml, "ExtraParams");
+    $Network = getXmlVal($xml, "Network");
     $TS_Enabled = getXmlVal($xml, "TailscaleEnabled");
     $oldImageID = $DockerClient->getImageID($Repository);
     // pull image
@@ -196,6 +198,24 @@ if (isset($_GET['updateContainer'])){
       // attempt graceful stop of container first
       stopContainer($Name, false, $echo);
     }
+    // check if network from another container is specified in xml (Network & ExtraParams)
+    if (preg_match('/^container:(.*)/', $Network)) {
+      $Net_Container = str_replace("container:", "", $Network);
+    } else {
+      preg_match("/--(net|network)=container:[^\s]+/", $ExtraParams, $NetworkParam);
+      if (!empty($NetworkParam[0])) {
+        $Net_Container = explode(':', $NetworkParam[0])[1];
+        $Net_Container = str_replace(['"', "'"], '', $Net_Container);
+      }
+    }
+    // check if the container still exists from which the network should be used, if it doesn't exist any more recreate container with network none and don't start it
+    if (!empty($Net_Container)) {
+      $Net_Container_ID = $DockerClient->getContainerID($Net_Container);
+      if (empty($Net_Container_ID)) {
+        $cmd = str_replace('/docker run -d ', '/docker create ', $cmd);
+        $cmd = preg_replace("/--(net|network)=(['\"]?)container:[^'\"]+\\2/", "--network=none ", $cmd);
+      }
+    }
     // force kill container if still running after time-out
     if (empty($_GET['communityApplications'])) removeContainer($Name, $echo);
     // Extract real Entrypoint and Cmd from container for Tailscale

From ba4555cdfda41727738538a92996e644555228be Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 22 Oct 2024 05:57:12 +0200
Subject: [PATCH 082/174] Fix for php error

---
 emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index 8e76a5c9d..6989cd0ae 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -377,7 +377,7 @@ $TS_not_approved = "";
 exec("docker exec -i ".$xml['Name']." /bin/sh -c \"tailscale status --peers=false --json\"", $TS_raw);
 $TS_no_peers = json_decode(implode('', $TS_raw),true);
 $TS_container = json_decode(implode('', $TS_raw),true);
-$TS_container = $TS_container['Self'];
+$TS_container = $TS_container['Self']??'';
 if (!empty($TS_no_peers) && !empty($TS_container)) {
   // define the direct link to this machine on the Tailscale website
   if (!empty($TS_container['TailscaleIPs']) && !empty($TS_container['TailscaleIPs'][0])) {

From d01196498b1c4a43f3151b4d7112607238f44664 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 22 Oct 2024 06:21:01 +0200
Subject: [PATCH 083/174] Fix php error

---
 emhttp/plugins/dynamix.docker.manager/include/Helpers.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
index 82013ec44..1509705a0 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
@@ -109,7 +109,7 @@ function postToXML($post, $setOwnership=false) {
     $xml->TailscaleEnabled             = 'true';
     $xml->TailscaleIsExitNode          = xml_encode($post['TSisexitnode']);
     $xml->TailscaleHostname            = xml_encode($post['TShostname']);
-    $xml->TailscaleExitNodeIP          = xml_encode($post['TSexitnodeip']);
+    $xml->TailscaleExitNodeIP          = isset($post['TSexitnodeip']) ? xml_encode($post['TSexitnodeip']) : '';
     $xml->TailscaleSSH                 = xml_encode($post['TSssh']);
     $xml->TailscaleUserspaceNetworking = xml_encode($post['TSuserspacenetworking']);
     $xml->TailscaleLANAccess           = xml_encode($post['TSallowlanaccess']);

From e63b7af06d508eb30c97154163c2848d47e499dd Mon Sep 17 00:00:00 2001
From: root <christophhummer@gmail.com>
Date: Tue, 22 Oct 2024 07:59:20 +0200
Subject: [PATCH 084/174] CreateDocker.php php error fix

---
 .../include/CreateDocker.php                  | 38 +++++++++++--------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index 6989cd0ae..69b0d9203 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -322,10 +322,12 @@ $bgcolor = strstr('white,azure',$display['theme']) ? '#f2f2f2' : '#1c1c1c';
 
 # Search for existing TAILSCALE_ entries in the Docker template
 $TS_existing_vars = false;
-foreach ($xml["Config"] as $config) {
-  if (isset($config["Target"]) && strpos($config["Target"], "TAILSCALE_") === 0) {
-    $TS_existing_vars = true;
-    break;
+if (isset($xml["Config"]) && is_array($xml["Config"])) {
+  foreach ($xml["Config"] as $config) {
+    if (isset($config["Target"]) && strpos($config["Target"], "TAILSCALE_") === 0) {
+      $TS_existing_vars = true;
+      break;
+    }
   }
 }
 
@@ -374,7 +376,7 @@ $TS_DirectMachineLink = $TS_MachinesLink;
 $TS_HostNameActual = "";
 $TS_not_approved = "";
 // Get Tailscale information and create arrays/variables
-exec("docker exec -i ".$xml['Name']." /bin/sh -c \"tailscale status --peers=false --json\"", $TS_raw);
+!empty($xml) && exec("docker exec -i " . escapeshellarg($xml['Name']) . " /bin/sh -c \"tailscale status --peers=false --json\"", $TS_raw);
 $TS_no_peers = json_decode(implode('', $TS_raw),true);
 $TS_container = json_decode(implode('', $TS_raw),true);
 $TS_container = $TS_container['Self']??'';
@@ -871,10 +873,12 @@ $(function() {
 </script>
 
 <?php
-foreach ($xml["Config"] as $config) {
-  if (isset($config["Target"]) && strpos($config["Target"], "TAILSCALE_") === 0) {
-    $tailscaleTargetFound = true;
-    break;
+if (isset($xml["Config"])) {
+  foreach ($xml["Config"] as $config) {
+    if (isset($config["Target"]) && is_array($config) && strpos($config["Target"], "TAILSCALE_") === 0) {
+      $tailscaleTargetFound = true;
+      break;
+    }
   }
 }
 ?>
@@ -1100,8 +1104,9 @@ _(Fixed IP address)_ (_(optional)_):
 _(Container Network)_:
 : <select name="netCONT" id="netCONT">
   <?php
+  $container_name = !empty($xml['Name']) ? $xml['Name'] : '';
   foreach ($DockerClient->getDockerContainers() as $ct) {
-    if ($ct['Name'] !== $xml['Name']) {
+    if ($ct['Name'] !== $container_name) {
       $list[] = $ct['Name'];
       echo mk_option($ct['Name'], $ct['Name'], $ct['Name']);
     }
@@ -1500,7 +1505,7 @@ function showSubnet(bridge) {
     $('#netCONT').val('');
   } else if (bridge.match(/^(container)$/i) !== null) {
     $('.netCONT').show();
-    $('#netCONT').val('<?php echo $xml['Network'][1]; ?>');
+    $('#netCONT').val('<?php echo (isset($xml) && isset($xml['Network'][1])) ? $xml['Network'][1] : ''; ?>');
     $('.myIP').hide();
     $('input[name="contMyIP"]').val('');
   } else {
@@ -1688,11 +1693,11 @@ function showTailscale(source) {
     $('.TSroutes').hide();
   } else {
     // reset these vals back to what they were in the XML
-    $('#TSssh').val('<?php echo !empty($xml['TailscaleSSH']) ? $xml['TailscaleSSH'] : 'false' ?>');
-    $('#TSallowlanaccess').val('<?php echo $xml['TailscaleLANAccess']; ?>');
-    $('#TSserve').val('<?php echo $xml['TailscaleServe']; ?>');
-    $('#TSexitnodeip').val('<?php echo $xml['TailscaleExitNodeIP']; ?>');
-    $('#TSuserspacenetworking').val('<?php echo !empty($xml['TailscaleUserspaceNetworking']) ? $xml['TailscaleUserspaceNetworking'] : 'false' ?>');
+    $('#TSssh').val('<?php echo (!empty($xml) && !empty($xml['TailscaleSSH'])) ? $xml['TailscaleSSH'] : 'false'; ?>');
+    $('#TSallowlanaccess').val('<?php echo (!empty($xml) && !empty($xml['TailscaleLANAccess'])) ? $xml['TailscaleLANAccess'] : 'false'; ?>');
+    $('#TSserve').val('<?php echo (!empty($xml) && !empty($xml['TailscaleServe'])) ? $xml['TailscaleServe'] : 'false'; ?>');
+    $('#TSexitnodeip').val('<?php echo (!empty($xml) && !empty($xml['TailscaleExitNodeIP'])) ? $xml['TailscaleExitNodeIP'] : 'false'; ?>');
+    $('#TSuserspacenetworking').val('<?php echo (!empty($xml) && !empty($xml['TailscaleUserspaceNetworking'])) ? $xml['TailscaleUserspaceNetworking'] : 'false'; ?>');
     <?if (empty($xml['TailscaleServe']) && !empty($TSwebuiport) && empty($xml['TailscaleServePort'])):?>
       $('#TSserve').val('serve');
     <?elseif (empty($xml['TailscaleServe']) && empty($TSwebuiport) && empty($xml['TailscaleServePort'])):?>
@@ -1839,3 +1844,4 @@ if (window.location.href.indexOf("/Apps/") > 0  && <? if (is_file($xmlTemplate))
 }
 </script>
 <?END:?>
+

From 6c299eda8743dbe1ce4fc871a38aa8b4a3efa7e7 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 22 Oct 2024 08:31:49 +0200
Subject: [PATCH 085/174] Update CreateDocker.php

---
 emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index 69b0d9203..073dc4478 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -1696,7 +1696,7 @@ function showTailscale(source) {
     $('#TSssh').val('<?php echo (!empty($xml) && !empty($xml['TailscaleSSH'])) ? $xml['TailscaleSSH'] : 'false'; ?>');
     $('#TSallowlanaccess').val('<?php echo (!empty($xml) && !empty($xml['TailscaleLANAccess'])) ? $xml['TailscaleLANAccess'] : 'false'; ?>');
     $('#TSserve').val('<?php echo (!empty($xml) && !empty($xml['TailscaleServe'])) ? $xml['TailscaleServe'] : 'false'; ?>');
-    $('#TSexitnodeip').val('<?php echo (!empty($xml) && !empty($xml['TailscaleExitNodeIP'])) ? $xml['TailscaleExitNodeIP'] : 'false'; ?>');
+    $('#TSexitnodeip').val('<?php echo (!empty($xml) && !empty($xml['TailscaleExitNodeIP'])) ? $xml['TailscaleExitNodeIP'] : ''; ?>');
     $('#TSuserspacenetworking').val('<?php echo (!empty($xml) && !empty($xml['TailscaleUserspaceNetworking'])) ? $xml['TailscaleUserspaceNetworking'] : 'false'; ?>');
     <?if (empty($xml['TailscaleServe']) && !empty($TSwebuiport) && empty($xml['TailscaleServePort'])):?>
       $('#TSserve').val('serve');

From 3e5fa408a62357686cf8d2386704afe4aab391d0 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 22 Oct 2024 08:45:58 +0200
Subject: [PATCH 086/174] Update DockerContainers.php

Fix logic error
---
 .../dynamix.docker.manager/include/DockerContainers.php   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index 2bd1a8b3e..72fbb73e5 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -308,14 +308,14 @@ foreach ($containers as $ct) {
             }
           }
         }
-      // Display message to refresh page if Tailscale in the container wasn't maybe ready to get the data
+        // Display TSinfo if data was fetched correctly
+        echo "<div title='" . $TSinfo . "'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
       } else {
+        // Display message to refresh page if Tailscale in the container wasn't maybe ready to get the data
         echo "<div title='Error gathering Tailscale information from container.\nPlease check the logs and refresh the page.'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div></td>";
       }
-      // Display TSinfo if data was fetched correctly
-      echo "<div title='" . $TSinfo . "'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
-    // Display message that container isn't running
     } else {
+      // Display message that container isn't running
       echo "<div title='Container not runnig'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div></td>";
     }
   }

From 8b415fb4ae33a3f36aacafcdb9143ffc5d1e21bc Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 22 Oct 2024 08:53:55 +0200
Subject: [PATCH 087/174] Update DockerClient.php

Improve if condition
---
 emhttp/plugins/dynamix.docker.manager/include/DockerClient.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
index 94324087d..bd2490836 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
@@ -348,7 +348,7 @@ class DockerTemplates {
 				$tmp['TSurl'] = '';
 				if (!empty($webui) && !empty($ct['TSUrl'])) {
 					$TS_no_peers = $this->getTailscaleJson($name);
-					if (!empty($TS_no_peers) && (!empty($TS_no_peers['CurrentTailnet']['MagicDNSEnabled']) || $TS_no_peers['CurrentTailnet']['MagicDNSEnabled'])) {
+					if (!empty($TS_no_peers['CurrentTailnet']) && !empty($TS_no_peers['CurrentTailnet']['MagicDNSEnabled'])) {
 						$TS_container = $TS_no_peers['Self'];
 						$TS_DNSName = _var($TS_container,'DNSName','');
 						$TS_HostNameActual = substr($TS_DNSName, 0, strpos($TS_DNSName, '.'));

From f7c7f08528f21e4c526ad8598c83aa7cd1c77af4 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Tue, 22 Oct 2024 13:32:10 -0700
Subject: [PATCH 088/174] Refactor 'update' subommand for services rc files

---
 emhttp/plugins/dynamix/scripts/reload_services | 8 +-------
 etc/rc.d/rc.avahidaemon                        | 7 ++++---
 etc/rc.d/rc.nfsd                               | 7 ++++---
 etc/rc.d/rc.nginx                              | 7 ++++---
 etc/rc.d/rc.ntpd                               | 7 ++++---
 etc/rc.d/rc.rpc                                | 7 ++++---
 etc/rc.d/rc.samba                              | 7 ++++---
 etc/rc.d/rc.sshd                               | 7 ++++---
 8 files changed, 29 insertions(+), 28 deletions(-)

diff --git a/emhttp/plugins/dynamix/scripts/reload_services b/emhttp/plugins/dynamix/scripts/reload_services
index b04df3320..c2ce1f6b1 100755
--- a/emhttp/plugins/dynamix/scripts/reload_services
+++ b/emhttp/plugins/dynamix/scripts/reload_services
@@ -5,13 +5,7 @@ if [[ -n $1 ]]; then
   [[ ! -e $1 ]] && touch $1 || exit 0
 fi
 
-# run & log functions
-. /etc/rc.d/rc.runlog
-
 for cmd in $SERVICES; do
-  if /etc/rc.d/rc.$cmd update; then
-    log "$cmd"
-    /etc/rc.d/rc.$cmd reload >/dev/null 2>&1
-  fi
+  /etc/rc.d/rc.$cmd update >/dev/null 2>&1
 done
 exit 0
diff --git a/etc/rc.d/rc.avahidaemon b/etc/rc.d/rc.avahidaemon
index 1244a70ee..f6d28818a 100755
--- a/etc/rc.d/rc.avahidaemon
+++ b/etc/rc.d/rc.avahidaemon
@@ -117,9 +117,10 @@ avahid_reload(){
 }
 
 avahid_update(){
-  # 0 = update needed, 1 = no action
-  if ! avahid_running; then exit 1; fi
-  if check && [[ "$(this allow-interfaces)" == "$BIND" ]]; then exit 1; else exit 0; fi
+  if avahid_running && check && [[ "$(this allow-interfaces)" != "$BIND" ]]; then
+    log "Updating $DAEMON..."
+    avahid_restart # note we need restart here, not reload in order to update interfaces
+  fi
 }
 
 avahid_status(){
diff --git a/etc/rc.d/rc.nfsd b/etc/rc.d/rc.nfsd
index 8552df5f5..a06726753 100755
--- a/etc/rc.d/rc.nfsd
+++ b/etc/rc.d/rc.nfsd
@@ -128,9 +128,10 @@ nfsd_reload(){
 }
 
 nfsd_update(){
-  # 0 = update needed, 1 = no action
-  if ! nfsd_running; then exit 1; fi
-  if check && [[ "$(this)" == "-H ${BIND// / -H }" ]]; then exit 1; else exit 0; fi
+  if nfsd_running && check && [[ "$(this)" != "-H ${BIND// / -H }" ]]; then
+    log "Updating $DAEMON..."
+    nfsd_reload
+  fi
 }
 
 nfsd_status(){
diff --git a/etc/rc.d/rc.nginx b/etc/rc.d/rc.nginx
index f3932ab7e..d514ac00e 100755
--- a/etc/rc.d/rc.nginx
+++ b/etc/rc.d/rc.nginx
@@ -781,9 +781,10 @@ nginx_renew(){
 }
 
 nginx_update(){
-  # 0 = update needed, 1 = no action
-  if ! nginx_running; then exit 1; fi
-  if check && [[ "$(this)" == "$BIND" ]]; then exit 1; else exit 0; fi
+  if nginx_running && check && [[ "$(this)" != "$BIND" ]]; then
+    log "Updating $DAEMON..."
+    nginx_reload
+  fi
 }
 
 nginx_upgrade(){
diff --git a/etc/rc.d/rc.ntpd b/etc/rc.d/rc.ntpd
index 827b2532f..75f76c146 100755
--- a/etc/rc.d/rc.ntpd
+++ b/etc/rc.d/rc.ntpd
@@ -100,9 +100,10 @@ ntpd_reload(){
 }
 
 ntpd_update(){
-  # 0 = update needed, 1 = no action
-  if ! ntpd_running; then exit 1; fi
-  if check && [[ "$(this 'interface listen')" == "$BIND" ]]; then exit 1; else exit 0; fi
+  if ntpd_running && check && [[ "$(this 'interface listen')" != "$BIND" ]]; then
+    log "Updating $DAEMON..."
+    ntpd_reload
+  fi
 }
 
 ntpd_status(){
diff --git a/etc/rc.d/rc.rpc b/etc/rc.d/rc.rpc
index aa67bf35f..4fa511996 100755
--- a/etc/rc.d/rc.rpc
+++ b/etc/rc.d/rc.rpc
@@ -105,9 +105,10 @@ rpc_reload(){
 }
 
 rpc_update(){
-  # 0 = update needed, 1 = no action
-  if ! rpc_running; then exit 1; fi
-  if check && [[ "$(this)" == "-h ${BIND// / -h }" ]]; then exit 1; else exit 0; fi
+  if rpc_running && check && [[ "$(this)" != "-h ${BIND// / -h }" ]]; then
+    log "Updating $DAEMON..."
+    rpc_reload
+  fi
 }
 
 rpc_status(){
diff --git a/etc/rc.d/rc.samba b/etc/rc.d/rc.samba
index 3b33f92a8..7da1d1e0b 100755
--- a/etc/rc.d/rc.samba
+++ b/etc/rc.d/rc.samba
@@ -195,9 +195,10 @@ samba_reload(){
 }
 
 samba_update(){
-  # 0 = update needed, 1 = no action
-  if ! samba_running; then exit 1; fi
-  if check && [[ "$(this interfaces)" == "$BIND" ]]; then exit 1; else exit 0; fi
+  if samba_running && check && [[ "$(this interfaces)" != "$BIND" ]]; then
+    log "Updating $DAEMON..."
+    samba_restart # note we need restart here, not reload in order to update interfaces
+  fi
 }
 
 samba_status(){
diff --git a/etc/rc.d/rc.sshd b/etc/rc.d/rc.sshd
index 051120ee0..975d12ef6 100755
--- a/etc/rc.d/rc.sshd
+++ b/etc/rc.d/rc.sshd
@@ -103,9 +103,10 @@ sshd_reload(){
 }
 
 sshd_update(){
-  # 0 = update needed, 1 = no action
-  if ! sshd_running; then exit 1; fi
-  if check && [[ "$(this ListenAddress)" == "${BIND[@]}" ]]; then exit 1; else exit 0; fi
+  if sshd_running && check && [[ "$(this ListenAddress)" != "${BIND[@]}" ]]; then
+    log "Updating $DAEMON..."
+    sshd_reload
+  fi
 }
 
 sshd_status(){

From 52901e55bea053756dd74f74bb3933ada8a05077 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Fri, 25 Oct 2024 20:53:46 +0200
Subject: [PATCH 089/174] Fix php warning

---
 emhttp/plugins/dynamix.docker.manager/include/Helpers.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
index 1509705a0..604e25ef1 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
@@ -632,7 +632,7 @@ function execCommand($command, $echo=true) {
 
 function getXmlVal($xml, $element, $attr=null, $pos=0) {
   $xml = (is_file($xml)) ? simplexml_load_file($xml) : simplexml_load_string($xml);
-  $element = $xml->xpath("//$element")[$pos];
+  $element = $xml->xpath("//$element")[$pos] ?? null;
   return isset($element) ? (isset($element[$attr]) ? strval($element[$attr]) : strval($element)) : "";
 }
 

From 27eae215d3916c4a7ac4c0792920bd789b6bd76a Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Fri, 25 Oct 2024 21:34:01 +0200
Subject: [PATCH 090/174] Add additional check for https to hook script

---
 share/docker/tailscale_container_hook | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index 4b113bd58..93d3ea088 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -224,8 +224,8 @@ if [ "${EXIT_STATUS}" != "0" ]; then
 fi
 unset EXIT_STATUS
 
-if [ ! -z "${TAILSCALE_SERVE_PORT}" ] && [ "$(tailscale status --json | jq -r '.CurrentTailnet.MagicDNSEnabled')" = "false" ] ; then
-  echo "ERROR: Enable HTTPS on your Tailscale account to use Tailscale Serve/Funnel."
+if [ ! -z "${TAILSCALE_SERVE_PORT}" ] && [ "$(tailscale status --json | jq -r '.CurrentTailnet.MagicDNSEnabled')" != "false" ] && [ -z "$(tailscale status --json | jq -r '.Self.Capabilities[] | select(. == "https")')" ]; then
+  echo "ERROR: Enable MagicDNS and HTTPS on your Tailscale account to use Tailscale Serve/Funnel."
   echo "See: https://tailscale.com/kb/1153/enabling-https"
   error_handler
 fi

From 525a750b756860ad5fd32d3434ff3176686af465 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Fri, 25 Oct 2024 21:58:25 +0200
Subject: [PATCH 091/174] Make check for Tailscale https more reliable

---
 .../dynamix.docker.manager/include/CreateDocker.php      | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index 073dc4478..2b138059d 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -375,6 +375,7 @@ $TS_MachinesLink = "https://login.tailscale.com/admin/machines/";
 $TS_DirectMachineLink = $TS_MachinesLink;
 $TS_HostNameActual = "";
 $TS_not_approved = "";
+$TS_https_enabled = false;
 // Get Tailscale information and create arrays/variables
 !empty($xml) && exec("docker exec -i " . escapeshellarg($xml['Name']) . " /bin/sh -c \"tailscale status --peers=false --json\"", $TS_raw);
 $TS_no_peers = json_decode(implode('', $TS_raw),true);
@@ -386,7 +387,10 @@ if (!empty($TS_no_peers) && !empty($TS_container)) {
     $TS_DirectMachineLink = $TS_MachinesLink.$TS_container['TailscaleIPs'][0];
   }
   // warn if MagicDNS or HTTPS is disabled
-  if (empty($TS_no_peers['CurrentTailnet']['MagicDNSEnabled']) || !$TS_no_peers['CurrentTailnet']['MagicDNSEnabled'] || empty($TS_no_peers['CertDomains']) || empty($TS_no_peers['CertDomains'][0])) {
+  if (isset($TS_no_peers['Self']['Capabilities']) && is_array($TS_no_peers['Self']['Capabilities'])) {
+    $TS_https_enabled = in_array("https", $TS_no_peers['Self']['Capabilities'], true) ? true : false;
+  }
+  if (empty($TS_no_peers['CurrentTailnet']['MagicDNSEnabled']) || !$TS_no_peers['CurrentTailnet']['MagicDNSEnabled'] || $TS_https_enabled !== true) {
     $TS_HTTPSDisabledWarning = "<span><b><a href='https://tailscale.com/kb/1153/enabling-https' target='_blank'>Enable HTTPS</a> on your Tailscale account to use Tailscale Serve/Funnel.</b></span>";
   }
   // In $TS_container, 'HostName' is what the user requested, need to parse 'DNSName' to find the actual HostName in use
@@ -1226,7 +1230,6 @@ _(Tailscale Allow LAN Access)_:
     <?=mk_option(1,'false',_('No'))?>
     <?=mk_option(1,'true',_('Yes'))?>
   </select>
-<?=$TS_HTTPSDisabledWarning?>
 
 :docker_tailscale_lanaccess_help:
 
@@ -1262,7 +1265,7 @@ _(Tailscale Serve)_:
     <?=mk_option(1,'serve',_('Serve'))?>
     <?=mk_option(1,'funnel',_('Funnel'))?>
   </select>
-<?php if (!empty($TS_webui_url)) echo '<label for="TSserve"><a href="' . $TS_webui_url . '" target="_blank">' . $TS_webui_url . '</a></label>'; ?>
+<?=$TS_HTTPSDisabledWarning?><?php if (!empty($TS_webui_url)) echo '<label for="TSserve"><a href="' . $TS_webui_url . '" target="_blank">' . $TS_webui_url . '</a></label>'; ?>
 
 :docker_tailscale_serve_mode_help:
 

From c40147643a80d56fa93971326179498259eb9707 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sat, 26 Oct 2024 13:54:28 +0100
Subject: [PATCH 092/174] Update vm_dashusage

---
 emhttp/plugins/dynamix/nchan/vm_dashusage | 36 ++++++++++++++++++-----
 1 file changed, 29 insertions(+), 7 deletions(-)

diff --git a/emhttp/plugins/dynamix/nchan/vm_dashusage b/emhttp/plugins/dynamix/nchan/vm_dashusage
index be0415b81..1b54e658a 100755
--- a/emhttp/plugins/dynamix/nchan/vm_dashusage
+++ b/emhttp/plugins/dynamix/nchan/vm_dashusage
@@ -12,17 +12,41 @@
  */
 ?>
 <?
+function get_libvird_status() {
+  $dummy = array();
+  exec("/etc/rc.d/rc.libvirt status >/dev/null",$dummy,$libvirtd);
+  $libvirtd = $libvirtd==0;
+  return $libvirtd;
+}
+
 $docroot = '/usr/local/emhttp';
 $varroot = '/var/local/emhttp';
 $md5_old = -1;
 
 require_once "$docroot/webGui/include/Helpers.php";
 require_once "$docroot/webGui/include/publish.php";
-require_once "$docroot/plugins/dynamix.vm.manager/include/libvirt_helpers.php";
-global $vmusagestats;
-exec("/etc/rc.d/rc.libvirt status >/dev/null",$dummy,$libvirtd);
-$libvirtd = $libvirtd==0;
-if (!$libvirtd) return;
+global $vmusagestats,$var;
+$domain_cfgfile = "/boot/config/domain.cfg";
+$domain_cfg = parse_ini_file($domain_cfgfile);
+if (!isset($var)){
+  $var = @parse_ini_file("$docroot/state/var.ini");
+}
+
+# Check if array started
+if ($var['fsState'] == "Started" ) {
+  if (!get_libvird_status() && $domain_cfg['SERVICE'] == "enable") {
+    while(!get_libvird_status()) {
+      sleep(10);
+    } 
+    sleep(10);
+  } elseif ($domain_cfg['SERVICE'] != "enable") { 
+    #Add remove_nchan_pid_entry("webGui/nchan/vm_dashusage");
+    return;
+  }
+} else {
+  #Add remove_nchan_pid_entry("webGui/nchan/vm_dashusage");
+  return;
+}
 
 extract(parse_plugin_cfg('dynamix',true));
 get_vm_usage_stats();
@@ -54,8 +78,6 @@ function update_translation($locale) {
   }
 }
 
-$domain_cfgfile = "/boot/config/domain.cfg";
-$domain_cfg = parse_ini_file($domain_cfgfile);
 if (isset($domain_cfg['USAGE']) && $domain_cfg['USAGE'] != 'Y' ) return;
 if (!isset($domain_cfg['USAGETIMER'])) $timer = 3 ; else $timer = $domain_cfg['USAGETIMER'];
 

From e79a99e8d7f6025427d08a1f64d85399a78ab071 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sat, 26 Oct 2024 13:56:52 +0100
Subject: [PATCH 093/174] Update vm_dashusage

---
 emhttp/plugins/dynamix/nchan/vm_dashusage | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/emhttp/plugins/dynamix/nchan/vm_dashusage b/emhttp/plugins/dynamix/nchan/vm_dashusage
index 1b54e658a..5b9332864 100755
--- a/emhttp/plugins/dynamix/nchan/vm_dashusage
+++ b/emhttp/plugins/dynamix/nchan/vm_dashusage
@@ -48,6 +48,8 @@ if ($var['fsState'] == "Started" ) {
   return;
 }
 
+require_once "$docroot/plugins/dynamix.vm.manager/include/libvirt_helpers.php";
+
 extract(parse_plugin_cfg('dynamix',true));
 get_vm_usage_stats();
 sleep(1);

From 027f667482e2f5da2bccfbe1b45426861857d454 Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Sat, 26 Oct 2024 08:27:04 -0500
Subject: [PATCH 094/174] Add warning about server signing to SMB Security
 page.

---
 emhttp/languages/en_US/helptext.txt     | 19 ++++++++++++++++++-
 emhttp/plugins/dynamix/SecuritySMB.page | 25 +++++++++++++++++++++++--
 2 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index 33d9f9b77..d273d38dd 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -269,7 +269,14 @@ For more complete documentation, please refer to the btrfs-balance [Manpage](htt
 **Scrub** runs the *btrfs scrub* program which will read all data and metadata blocks from all
 devices and verify checksums.
 
-If *Repair corrupted blocks* is checked, *btrfs scrub* will repair corrupted blocks if there’s a correct copy available.
+*btrfs scrub* will repair corrupted blocks if there is a correct copy available.
+:end
+
+:info_zfs_scrub_help:
+**Scrub** runs the *zfs scrub* program which will read all data and metadata blocks from all
+devices and verify checksums.
+
+Click the **Upgrade Pool** button to upgrade the ZFS pool to enable the latest ZFS features.
 :end
 
 :info_scrub_cancel_help:
@@ -282,6 +289,10 @@ If *Repair corrupted blocks* is checked, *btrfs scrub* will repair corrupted blo
 The *Options* field is initialized with *--readonly* which specifies check-only.  If repair is needed, you should run
 a second Check pass, setting the *Options* to *--repair*; this will permit *btrfs check* to fix the file system.
 
+WARNING: **Do not use** *--repair* unless you are advised to do so by a developer or an experienced user,
+and then only after having accepted that no fsck successfully repair all types of filesystem corruption.
+E.g. some other software or hardware bugs can fatally damage a volume.
+
 After starting a Check, you should Refresh to monitor progress and status.  Depending on
 how large the file system is, and what errors might be present, the operation can take **a long time** to finish (hours).
 Not much info is printed in the window, but you can verify the operation is running by observing the read/write counters
@@ -695,6 +706,12 @@ Summary of security modes:
 **Secure** All users including guests have read access, you select which of your users have write access.
 
 **Private** No guest access at all, you select which of your users have read/write, read-only access or no access.
+
+Windows Server Signing:
+
+If you are unable to browse SMB shares with Windows 11 version 24H2 or newer, you need to make some changes to accomodate a new feature called Server Signing.  Server Signing is enabled in Unraid and you need to make changes to access Public shares.
+You can <u><a href='https://techcommunity.microsoft.com/t5/storage-at-microsoft/accessing-a-third-party-nas-with-smb-in-windows-11-24h2-may-fail/ba-p/4154300', target='_blank'>disable it in Windows</a></u>, or to work with Unraid with Server Signing enabled, the easiest way is to create a user (with a password set) in Unraid with the same name as the Windows account you are using, Windows should then ask you for the credentials.
+If you are using a Microsoft account, it may be better to just create a user in Unraid with a simple username and set a password, then in Windows go to Control Panel -> Credential Manager -> Windows credentials -> Add a Windows Credential and add the correct Unraid server name and credentials.
 :end
 
 :smb_secure_access_help:
diff --git a/emhttp/plugins/dynamix/SecuritySMB.page b/emhttp/plugins/dynamix/SecuritySMB.page
index 5c7a2a24f..b460cb384 100644
--- a/emhttp/plugins/dynamix/SecuritySMB.page
+++ b/emhttp/plugins/dynamix/SecuritySMB.page
@@ -100,11 +100,11 @@ _(Case-sensitive names)_:
 
 <?endif;?>
 _(Security)_:
-: <select name="shareSecurity">
+: <select name="shareSecurity" onchange="checkPublicSelection(this);">
   <?=mk_option($sec[$name]['security'], "public", _('Public'))?>
   <?=mk_option($sec[$name]['security'], "secure", _('Secure'))?>
   <?=mk_option($sec[$name]['security'], "private", _('Private'))?>
-  </select>
+  </select><span id="warningMessage" style="display:none; color: red;">_(Warning)_:  _(Windows may require a valid User to be defined even for Public shares)_.  _(See Help)_.</span>
 
 :smb_security_modes_help:
 
@@ -315,4 +315,25 @@ function writeUserSMB(data,n,i) {
     writeUserSMB(data,0,i);
   }
 }
+
+function checkPublicSelection(select) {
+	/* Get reference to the warning message span */
+	let warningMessage = document.getElementById("warningMessage");
+
+	/* Check if 'Public' is selected */
+	if (select.value === "public") {
+		/* Display warning for 'Public' option */
+		warningMessage.style.display = "inline";
+	} else {
+		/* Hide warning for other options */
+		warningMessage.style.display = "none";
+	}
+}
+
+/* Call checkPublicSelection with the initial selection on page load */
+document.addEventListener("DOMContentLoaded", function() {
+	let smbSecuritySelect = document.querySelector('[name="shareSecurity"]');
+	checkPublicSelection(smbSecuritySelect);
+});
+
 </script>

From 227c5797d956bee3adf08b252ce8ddad8880b837 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sat, 26 Oct 2024 15:10:52 +0100
Subject: [PATCH 095/174] Update vm_dashusage

---
 emhttp/plugins/dynamix/nchan/vm_dashusage | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/nchan/vm_dashusage b/emhttp/plugins/dynamix/nchan/vm_dashusage
index 5b9332864..94da29a75 100755
--- a/emhttp/plugins/dynamix/nchan/vm_dashusage
+++ b/emhttp/plugins/dynamix/nchan/vm_dashusage
@@ -33,7 +33,7 @@ if (!isset($var)){
 }
 
 # Check if array started
-if ($var['fsState'] == "Started" ) {
+if ($var['fsState'] == "Started" || $var['fsState'] == "Starting") {
   if (!get_libvird_status() && $domain_cfg['SERVICE'] == "enable") {
     while(!get_libvird_status()) {
       sleep(10);

From 4302afd29f1f982f7668627f54f43d04770fdb4d Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Sun, 27 Oct 2024 15:06:44 +0100
Subject: [PATCH 096/174] Add Accept Routes

---
 share/docker/tailscale_container_hook | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index 93d3ea088..c000bca0b 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -175,6 +175,11 @@ if [ ! -z "${TAILSCALE_ADVERTISE_ROUTES}" ]; then
   TS_PARAMS="${TS_PARAMS} --advertise-routes=${TAILSCALE_ADVERTISE_ROUTES}"
 fi
 
+if [ "${TAILSCALE_ACCEPT_ROUTES}" = "true" ]; then
+  echo "Accepting subnet routes! See https://tailscale.com/kb/1019/subnets#use-your-subnet-routes-from-other-devices"
+  TS_PARAMS="${TS_PARAMS} --accept-routes"
+fi
+
 if [ "${TAILSCALE_USE_SSH}" = "true" ]; then
   echo "Enabling SSH! See https://tailscale.com/kb/1193/tailscale-ssh"
   TS_PARAMS="${TS_PARAMS} --ssh"

From 107ea81c48833fa867670489107f1df80ca37e7c Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Sun, 27 Oct 2024 15:07:35 +0100
Subject: [PATCH 097/174] Update CreateDocker.php

---
 .../include/CreateDocker.php                      | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index 2b138059d..70d73cabf 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -1336,6 +1336,17 @@ _(Tailscale Advertise Routes)_:
 
 </div>
 
+<div markdown="1" class="TSacceptroutes noshow">
+_(Tailscale Accept Routes)_:
+: <select name="TSacceptroutes" id="TSacceptroutes">
+    <?=mk_option(1,'false',_('No'))?>
+    <?=mk_option(1,'true',_('Yes'))?>
+  </select>
+
+:docker_tailscale_accept_routes_help:
+
+</div>
+
 <div markdown="1" class="TSdaemonparams noshow">
 _(Tailscale Daemon Parameters)_:
 : <input type="text" name="TSdaemonparams" <?php if (!empty($xml['TailscaleDParams'])) echo 'value="' . $xml['TailscaleDParams'] . '"'; ?> placeholder="_(Leave empty if unsure)_">
@@ -1649,6 +1660,7 @@ function showTSAdvanced(checked) {
     $('.TSwebui').hide();
     $('.TStroubleshooting').hide();
     $('.TSroutes').hide();
+    $('.TSacceptroutes').hide();
   } else {
     $('.TSdaemonparams').show();
     $('.TSextraparams').show();
@@ -1661,6 +1673,7 @@ function showTSAdvanced(checked) {
     $('.TSwebui').show();
     $('.TStroubleshooting').show();
     $('.TSroutes').show();
+    $('.TSacceptroutes').show();
   }
 }
 
@@ -1694,6 +1707,7 @@ function showTailscale(source) {
     $('.TSserveport').hide();
     $('.TSadvanced').hide();
     $('.TSroutes').hide();
+    $('.TSacceptroutes').hide();
   } else {
     // reset these vals back to what they were in the XML
     $('#TSssh').val('<?php echo (!empty($xml) && !empty($xml['TailscaleSSH'])) ? $xml['TailscaleSSH'] : 'false'; ?>');
@@ -1701,6 +1715,7 @@ function showTailscale(source) {
     $('#TSserve').val('<?php echo (!empty($xml) && !empty($xml['TailscaleServe'])) ? $xml['TailscaleServe'] : 'false'; ?>');
     $('#TSexitnodeip').val('<?php echo (!empty($xml) && !empty($xml['TailscaleExitNodeIP'])) ? $xml['TailscaleExitNodeIP'] : ''; ?>');
     $('#TSuserspacenetworking').val('<?php echo (!empty($xml) && !empty($xml['TailscaleUserspaceNetworking'])) ? $xml['TailscaleUserspaceNetworking'] : 'false'; ?>');
+    $('#TSacceptroutes').val('<?php echo (!empty($xml) && !empty($xml['TailscaleAcceptRoutes'])) ? $xml['TailscaleAcceptRoutes'] : 'false'; ?>');
     <?if (empty($xml['TailscaleServe']) && !empty($TSwebuiport) && empty($xml['TailscaleServePort'])):?>
       $('#TSserve').val('serve');
     <?elseif (empty($xml['TailscaleServe']) && empty($TSwebuiport) && empty($xml['TailscaleServePort'])):?>

From 145629d26e604680e6505659ad8e7401d29c3b18 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Sun, 27 Oct 2024 15:08:12 +0100
Subject: [PATCH 098/174] Update Helpers.php

---
 emhttp/plugins/dynamix.docker.manager/include/Helpers.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
index 604e25ef1..57fe2658b 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/Helpers.php
@@ -126,6 +126,7 @@ function postToXML($post, $setOwnership=false) {
     $xml->TailscaleParams              = xml_encode($post['TSextraparams']);
     $xml->TailscaleStateDir            = xml_encode($post['TSstatedir']);
     $xml->TailscaleRoutes              = xml_encode($post['TSroutes']);;
+    $xml->TailscaleAcceptRoutes        = xml_encode($post['TSacceptroutes']);;
     if (isset($post['TStroubleshooting']) && strtolower($post['TStroubleshooting']) === 'on') {
       $xml->TailscaleTroubleshooting     = 'true';
     }
@@ -176,6 +177,7 @@ function xmlToVar($xml) {
   $out['TailscaleServePath']           = xml_decode($xml->TailscaleServePath ?? '');
   $out['TailscaleWebUI']               = xml_decode($xml->TailscaleWebUI ?? '');
   $out['TailscaleRoutes']              = xml_decode($xml->TailscaleRoutes ?? '');
+  $out['TailscaleAcceptRoutes']        = xml_decode($xml->TailscaleAcceptRoutes ?? '');
   $out['TailscaleDParams']             = xml_decode($xml->TailscaleDParams ?? '');
   $out['TailscaleParams']              = xml_decode($xml->TailscaleParams ?? '');
   $out['TailscaleStateDir']            = xml_decode($xml->TailscaleStateDir ?? '');
@@ -371,6 +373,7 @@ function xmlToCommand($xml, $create_paths=false) {
   $TS_web_ui = '';
   $TS_troubleshooting = '';
   $TS_routes = '';
+  $TS_accept_routes ='';
   $TS_postargs = '';
   // Get all information from xml and create variables for cmd
   if ($xml['TailscaleEnabled'] == 'true') {
@@ -403,6 +406,7 @@ function xmlToCommand($xml, $create_paths=false) {
     $TS_web_ui = !empty($xml['TailscaleWebUI']) ? '-l net.unraid.docker.tailscale.webui=' . escapeshellarg($xml['TailscaleWebUI']) : '';
     $TS_troubleshooting = !empty($xml['TailscaleTroubleshooting']) ? '-e TAILSCALE_TROUBLESHOOTING=' . escapeshellarg($xml['TailscaleTroubleshooting']) : '';
     $TS_routes = !empty($xml['TailscaleRoutes']) ? '-e TAILSCALE_ADVERTISE_ROUTES=' . escapeshellarg($xml['TailscaleRoutes']) : '';
+    $TS_accept_routes = !empty($xml['TailscaleAcceptRoutes']) && $xml['TailscaleAcceptRoutes'] === 'true' ? '-e TAILSCALE_ACCEPT_ROUTES=true' : '';
     if (!empty($xml['PostArgs'])) {
       $TS_postargs = '-e ORG_POSTARGS=' . escapeshellarg($xml['PostArgs']);
       $xml['PostArgs'] = '';
@@ -466,8 +470,8 @@ function xmlToCommand($xml, $create_paths=false) {
     $pid_limit = "";
   }
 
-  $cmd = sprintf($docroot.'/plugins/dynamix.docker.manager/scripts/docker create %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s',
-         $cmdName, $TS_entrypoint, $cmdNetwork, $cmdMyIP, $cmdCPUset, $pid_limit, $cmdPrivileged, implode(' -e ', $Variables), $TS_hostname, $TS_exitnode, $TS_exitnode_ip, $TS_lan_access, $TS_routes, $TS_ssh, $TS_userspace_networking, $TS_serve_funnel, $TS_serve_port, $TS_serve_local_path, $TS_serve_protocol, $TS_serve_protocol_port, $TS_serve_path, $TS_daemon_params, $TS_extra_params, $TS_state_dir, $TS_troubleshooting, $TS_postargs, implode(' -l ', $Labels), $TS_web_ui, $TS_hostname_label, implode(' -p ', $Ports), implode(' -v ', $Volumes), $TS_hook, $TS_cap, $TS_tundev, implode(' --device=', $Devices), $xml['ExtraParams'], escapeshellarg($xml['Repository']), $xml['PostArgs']);
+  $cmd = sprintf($docroot.'/plugins/dynamix.docker.manager/scripts/docker create %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s %s',
+         $cmdName, $TS_entrypoint, $cmdNetwork, $cmdMyIP, $cmdCPUset, $pid_limit, $cmdPrivileged, implode(' -e ', $Variables), $TS_hostname, $TS_exitnode, $TS_exitnode_ip, $TS_lan_access, $TS_routes, $TS_accept_routes, $TS_ssh, $TS_userspace_networking, $TS_serve_funnel, $TS_serve_port, $TS_serve_local_path, $TS_serve_protocol, $TS_serve_protocol_port, $TS_serve_path, $TS_daemon_params, $TS_extra_params, $TS_state_dir, $TS_troubleshooting, $TS_postargs, implode(' -l ', $Labels), $TS_web_ui, $TS_hostname_label, implode(' -p ', $Ports), implode(' -v ', $Volumes), $TS_hook, $TS_cap, $TS_tundev, implode(' --device=', $Devices), $xml['ExtraParams'], escapeshellarg($xml['Repository']), $xml['PostArgs']);
   return [preg_replace('/\s\s+/', ' ', $cmd), $xml['Name'], $xml['Repository']];
 }
 function stopContainer($name, $t=false, $echo=true) {

From d5c26614828b671002b45189ace5e42bc09cb8fd Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Sun, 27 Oct 2024 15:09:20 +0100
Subject: [PATCH 099/174] Update helptext.txt

---
 emhttp/languages/en_US/helptext.txt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index 14295bd35..395bc7c26 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -2432,6 +2432,11 @@ If desired, specify any routes that should be passed to the **`--advertise-route
 For more details see the <a href="https://tailscale.com/kb/1019/subnets#connect-to-tailscale-as-a-subnet-router" target="_blank">Subnet routers</a> documentation.
 :end
 
+:docker_tailscale_accept_routes_help:
+When enabled, this will accept your subnet routes from other devices, adding the **`--accept-routes`** parameter when running **`tailscale up`**.
+For more details see the <a href="https://tailscale.com/kb/1019/subnets?q=allow+routes#use-your-subnet-routes-from-other-devices" target="_blank">Use your subnet routes from other devices</a> documentation.
+:end
+
 :docker_tailscale_daemon_extra_params_help:
 Specify any extra parameters to pass when starting **`tailscaled`**.
 For more details see the <a href="https://tailscale.com/kb/1278/tailscaled" target="_blank">tailscaled</a> documentation.

From 9933affbbfb9362419bcc23c477b47530fc1ffa6 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 28 Oct 2024 22:07:33 +0100
Subject: [PATCH 100/174] Move TS icon to Network

- Move Tailscale information from `Version` to `Network` column
---
 .../include/DockerContainers.php                      | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index 72fbb73e5..764691a48 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -204,7 +204,7 @@ foreach ($containers as $ct) {
     case 1:
       echo "<div class='advanced'><span class='orange-text' style='white-space:nowrap;'><i class='fa fa-flash fa-fw'></i> "._('update ready')."</span></div>";
       if ($ct['Manager'] == "dockerman") {
-        echo "<a class='exec' onclick=\"updateContainer('".addslashes(htmlspecialchars($name))."');\"><span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('apply update')."</span></a>";      
+        echo "<a class='exec' onclick=\"updateContainer('".addslashes(htmlspecialchars($name))."');\"><span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('apply update')."</span></a>";
       } elseif (!empty($composestack)) {
         echo "<div><span><i class='fa fa-docker fa-fw'/></i> Compose</span></a></div>";
         echo "<span style='white-space:nowrap;'><i class='fa fa-cloud-download fa-fw'></i> "._('update available')."</span>";
@@ -231,6 +231,7 @@ foreach ($containers as $ct) {
       break;
     }
   // Check if Tailscale for container is enabled by checking if TShostname is set
+  $TS_status = '';
   if (!empty($TShostname)) {
     if ($running) {
       // Get stats from container and check if they are not empty
@@ -309,18 +310,18 @@ foreach ($containers as $ct) {
           }
         }
         // Display TSinfo if data was fetched correctly
-        echo "<div title='" . $TSinfo . "'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
+        $TS_status = "<br/><div title='" . $TSinfo . "'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
       } else {
         // Display message to refresh page if Tailscale in the container wasn't maybe ready to get the data
-        echo "<div title='Error gathering Tailscale information from container.\nPlease check the logs and refresh the page.'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div></td>";
+        $TS_status = "<br/><div title='Error gathering Tailscale information from container.\nPlease check the logs and refresh the page.'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
       }
     } else {
       // Display message that container isn't running
-      echo "<div title='Container not runnig'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div></td>";
+      $TS_status = "<br/><div title='Container not runnig'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
     }
   }
   echo "<div class='advanced'><i class='fa fa-info-circle fa-fw'></i> ".compress(_($version),12,0)."</div></td>";
-  echo "<td style='white-space:nowrap'><span class='docker_readmore'> ".implode('<br>',$networks)."</span></td>";
+  echo "<td style='white-space:nowrap'><span class='docker_readmore'> ".implode('<br>',$networks).$TS_status."</span></td>";
   echo "<td style='white-space:nowrap'><span class='docker_readmore'> ".implode('<br>',$network_ips)."</span></td>";
   echo "<td style='white-space:nowrap'><span class='docker_readmore'>".implode('<br>',$ports_internal)."</span></td>";
   echo "<td style='white-space:nowrap'><span class='docker_readmore'>".implode('<br>',$ports_external)."</span></td>";

From c5f1226e8372d5be4b7136a651e79b67ef6081d6 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Mon, 28 Oct 2024 15:31:18 -0700
Subject: [PATCH 101/174] The 'rc.samba reload' command needs to do a 'restart'
 if the interfaces changed.

---
 etc/rc.d/rc.samba | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/etc/rc.d/rc.samba b/etc/rc.d/rc.samba
index 7da1d1e0b..3eb0bf152 100755
--- a/etc/rc.d/rc.samba
+++ b/etc/rc.d/rc.samba
@@ -185,19 +185,23 @@ samba_restart(){
   samba_start
 }
 
-samba_reload(){
-  killall --ns $$ wsdd2 2>/dev/null
-  # update settings
-  samba_settings
-  # reload services with smbcontrol
-  smbcontrol all reload-config 2>/dev/null
-  [[ $USE_WSD == yes ]] && $WSDD2 -d ${WSD2_OPT## } 2>/dev/null
-}
-
 samba_update(){
   if samba_running && check && [[ "$(this interfaces)" != "$BIND" ]]; then
     log "Updating $DAEMON..."
     samba_restart # note we need restart here, not reload in order to update interfaces
+    return 0
+  fi
+}
+
+samba_reload(){
+  if ! samba_update ; then
+    log "Reloading $DAEMON..."
+    killall --ns $$ wsdd2 2>/dev/null
+    # update settings
+    samba_settings
+    # reload services with smbcontrol
+    smbcontrol all reload-config 2>/dev/null
+    [[ $USE_WSD == yes ]] && $WSDD2 -d ${WSD2_OPT## } 2>/dev/null
   fi
 }
 

From 0196308a35f00dd52ec4e77d8adae27cdc8b9ffa Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Mon, 28 Oct 2024 15:32:16 -0700
Subject: [PATCH 102/174] un-document non-existent 'heartbeat' event

---
 sbin/emhttp_event | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/sbin/emhttp_event b/sbin/emhttp_event
index f4c3cc4cc..8d1b8f01e 100755
--- a/sbin/emhttp_event
+++ b/sbin/emhttp_event
@@ -75,9 +75,6 @@
 #   Note that if array is not Started, emhttp will not spin down any disk, but emhttp will
 #   still poll SMART data (for spun-up devices) and generate this event.
 
-# heartbeat
-#   Occurs once per second.
-
 # Invoke all 'any_event' scripts that might exist
 for Dir in /usr/local/emhttp/plugins/* ; do
   if [ -d $Dir/event/any_event ]; then

From dd5c5a190b18178a29de389a81cd835730f2e0d9 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Mon, 28 Oct 2024 15:33:01 -0700
Subject: [PATCH 103/174] Do not let user create 'spares' zfs subpool just yet
 - functionality is not complete.

---
 emhttp/plugins/dynamix/CacheDevices.page | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/CacheDevices.page b/emhttp/plugins/dynamix/CacheDevices.page
index 855dd31d2..2160557b1 100644
--- a/emhttp/plugins/dynamix/CacheDevices.page
+++ b/emhttp/plugins/dynamix/CacheDevices.page
@@ -193,7 +193,7 @@ _(Name)_:
   <?=mk_option("","logs",_("logs - Separate Intent Log (SLOG)"))?>
   <?=mk_option("","dedup",_("dedup - Deduplication Tables"))?>
   <?=mk_option("","cache",_("cache - L2ARC"))?>
-  <?=mk_option("","spares",_("spares - Hot Spares"))?>
+  <?=mk_option("","spares",_("spares - Hot Spares"),'disabled')?>
   </select>
 
 _(Slots)_:

From ec36fd3c8e3eb009759cc25c225a6fa83b877bf9 Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Mon, 28 Oct 2024 19:12:45 -0400
Subject: [PATCH 104/174] Warning for clicking an external link

---
 .../dynamix/include/DefaultPageLayout.php     | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
index ee4ab10ff..d8513f31a 100644
--- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php
+++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
@@ -1111,6 +1111,38 @@ $(function() {
   }
   $('form').append($('<input>').attr({type:'hidden', name:'csrf_token', value:csrf_token}));
 });
+
+$('body').on("click","a", function(e) {
+  href = $(this).attr("href").trim();
+  target = $(this).attr("target");
+
+  if ( href ) {
+    if ( href.indexOf("/") == 0 ) {   // all internal links start with "/"
+      return;
+    }
+    if ( href.match('https://[^\.]*.(my)?unraid.net/') || href.indexOf("https://unraid.net/") == 0 || href == "https://unraid.net" ) {
+      return;
+    } else {
+      if (href !== "#" && href.indexOf("javascript") !== 0) {
+        e.preventDefault();
+        swal({
+          title: "<?=_('External Link')?>",
+          text: "<?=_('Clicking OK will take you to a 3rd party website not associated with Limetech')?><br><br><b>"+href,
+          html: true,
+          type: 'warning',
+          showCancelButton: true,
+          showConfirmButton: true,
+          cancelButtonText: "<?=_('Cancel')?>",
+          confirmButtonText: "<?=_('OK')?>"
+        },function(isConfirm) {
+          if (isConfirm) {
+            window.open(href,target);
+          }
+        });
+      }
+    }
+  }
+});
 </script>
 </body>
 </html>

From fcec8111c303325184c16349fb0f1ad27c7f6d0e Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Mon, 28 Oct 2024 19:38:24 -0400
Subject: [PATCH 105/174] Update docker.js

---
 emhttp/plugins/dynamix.docker.manager/javascript/docker.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/javascript/docker.js b/emhttp/plugins/dynamix.docker.manager/javascript/docker.js
index 71e4b5ff1..033614409 100644
--- a/emhttp/plugins/dynamix.docker.manager/javascript/docker.js
+++ b/emhttp/plugins/dynamix.docker.manager/javascript/docker.js
@@ -4,7 +4,7 @@ function addDockerContainerContext(container, image, template, started, paused,
   var opts = [];
   context.settings({right:false,above:false});
   if (started && !paused) {
-    if (webui !== '' && webui != '#') opts.push({text:_('WebUI'), icon:'fa-globe', href:webui, target:'_blank'});
+    if (webui !== '' && webui != '#') opts.push({text:_('WebUI'), icon:'fa-globe', action:function(e){e.preventDefault();window.open(webui,'_blank');}});
     if (tswebui !== '' && tswebui != '#') opts.push({text:_('Tailscale WebUI'), icon:'fa-globe', href:tswebui, target:'_blank'});
     opts.push({text:_('Console'), icon:'fa-terminal', action:function(e){e.preventDefault(); openTerminal('docker',container,shell);}});
     opts.push({divider:true});

From 8dfd63e5a7d4dd9f08f985ac2c7f24dbe76e164f Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Mon, 28 Oct 2024 20:02:00 -0400
Subject: [PATCH 106/174] Update tswebui

---
 emhttp/plugins/dynamix.docker.manager/javascript/docker.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/javascript/docker.js b/emhttp/plugins/dynamix.docker.manager/javascript/docker.js
index 033614409..d16d23f55 100644
--- a/emhttp/plugins/dynamix.docker.manager/javascript/docker.js
+++ b/emhttp/plugins/dynamix.docker.manager/javascript/docker.js
@@ -5,7 +5,7 @@ function addDockerContainerContext(container, image, template, started, paused,
   context.settings({right:false,above:false});
   if (started && !paused) {
     if (webui !== '' && webui != '#') opts.push({text:_('WebUI'), icon:'fa-globe', action:function(e){e.preventDefault();window.open(webui,'_blank');}});
-    if (tswebui !== '' && tswebui != '#') opts.push({text:_('Tailscale WebUI'), icon:'fa-globe', href:tswebui, target:'_blank'});
+    if (tswebui !== '' && tswebui != '#') opts.push({text:_('Tailscale WebUI'), icon:'fa-globe', action:function(e){e.preventDefault();window.open(tswebui,'_blank');}});
     opts.push({text:_('Console'), icon:'fa-terminal', action:function(e){e.preventDefault(); openTerminal('docker',container,shell);}});
     opts.push({divider:true});
   }

From e332dc6c2132c8229642a51159c2a2fee283d1b8 Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Mon, 28 Oct 2024 21:06:06 -0400
Subject: [PATCH 107/174] Popup blocked detection

---
 emhttp/plugins/dynamix/include/DefaultPageLayout.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
index d8513f31a..af03c8474 100644
--- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php
+++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
@@ -1136,7 +1136,13 @@ $('body').on("click","a", function(e) {
           confirmButtonText: "<?=_('OK')?>"
         },function(isConfirm) {
           if (isConfirm) {
-            window.open(href,target);
+            var popupOpen = window.open(href,target);
+            if ( !popupOpen || popupOpen.closed || typeof popupOpen == "undefined" ) {
+              var popupWarning = addBannerWarning("<?=_('Popup Blocked.');?>");
+              setTimeout(function() {
+                removeBannerWarning(popupWarning);}
+              ,10000);
+            }
           }
         });
       }

From 6388c9d6db74bdf29f7e3b0def335da36c0c142a Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Mon, 28 Oct 2024 23:24:22 -0400
Subject: [PATCH 108/174] white list lime-technology.com

---
 emhttp/plugins/dynamix/include/DefaultPageLayout.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
index af03c8474..de7a79f3e 100644
--- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php
+++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
@@ -1120,7 +1120,7 @@ $('body').on("click","a", function(e) {
     if ( href.indexOf("/") == 0 ) {   // all internal links start with "/"
       return;
     }
-    if ( href.match('https://[^\.]*.(my)?unraid.net/') || href.indexOf("https://unraid.net/") == 0 || href == "https://unraid.net" ) {
+    if ( href.match('https://[^\.]*.(my)?unraid.net/') || href.indexOf("https://unraid.net/") == 0 || href == "https://unraid.net" || href.indexOf("http://lime-technology.com/") == 0) {
       return;
     } else {
       if (href !== "#" && href.indexOf("javascript") !== 0) {

From c439bc7d3fadd4c4d862dfe5d331b2308bb760de Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Tue, 29 Oct 2024 06:48:21 -0500
Subject: [PATCH 109/174] Email is now required on feedback form.

---
 emhttp/plugins/dynamix/scripts/feedback | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix/scripts/feedback b/emhttp/plugins/dynamix/scripts/feedback
index 615a49661..094e731c6 100755
--- a/emhttp/plugins/dynamix/scripts/feedback
+++ b/emhttp/plugins/dynamix/scripts/feedback
@@ -208,8 +208,8 @@ $(function(){
     var tab = '#'+$('input[name=mode]:checked').val();
     var panel = tab+'_panel';
     var enter = ['#troubleshoot'].includes(tab);
-    var email = "<?=_('Contact Email Address')?> ("+(enter ? "<?=_('required')?>" : "<?=_('optional')?>")+")";
-    $('input#email').prop('placeholder',email).prop('required',enter);
+    var email = "<?=_('Contact Email Address')?> ("+"<?=_('required')?>"+")";
+    $('input#email').prop('placeholder',email).prop('required','true');
     $('#submit_button').prop('disabled',validInput($(tab)));
     $('.allpanels').not(panel).fadeOut('fast');
     $(panel).fadeIn('fast');

From 9d657db258f90935a78a1e1db19711e7209242cc Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Tue, 29 Oct 2024 16:42:48 +0000
Subject: [PATCH 110/174] Re apply scaling option for noVNC from dash.

---
 emhttp/plugins/dynamix/include/DashboardApps.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index 564ec89d7..c8e834270 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -97,7 +97,8 @@ if ($_POST['vms']) {
     if ($vmrcport > 0) {
       $wsport = $lv->domain_get_ws_port($res);
       $vmrcprotocol = $lv->domain_get_vmrc_protocol($res) ;
-      $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).'&autoconnect=true&host=' . $_SERVER['HTTP_HOST'] ;
+      if ($vmrcprotocol == "vnc") $vmrcscale = "&resize=scale"; else $vmrcscale = "";
+      $vmrcurl = autov('/plugins/dynamix.vm.manager/'.$vmrcprotocol.'.html',true).$vmrcscale.'&autoconnect=true&host=' . $_SERVER['HTTP_HOST'] ;
       if ($vmrcprotocol == "spice") $vmrcurl .= '&vmname='. urlencode($vm) . '&port=/wsproxy/'.$vmrcport.'/' ; else $vmrcurl .= '&port=&path=/wsproxy/' . $wsport . '/';
     } elseif ($vmrcport == -1 || $autoport) {
       $vmrcprotocol = $lv->domain_get_vmrc_protocol($res) ;

From 6d7fb688db5d2486cd2650dcd3448bb0ef010288 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 12:22:44 +0100
Subject: [PATCH 111/174] Update DockerContainers.page

- Initialize `tooltipster` for TS_tooltip elements and insert into `head`
---
 .../plugins/dynamix.docker.manager/DockerContainers.page   | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/DockerContainers.page b/emhttp/plugins/dynamix.docker.manager/DockerContainers.page
index 32f6672e9..eb3d8ee61 100644
--- a/emhttp/plugins/dynamix.docker.manager/DockerContainers.page
+++ b/emhttp/plugins/dynamix.docker.manager/DockerContainers.page
@@ -116,6 +116,12 @@ function loadlist(init) {
     clearTimeout(timers.docker);
     var data = d.split(/\0/);
     $('#docker_list').html(data[0]);
+    $('#docker_list .TS_tooltip').tooltipster({
+      animation: 'fade',
+      delay: 200,
+      trigger: 'hover',
+      contentAsHTML: true
+    });
     $('head').append('<script>'+data[1]+'<\/script>');
 <?if (_var($display,'resize')):?>
     resize();
@@ -183,4 +189,3 @@ window.onunload = function(){
   dockerload.stop();
 }
 </script>
-

From c1fc0a0418a638ad1b4909ce7ac7db9ca3ca7a31 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 12:25:51 +0100
Subject: [PATCH 112/174] Update DockerContainers.php

- Update formatting to support `tooltipster`
---
 .../include/DockerContainers.php              | 44 ++++++++++---------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index 764691a48..88b7039eb 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -233,6 +233,7 @@ foreach ($containers as $ct) {
   // Check if Tailscale for container is enabled by checking if TShostname is set
   $TS_status = '';
   if (!empty($TShostname)) {
+    echo "<div class='ui-tailscale-container'>";
     if ($running) {
       // Get stats from container and check if they are not empty
       $TSstats = tailscale_stats($name);
@@ -240,27 +241,27 @@ foreach ($containers as $ct) {
         // Construct TSinfo from TSstats
         $TSinfo = '';
         if (!$TSstats["Self"]["Online"]) {
-          $TSinfo .= "Online:\t\t&#10060;\nPlease check the logs!";
+          $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Online:</span><span class='ui-tailscale-value'>&#10060;<br/>Please check the logs!</span></div>";
         } else {
           $TS_version = explode('-', $TSstats["Version"])[0];
           if (!empty($TS_version)) {
             if (!empty($TS_latest_version)) {
               if ($TS_version !== $TS_latest_version) {
-                $TSinfo .= "Version:\t\t" . $TS_version . " &#10132; " . $TS_latest_version . " available!\n";
+                $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Version:</span><span class='ui-tailscale-value'>" . $TS_version . " &#10132; " . $TS_latest_version . " available!</span></div>";
               } else {
-                $TSinfo .= "Version:\t\t" . $TS_version . "\n";
+                $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Version:</span><span class='ui-tailscale-value'>" . $TS_version . "</span></div>";
               }
             } else {
-              $TSinfo .= "Version:\t\t" . $TS_version . "\n";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Version:</span><span class='ui-tailscale-value'>" . $TS_version . "</span></div>";
             }
           }
-          $TSinfo .= "Online:\t\t&#9989;\n";
+          $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Online:</span><span class='ui-tailscale-value'>&#9989;</span></div>";
           $TS_DNSName = $TSstats["Self"]["DNSName"];
           $TS_HostNameActual = substr($TS_DNSName, 0, strpos($TS_DNSName, '.'));
           if (strcasecmp($TS_HostNameActual, $TShostname) !== 0 && !empty($TS_DNSName)) {
-            $TSinfo .= "Hostname:\tReal Hostname &#10132; " . $TS_HostNameActual . "\n";
+            $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Hostname:</span><span class='ui-tailscale-value'>Real Hostname &#10132; " . $TS_HostNameActual . "</span></div>";
           } else {
-            $TSinfo .= "Hostname:\t" . $TShostname . "\n";
+            $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Hostname:</span><span class='ui-tailscale-value'>" . $TShostname . "</span></div>";
           }
           // Map region relay code to cleartext region if TS_derp_list is available
           if (!empty($TS_derp_list)) {
@@ -271,31 +272,31 @@ foreach ($containers as $ct) {
               }
             }
             if (!empty($TSregion)) {
-              $TSinfo .= "Main Relay:\t" . $TSregion . "\n";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Main Relay:</span><span class='ui-tailscale-value'>" . $TSregion . "</span></div>";
             } else {
-              $TSinfo .= "Main Relay:\t" . $TSstats["Self"]["Relay"] . "\n";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Main Relay:</span><span class='ui-tailscale-value'>" . $TSstats["Self"]["Relay"] . "</span></div>";
             }
           } else {
-            $TSinfo .= "Main Relay:\t" . $TSstats["Self"]["Relay"] . "\n";
+            $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Main Relay:</span><span class='ui-tailscale-value'>" . $TSstats["Self"]["Relay"] . "</span></div>";
           }
           if (!empty($TSstats["Self"]["TailscaleIPs"])) {
-            $TSinfo .= "Addresses:\t" . implode("\n\t\t\t", $TSstats["Self"]["TailscaleIPs"]) . "\n";
+            $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Addresses:</span><span class='ui-tailscale-value'>" . implode("<br/>", $TSstats["Self"]["TailscaleIPs"]) . "</span></div>";
           }
           if (!empty($TSstats["Self"]["PrimaryRoutes"])) {
-            $TSinfo .= "Routes:\t\t" . implode("\n\t\t\t", $TSstats["Self"]["PrimaryRoutes"]) . "\n";
+            $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Routes:</span><span class='ui-tailscale-value'>" . implode("<br/>", $TSstats["Self"]["PrimaryRoutes"]) . "</span></div>";
           }
           if ($TSstats["Self"]["ExitNodeOption"]) {
-            $TSinfo .= "Is Exit Node:\t&#9989;\n";
+            $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Is Exit Node:</span><span class='ui-tailscale-value'>&#9989;</span></div>";
           } else {
             if (!empty($TSstats["ExitNodeStatus"])) {
               $TS_exit_node_status = ($TSstats["ExitNodeStatus"]["Online"]) ? "&#9989;" : "&#10060;";
-              $TSinfo .= "Exit Node:\t" . strstr($TSstats["ExitNodeStatus"]["TailscaleIPs"][0], '/', true) . " | Status: " . $TS_exit_node_status ."\n";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Exit Node:</span><span class='ui-tailscale-value'>" . strstr($TSstats["ExitNodeStatus"]["TailscaleIPs"][0], '/', true) . " | Status: " . $TS_exit_node_status ."</span></div>";
             } else {
-              $TSinfo .= "Is Exit Node:\t&#10060;\n";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Is Exit Node:</span><span class='ui-tailscale-value'>&#10060;</span></div>";
             }
           }
           if (!empty($TSwebGui)) {
-            $TSinfo .= "URL:\t\t" . $TSwebGui . "\n";
+            $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>URL:</span><span class='ui-tailscale-value'>" . $TSwebGui . "</span></div>";
           }
           if (!empty($TSstats["Self"]["KeyExpiry"])) {
             $TS_expiry = new DateTime($TSstats["Self"]["KeyExpiry"]);
@@ -303,22 +304,23 @@ foreach ($containers as $ct) {
             $TS_expiry_formatted = $TS_expiry->format('Y-m-d');
             $TS_expiry_diff = $current_Date->diff($TS_expiry);
             if ($TS_expiry_diff->invert) {
-              $TSinfo .= "Key Expiry:\t&#10060; Expired! Renew/Disable key expiry!\n";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Key Expiry:</span><span class='ui-tailscale-value'>&#10060; Expired! Renew/Disable key expiry!</span></div>";
             } else {
-              $TSinfo .= "Key Expiry:\t" . $TS_expiry_formatted . " (" . $TS_expiry_diff->days . " days)\n";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Key Expiry:</span><span class='ui-tailscale-value'>" . $TS_expiry_formatted . " (" . $TS_expiry_diff->days . " days)</span></div>";
             }
           }
         }
         // Display TSinfo if data was fetched correctly
-        $TS_status = "<br/><div title='" . $TSinfo . "'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
+        $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='" . htmlspecialchars($TSinfo) . "'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
       } else {
         // Display message to refresh page if Tailscale in the container wasn't maybe ready to get the data
-        $TS_status = "<br/><div title='Error gathering Tailscale information from container.\nPlease check the logs and refresh the page.'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
+        $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='Error gathering Tailscale information from container.<br/>Please check the logs and refresh the page.'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
       }
     } else {
       // Display message that container isn't running
-      $TS_status = "<br/><div title='Container not runnig'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
+      $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='Container not runnig'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
     }
+    echo "</div>";
   }
   echo "<div class='advanced'><i class='fa fa-info-circle fa-fw'></i> ".compress(_($version),12,0)."</div></td>";
   echo "<td style='white-space:nowrap'><span class='docker_readmore'> ".implode('<br>',$networks).$TS_status."</span></td>";

From 28cbf0abe18b61456b97a25e6d094fb3b285e361 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 12:26:16 +0100
Subject: [PATCH 113/174] Update style-white.css

---
 emhttp/plugins/dynamix.docker.manager/styles/style-white.css | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-white.css b/emhttp/plugins/dynamix.docker.manager/styles/style-white.css
index 260009398..8f3da5d04 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-white.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-white.css
@@ -12,3 +12,7 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#1c1c1c;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#f2f2f2;border:0px}
+.ui-tailscale-container {display: flex;flex-direction: column;margin: 20px auto;width: 100%;}
+.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
+.ui-tailscale-label {flex: 1;}
+.ui-tailscale-value {flex: 3;}

From c0a33df5aaffd38ac87d90bdf0bb4c81b7c1af49 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 12:26:34 +0100
Subject: [PATCH 114/174] Update style-gray.css

---
 emhttp/plugins/dynamix.docker.manager/styles/style-gray.css | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css b/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css
index 064aa4307..5ac67ca68 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css
@@ -12,3 +12,7 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#f2f2f2;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#1c1c1c;border:0px}
+.ui-tailscale-container {display: flex;flex-direction: column;margin: 20px auto;width: 100%;}
+.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
+.ui-tailscale-label {flex: 1;}
+.ui-tailscale-value {flex: 3;}

From 575978e1472b4b3147ef1a760f46228c98cd6224 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 12:26:52 +0100
Subject: [PATCH 115/174] Update style-black.css

---
 emhttp/plugins/dynamix.docker.manager/styles/style-black.css | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-black.css b/emhttp/plugins/dynamix.docker.manager/styles/style-black.css
index 064aa4307..5ac67ca68 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-black.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-black.css
@@ -12,3 +12,7 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#f2f2f2;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#1c1c1c;border:0px}
+.ui-tailscale-container {display: flex;flex-direction: column;margin: 20px auto;width: 100%;}
+.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
+.ui-tailscale-label {flex: 1;}
+.ui-tailscale-value {flex: 3;}

From 05119aaa812ddd04e27a16735aa17b5ec4a677e6 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 12:27:08 +0100
Subject: [PATCH 116/174] Update style-azure.css

---
 emhttp/plugins/dynamix.docker.manager/styles/style-azure.css | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css b/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css
index 260009398..8f3da5d04 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css
@@ -12,3 +12,7 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#1c1c1c;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#f2f2f2;border:0px}
+.ui-tailscale-container {display: flex;flex-direction: column;margin: 20px auto;width: 100%;}
+.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
+.ui-tailscale-label {flex: 1;}
+.ui-tailscale-value {flex: 3;}

From f1a3e391a119cbe5313d688f0b6fc794a20b86c4 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 12:36:56 +0100
Subject: [PATCH 117/174] Update DockerContainers.php

---
 .../dynamix.docker.manager/include/DockerContainers.php     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index 88b7039eb..df4b7b5ef 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -311,14 +311,14 @@ foreach ($containers as $ct) {
           }
         }
         // Display TSinfo if data was fetched correctly
-        $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='" . htmlspecialchars($TSinfo) . "'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
+        $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='" . htmlspecialchars($TSinfo) . "'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 1.23em;'> Tailscale</div>";
       } else {
         // Display message to refresh page if Tailscale in the container wasn't maybe ready to get the data
-        $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='Error gathering Tailscale information from container.<br/>Please check the logs and refresh the page.'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
+        $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='Error gathering Tailscale information from container.<br/>Please check the logs and refresh the page.'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 1.23em;'> Tailscale</div>";
       }
     } else {
       // Display message that container isn't running
-      $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='Container not runnig'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 16px;'> Tailscale</div>";
+      $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='Container not runnig'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 1.23em;'> Tailscale</div>";
     }
     echo "</div>";
   }

From 1c520dcdc4624c62c1a6d191cd9de1c4f54f1501 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 16:27:26 +0100
Subject: [PATCH 118/174] remove unnecessary div

---
 .../plugins/dynamix.docker.manager/include/DockerContainers.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index df4b7b5ef..b3e34287f 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -233,7 +233,6 @@ foreach ($containers as $ct) {
   // Check if Tailscale for container is enabled by checking if TShostname is set
   $TS_status = '';
   if (!empty($TShostname)) {
-    echo "<div class='ui-tailscale-container'>";
     if ($running) {
       // Get stats from container and check if they are not empty
       $TSstats = tailscale_stats($name);
@@ -320,7 +319,6 @@ foreach ($containers as $ct) {
       // Display message that container isn't running
       $TS_status = "<br/><div class='TS_tooltip' style='display: inline-block;' title='Container not runnig'><img src='/plugins/dynamix.docker.manager/images/tailscale.png' style='height: 1.23em;'> Tailscale</div>";
     }
-    echo "</div>";
   }
   echo "<div class='advanced'><i class='fa fa-info-circle fa-fw'></i> ".compress(_($version),12,0)."</div></td>";
   echo "<td style='white-space:nowrap'><span class='docker_readmore'> ".implode('<br>',$networks).$TS_status."</span></td>";

From 13bb3414b497dbd7db467686c5d6bffe514e44bf Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 16:27:53 +0100
Subject: [PATCH 119/174] remove unnecessary div

---
 emhttp/plugins/dynamix.docker.manager/styles/style-gray.css | 1 -
 1 file changed, 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css b/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css
index 5ac67ca68..2beeb7984 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css
@@ -12,7 +12,6 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#f2f2f2;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#1c1c1c;border:0px}
-.ui-tailscale-container {display: flex;flex-direction: column;margin: 20px auto;width: 100%;}
 .ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
 .ui-tailscale-label {flex: 1;}
 .ui-tailscale-value {flex: 3;}

From 78af653558bcdbc753b2b7eaa214db97e6d593b0 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 16:28:00 +0100
Subject: [PATCH 120/174] remove unnecessary div

---
 emhttp/plugins/dynamix.docker.manager/styles/style-white.css | 1 -
 1 file changed, 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-white.css b/emhttp/plugins/dynamix.docker.manager/styles/style-white.css
index 8f3da5d04..136d9270f 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-white.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-white.css
@@ -12,7 +12,6 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#1c1c1c;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#f2f2f2;border:0px}
-.ui-tailscale-container {display: flex;flex-direction: column;margin: 20px auto;width: 100%;}
 .ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
 .ui-tailscale-label {flex: 1;}
 .ui-tailscale-value {flex: 3;}

From a1d10107b518e285894fab3787c2c16291cdac06 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 16:28:09 +0100
Subject: [PATCH 121/174] remove unnecessary div

---
 emhttp/plugins/dynamix.docker.manager/styles/style-azure.css | 1 -
 1 file changed, 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css b/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css
index 8f3da5d04..136d9270f 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css
@@ -12,7 +12,6 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#1c1c1c;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#f2f2f2;border:0px}
-.ui-tailscale-container {display: flex;flex-direction: column;margin: 20px auto;width: 100%;}
 .ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
 .ui-tailscale-label {flex: 1;}
 .ui-tailscale-value {flex: 3;}

From 92cc9ba36dd52189ac5174321db38f0000886167 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 16:28:16 +0100
Subject: [PATCH 122/174] remove unnecessary div

---
 emhttp/plugins/dynamix.docker.manager/styles/style-black.css | 1 -
 1 file changed, 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-black.css b/emhttp/plugins/dynamix.docker.manager/styles/style-black.css
index 5ac67ca68..2beeb7984 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-black.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-black.css
@@ -12,7 +12,6 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#f2f2f2;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#1c1c1c;border:0px}
-.ui-tailscale-container {display: flex;flex-direction: column;margin: 20px auto;width: 100%;}
 .ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
 .ui-tailscale-label {flex: 1;}
 .ui-tailscale-value {flex: 3;}

From c47a778de28426be1084f1a5d9cf838542381576 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 18:46:51 +0100
Subject: [PATCH 123/174] Update style-azure.css

---
 emhttp/plugins/dynamix.docker.manager/styles/style-azure.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css b/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css
index 136d9270f..aa3ecf607 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-azure.css
@@ -12,6 +12,6 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#1c1c1c;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#f2f2f2;border:0px}
-.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
+.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 300px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
 .ui-tailscale-label {flex: 1;}
 .ui-tailscale-value {flex: 3;}

From ea843dc67aa0437aad99c01d3b332e0f7ff9e062 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 18:46:59 +0100
Subject: [PATCH 124/174] Update style-black.css

---
 emhttp/plugins/dynamix.docker.manager/styles/style-black.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-black.css b/emhttp/plugins/dynamix.docker.manager/styles/style-black.css
index 2beeb7984..d9d61d10a 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-black.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-black.css
@@ -12,6 +12,6 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#f2f2f2;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#1c1c1c;border:0px}
-.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
+.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 300px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
 .ui-tailscale-label {flex: 1;}
 .ui-tailscale-value {flex: 3;}

From 2d7038c7d4841e6a69f19e6c8121c762b293724f Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 18:47:06 +0100
Subject: [PATCH 125/174] Update style-gray.css

---
 emhttp/plugins/dynamix.docker.manager/styles/style-gray.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css b/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css
index 2beeb7984..d9d61d10a 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-gray.css
@@ -12,6 +12,6 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#f2f2f2;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#1c1c1c;border:0px}
-.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
+.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 300px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
 .ui-tailscale-label {flex: 1;}
 .ui-tailscale-value {flex: 3;}

From d1d8e4767f62bc66e03d7811081915152287fefc Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 18:47:15 +0100
Subject: [PATCH 126/174] Update style-white.css

---
 emhttp/plugins/dynamix.docker.manager/styles/style-white.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/styles/style-white.css b/emhttp/plugins/dynamix.docker.manager/styles/style-white.css
index 136d9270f..aa3ecf607 100644
--- a/emhttp/plugins/dynamix.docker.manager/styles/style-white.css
+++ b/emhttp/plugins/dynamix.docker.manager/styles/style-white.css
@@ -12,6 +12,6 @@
 .ui-dropdownchecklist-indent{padding-left:7px}
 .ui-dropdownchecklist-text{color:#1c1c1c;font-size:1.3rem}
 .ui-dropdownchecklist .ui-widget-content .ui-state-default{background:#f2f2f2;border:0px}
-.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 250px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
+.ui-tailscale-row {display: flex;justify-content: space-between;min-width: 300px;width: 100%;flex-wrap: nowrap;overflow-x: auto;}
 .ui-tailscale-label {flex: 1;}
 .ui-tailscale-value {flex: 3;}

From a4911a1338c8fbd282c40bb25cd0221cc50cacc4 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 18:47:39 +0100
Subject: [PATCH 127/174] Update DockerContainers.php

---
 .../dynamix.docker.manager/include/DockerContainers.php     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index b3e34287f..426bdbab1 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -271,12 +271,12 @@ foreach ($containers as $ct) {
               }
             }
             if (!empty($TSregion)) {
-              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Main Relay:</span><span class='ui-tailscale-value'>" . $TSregion . "</span></div>";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>DERP Relay:</span><span class='ui-tailscale-value'>" . $TSregion . "</span></div>";
             } else {
-              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Main Relay:</span><span class='ui-tailscale-value'>" . $TSstats["Self"]["Relay"] . "</span></div>";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>DERP Relay:</span><span class='ui-tailscale-value'>" . $TSstats["Self"]["Relay"] . "</span></div>";
             }
           } else {
-            $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Main Relay:</span><span class='ui-tailscale-value'>" . $TSstats["Self"]["Relay"] . "</span></div>";
+            $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>DERP Relay:</span><span class='ui-tailscale-value'>" . $TSstats["Self"]["Relay"] . "</span></div>";
           }
           if (!empty($TSstats["Self"]["TailscaleIPs"])) {
             $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Addresses:</span><span class='ui-tailscale-value'>" . implode("<br/>", $TSstats["Self"]["TailscaleIPs"]) . "</span></div>";

From ba9caaaff492aaad5c2f323e3907f5bf9bd92903 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Wed, 30 Oct 2024 21:18:59 +0100
Subject: [PATCH 128/174] Change `Version` to `Tailscale`

---
 .../dynamix.docker.manager/include/DockerContainers.php     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
index 426bdbab1..68925e221 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerContainers.php
@@ -246,12 +246,12 @@ foreach ($containers as $ct) {
           if (!empty($TS_version)) {
             if (!empty($TS_latest_version)) {
               if ($TS_version !== $TS_latest_version) {
-                $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Version:</span><span class='ui-tailscale-value'>" . $TS_version . " &#10132; " . $TS_latest_version . " available!</span></div>";
+                $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Tailscale:</span><span class='ui-tailscale-value'>v" . $TS_version . " &#10132; v" . $TS_latest_version . " available!</span></div>";
               } else {
-                $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Version:</span><span class='ui-tailscale-value'>" . $TS_version . "</span></div>";
+                $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Tailscale:</span><span class='ui-tailscale-value'>v" . $TS_version . "</span></div>";
               }
             } else {
-              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Version:</span><span class='ui-tailscale-value'>" . $TS_version . "</span></div>";
+              $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Tailscale:</span><span class='ui-tailscale-value'>v" . $TS_version . "</span></div>";
             }
           }
           $TSinfo .= "<div class='ui-tailscale-row'><span class='ui-tailscale-label'>Online:</span><span class='ui-tailscale-value'>&#9989;</span></div>";

From 097b3781743d7cc010db7a5e52da3fa63be2d7f5 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Thu, 31 Oct 2024 07:07:14 +0100
Subject: [PATCH 129/174] Add `USER_HOME` to state dir detection

- Make containers with variable `USER_HOME` variable compatible with state dir detection
---
 share/docker/tailscale_container_hook | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index c000bca0b..9036cdfc6 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -135,6 +135,9 @@ if [ ! -z "${SERVER_DIR}" ]; then
 elif [ ! -z "${DATA_DIR}" ]; then
   TSD_STATE_DIR="${DATA_DIR}/.tailscale_state"
   echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
+elif [ ! -z "${USER_HOME}" ]; then
+  TSD_STATE_DIR="${USER_HOME}/.tailscale_state"
+  echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
 else
   if [ -z "${TAILSCALE_STATE_DIR}" ]; then
     TAILSCALE_STATE_DIR="/config/.tailscale_state"

From f7cb0f2f0015733751a40b901bf5077dfd8ac992 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Fri, 1 Nov 2024 21:47:05 +0100
Subject: [PATCH 130/174] NTP enhancements

- Add new parameter "NTP interval", this can be useful when you run your own NTP servers
- Add pool support, this allows a round-robin selection of NTP servers out of a pool, and improves server availability
---
 emhttp/plugins/dynamix/DateTime.page       | 10 +++++++++
 emhttp/plugins/dynamix/sheets/DateTime.css |  1 +
 etc/rc.d/rc.ntpd                           | 24 +++++++++++++++++-----
 3 files changed, 30 insertions(+), 5 deletions(-)
 create mode 100644 emhttp/plugins/dynamix/sheets/DateTime.css

diff --git a/emhttp/plugins/dynamix/DateTime.page b/emhttp/plugins/dynamix/DateTime.page
index d7fdaae60..3c1c13f5a 100644
--- a/emhttp/plugins/dynamix/DateTime.page
+++ b/emhttp/plugins/dynamix/DateTime.page
@@ -59,6 +59,14 @@ _(Use NTP)_:
 
 :use_ntp_help:
 
+_(NTP interval)_:
+: <select name="display_ntppoll">
+  <?=mk_option(_var($display,'ntppoll'), "", _('Default'))?>
+  <?=mk_option(_var($display,'ntppoll'), "8", _('Slow'))?>
+  <?=mk_option(_var($display,'ntppoll'), "5", _('Medium'))?>
+  <?=mk_option(_var($display,'ntppoll'), "3", _('Fast'))?>
+  </select><span class="ntp orange-text">_(Use DEFAULT setting when public NTP servers are defined)_</span>
+
 _(NTP server)_ 1:
 : <input type="text" name="NTP_SERVER1" maxlength="40" class="narrow" value="<?=htmlspecialchars($var['NTP_SERVER1'])?>">
 
@@ -107,12 +115,14 @@ function presetTime(form) {
 function checkDateTimeSettings(form) {
   if (form.USE_NTP.value=="yes") {
     form.newDateTime.disabled=true;
+    form.display_ntppoll.disabled=false;
     form.NTP_SERVER1.disabled=false;
     form.NTP_SERVER2.disabled=false;
     form.NTP_SERVER3.disabled=false;
     form.NTP_SERVER4.disabled=false;
   } else {
     form.newDateTime.disabled=false;
+    form.display_ntppoll.disabled=true;
     form.NTP_SERVER1.disabled=true;
     form.NTP_SERVER2.disabled=true;
     form.NTP_SERVER3.disabled=true;
diff --git a/emhttp/plugins/dynamix/sheets/DateTime.css b/emhttp/plugins/dynamix/sheets/DateTime.css
new file mode 100644
index 000000000..b2eb5cbbe
--- /dev/null
+++ b/emhttp/plugins/dynamix/sheets/DateTime.css
@@ -0,0 +1 @@
+span.ntp{margin-left:40px}
diff --git a/etc/rc.d/rc.ntpd b/etc/rc.d/rc.ntpd
index 75f76c146..deedfedc9 100755
--- a/etc/rc.d/rc.ntpd
+++ b/etc/rc.d/rc.ntpd
@@ -13,6 +13,7 @@ NTPD="/usr/sbin/ntpd"
 OPTIONS="-g -u ntp:ntp"
 CONF="/etc/ntp.conf"
 IDENT="/boot/config/ident.cfg"
+CONFIG="/boot/config/plugins/dynamix/dynamix.cfg"
 
 # run & log functions
 . /etc/rc.d/rc.runlog
@@ -38,11 +39,24 @@ ntpd_build(){
       echo "interface listen $NET" >>$CONF
     done
   fi
-  # add configured NTP servers
-  [[ -n $NTP_SERVER1 ]] && echo "server $NTP_SERVER1 iburst" >>$CONF
-  [[ -n $NTP_SERVER2 ]] && echo "server $NTP_SERVER2 iburst" >>$CONF
-  [[ -n $NTP_SERVER3 ]] && echo "server $NTP_SERVER3 iburst" >>$CONF
-  [[ -n $NTP_SERVER4 ]] && echo "server $NTP_SERVER4 iburst" >>$CONF
+  # ntp poll interval may be adjusted to predefined values
+  if [[ -f $CONFIG ]]; then
+    NTP_POLL=$(grep -Po '^ntppoll="\K[^"]+' $CONFIG)
+    if [[ -n $NTP_POLL ]]; then
+      MINPOLL="minpoll $NTP_POLL"
+      MAXPOLL="maxpoll $NTP_POLL"
+    fi
+  fi
+  # add configured ntp servers or pools
+  for n in {1..4}; do
+    NTP="NTP_SERVER$n"
+    if [[ -n ${!NTP} ]]; then
+      # use either server or pool peers depending on remote ntp name
+      # pools use a round-robin mechanism to get a server out of the pool
+      [[ ${!NTP} =~ "pool" ]] && PEER=pool || PEER=server
+      echo "$PEER ${!NTP} iburst $MINPOLL $MAXPOLL" >>$CONF
+    fi
+  done
 }
 
 ntpd_start(){

From ca85424b7a22a49b6cf1ae5c7dc75c362ac5ddd2 Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Sat, 2 Nov 2024 12:07:34 -0400
Subject: [PATCH 131/174] Update DefaultPageLayout.php

---
 .../dynamix/include/DefaultPageLayout.php     | 81 ++++++++++++-------
 1 file changed, 53 insertions(+), 28 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
index de7a79f3e..24bd8d870 100644
--- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php
+++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
@@ -1112,40 +1112,65 @@ $(function() {
   $('form').append($('<input>').attr({type:'hidden', name:'csrf_token', value:csrf_token}));
 });
 
+var gui_pages_available = [];
+<?
+  $gui_pages = glob("/usr/local/emhttp/plugins/*/*.page");
+  array_walk($gui_pages,function($value,$key){ ?>
+    gui_pages_available.push('<?=basename($value,".page")?>'); <?
+  });
+?>
+
+function isValidURL(url) {
+  try {
+    new URL(url);
+    return true;
+  } catch (err) {
+    return false;
+  }
+}
+
 $('body').on("click","a", function(e) {
   href = $(this).attr("href").trim();
   target = $(this).attr("target");
-
   if ( href ) {
-    if ( href.indexOf("/") == 0 ) {   // all internal links start with "/"
+    if ( href.match('https://[^\.]*.(my)?unraid.net/') || href.indexOf("https://unraid.net/") == 0 || href == "https://unraid.net" || href.indexOf("http://lime-technology.com") == 0) {
       return;
-    }
-    if ( href.match('https://[^\.]*.(my)?unraid.net/') || href.indexOf("https://unraid.net/") == 0 || href == "https://unraid.net" || href.indexOf("http://lime-technology.com/") == 0) {
-      return;
-    } else {
-      if (href !== "#" && href.indexOf("javascript") !== 0) {
-        e.preventDefault();
-        swal({
-          title: "<?=_('External Link')?>",
-          text: "<?=_('Clicking OK will take you to a 3rd party website not associated with Limetech')?><br><br><b>"+href,
-          html: true,
-          type: 'warning',
-          showCancelButton: true,
-          showConfirmButton: true,
-          cancelButtonText: "<?=_('Cancel')?>",
-          confirmButtonText: "<?=_('OK')?>"
-        },function(isConfirm) {
-          if (isConfirm) {
-            var popupOpen = window.open(href,target);
-            if ( !popupOpen || popupOpen.closed || typeof popupOpen == "undefined" ) {
-              var popupWarning = addBannerWarning("<?=_('Popup Blocked.');?>");
-              setTimeout(function() {
-                removeBannerWarning(popupWarning);}
-              ,10000);
-            }
-          }
-        });
+    } 
+
+    if (href !== "#" && href.indexOf("javascript") !== 0) {
+      if ( ! isValidURL(href) ) {
+        if ( href.indexOf("/") == 0 ) {   // all internal links start with "/"
+        return;
       }
+      var baseURLpage = href.split("/");
+        if ( gui_pages_available.includes(baseURLpage[0]) ) {
+          return;
+        }
+      }
+      if ( $(this).hasClass("localURL") ) {
+        return;
+      }
+      e.preventDefault();
+      swal({
+        title: "<?=_('External Link')?>",
+        text: "<span title='"+href+"'><?=_('Clicking OK will take you to a 3rd party website not associated with Limetech')?><br><br><b>"+href+"</span>",
+        html: true,
+        type: 'warning',
+        showCancelButton: true,
+        showConfirmButton: true,
+        cancelButtonText: "<?=_('Cancel')?>",
+        confirmButtonText: "<?=_('OK')?>"
+      },function(isConfirm) {
+        if (isConfirm) {
+          var popupOpen = window.open(href,target);
+          if ( !popupOpen || popupOpen.closed || typeof popupOpen == "undefined" ) {
+            var popupWarning = addBannerWarning("<?=_('Popup Blocked.');?>");
+            setTimeout(function() {
+              removeBannerWarning(popupWarning);}
+            ,10000);
+          }
+        }
+      });
     }
   }
 });

From e90449628065cb00a45e1f53355399b56d6156cb Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Sat, 2 Nov 2024 12:09:26 -0400
Subject: [PATCH 132/174] Update ManagementAccess.page

---
 emhttp/plugins/dynamix/ManagementAccess.page | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/emhttp/plugins/dynamix/ManagementAccess.page b/emhttp/plugins/dynamix/ManagementAccess.page
index de094a7fc..fac57f7fb 100644
--- a/emhttp/plugins/dynamix/ManagementAccess.page
+++ b/emhttp/plugins/dynamix/ManagementAccess.page
@@ -215,8 +215,8 @@ function show_urls($interface) {
   $first = true;
   foreach($urls as $url) {
     if ($url[0] == $interface) {
-      $msg  = "<a href='$url[1]'>$url[1]</a>";
-      if ($url[2]) $msg .= " "._("redirects to")." <a href='$url[2]'>$url[2]</a>";
+      $msg  = "<a class='localURL' href='$url[1]'>$url[1]</a>";
+      if ($url[2]) $msg .= " "._("redirects to")." <a class='localURL' href='$url[2]'>$url[2]</a>";
       if ($url[3]) $msg .= " "._("uses")." ".$url[3];
       if ($url[4]) $msg .= "<span class='warning'> <i class='fa fa-warning fa-fw'></i> "._("is a self-signed certificate, ignore the browser's warning and proceed to the GUI")."</span>";
       // 2nd+ urls need leading $linestart
@@ -438,11 +438,11 @@ _(Self-signed or user-provided certificate)_:
 
 <?if ($cert1URLvalid && _var($var,'USE_SSL')=='yes'):?>
 _(Certificate URL)_:
-: <?="<a href='https://$cert1URL$https_port'>$cert1URL</a>"?>
+: <?="<a class='localURL' href='https://$cert1URL$https_port'>$cert1URL</a>"?>
 
 <?elseif ($cert1URLvalid):?>
 _(Certificate URL)_:
-: <?=$cert1URL?>
+: <?=$cert1URL?>123
 
 <?else:?>
 _(Certificate URL)_:
@@ -474,7 +474,7 @@ _(Unraid Let's Encrypt certificate)_:
 : <?=$cert2File?>
 
 _(Certificate URL)_:
-: <?="<a href='https://$subject2URL$https_port'>$cert2Subject</a>"?>
+: <?="<a class='localURL' href='https://$subject2URL$https_port'>$cert2Subject</a>"?>
 
 _(Certificate issuer)_:
 : <?=$cert2Issuer?>
@@ -508,7 +508,7 @@ _(Tailscale Let's Encrypt certificate)_:
 : <?=$cert3File?>
 
 _(Certificate URL)_:
-: <?="<a href='https://$cert3Subject$https_port'>$cert3Subject</a>"?>
+: <?="<a class='localURL' href='https://$cert3Subject$https_port'>$cert3Subject</a>"?>
 
 _(Certificate issuer)_:
 : <?=$cert3Issuer?>

From de9e11d47788efc0cee41eb00f7bf5781df6615d Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Sat, 2 Nov 2024 12:12:29 -0400
Subject: [PATCH 133/174] Update ManagementAccess.page

---
 emhttp/plugins/dynamix/ManagementAccess.page | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/ManagementAccess.page b/emhttp/plugins/dynamix/ManagementAccess.page
index fac57f7fb..483ffe2a1 100644
--- a/emhttp/plugins/dynamix/ManagementAccess.page
+++ b/emhttp/plugins/dynamix/ManagementAccess.page
@@ -442,7 +442,7 @@ _(Certificate URL)_:
 
 <?elseif ($cert1URLvalid):?>
 _(Certificate URL)_:
-: <?=$cert1URL?>123
+: <?=$cert1URL?>
 
 <?else:?>
 _(Certificate URL)_:

From 002d8d925548b1dd0887e47d6e43b0101bfe6248 Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Sat, 2 Nov 2024 12:16:56 -0400
Subject: [PATCH 134/174] Update libvirt_helpers.php

---
 emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
index 457de3bfb..e2e9526ba 100644
--- a/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
+++ b/emhttp/plugins/dynamix.vm.manager/include/libvirt_helpers.php
@@ -712,7 +712,7 @@ private static $encoding = 'UTF-8';
 	$domain_cfgfile = "/boot/config/domain.cfg";
 	$domain_cfg = parse_ini_file($domain_cfgfile);
 
-	if ($domain_cfg['DEBUG'] != "yes") {
+	if ( ($domain_cfg['DEBUG'] ?? false) != "yes") {
 		error_reporting(0);
 	}
 

From 7490f746493c605e9e45515b991df8993cb36492 Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Sun, 3 Nov 2024 09:19:02 -0500
Subject: [PATCH 135/174] Update Credits.page

---
 emhttp/plugins/dynamix/Credits.page | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix/Credits.page b/emhttp/plugins/dynamix/Credits.page
index a56d6732d..1399ee27c 100644
--- a/emhttp/plugins/dynamix/Credits.page
+++ b/emhttp/plugins/dynamix/Credits.page
@@ -3,7 +3,7 @@ Title="Credits"
 Icon="icon-credits"
 Tag="trophy"
 ---
-**Unraid webGUI** Copyright &copy; 2005-2023, [Lime Technology, Inc.](http://lime-technology.com)
+**Unraid webGUI** Copyright &copy; 2005-2023, [Lime Technology, Inc.](https://unraid.net/)
 
 **Dynamix** Copyright &copy; 2012-2023, Bergware International.
 
@@ -29,7 +29,7 @@ and may not be used in any other project without written permission from Lime Te
 
 * Settings, Tools and Case icons. Copyright &copy; 2018-2020, [Magnus Engø.](http://www.magnusengo.net/) Used with permission.
 
-**Unraid**&reg; is a registered trademark of [Lime Technology, Inc.](http://lime-technology.com)
+**Unraid**&reg; is a registered trademark of [Lime Technology, Inc.](https://unraid.net/)
 
 This file shall be included in all copies or substantial portions of the Software.
 
@@ -47,6 +47,6 @@ foreach (glob("$plugins/lang-*.xml", GLOB_NOSORT) as $link) {
   $author = language('Author', $xml_file);
   $credits[] = "<li><p><i>$lang ($local)</i> translation by $author</p></li>";
 }
-if (count($credits)) echo '<br><b>Language Translations</b> Copyright &copy; 2020-2023, <a href="http://lime-technology.com">Lime Technology, Inc.</a><br><ul>'.implode('',$credits).'</ul>';
+if (count($credits)) echo '<br><b>Language Translations</b> Copyright &copy; 2020-2023, <a href="https://unraid.net/">Lime Technology, Inc.</a><br><ul>'.implode('',$credits).'</ul>';
 ?>
 <br><input type="button" value="_(Done)_" onclick="done()">

From e9d98f2020f570f995d895f08db03bdc385a236c Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Sun, 3 Nov 2024 09:23:08 -0500
Subject: [PATCH 136/174] Update FlashInfo.page

---
 emhttp/plugins/dynamix/FlashInfo.page | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix/FlashInfo.page b/emhttp/plugins/dynamix/FlashInfo.page
index 5fdf62048..6113d787a 100644
--- a/emhttp/plugins/dynamix/FlashInfo.page
+++ b/emhttp/plugins/dynamix/FlashInfo.page
@@ -3,8 +3,8 @@ Title="Flash Device Settings"
 Tag="usb"
 ---
 <?PHP
-/* Copyright 2005-2023, Lime Technology
- * Copyright 2012-2023, Bergware International.
+/* Copyright 2005-2024, Lime Technology
+ * Copyright 2012-2024, Bergware International.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License version 2,
@@ -56,7 +56,7 @@ _(Flash GUID)_:
 <?if (strstr($var['regTy'], "blacklisted")):?>
 
 &nbsp;
-: **_(Blacklisted)_** - <a href="http://lime-technology.com/contact" target="_blank">_(Contact Support)_</a>
+: **_(Blacklisted)_** - <a href="https://unraid.net/contact" target="_blank">_(Contact Support)_</a>
 
 <?else:?>
 

From 5bf8d722f95dffa30916ae364536c1005a763803 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Mon, 4 Nov 2024 19:23:20 +0100
Subject: [PATCH 137/174] Fix for tooltipster `click` not working

- Tooltip now opens on `hover` and `click`
---
 .../dynamix.docker.manager/DockerContainers.page       | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/DockerContainers.page b/emhttp/plugins/dynamix.docker.manager/DockerContainers.page
index eb3d8ee61..13d6e42c2 100644
--- a/emhttp/plugins/dynamix.docker.manager/DockerContainers.page
+++ b/emhttp/plugins/dynamix.docker.manager/DockerContainers.page
@@ -119,7 +119,15 @@ function loadlist(init) {
     $('#docker_list .TS_tooltip').tooltipster({
       animation: 'fade',
       delay: 200,
-      trigger: 'hover',
+      trigger: 'custom',
+      triggerOpen: {
+        mouseenter: true,
+        click: true
+      },
+      triggerClose: {
+        mouseleave: true,
+        click: true
+      },
       contentAsHTML: true
     });
     $('head').append('<script>'+data[1]+'<\/script>');

From f87dd8281bf9b8fc6561407eb8cdee8bdc3e2a3e Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Mon, 4 Nov 2024 19:54:28 -0500
Subject: [PATCH 138/174] Update DefaultPageLayout.php

---
 emhttp/plugins/dynamix/include/DefaultPageLayout.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
index 24bd8d870..5357398dd 100644
--- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php
+++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
@@ -1133,7 +1133,7 @@ $('body').on("click","a", function(e) {
   href = $(this).attr("href").trim();
   target = $(this).attr("target");
   if ( href ) {
-    if ( href.match('https://[^\.]*.(my)?unraid.net/') || href.indexOf("https://unraid.net/") == 0 || href == "https://unraid.net" || href.indexOf("http://lime-technology.com") == 0) {
+    if ( href.match('https?://[^\.]*.(my)?unraid.net/') || href.indexOf("https://unraid.net/") == 0 || href == "https://unraid.net" || href.indexOf("http://lime-technology.com") == 0) {
       return;
     } 
 

From 235b93fc3af6f02d071748c81a76332a69df6238 Mon Sep 17 00:00:00 2001
From: Christoph Hummer <christophhummer@gmail.com>
Date: Tue, 5 Nov 2024 12:31:04 +0100
Subject: [PATCH 139/174] Make hook script compatible with busybox `date`

---
 share/docker/tailscale_container_hook | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index 9036cdfc6..bc20c18a9 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -249,11 +249,16 @@ fi
 KEY_EXPIRY=$(tailscale status --json | jq -r '.Self.KeyExpiry')
 if [ "${KEY_EXPIRY}" != "null" ]; then
   EXPIRY_EPOCH=$(date -d "${KEY_EXPIRY}" +"%s" 2>/dev/null)
+  if [ -z "${EXPIRY_EPOCH}" ]; then
+    EXPIRY_EPOCH=$(date -d "$(echo "${KEY_EXPIRY}" | sed 's/T/ /; s/Z//')" +"%s")
+  fi
   CUR_EPOCH=$(date -u +%s)
   DIFF_EPOCH=$((EXPIRY_EPOCH - CUR_EPOCH))
   DIFF_DAYS=$((DIFF_EPOCH / 86400))
   HOST=$(tailscale status --json | jq -r '.Self.HostName')
-  if [ -n "${DIFF_DAYS}" ] && echo "${DIFF_DAYS}" | grep -Eq '^[0-9]+$'; then
+  if [ -z "${EXPIRY_EPOCH}" ]; then
+    echo "WARNING: An error occurred while retrieving the Tailscale key expiry!"
+  elif [ -n "${DIFF_DAYS}" ] && echo "${DIFF_DAYS}" | grep -Eq '^[0-9]+$'; then
     echo "WARNING: Tailscale Key will expire in ${DIFF_DAYS} days."
     echo "         Navigate to https://login.tailscale.com/admin/machines and 'Disable Key Expiry' for ${HOST}"
   else

From 1a5cf897a56a435efcf357db9372cc3613e4766d Mon Sep 17 00:00:00 2001
From: ljm42 <larry_meaney@iname.com>
Date: Wed, 6 Nov 2024 15:40:30 -0700
Subject: [PATCH 140/174] Simplify 'rc.nginx update'

---
 etc/rc.d/rc.library.source | 9 +--------
 etc/rc.d/rc.nginx          | 1 +
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/etc/rc.d/rc.library.source b/etc/rc.d/rc.library.source
index f127fef53..a37043f06 100644
--- a/etc/rc.d/rc.library.source
+++ b/etc/rc.d/rc.library.source
@@ -29,14 +29,7 @@ this(){
   'rpc')
     grep -Pom1 "^RPCBIND_OPTS=\"\K[^\"]+" $RPC ;;
   'nginx')
-    MAP=();
-    for ADDR in $(awk '$1=="listen" && $2~/^[0-9]|\[/ && !/# lo/{print $2}' $SERVERS 2>/dev/null); do
-      # extract ipv4 / ipv6 address
-      [[ $(ipv $ADDR) == 4 ]] && ADDR=${ADDR%:*} || ADDR=${ADDR#*[} ADDR=${ADDR%]*}
-      MAP+=($ADDR)
-    done
-    # return addresses
-    echo ${MAP[@]} ;;
+    grep -Po "^NGINX_BIND=\"\K[^\"]+" ${INI%.*} 2>/dev/null ;;
   esac
 }
 
diff --git a/etc/rc.d/rc.nginx b/etc/rc.d/rc.nginx
index d514ac00e..9f55a42dc 100755
--- a/etc/rc.d/rc.nginx
+++ b/etc/rc.d/rc.nginx
@@ -628,6 +628,7 @@ build_ssl(){
   echo "NGINX_LANIP6=\"$LANIP6\"" >>$INI
   echo "NGINX_LANNAME=\"$LANNAME\"" >>$INI
   echo "NGINX_LANMDNS=\"$LANMDNS\"" >>$INI
+  echo "NGINX_BIND=\"$BIND\"" >>$INI
   echo "NGINX_CERTPATH=\"$CERTPATH\"" >>$INI
   echo "NGINX_USESSL=\"$USE_SSL\"" >>$INI
   echo "NGINX_PORT=\"$PORT\"" >>$INI

From faf1c483242b003b7e4a98b5cfc9602fd6774ea1 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Fri, 8 Nov 2024 21:44:59 +0100
Subject: [PATCH 141/174] Updates and Fixes

- Make sure to retrigger check for Tailscale each time user changes network
---
 .../plugins/dynamix.docker.manager/include/CreateDocker.php   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index 70d73cabf..e24f389cb 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -1528,6 +1528,10 @@ function showSubnet(bridge) {
     $('.netCONT').hide();
     $('#netCONT').val('');
   }
+  // make sure to re-trigger Tailscale check when network is changed
+  if ($('#contTailscale').prop('checked')) {
+    showTailscale(true);
+  }
 }
 
 function processExitNodeoptions(value) {

From af39488dd4ea16bad019163fb23eeb8b54940f5c Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Fri, 8 Nov 2024 21:47:15 +0100
Subject: [PATCH 142/174] Add `speedtest-cli` to troubleshooting packages

---
 share/docker/tailscale_container_hook | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index 9036cdfc6..e8b46d966 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -58,11 +58,11 @@ if [ ! -f /usr/bin/tailscale ] || [ ! -f /usr/bin/tailscaled ]; then
 
   if [ "${TAILSCALE_TROUBLESHOOTING}" = "true" ]; then
     if which apt-get >/dev/null 2>&1; then
-      PACKAGES_TROUBLESHOOTING="curl dnsutils iputils-ping "
+      PACKAGES_TROUBLESHOOTING="curl dnsutils iputils-ping speedtest-cli "
     elif which apk >/dev/null 2>&1; then
-      PACKAGES_TROUBLESHOOTING="curl bind-tools iputils-ping "
+      PACKAGES_TROUBLESHOOTING="curl bind-tools iputils-ping speedtest-cli "
     elif which pacman >/dev/null 2>&1; then
-      PACKAGES_TROUBLESHOOTING="curl dnsutils iputils "
+      PACKAGES_TROUBLESHOOTING="curl dnsutils iputils speedtest-cli "
     fi
     echo "Tailscale Troubleshooting enabled!"
     echo "Installing additional packages: $(echo "${PACKAGES_TROUBLESHOOTING}" | sed 's/[[:blank:]]*$//' | sed 's/ /, /g')"

From 40c78a1931b654d02ddc66682a5c71971665607b Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Fri, 8 Nov 2024 21:48:05 +0100
Subject: [PATCH 143/174] Add speedtest-cli to helptext

---
 emhttp/languages/en_US/helptext.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index 395bc7c26..cd22b20df 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -2452,7 +2452,7 @@ If state directory detection fails on startup, you can specify a persistent dire
 :end
 
 :docker_tailscale_troubleshooting_packages_help:
-Enable this to install `ping`, `nslookup`, and `curl` into the container to help troubleshoot networking issues. Once the issues are resolved we recommend disabling this to reduce the size of the container.
+Enable this to install `ping`, `nslookup`, `curl`, and `speedtest-cli` into the container to help troubleshoot networking issues. Once the issues are resolved we recommend disabling this to reduce the size of the container.
 :end
 
 :docker_privileged_help:

From 0b9d61bb276b28eefde3e20b655f4b3e6adbf16c Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Sat, 9 Nov 2024 19:16:22 +0100
Subject: [PATCH 144/174] Dashboard: fix active NTP server count

---
 emhttp/plugins/dynamix/include/DashboardApps.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index c8e834270..c466acb46 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -21,7 +21,7 @@ require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php";
 require_once "$docroot/plugins/dynamix.vm.manager/include/libvirt_helpers.php";
 
 if (isset($_POST['ntp'])) {
-  $ntp = exec("ntpq -pn|awk '{if (NR>3 && $2!=\".INIT.\") c++} END {print c}'");
+  $ntp = exec("ntpq -pn|awk '{if (NR>3 && $2!~/\.(DENY|INIT|RATE|TIME|STEP|DNS[46]?|NTS[46]?)\./) c++} END {print c}'");
   die($ntp ? sprintf(_('Clock synchronized with %s NTP server'.($ntp==1?'':'s')),$ntp) : _('Clock is unsynchronized with no NTP servers'));
 }
 

From ced039efb62b13a1ebaf72c1393510eccac02d2c Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Sat, 9 Nov 2024 19:19:37 +0100
Subject: [PATCH 145/174] Dashboard: fix active NTP server count

---
 emhttp/plugins/dynamix/include/DashboardApps.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index c466acb46..a932ca9d4 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -21,7 +21,7 @@ require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php";
 require_once "$docroot/plugins/dynamix.vm.manager/include/libvirt_helpers.php";
 
 if (isset($_POST['ntp'])) {
-  $ntp = exec("ntpq -pn|awk '{if (NR>3 && $2!~/\.(DENY|INIT|RATE|TIME|STEP|DNS[46]?|NTS[46]?)\./) c++} END {print c}'");
+  $ntp = exec("ntpq -pn|awk '{if (NR>3 && $2!~/\.(POOL|DENY|INIT|RATE|TIME|STEP|DNS[46]?|NTS[46]?)\./) c++} END {print c}'");
   die($ntp ? sprintf(_('Clock synchronized with %s NTP server'.($ntp==1?'':'s')),$ntp) : _('Clock is unsynchronized with no NTP servers'));
 }
 

From 08fd1e85c03eaaa92d20f218cbbd946edbd02946 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Sat, 9 Nov 2024 19:49:10 +0100
Subject: [PATCH 146/174] Dashboard: fix active NTP server count

---
 emhttp/plugins/dynamix/include/DashboardApps.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index a932ca9d4..f9553523b 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -21,7 +21,7 @@ require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php";
 require_once "$docroot/plugins/dynamix.vm.manager/include/libvirt_helpers.php";
 
 if (isset($_POST['ntp'])) {
-  $ntp = exec("ntpq -pn|awk '{if (NR>3 && $2!~/\.(POOL|DENY|INIT|RATE|TIME|STEP|DNS[46]?|NTS[46]?)\./) c++} END {print c}'");
+  $ntp = exec("ntpq -pn|awk '{if (NR>3 && $1~/^[*+]/) c++} END {print c}'");
   die($ntp ? sprintf(_('Clock synchronized with %s NTP server'.($ntp==1?'':'s')),$ntp) : _('Clock is unsynchronized with no NTP servers'));
 }
 

From 544080016eb700ab10788fa00714abda5c2a7c60 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Sun, 10 Nov 2024 09:44:07 +0100
Subject: [PATCH 147/174] Update DashboardApps.php

---
 emhttp/plugins/dynamix/include/DashboardApps.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index f9553523b..8e5ac6e72 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -164,12 +164,10 @@ if ($_POST['vms']) {
 
   echo "\0";
   echo "<tr title='' class='useupdated'><td>";
-  if ($vmusage == "Y") {
-    foreach ($vmusagehtml as $vmhtml) {
-      echo $vmhtml;
-     }
-    if (!count($vmusagehtml))  echo "<span id='no_usagevms'><br> "._('No running virtual machines')."<br></span>";
-    if ($running < 1 && count($vmusagehtml)) echo "<span id='no_usagevms'><br>". _('No running virtual machines')."<br></span>";
+  if ($vmusage=='Y') {
+    foreach ($vmusagehtml as $vmhtml) echo $vmhtml;
+    if (!count($vmusagehtml)) echo "<span id='no_usagevms'><br> "._('No running virtual machines')."<br></span>";
+    if ($running<1 && count($vmusagehtml)) echo "<span id='no_usagevms'><br>". _('No running virtual machines')."<br></span>";
     echo "</td></tr>";
   }
 }

From 78e54bedfe627a070e45cfe335604e069fe250b3 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Sun, 10 Nov 2024 09:46:46 +0100
Subject: [PATCH 148/174] Update DashStats.page

---
 emhttp/plugins/dynamix/DashStats.page | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix/DashStats.page b/emhttp/plugins/dynamix/DashStats.page
index 917e4cbbc..6dac1a59f 100644
--- a/emhttp/plugins/dynamix/DashStats.page
+++ b/emhttp/plugins/dynamix/DashStats.page
@@ -2,7 +2,8 @@ Menu="Dashboard"
 Nchan="wg_poller,update_1,update_2,update_3,ups_status:stop,vm_dashusage"
 ---
 <?PHP
-/* Copyright 2005-2023, Lime Technology * Copyright 2012-2023, Bergware International.
+/* Copyright 2005-2023, Lime Technology
+ * Copyright 2012-2023, Bergware International.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License version 2,
@@ -1539,7 +1540,7 @@ vmdashusage.on('message', function(msg){
   var data = JSON.parse(msg);
   for (const [vm, vmdata] of Object.entries(data)) {
     for (const [displayitem, value] of Object.entries(vmdata)) {
-    $('#vmmetrics-'+displayitem + '-' + vm ).html(value); 
+    $('#vmmetrics-'+displayitem + '-' + vm ).html(value);
     }
   }
   });

From ef382836f5e2d5d5d2d3282d2cac59ebf5e81ecb Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Tue, 12 Nov 2024 03:31:23 +0100
Subject: [PATCH 149/174] Dashboard: fix active NTP server count

---
 emhttp/plugins/dynamix/include/DashboardApps.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index 8e5ac6e72..0de3588ba 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -21,8 +21,8 @@ require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php";
 require_once "$docroot/plugins/dynamix.vm.manager/include/libvirt_helpers.php";
 
 if (isset($_POST['ntp'])) {
-  $ntp = exec("ntpq -pn|awk '{if (NR>3 && $1~/^[*+]/) c++} END {print c}'");
-  die($ntp ? sprintf(_('Clock synchronized with %s NTP server'.($ntp==1?'':'s')),$ntp) : _('Clock is unsynchronized with no NTP servers'));
+  $ntp = exec("ntpq -pn|awk '$1~/^\*/{print $9;exit}'");
+  die($ntp ? sprintf(_('Clock is synchronized using NTP, time offset: %s ms'),abs($ntp)) : _('Clock is unsynchronized with no NTP servers'));
 }
 
 if ($_POST['docker']) {

From 36fa0f59a60c00032a8f922677ec58d6c0227198 Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Wed, 13 Nov 2024 11:14:35 +0100
Subject: [PATCH 150/174] Dashboard: fix active NTP server count

---
 emhttp/plugins/dynamix/include/DashboardApps.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index 0de3588ba..d08856131 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -21,8 +21,11 @@ require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php";
 require_once "$docroot/plugins/dynamix.vm.manager/include/libvirt_helpers.php";
 
 if (isset($_POST['ntp'])) {
-  $ntp = exec("ntpq -pn|awk '$1~/^\*/{print $9;exit}'");
-  die($ntp ? sprintf(_('Clock is synchronized using NTP, time offset: %s ms'),abs($ntp)) : _('Clock is unsynchronized with no NTP servers'));
+  if (exec("pgrep -cf /usr/sbin/ntpd")) {
+    $ntp = exec("ntpq -pn|awk '$1~/^\*/{print $9;exit}'");
+    die($ntp ? sprintf(_('Clock is synchronized using NTP, time offset: %s ms'),abs($ntp)) : _('Clock is unsynchronized with no NTP servers'));
+  }
+  die(_('Clock is unsynchronized, manual time setting'));
 }
 
 if ($_POST['docker']) {

From c0e2c4808bade7108c2e3c13c600f76c7a6b224f Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Thu, 14 Nov 2024 12:20:56 -0600
Subject: [PATCH 151/174] Fix invalid situation where useCache is 'no' when
 array is enabled.

---
 emhttp/plugins/dynamix/ShareEdit.page        | 5 +++++
 emhttp/plugins/dynamix/include/ShareList.php | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix/ShareEdit.page b/emhttp/plugins/dynamix/ShareEdit.page
index 093ad9ff6..2c002922d 100644
--- a/emhttp/plugins/dynamix/ShareEdit.page
+++ b/emhttp/plugins/dynamix/ShareEdit.page
@@ -56,6 +56,11 @@ if ((! $share['cachePool']) && ($share['cachePool2'])) {
 	$share['cachePool2']	= "";
 }
 
+/* If useCache is "no" with an array, this is invalid and useCache has to be 'only'. */
+if ((! $poolsOnly) && ($share['useCache'] == "no")) {
+	$share['useCache'] = 'only';
+}
+
 /* Check for non existent pool device. */
 if ($share['cachePool'] && !in_array($share['cachePool'], $pools)) {
 	$poolDefined = false;
diff --git a/emhttp/plugins/dynamix/include/ShareList.php b/emhttp/plugins/dynamix/include/ShareList.php
index 20b64fb85..6950802ae 100644
--- a/emhttp/plugins/dynamix/include/ShareList.php
+++ b/emhttp/plugins/dynamix/include/ShareList.php
@@ -214,8 +214,8 @@ foreach ($shares as $name => $share) {
 		$share_valid	= true;
 	}
 
-	/* When there is no array, all pools are treated as 'only' cache. */
-	if (($poolsOnly) && (! $share['cachePool2'])) {
+	/* When there is no array, all pools are treated as 'only' cache. If useCache is "no" with an array, this is invalid and useCache has to be 'only'. */
+	if ((($poolsOnly) && (! $share['cachePool2'])) || ((! $poolsOnly) && ($share['useCache'] == "no"))) {
 		$share['useCache'] = 'only';
 	}
 

From d32be172f2639d5a512cb685e36d746650d327cd Mon Sep 17 00:00:00 2001
From: bergware <bergware@users.noreply.github.com>
Date: Sun, 17 Nov 2024 14:07:11 +0100
Subject: [PATCH 152/174] Dashboard: fix active NTP server count

---
 emhttp/plugins/dynamix/include/DashboardApps.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php
index d08856131..871d29abb 100644
--- a/emhttp/plugins/dynamix/include/DashboardApps.php
+++ b/emhttp/plugins/dynamix/include/DashboardApps.php
@@ -25,7 +25,7 @@ if (isset($_POST['ntp'])) {
     $ntp = exec("ntpq -pn|awk '$1~/^\*/{print $9;exit}'");
     die($ntp ? sprintf(_('Clock is synchronized using NTP, time offset: %s ms'),abs($ntp)) : _('Clock is unsynchronized with no NTP servers'));
   }
-  die(_('Clock is unsynchronized, manual time setting'));
+  die(_('Clock is unsynchronized, free-running clock'));
 }
 
 if ($_POST['docker']) {

From 998b10587ef954fb957b4344672836f603d9c4e0 Mon Sep 17 00:00:00 2001
From: dlandon <dlandon@familyoflandon.com>
Date: Mon, 18 Nov 2024 15:44:19 -0600
Subject: [PATCH 153/174] Fix drop downs not working.

---
 emhttp/plugins/dynamix.docker.manager/DockerSettings.page | 2 --
 emhttp/plugins/dynamix/OutgoingProxy.page                 | 3 ---
 2 files changed, 5 deletions(-)

diff --git a/emhttp/plugins/dynamix.docker.manager/DockerSettings.page b/emhttp/plugins/dynamix.docker.manager/DockerSettings.page
index 21d392048..82fdb7928 100644
--- a/emhttp/plugins/dynamix.docker.manager/DockerSettings.page
+++ b/emhttp/plugins/dynamix.docker.manager/DockerSettings.page
@@ -135,10 +135,8 @@ _(Enable Docker)_:
 
 _(Enable container table readmore-js)_:
 : <select id="DOCKER_READMORE" name="DOCKER_READMORE">
-
   <?=mk_option(_var($dockercfg,'DOCKER_READMORE'), 'yes', _('Yes'))?>
   <?=mk_option(_var($dockercfg,'DOCKER_READMORE'), 'no', _('No'))?>
-
   </select>
 
 :docker_readmore_help:
diff --git a/emhttp/plugins/dynamix/OutgoingProxy.page b/emhttp/plugins/dynamix/OutgoingProxy.page
index da0ad530b..7af303001 100644
--- a/emhttp/plugins/dynamix/OutgoingProxy.page
+++ b/emhttp/plugins/dynamix/OutgoingProxy.page
@@ -67,15 +67,12 @@ $proxy_3_url			= $url_array['full_url'];
 _(Select Proxy)_:
 : <select name="proxy_active" style="width:20%;" size="1">
 	<?=mk_option($cfg['proxy_active'], "0", "_(None)_");?>
-
 	<?if (($cfg['proxy_url_1']) && ($cfg['proxy_name_1'])):?>
 	<?=mk_option($cfg['proxy_active'], "1", $cfg['proxy_name_1'], "disabled");?>
 	<?endif;?>
-
 	<?if (($cfg['proxy_url_2']) && ($cfg['proxy_name_2'])):?>
 	<?=mk_option($cfg['proxy_active'], "2", $cfg['proxy_name_2'], "disabled");?>
 	<?endif;?>
-
 	<?if (($cfg['proxy_url_3']) && ($cfg['proxy_name_3'])):?>
 	<?=mk_option($cfg['proxy_active'], "3", $cfg['proxy_name_3'], "disabled");?>
 	<?endif;?>

From ba34c94a27bd4395ace8502cc60ee6e19c67007e Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Wed, 20 Nov 2024 12:19:39 +0100
Subject: [PATCH 154/174] Update CreateDocker.php

Make sure to replace `[IP]` and `[PORT:]` in query string from URL
---
 .../plugins/dynamix.docker.manager/include/CreateDocker.php   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
index e24f389cb..b2fa890d1 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/CreateDocker.php
@@ -450,6 +450,8 @@ if (!empty($TS_no_peers) && !empty($TS_container)) {
     // Check if serve or funnel are enabled by checking for [hostname] and replace string with TS_DNSName
     if (!empty($xml['TailscaleWebUI']) && strpos($xml['TailscaleWebUI'], '[hostname]') !== false && isset($TS_DNSName)) {
       $TS_webui_url = str_replace("[hostname][magicdns]", rtrim($TS_DNSName, '.'), $xml['TailscaleWebUI']);
+      $TS_webui_url = preg_replace('/\[IP\]/', rtrim($TS_DNSName, '.'), $TS_webui_url);
+      $TS_webui_url = preg_replace('/\[PORT:(\d{1,5})\]/', '443', $TS_webui_url);
     // Check if serve is disabled, construct url with port, path and query if present and replace [noserve] with url
     } elseif (strpos($xml['TailscaleWebUI'], '[noserve]') !== false && isset($TS_container['TailscaleIPs'])) {
       $ipv4 = '';
@@ -464,6 +466,8 @@ if (!empty($TS_no_peers) && !empty($TS_container)) {
         $webui_port = (preg_match('/\[PORT:(\d+)\]/', $xml['WebUI'], $matches)) ? ':' . $matches[1] : '';
         $webui_path = $webui_url['path'] ?? '';
         $webui_query = isset($webui_url['query']) ? '?' . $webui_url['query'] : '';
+        $webui_query = preg_replace('/\[IP\]/', $ipv4, $webui_query);
+        $webui_query = preg_replace('/\[PORT:(\d{1,5})\]/', ltrim($webui_port, ':'), $webui_query);
         $TS_webui_url = 'http://' . $ipv4 . $webui_port . $webui_path . $webui_query;
       }
     // Check if TailscaleWebUI in the xml is custom and display instead

From 88f933012716636b4f84beb4e53b60bf333533c1 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Wed, 20 Nov 2024 12:21:55 +0100
Subject: [PATCH 155/174] Update DockerClient.php

Make sure to replace `[IP]` and `[PORT:]` in query string from URL
---
 .../plugins/dynamix.docker.manager/include/DockerClient.php   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
index bd2490836..b30b6d331 100644
--- a/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
+++ b/emhttp/plugins/dynamix.docker.manager/include/DockerClient.php
@@ -355,6 +355,8 @@ class DockerTemplates {
 						// Check if serve or funnel are enabled by checking for [hostname] and replace string with TS_DNSName
 						if (strpos($ct['TSUrl'], '[hostname]') !== false && isset($TS_DNSName)) {
 							$tmp['TSurl'] = str_replace("[hostname][magicdns]", rtrim($TS_DNSName, '.'), $ct['TSUrl']);
+							$tmp['TSurl'] = preg_replace('/\[IP\]/', rtrim($TS_DNSName, '.'), $tmp['TSurl']);
+							$tmp['TSurl'] = preg_replace('/\[PORT:(\d{1,5})\]/', '443', $tmp['TSurl']);
 						// Check if serve is disabled, construct url with port, path and query if present and replace [noserve] with url
 						} elseif (strpos($ct['TSUrl'], '[noserve]') !== false && isset($TS_container['TailscaleIPs'])) {
 							$ipv4 = '';
@@ -369,6 +371,8 @@ class DockerTemplates {
 								$webui_port = (preg_match('/\[PORT:(\d+)\]/', $webui, $matches)) ? ':' . $matches[1] : '';
 								$webui_path = $webui_url['path'] ?? '';
 								$webui_query = isset($webui_url['query']) ? '?' . $webui_url['query'] : '';
+								$webui_query = preg_replace('/\[IP\]/', $ipv4, $webui_query);
+								$webui_query = preg_replace('/\[PORT:(\d{1,5})\]/', ltrim($webui_port, ':'), $webui_query);
 								$tmp['TSurl'] = 'http://' . $ipv4 . $webui_port . $webui_path . $webui_query;
 							}
 						// Check if TailscaleWebUI in the xml is custom and display instead

From a56b565393d430ed99e96af5f2c7a8ec97d492fa Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Wed, 20 Nov 2024 13:03:12 +0100
Subject: [PATCH 156/174] Don't update packages on Arch based containers

---
 share/docker/tailscale_container_hook | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index 3abfd2ae1..e6db15ccc 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -50,7 +50,7 @@ if [ ! -f /usr/bin/tailscale ] || [ ! -f /usr/bin/tailscaled ]; then
     PACKAGES_INSTALL="apk add"
   elif which pacman >/dev/null 2>&1; then
     echo "Detected pacman Package Manager!"
-    PACKAGES_INSTALL="pacman -Syu --noconfirm"
+    PACKAGES_INSTALL="pacman -Sy --noconfirm"
   else
     echo "ERROR: Detection from Package Manager failed!"
     error_handler

From 81746bcd8b23b3ad0ca6bad0d244f669c2bab766 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Wed, 20 Nov 2024 13:07:48 +0100
Subject: [PATCH 157/174] Revert Don't update packages on Arch based containers

---
 share/docker/tailscale_container_hook | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index e6db15ccc..3abfd2ae1 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -50,7 +50,7 @@ if [ ! -f /usr/bin/tailscale ] || [ ! -f /usr/bin/tailscaled ]; then
     PACKAGES_INSTALL="apk add"
   elif which pacman >/dev/null 2>&1; then
     echo "Detected pacman Package Manager!"
-    PACKAGES_INSTALL="pacman -Sy --noconfirm"
+    PACKAGES_INSTALL="pacman -Syu --noconfirm"
   else
     echo "ERROR: Detection from Package Manager failed!"
     error_handler

From c19df8a7d13b7c3fc81144d9d592eda021901bb5 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Sat, 16 Nov 2024 10:10:52 -0800
Subject: [PATCH 158/174] Fix link to apcupsd manual

---
 emhttp/plugins/dynamix.apcupsd/UPSsettings.page | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix.apcupsd/UPSsettings.page b/emhttp/plugins/dynamix.apcupsd/UPSsettings.page
index 025e0cdf1..bf4e63027 100644
--- a/emhttp/plugins/dynamix.apcupsd/UPSsettings.page
+++ b/emhttp/plugins/dynamix.apcupsd/UPSsettings.page
@@ -44,7 +44,7 @@ $(function() {
 <tbody id="ups_summary"><tr class="ups"><td colspan="7">&nbsp;</td></tr></tbody>
 </table>
 
-<span style="float:right;margin-right:10px"><a href="http://apcupsd.org/manual/manual.html" target="_blank" title="_(APC UPS Daemon user manual)_"><i class="fa fa-file-text-o"></i> <u>_(Online Manual)_</u></a></span>
+<span style="float:right;margin-right:10px"><a href="https://linux.die.net/man/8/apcupsd" target="_blank" title="_(APC UPS Daemon user manual)_"><i class="fa fa-file-text-o"></i> <u>_(Online Manual)_</u></a></span>
 <form markdown="1" name="apcupsd_settings" method="POST" action="/update.php" target="progressFrame">
 <input type="hidden" name="#file" value="<?=$sName?>/<?=$sName?>.cfg">
 <input type="hidden" name="#include" value="/plugins/<?=$sName?>/include/update.apcupsd.php">

From e3a43e7ac512de63dcc06002efcfa11b84c54227 Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Wed, 20 Nov 2024 16:24:43 -0500
Subject: [PATCH 159/174] Fix External Website popup

---
 emhttp/plugins/dynamix/include/DefaultPageLayout.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
index 5357398dd..755d268a1 100644
--- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php
+++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
@@ -1130,9 +1130,10 @@ function isValidURL(url) {
 }
 
 $('body').on("click","a", function(e) {
-  href = $(this).attr("href").trim();
-  target = $(this).attr("target");
+  var href = $(this).attr("href");
+  var target = $(this).attr("target");
   if ( href ) {
+    href = href.trim();
     if ( href.match('https?://[^\.]*.(my)?unraid.net/') || href.indexOf("https://unraid.net/") == 0 || href == "https://unraid.net" || href.indexOf("http://lime-technology.com") == 0) {
       return;
     } 

From 45f315be03fca8dc7f4068bb767480b2e50f99ba Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Sat, 23 Nov 2024 08:12:59 +0000
Subject: [PATCH 160/174] Disable WSD options if array running.

---
 emhttp/plugins/dynamix/SMBsettings.page | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/SMBsettings.page b/emhttp/plugins/dynamix/SMBsettings.page
index 117e9d673..8f1587237 100644
--- a/emhttp/plugins/dynamix/SMBsettings.page
+++ b/emhttp/plugins/dynamix/SMBsettings.page
@@ -77,7 +77,7 @@ _(WSD options [experimental])_:
 <script>
 function checkWSDSettings() {
   form=document.SMBEnable;
-  if (form.USE_WSD.value=="yes") {
+  if (form.USE_WSD.value=="yes" && <?=($var['fsState']=="Started")?> {
     form.WSD2_OPT.disabled=false;
   } else {
     form.WSD2_OPT.disabled=true;

From 3f03dd8d990a54c4a8ea0dbf0e838f7def6e8a7a Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Mon, 25 Nov 2024 12:18:14 +0100
Subject: [PATCH 161/174] Allow custom udev rules

This PR allows users to create custom udev rules in `/boot/config/udev` which will be load on boot
---
 etc/rc.d/rc.udev | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/etc/rc.d/rc.udev b/etc/rc.d/rc.udev
index 6ccb97bfa..3d38ecfc6 100755
--- a/etc/rc.d/rc.udev
+++ b/etc/rc.d/rc.udev
@@ -33,6 +33,15 @@ mount_devshm(){
   fi
 }
 
+install_custom_udev_rules() {
+  UDEVRULES="/boot/config/udev"
+  if [[ -d $UDEVRULES ]]; then
+    log "Installing custom udev rules..."
+    find $UDEVRULES -type f -exec install -p -m 0644 "{}" /etc/udev/rules.d \;
+    udevadm control --reload
+  fi
+}
+
 case "$1" in
 'start')
   # Sanity check #1, udev requires that the kernel support tmpfs:
@@ -109,6 +118,8 @@ case "$1" in
     cp --preserve=all --recursive --update /etc/udev/devices/* /dev 2>/dev/null
     log "Starting udevd..."
     run udevd --daemon
+    # Install custom udev rules
+    install_custom_udev_rules
     # Since udev is just now being started we want to use add events:
     log "Triggering udev events..."
     # Call udevtrigger and udevsettle to do the device configuration:
@@ -169,6 +180,8 @@ case "$1" in
       log "Updating hardware database index..."
       run udevadm hwdb --update
     fi
+    # Install custom udev rules
+    install_custom_udev_rules
     # Since udevd is running, most of the time we only need change events:
     log "Triggering udev events..."
     run udevadm trigger --type=subsystems --action=change

From ea2c8b62931de18e74befe5a7889fc6fbfc05dd9 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Mon, 25 Nov 2024 12:28:26 +0100
Subject: [PATCH 162/174] Update diagnostics

- copy custom udev rules if exist
---
 emhttp/plugins/dynamix/scripts/diagnostics | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/emhttp/plugins/dynamix/scripts/diagnostics b/emhttp/plugins/dynamix/scripts/diagnostics
index 67cbd7bda..8df1c793c 100755
--- a/emhttp/plugins/dynamix/scripts/diagnostics
+++ b/emhttp/plugins/dynamix/scripts/diagnostics
@@ -535,6 +535,16 @@ if ($files) {
   }
 }
 
+// copy cutom udev rules information
+$files = glob("/boot/config/udev/*");
+if ($files) {
+  @mkdir("/$diag/config/udev");
+  foreach ($files as $file) {
+    $dest = "/$diag/config/udev/".basename($file);
+    @copy($file,$dest);
+  }
+}
+
 // copy docker information (if existing)
 $max = 1*1024*1024; //=1MB
 $docker = "/var/log/docker.log";

From db4d45b8c2a38a938a532428d6586db0df7a1df0 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Tue, 26 Nov 2024 08:51:46 +0100
Subject: [PATCH 163/174] Update rc.udev

- revert changes to install custom udev rules in `rc.udev`
---
 etc/rc.d/rc.udev | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/etc/rc.d/rc.udev b/etc/rc.d/rc.udev
index 3d38ecfc6..6ccb97bfa 100755
--- a/etc/rc.d/rc.udev
+++ b/etc/rc.d/rc.udev
@@ -33,15 +33,6 @@ mount_devshm(){
   fi
 }
 
-install_custom_udev_rules() {
-  UDEVRULES="/boot/config/udev"
-  if [[ -d $UDEVRULES ]]; then
-    log "Installing custom udev rules..."
-    find $UDEVRULES -type f -exec install -p -m 0644 "{}" /etc/udev/rules.d \;
-    udevadm control --reload
-  fi
-}
-
 case "$1" in
 'start')
   # Sanity check #1, udev requires that the kernel support tmpfs:
@@ -118,8 +109,6 @@ case "$1" in
     cp --preserve=all --recursive --update /etc/udev/devices/* /dev 2>/dev/null
     log "Starting udevd..."
     run udevd --daemon
-    # Install custom udev rules
-    install_custom_udev_rules
     # Since udev is just now being started we want to use add events:
     log "Triggering udev events..."
     # Call udevtrigger and udevsettle to do the device configuration:
@@ -180,8 +169,6 @@ case "$1" in
       log "Updating hardware database index..."
       run udevadm hwdb --update
     fi
-    # Install custom udev rules
-    install_custom_udev_rules
     # Since udevd is running, most of the time we only need change events:
     log "Triggering udev events..."
     run udevadm trigger --type=subsystems --action=change

From fa7250b68b0b84cd1df4b397ea019ce19d5a5ac3 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Tue, 26 Nov 2024 08:54:27 +0100
Subject: [PATCH 164/174] Update rc.S.cont

Move check for custom udev files to `rc.S.cont`
---
 etc/rc.d/rc.S.cont | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/etc/rc.d/rc.S.cont b/etc/rc.d/rc.S.cont
index 94885b78d..401d8d99c 100755
--- a/etc/rc.d/rc.S.cont
+++ b/etc/rc.d/rc.S.cont
@@ -21,6 +21,13 @@ if [[ -x /etc/rc.d/rc.modules ]]; then
   /etc/rc.d/rc.modules
 fi
 
+# Copy custom udev rules before starting udevd
+UDEVRULES="/boot/config/udev"
+if [[ -d $UDEVRULES ]]; then
+  log "Installing custom udev rules..."
+  find $UDEVRULES -type f -exec install -p -m 0644 "{}" /etc/udev/rules.d \;
+fi
+
 # Initialize udev to manage /dev entries and hotplugging.
 # You may turn off udev by making the /etc/rc.d/rc.udev file non-executable
 # or giving the "nohotplug" option at boot, but realize that if you turn off

From b4888000e85bac62f9f09c48a58038650d49e4b6 Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Tue, 26 Nov 2024 09:42:51 -0800
Subject: [PATCH 165/174] use absolute paths

---
 etc/rc.d/rc.S.cont | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/rc.d/rc.S.cont b/etc/rc.d/rc.S.cont
index 401d8d99c..05a0d9d9b 100755
--- a/etc/rc.d/rc.S.cont
+++ b/etc/rc.d/rc.S.cont
@@ -25,7 +25,7 @@ fi
 UDEVRULES="/boot/config/udev"
 if [[ -d $UDEVRULES ]]; then
   log "Installing custom udev rules..."
-  find $UDEVRULES -type f -exec install -p -m 0644 "{}" /etc/udev/rules.d \;
+  /usr/bin/find $UDEVRULES -type f -exec /usr/bin/install -p -m 0644 "{}" /etc/udev/rules.d \;
 fi
 
 # Initialize udev to manage /dev entries and hotplugging.

From 924013a1d33ccf8a80c005b37ad5c37f596bd712 Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Fri, 29 Nov 2024 09:13:05 -0500
Subject: [PATCH 166/174] External Links: Support Always Allow Checkbox

---
 .../dynamix/include/DefaultPageLayout.php     | 25 ++++++++++++++++---
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
index 755d268a1..bc741dece 100644
--- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php
+++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
@@ -1122,8 +1122,8 @@ var gui_pages_available = [];
 
 function isValidURL(url) {
   try {
-    new URL(url);
-    return true;
+    var ret = new URL(url);
+    return ret;
   } catch (err) {
     return false;
   }
@@ -1139,7 +1139,8 @@ $('body').on("click","a", function(e) {
     } 
 
     if (href !== "#" && href.indexOf("javascript") !== 0) {
-      if ( ! isValidURL(href) ) {
+      var dom = isValidURL(href);
+      if ( dom == false ) {
         if ( href.indexOf("/") == 0 ) {   // all internal links start with "/"
         return;
       }
@@ -1151,10 +1152,22 @@ $('body').on("click","a", function(e) {
       if ( $(this).hasClass("localURL") ) {
         return;
       }
+
+      try {
+        var domainsAllowed = JSON.parse($.cookie("allowedDomains"));
+      } catch(e) {
+        var domainsAllowed = new Object();
+      }
+      $.cookie("allowedDomains",JSON.stringify(domainsAllowed),{expires:3650}); // rewrite cookie to further extend expiration by 400 days
+
+      if ( domainsAllowed[dom.hostname] ) {
+        return;
+      }
+
       e.preventDefault();
       swal({
         title: "<?=_('External Link')?>",
-        text: "<span title='"+href+"'><?=_('Clicking OK will take you to a 3rd party website not associated with Limetech')?><br><br><b>"+href+"</span>",
+        text: "<span title='"+href+"'><?=_('Clicking OK will take you to a 3rd party website not associated with Limetech')?><br><br><b>"+href+"<br><br><input id='Link_Always_Allow' type='checkbox'></input><?=_('Always Allow')?> "+dom.hostname+"</span>",
         html: true,
         type: 'warning',
         showCancelButton: true,
@@ -1163,6 +1176,10 @@ $('body').on("click","a", function(e) {
         confirmButtonText: "<?=_('OK')?>"
       },function(isConfirm) {
         if (isConfirm) {
+          if ( $("#Link_Always_Allow").is(":checked") ) {
+            domainsAllowed[dom.hostname] = true;
+            $.cookie("allowedDomains",JSON.stringify(domainsAllowed),{expires:3650});
+          }
           var popupOpen = window.open(href,target);
           if ( !popupOpen || popupOpen.closed || typeof popupOpen == "undefined" ) {
             var popupWarning = addBannerWarning("<?=_('Popup Blocked.');?>");

From 62428862609df83281a376c5b3b23ad909c659b8 Mon Sep 17 00:00:00 2001
From: Squidly271 <unraidsquid@gmail.com>
Date: Fri, 29 Nov 2024 10:10:54 -0500
Subject: [PATCH 167/174] Allow for CA to remove redundant code

---
 .../dynamix/include/DefaultPageLayout.php        | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
index bc741dece..9e7edbd31 100644
--- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php
+++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
@@ -1129,12 +1129,22 @@ function isValidURL(url) {
   }
 }
 
-$('body').on("click","a", function(e) {
-  var href = $(this).attr("href");
-  var target = $(this).attr("target");
+$('body').on("click","a,.ca_href", function(e) {
+  if ($(this).hasClass("ca_href") ) {
+    var ca_href = true;
+    var href=$(this).attr("data-href");
+    var target=$(this).attr("data-target");
+  } else {
+    var ca_href = false;
+    var href = $(this).attr("href");
+    var target = $(this).attr("target");
+  }
   if ( href ) {
     href = href.trim();
     if ( href.match('https?://[^\.]*.(my)?unraid.net/') || href.indexOf("https://unraid.net/") == 0 || href == "https://unraid.net" || href.indexOf("http://lime-technology.com") == 0) {
+      if ( ca_href ) {
+        window.open(href,target);
+      }
       return;
     } 
 

From ee88e9d2c93204cd55032b97c92d9babcd291b8d Mon Sep 17 00:00:00 2001
From: Tom Mortensen <tomm@lime-technology.com>
Date: Fri, 29 Nov 2024 08:37:33 -0800
Subject: [PATCH 168/174] Change Limetech to Lime Technology

---
 emhttp/plugins/dynamix/include/DefaultPageLayout.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
index 9e7edbd31..f68444d62 100644
--- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php
+++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php
@@ -1177,7 +1177,7 @@ $('body').on("click","a,.ca_href", function(e) {
       e.preventDefault();
       swal({
         title: "<?=_('External Link')?>",
-        text: "<span title='"+href+"'><?=_('Clicking OK will take you to a 3rd party website not associated with Limetech')?><br><br><b>"+href+"<br><br><input id='Link_Always_Allow' type='checkbox'></input><?=_('Always Allow')?> "+dom.hostname+"</span>",
+        text: "<span title='"+href+"'><?=_('Clicking OK will take you to a 3rd party website not associated with Lime Technology')?><br><br><b>"+href+"<br><br><input id='Link_Always_Allow' type='checkbox'></input><?=_('Always Allow')?> "+dom.hostname+"</span>",
         html: true,
         type: 'warning',
         showCancelButton: true,

From a1fe75ff2b56cc8dc021ded33be2d8a15c4144a7 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Tue, 3 Dec 2024 17:59:50 +0100
Subject: [PATCH 169/174] Change state directory logic

- add check if `/config` exists
- display warning if detection was not successful
---
 share/docker/tailscale_container_hook | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index 3abfd2ae1..01ebd07a0 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -131,20 +131,20 @@ unset TS_PARAMS
 
 if [ ! -z "${SERVER_DIR}" ]; then
   TSD_STATE_DIR="${SERVER_DIR}/.tailscale_state"
-  echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
 elif [ ! -z "${DATA_DIR}" ]; then
   TSD_STATE_DIR="${DATA_DIR}/.tailscale_state"
-  echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
 elif [ ! -z "${USER_HOME}" ]; then
   TSD_STATE_DIR="${USER_HOME}/.tailscale_state"
-  echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
+elif [ -d "/config" ]; then
+  TSD_STATE_DIR="/config/.tailscale_state"
 else
   if [ -z "${TAILSCALE_STATE_DIR}" ]; then
     TAILSCALE_STATE_DIR="/config/.tailscale_state"
+    echo "WARNING: Couldn't detect persistent directory for .tailscale_state files! Enable Tailscale Advanced Settings and set the Tailscale State Directory!"
   fi
   TSD_STATE_DIR="${TAILSCALE_STATE_DIR}"
-  echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
 fi
+echo "Settings Tailscale state dir to: ${TSD_STATE_DIR}"
 
 if [ ! -d "${TSD_STATE_DIR}" ]; then
   mkdir -p ${TSD_STATE_DIR}

From 8a221aaac2a565e8480472af76ea2ffeb25a22ad Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Tue, 3 Dec 2024 18:04:19 +0100
Subject: [PATCH 170/174] Update helptext.txt

---
 emhttp/languages/en_US/helptext.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index cd22b20df..1714b79cf 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -2448,7 +2448,7 @@ For more details see the <a href="https://tailscale.com/kb/1080/cli#up" target="
 :end
 
 :docker_tailscale_statedir_help:
-If state directory detection fails on startup, you can specify a persistent directory in the container to override automatic detection.
+If state directory detection fails on startup, you can specify a persistent directory in the container to override automatic detection, i.e. `/config/.tailscale_state`
 :end
 
 :docker_tailscale_troubleshooting_packages_help:

From ac00671646f4a09295fb59230572a2e029c88652 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Wed, 4 Dec 2024 21:35:35 +0100
Subject: [PATCH 171/174] Update helptext.txt

- improve helptext
---
 emhttp/languages/en_US/helptext.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/emhttp/languages/en_US/helptext.txt b/emhttp/languages/en_US/helptext.txt
index 1714b79cf..a5b2a5464 100644
--- a/emhttp/languages/en_US/helptext.txt
+++ b/emhttp/languages/en_US/helptext.txt
@@ -2448,7 +2448,7 @@ For more details see the <a href="https://tailscale.com/kb/1080/cli#up" target="
 :end
 
 :docker_tailscale_statedir_help:
-If state directory detection fails on startup, you can specify a persistent directory in the container to override automatic detection, i.e. `/config/.tailscale_state`
+If state directory detection fails on startup, you can specify a persistent directory in the container to override automatic detection, i.e. `/container-path/.tailscale_state`
 :end
 
 :docker_tailscale_troubleshooting_packages_help:

From c324597be29db19000ba7838e08bf36ea3177a61 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Wed, 4 Dec 2024 21:58:33 +0100
Subject: [PATCH 172/174] Update tailscale_container_hook

- stop script if state dir can't be detected to make sure users see the ERROR message
---
 share/docker/tailscale_container_hook | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index 01ebd07a0..738b7b2b8 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -140,7 +140,8 @@ elif [ -d "/config" ]; then
 else
   if [ -z "${TAILSCALE_STATE_DIR}" ]; then
     TAILSCALE_STATE_DIR="/config/.tailscale_state"
-    echo "WARNING: Couldn't detect persistent directory for .tailscale_state files! Enable Tailscale Advanced Settings and set the Tailscale State Directory!"
+    echo "ERROR: Couldn't detect persistent Docker directory for .tailscale_state! Enable Tailscale Advanced Settings in the Docker template and set the Tailscale State Directory!"
+    sleep infinity
   fi
   TSD_STATE_DIR="${TAILSCALE_STATE_DIR}"
 fi

From d687a6a4046a85734f233245f12b6135e2e01773 Mon Sep 17 00:00:00 2001
From: Christoph <christophhummer@gmail.com>
Date: Fri, 6 Dec 2024 07:32:30 +0100
Subject: [PATCH 173/174] Update tailscale_container_hook

- Add check if script runs as `root`
---
 share/docker/tailscale_container_hook | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/share/docker/tailscale_container_hook b/share/docker/tailscale_container_hook
index 738b7b2b8..d93b662b7 100755
--- a/share/docker/tailscale_container_hook
+++ b/share/docker/tailscale_container_hook
@@ -29,6 +29,11 @@ echo
 echo "Executing Unraid Docker Hook for Tailscale"
 echo
 
+if [ "$(id -u)" != "0" ]; then
+  echo "ERROR: No root privileges!"
+  error_handler
+fi
+
 if [ ! -f /usr/bin/tailscale ] || [ ! -f /usr/bin/tailscaled ]; then
   if [ ! -z "${TAILSCALE_EXIT_NODE_IP}" ]; then
     if [ ! -c /dev/net/tun ]; then

From fb7809325c24d8760b1eb42dacaca296e6cc2972 Mon Sep 17 00:00:00 2001
From: SimonFair <39065407+SimonFair@users.noreply.github.com>
Date: Fri, 6 Dec 2024 14:47:10 +0000
Subject: [PATCH 174/174] Update vm_dashusage

Fix vm_dashusage processing when array not started.
---
 emhttp/plugins/dynamix/nchan/vm_dashusage | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/emhttp/plugins/dynamix/nchan/vm_dashusage b/emhttp/plugins/dynamix/nchan/vm_dashusage
index 94da29a75..290408fef 100755
--- a/emhttp/plugins/dynamix/nchan/vm_dashusage
+++ b/emhttp/plugins/dynamix/nchan/vm_dashusage
@@ -41,10 +41,12 @@ if ($var['fsState'] == "Started" || $var['fsState'] == "Starting") {
     sleep(10);
   } elseif ($domain_cfg['SERVICE'] != "enable") { 
     #Add remove_nchan_pid_entry("webGui/nchan/vm_dashusage");
+    exec("sed -i '/webGui\/nchan\/vm_dashusage/d' /var/run/nchan.pid");
     return;
   }
 } else {
   #Add remove_nchan_pid_entry("webGui/nchan/vm_dashusage");
+  exec("sed -i '/webGui\/nchan\/vm_dashusage/d' /var/run/nchan.pid");
   return;
 }