From 12eec3a5cc080e6c2e63a03376e39c6c1a9e4d30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1=20autouploader?=
 <nabijaczleweli/autouploader@nabijaczleweli.xyz>
Date: Tue, 5 Mar 2024 18:29:52 +0000
Subject: [PATCH] Manpage update by job 1162369

---
 tzpfms.pdf                  | Bin 65598 -> 81694 bytes
 tzpfms.ps                   | 951 +++++++++++++++++++++++++-----------
 zfs-fido2-add-backup.8      | 125 +++++
 zfs-fido2-add-backup.8.html | 153 ++++++
 zfs-fido2-change-key.8      | 188 +++++++
 zfs-fido2-change-key.8.html | 207 ++++++++
 zfs-fido2-clear-key.8       | 121 +++++
 zfs-fido2-clear-key.8.html  | 151 ++++++
 zfs-fido2-load-key.8        |  98 ++++
 zfs-fido2-load-key.8.html   | 117 +++++
 10 files changed, 1822 insertions(+), 289 deletions(-)
 create mode 100644 zfs-fido2-add-backup.8
 create mode 100644 zfs-fido2-add-backup.8.html
 create mode 100644 zfs-fido2-change-key.8
 create mode 100644 zfs-fido2-change-key.8.html
 create mode 100644 zfs-fido2-clear-key.8
 create mode 100644 zfs-fido2-clear-key.8.html
 create mode 100644 zfs-fido2-load-key.8
 create mode 100644 zfs-fido2-load-key.8.html

diff --git a/tzpfms.pdf b/tzpfms.pdf
index 50fbe7db6858302895e598bf96ed6d9566a98d33..8ebe3fc70641f74acfda44d94b126628d9e398c6 100644
GIT binary patch
delta 60252
zcmZU)W0NjWmu;CiY1_8#leTT!)=55T+qP}nwr$(aeyjS{?T)BVd&l|#dyP3_?jFBC
zIX{2uV1NP1nww6WV#w897c?b0<;-nlQH+6|ucoGvEy)@UY9?LH@hv)poTy0tK!K5@
zAFjJfKgr*t*E#)rV$^OE<xVmNW}Y4LxqRDi*&0bmFu$yT(M*!aExd2vp`+TOcbc8J
z)yKj_YXU%8ZOqbS)LYhDzHDIJ6o>dot-bll<|CjncIz)M4~xG1NiSYHy6f0qK4_bZ
z4RrcUhS;b@j<=}+h^Z1eMDPp$L8?X@X24%&-=E`)6-YY@lNK79`u^8+G=-Tfv)D+=
z$QzM+<Xne~13fnZTlA1=m}61*FlmoG`BvczO&xq>Q`e*fex^(=zGI@_koD^NX{8wZ
zEFC~-bfZjYfBY0#$@TaugM6nC?!>iQZX^{SXS-RI<^<OByhftq`#`FyWle(V%(O*2
zD~6)CzP%Ux8Cck%ywxgy!3}3@$hM<p#w$7tOqcn2C!d%PPI@VU##tK<$z)|SWta<&
zW(1Ubx#@e$ecVuh3Rig}YwYcOvk8`}A{C%w9B{(_oDJe%Kopqi!5T*~^W*b=Z{@~^
z(+=eQQoT92`Qq<&8F-Ad-EIeD?=qSrYi?gNTYGX!z_6V8^V45iDTO*MSpzRCz&kr1
zb|VwHs^~^B<yDVkH`-Rb119eg6O;?`ri3a9id$lErI5PGEr9?+@Uir4<BbWDFbL?I
z$E*#JI1qFXnJ8=~d=1<NR?0VJ`OewyqHr@=z8T&>HUQLi5yrz)XrjG?|Ev=Op`bPl
zn^o@v1s^Ih%JMu>8qc@~Jpm<<y+p}2k-!KJ&6(4~xo+i(c*Xm-+C{b13?c7Rk?++o
z9`)R-gv0u3QIP%Mn<AIUiV+HRrvT*LG*2&Aif{^dXbF)X(EMRYRTIqnD7lFS1U&PL
zoYYY`At9><@xLb3b9^#UO<iHlARjbDHf<BOqX*DAmz)AdTG3s7#6#&6xvoCpjOY6-
z4K>|r{GQ--d6sbQ%mPa*!i=7zR1#<z*cCHw#v17R0+9Bw9Q5`)z5L`KEdU-sHz_0j
zBJEw;;Qzv5>QOb5MasK!Y(WQsk2(Gs2ux4VhmDeJK{HOusD;8o6N0vn{(6G%u%^3P
z1Hm)OZ87B-)mNJU>Dfe@prCbPV2VZI824ccIy*Kg49h6#{@DXg9S`;(mvW_oR}E~g
ziXK0r-q1NcM>ekX(@Q8rgae?1hWf)<b_XepEe+sFBca`YxIMTx%%CySWp2cPe;hJG
zU>3@W?;(8TH>N`R{V|PG6wvvAgc1@T^r0KM4?UQAp1+hu%`En_P!p!`LQLvg9v0fg
z9ZWY-7%L<zmkw?TOX`d+#|2ls+lK#BQ>kVvqDsodl|3VK<9X7_fdN2ltk*<eqVqXF
zFRh%lpQ+uEua(tcZK@)h)*fV-d~ySUY}+N#n>6K~6Ep@pO6wvu$-87%ZF&^hk!C^!
zs|M}VHgT-Cu6veo3dL1$z1uTw<qE?w2Rs%bI)YJsrm0vXQ`vVAH4m<2%MQ~6RRC2!
z%A<f6!_*m2swtT~?E}Wrq~WU~t3;G37(V6PzFR8zu6yQawMctK?^9L&MzDIQ`mEQm
zli4D}gUx9~zv*@U5M9)>TrM{dhohGRrK!A^m1S<#Q^9N&D2iFKp-XwDsuwnA)N=1I
z&CZHNe(!x^*k6if426z~_Ik6RGcL7Mr@)=Fh*OF&BIry%<^byDN}{)&N_P%s?KYJ5
z8r8RVO}r27SZ=j_LF=Mte@CG66GWTPz~0bt83mMaYJL@@v>Bi0BB%>X??Udb6qAL0
zHtm@sl#_Irl?mbUNLLz=19rw~2s><5L^Q}2i>m6@E};>Ug;)H8CyM<PBiY>hw~u4Q
zvgwo&flX>SmjPfOez?~&aL3yEFk9S#u$1)|bfQ=o;~+CK4M@l7bCQO$%?t%S!rlSV
z*>6QAY7A2MUU2m(%qR~siBt|skJRYwWlpB>C1c27v{@4WhR#S)0#byxLHKxoRVETB
znMJQ?Rd8O)$1I3t&@Fo?&(G{agN7%CI|d3;nB~<UodDU!qIA-Vd9Z^A8G)y!W!Uu;
z!<afCgBwe31Q9u>?%EG6Et#2T912|?z#!RQz%VU&sPUc7SO|%q{yN-6>)@DEaA=Io
z<p_rBOt=*Zk*v_@w-9y;Aug)8B1W5(mBcm2X9`nhP+KslRu(uk%ev>>NI_a)TX{eB
zPf;VZ&VawB*n2kGVaNv(qtjUKxT0;`p(UxgGqv;RbJm8N#vJ2N@Sp!Yn7Xr2(r@W;
z7Y;T#yZQKiz6CK3;Roq26k9>>zg8<-F&bypOB>ghKQ9;8pB_KYLo3gp5y!e{tn)&b
z*K6;s8a(z5?Dkr)SDjR%qb^W~p3(E_bus3;C;{8eV98{TZ38{veoA@Vzz#?0$ogns
zm}t@otII7lM>LWlzv^mt7h-~|AvQ1COb$I8(#w4zJGtM(*31-nDRvflYoXN<11m6e
z<AhZGU%DhRLbd4)er^WbFQel_^+IzsEsDHuko$zn-gfSpG#uoF#=yy<+3}&I*xR6_
z!GPI~mIIS`6N*FTRmLb;#l*vq<BTr`{O6@P!VWq>r4R!BL0P6)_@8~t%q9o}9O8n1
z+b{?9=t<CB=+C(2lc#`AV5&v}J~Y-NJJ=hoB5et4mA~OuP$ULm4py6pSL`0T3AN=5
zZ%R!d><Ja565e@U`J71+!kiZr(gZP^uYl>R=ZuEYI0uqBH!`XQ$raP%La5%oVYLn<
zFtt0CRrsh{ZM@8ihK9h1g>hj5&*k|zaM<t&C_X4#yRBuMIvt~5)x=vonf4*c$OVFR
z$XGaGZ1rG9^)+&}G%hSeTE$nJKNgG7Wa*wz|1cSgM`X5jIi-l<_?KmP@n1&}&H%N(
zqX_Vzzm++Hrq`U4oDT4}NprDZSdXRQxZ3&Qo-y&FI2PMW_QYssByb7u%V3%m1%2dI
zql35#ThQs-2Yo7ih?whq{a0959+<N$2A_5P93zocI5oUI0v2PMU|*#UN#XrN0m4w$
zr(Us}J<{KHtQ*3mS%<vjdpn}orhr#t9;_kiv$ad{Q%#=2&T!^L9K{4l>BI}uT~121
zE{>dQZ22?LuDa}oi5`v_qVpusW6?@i6}W~Azil%hCrtZYoI1wcR77rqqHksl(-oN*
zUT+d`MJQ`JTb*SBqW2h#rdMwv;D0oUT|wJQ3sH!Kf8{0M)4&U@u)&vZKLA!E-|+~~
zE-+E5;n9c43Y3yAsmEktw8Wr#D{CB+hRGIUY~41D@k9gk5VX3CE}e9XFcTfi4MDIl
zDWj~(i5yZY?@kJ<LHmAE$dH3Unh~Xb?bvT{Bc}9$O^~h?*AK$sM2iSvZBs04H%c6R
zE`sZwV=xk!+}P_*A&0Z{Re<a(g++1JogpUtypu~^U5TCeY2iwAyC_TcdPO=%@Z%x{
zx6SWJA-<02tz^<WLLcC1n@v}o_zT5J#}orEXtGXO6xPef^`~csTQR&)9tUbaWK2kE
z5pwt76Qg^yAcnH^;UH~jm1n%Op-vtbMAUMBdL&U`CIwep`F^l(c)*!Vw0ZtY>tp^+
zhZ0PRfKR=fwz&gkuaiqLR#8l?%`ZmGW1e&rb-C?4<9c5dPT{C4h-qh4t2ShH25poT
zLaRg9%alQR@-Qz2NVJPF|Gmq<wa60Bi6to$GV}s+tg|5(9|050GU+_nQJym_y135a
z5X+!eYaEy@2(M_m6F{;R(~*b=V}$dbUw+sw$NdP9qTb3L{yFP;Z8s+~qidf9w+#!C
zi9GwlD9NNERCC>gF%__iCODt2`f`i6t5X9m*6n_3o;{|05f`JSr28{*xHI-?X5vX!
zV)s+Cjwhp+x%wi<X(_?j*Z2AHY~x6X0p|4$4Q!RN`h?`|CLl@veeV*8@!^nr)sLjI
zBQA-h!ziqf;?nCT3|_b#Y8aw`VAWEk3mc#q@cFJw_j?<*^Gt;pQTe?7kM8rN<J=4h
z?bSqWd6Jaj_u&KQu(WKb;8kmD7c>|Lv6(l{Cln0<<K3yeH=vou^taOT#MARxku4nl
zdgNHP?({VE77+H;X62O>nzQqk>R!lI4OI#1y`$7RVwud~tc8x!YFT&Q!Tp|}DLTQ<
z?|=synm|#>Fm9!JV%%amn#~UznnqzI^@M<Xm*fC>#p@9cmwbCqMBHAy@3@6y3bNZ&
z=pGk2$l%FYien&q<F)6t)6h!7s&wtnEgYXeSf}jt3g9iQ&S{gayf3Y>1UHJfW9<J6
z?&Cb>SzLaPUr$c%Tt5mI)oP@;#3{bF&$KUacSqUxvci$JWyQ_^LGks@-}zzWWol>Q
z?BZl<Xbb(Ho4t`0G&><9;eVYh%&e^cGh^cVKf}L&8DvcD%v~%9nHdQg6NU9j09vw%
zn<Gfwx3y{7W2nG};Ja?#8rqfrP%MkDnBCSBCczR0$!L-DfE}nVGL)4*Xg*>+cmuJ#
z9mqB%&k14vn3Z(u_xf%h>ZhMNoy_OH+#cTy7{6ll>Nz|oH3R6}uP)z*6F1ZFr&cjO
zOlOSx50=~$lcwD<fZe~x%pVVj0Y{_e?lX;-r3}H3)2*o-fNrNB-{-+h$p^EE8#z}J
z_r-Sxi~$(k{Z9?^o{qGxv4|@@HGooY8&M_$!`INWM@9?762loqtnc0%<9*u?usvD4
zLZ{g<(Po4EjqEN@4vj@PMXRNC1c^|UpEIX#5qn4b6+5)U04tMtR{=o|V9RO8m%0r{
zJjVbY<0AO=azpd9Qi*d?R&7iAwEFM!)p@)897*>DAZ6PvK6B&xuW5o-sEko%)wtDq
zU28R#PIdZS4$WV6FZ~>i#Z3&gp!jEFO}Ec=<+5o#dFb&5;l_B;M21GOnze%==8~*&
zH79DJ)yD;shd74gr_%Rb0JxrvH;3GQ#F*?7pF96nm$$3C561&mmiJAKO|ujF`opzh
z?XK^Xe62VPm|ccgPW{DU!S^~xZbsR;YyG?$JVtE6OLVSSZirvtY5J{p@1?tE-o38A
z2(MSJ-nNgk*SD4L_d`jv0yC_qc{`AiF<QCDcmzFe`Q>o^4!WT&K%c5ow`JOT95MA?
z5Hz(E7;u$mwkXilJ0o@zSqE&m`njDi;2k}A<`U1n&9rN$*`5kEnVB(eq?!F9tA}1i
zJsEQR!Nkm`-ChXFNerpG`}hlq`_&gckjKknTMfWK*BP_3!xeJK384OqFOmqM*&KE~
zus^cJaf3cqDxlc}s3Ogqoq!Ij&6F~QDfMyf0mk+BACcTx3-5bgAiS<duUHO&FYh%8
z-4J17jk)7;7e<1|Wg?BcS(2PHhmb9|&T3vaiGHXH<e;V0m(Mv?-JXgYnrxsvQpzT+
zU8mOuRv<I1NZpYrCxun<oLzHFWZ<ZttqKHFK*Z|1hJS_x*b<8H*L!OcynHrTdG@i9
zLogkfU|BX!rpVFlznS&fcB{zJ!i~AFoKlrBu)(LZHk27=y9E$<g?TaX)UF!)Dkyl6
zj$3~2-}G5xhKyVoi`l<FNs!SQtsX0O-zHikVv5L69|x?#8MZJ=9yP~#jZF%7^QJ!m
z-{L=-u}q`_Si$!l8h1W?di0i$Dc8^QdOXNz)Uq$(9N&|MN377^_mO*cwGWz!<;9Ki
z50etb7abCogZ7uBu4#1tEQ}pzwT2hj&NKNjhIRGzVP_%1=$av(qb;Y|XtRhC!a#l5
zl4<tTOyJ@1)Y6i6D+o52+1Irv)~*ZZH1{=yA@jKd7CCtf8;{k@mOZc?@ioXJzv)wV
zWXxf4OvI=y@IZ2;gc@IjS3n7Gff;wrBCBogQ$3*xtFPb0D}=w1OH{?@-lH(VzuNxX
zXoS<jkXKezv9@(BsbfBXG1{@GRdYMcNA#3`JmpT*3oun4)rNKv%Nqq|r-*pWk6jo}
zl$(tJ=7YQu@EL3P)jR^Pn7kD@1mx7JlOpl(^R)7*v80>&@)8e36^`YwsvfVnh7z-W
zB#-}aaP7AX7TE$y!^+~cGK!v1htdl+Hu~_qj3BdUzJ^ZZBQYOToj0W2Tqy>^+OG7_
z8<ecT*yDj|nnC4_aJ$^Y>ZY5E|HM)D?^Rp_s2Fb6`6@F|I(@l~sA5oGMBdh;V8&vK
zCOOf*`-Jab1L;42+vHROZ78q~Kv}fRaa6^7{U(;{XWkP~vaz&%3G_=W6TZMrd)Twe
z83T<d)b+6;pp`ksb!%(vU9?cKQF3rBZz3J4#`+#v8#ntv!*N{5s*_V8SMblPF=OTc
z;VJ?>ocX7+CpZ;S@AUdT)xZh2rH&Pm@j5y}@e4?3-skf^@JFW51DuaLs-X{vklSEW
z`TFJ)F)`+l6q>q|6LB;zcfpOE`3vfhIGm+3Ewb9rYvh$2dzoGHw>6MUeB)@B$`6r^
zwGTv!gjf6abAPgxQRE5>`4@wL4UxhCMS-voPp<O9w7zEsdNhkMsx7-HZlTvep%s$C
zk?(GBPoVbXfj3l9vZ;pbp1kuVgNnt-wCm_-;ctKli6UYta))ih*kmg%wcj}%J0s~n
zX|jOZ8LLEdF2T0=+GRS$nn}u!h&K?620wT4MFvfsr(ia#zgC)YTI)|fr6ZgG%%;nT
zC2YE=mSZ0~1L4SY4zC2LH(>78O(hD!v;f*LQtGj-ig6^rDiCR6%gKQxqDtz38pHQ4
z{9mIbg*!;yjOJr~bCo6Emz$>@x(3l7=@#$aWbyXtUW=XE)y|D#1xZ<fZf^78HTA)7
zA(1>9T{TF~01J*cz>K4w^`QaaUx;4eGXEd4y|#Y%kevqojFsw1htY-B_cej9E90jM
z$KA0V;?F^&Oa_8^n1L%!JK=fomkd!|*zK^6LO!C=r?I@>=ONc^s#s#wn|}`|-@;63
zKSh@?|4@}<H<jyiVO&A%UX2p<>r0g>)Kh#Es{EJOk3-g8%Vs77m%vE@Pnrwt+4f%8
zOMc{ed}PSRb5Bc!t3M~0`;_V=fMAss6i^b|IZ9DZETg|0NyjNk`Zp7e@C&i=dGX8S
zgUH*4D}iCiX5I4B79aKOYLt?kICP;(S)@$-+IHGzmE!1)bN^hJP^I9XaewmD!`xRu
zgw(M(*NXFx3Y{|n!tgi%w5ym|D!*azxPL85q-A366*Tk4Ak@7Uf~}^&`ylPbM_SHn
z_Q@~2s9qY86u(_QH%seU1vg8`SRHFAky_RX2xrEEZ3)n*-#Dt9iczL+P07j*a6ZaQ
z&#!aRWKx!7^DRqbP~8*H${YHvUzIs}3h=7-gtirEpRF0j7H*h;WF7vZ2m1t}Pm-lj
z4LwrO5a-ix=;W}qHc5wTa%2&i%R>QPn{o7j(I*vFV%*D$0u!=lw52pvWw{BeJrwgw
z8-brP7yWV5o>6I)$uO866H4<;n_65!Fk5B(7Mdr}jA-&%Co*7(8DVg*2{m9um+$YY
z^C>}L`@x)!e2f;rOWX!tI4Pps>OVk3<_0lh*z~`%Q1UjMF_2Z8v|-$6MH4fN#8_kM
zzIR8~MVq}$+jbS92byYW@lHobAUo67bt?%yf@@=SiMqXv5!Y#TRX1F;Y*L5z{8M=e
zP{u-YqJB94Ra6SC6-srXV#@+zd9)1F;DS|=XjUQ-)zJ+Ac%BY`3*_wCK$8>2pmEU8
zl^spt%kW^)WIBbGC{HJN7w_*vnF_B_yAFOu#0VG+E2d1%Ga{D+g*7%@b0Oun+8pG1
zY#~zHJSCDfS`qK~lU!&yIyV2Qt54jLW=gbo)upX=ddubTqG9f2$Tlq=nFBBHcDjzQ
z0LZ^<2fllNFi$7cv>yTvFJ-O&m~5j2zqoB_7C@t=J3^9?*GD@`!<7=c=n&IY(S8Bi
z4{CcQOC9^A9uuM2q6~|lc`4$_A6%J^36eV<x7oRJr^$GG(s5{IW{N{|v8AKuW3IuT
zcEN2-`NmB|;MuS}$tl>vUygDQF>-HpSmhr#eW)0qakU=LNjttlWG=atGQ&cQI?Smf
zQ9!Y%&irii(zCbxt|0;&Z~r~m>Kdu3CrTvzjCn6{xz3q{FD&4!aU8polc!Zx8Np7-
zb4?CRRQ`7Q!BV1?aSWHUX%d%mxX3y@fZcIVyG2bmmEub>MfkUGtMG$frr%zTPp~BV
z^y3a-g+02RQ4c&DMpYi?;yfwusQm=l`rO6mwt1>+rsChyph|b8g0CVhDjHUkdC_XM
zbT-V#mc@ummRUx8DSYBPl809pYR%0^1MQLY<T7y!#eVzm6@?;}`(}lqG7<z%9y_EV
zrKkc)m<se(8fINsc3Hi(zUXHDN(;i>&Q%;xoxh8r7kJWfDWno;xcWh0H%M6Qv%BQq
zX`>*hv?>P^2E2?ZTj95MiJ%YHwUOHOLUsY%x4~K;s2!pT6+FZNQmVbOrQ_)aVnMNU
zJVu)I5SOVrx<>D^pN}~`1j}hY`V*x$WEOg}WrZlzild^`gdf=kb3NS2@eCW9ge3s*
zn~EEw_ZdA7V{|!eDwQa7d#eo5fw@MrjqcWfB1!5wV&R~fGiZ@vDEpVpdKg^6JBO+)
zAMH^gR#AUe>95HZr>}!IYSW~rtuGR1ir;D)+G_50(G^eMsa70PBJF0XHD=F}pKTb}
z5YGp9hk#)<>Pi?uDaILna~Z-mXq^Qpu!JzeM>1f{;>jI^G~#IBknH}v?Jw@Q3vDFK
zZc`C^MtePUU4ydBShb#7s~f(IdplEgbYD01{h7pi^roijv_5G96#Ke9Za-H?fVwMN
zyYkrOO$KLTsB<{KWK)YO@Tzsn(%aWE^!oa`a&Tt^?vTL^+J&(H-Y+*|xbp*gJGwf(
zp0BTux0h#k^>_iUt~?;dw?>07Ler=ExpPKk4Z$a%rk4VTOEF7NOE!!@(<=Na)o0j6
zc-z{tYWNwvLBQP!7*G0IIm;Qh-$6A*a4A>YdhUfAKR=^WLh1*e<=qGH%A1`D*!hL1
z76Ohx$~0+8bou>0ZaEcJK0tsgrE2?_Zmru+K^v8aqHYi1yCu_=ySK7?CJb^Hd329^
z6Pec>)zCdsZj)|9g49AoSkK});ykKNE|w)vZaYFGbRRC#gK=SaM`{*E1B@=LfH}Pb
zn*8OR7e8Q-WXDJT%ldOpZ*GecAe$p}S4FnF_L_8wAy__D<ZYDxqb2|i0^4U@^2BCE
z!^z1nt;K^Bdl7=C)+|eAWy2;<P18x2_C$A%yJ=N9VM!SX#x~gKd_T(j*>lKUoYufU
zErby{`b)NZM|t7qnjt~vr#;s8$Kj)&I^{-igI}1%BL#@zEKC}5DtjIp-ZrBh)bSYb
z30ZQ6252HkGnqc7e_66l9Ua*Y%@fOC2Lx}A`cZ;2$p0(S{#RE0e={uy<NwXH%xwQV
z)3PVtlaK>+?Kjy`hxNW`!i)q=`wB!aI_0ggTctOfG!Kl{5)AXmHk3#rYa~Wx^<Os#
zx}}v8Oet(RiUbtmyI!}PZ`w`xh!9YY&U0VfTkt(B*gjZ^PiU+Frq(XZ1hNdq--bQ7
z>(hURQHRT86H%vE3;hiEALhL|oPNALj(h&{_{amcF?#s`uU02L>EDirq#VXBt_*1U
zv8M#$OE65&K4C1g;xk;8>k%CC)6nqqe{tTSUL-SGaE{vb9-ct_1H;9yK(3^Str{9U
zC#j#Nw?4j}5`t{u=p~J^fPhwGWkPbpx92giHeqw1eCHk9sWRA<BTmcEH?eIaLL_6{
zim3sJmDEMhF%uhh)S}VoUC7);m-}NXBIU825&pC&?i_-XKBmBOp^~D3Eph&mLvtla
zm(kqx0U;TpN61#zd9kZ|Q$VElutQl?e$@)oE4Waf(dypQ*1<yyU+%t+F%bzIRpSx<
z#7nVEqzy>77+!0h+rG!9-B$S^vVFs#eTsk}!CL&fU(P-2Q_1O3)}b7X&zT!2YPJR?
z;x`CIe*}#m>z|Im6s0RN%Y}k9+mNJ@PkJLItz~iv3n4eMxy~{TpU*rVfy$sONATUD
zaW!L@MDD68xCJF%yZ{&_8HnsEPX{V;#SFJ7koyGlf*EZP+58FvXxpCHO<AF<%L{-m
z^8Qd00=c7+*4Y%b)}0mT$7#T12b*S*yGbFYP0Am-Kf@4f2ZZ<By8Nk1`8eXC35b<K
zX2v3Ub$PA@Ggz5fxzc3ObhPG{lUOeDYv#nPd`3;ut}HozT^{3V&2be|af-Tj`MH=5
zg+xmm#>;)k^v{rTUIZGieOwOmHP--RTJ%3_kzFaaB+>ZTs>k#iZjtlp+eN36+%Egg
z$^odx2ZphKkSuhX=`;}7;Gr}~uCLq}@L59Z4F=OupNEzVVdheRt89p{8R7Uyr;Gns
zM7}H_<BG=n+m+xh?CHV}37mTC+TyTyxxf-O6(4S-FB|g@&shz%)8IsI5}*U1bDF%v
zHedsI27^N_5ubJ}rCQ3`{<=x+84CpzwMK+Izn)(m4OR;K7vA})SjeOap$u80ps5}o
zSkqHZyc@~zUVdIfs~R;g{Gl?$OoaCIW8*rI1;v&CbE&DPvgp%f-kaoNtCoU<m!$aV
z+3I9otf~CBGT#D`bpRxT_9P1kHpbSx>c!|1!zx<Y(4^{RH;BU(Q_HiAvE9>EGy_Z6
zoCYsS_SBDTGLQ9yf<KHoFq&q@FcTP5^>Rd9)B!~{Oq#2id^`2mF7Ll^l`xJ}x!1br
zEPDpQ?=+M#B;G)#?swAl7d%#KL+obdW{t0bD?zYV!4X3@YMigJ+Jgs7HPe3q(Lm+x
zZ^rL!-H#&a@l5mHfgD*(2o0`)qCpYzrdeiNsN*uKD&bCujuSm_5#DA>nP_jXz8Hms
zYf(1G&z3BHL3$tc7al_FWlQzZCcpW1QnL87)aSH#lpsvO#Ab<id$}@sIlg?+WenmR
zPpd`}aV>4!7W+B3kop7GeCvkN;OUP0RCdq`tT~#t*v<BElhX!@7khJhv<t~?Kp3#w
zd<DL3wChjS6@C6(M83AZ^NW*oPl71vpq7rBk0Z=ZufVKq70@(KOB4ORzFVKNC4Ox1
z?6<Zu_Ted93nqR;pt_$D&w4l~@kc-ipE$YQ|0vntfzD0vpn3uR6NS*YnJSS=ESJE3
z?k+AEi(yJpx_1z6YUGp0z*43$bG-1Olp!#zK2T(49!Ms8RNSse4fn48smi75Png2L
zaAvTfUv0*-a9X@nGGrcW{V4V0F%Urw;q&8>@x?ql`>w?=U2YgR+zz6SM6YIo>qQ;s
z7w_3R&DoGM`m6yQ-wBIiEjcRjc%VVs!~<Eq$7Di1aa$5!JD1j!uFK{T033d%6~BJx
z3?(VNN6~_M2f&tht58Y70Z<?+z}|A<2%?-zLFv=tz5TPjPsFZ{|9c_)kK|-x<z)UJ
z$;teGBqtp7|7ST_82_^o$N(C)_FL@8V!a>gh@$=$Fp=oxuRvfkmh9D=Yxf?lyiGIt
zdr~^JR@F`MO*=O5ujf5@59%KT_93XxW~J@KU<vf1PABOeW;y#j2MS`iUyDE4HuAVm
z?hiLX<@%DJ>J4NJDHP@$L_c*pxo5FhP+U;PsbWl;cJkh#PP1f_gMjeo%gW&Ii-Thv
zJHV%>udneh=kIYfT6cE*aJ}7;Tg%sX5D(vR4a_L*BFd!_>Vcfv>=N|zI5U?c$wdRF
z9e){v<9I(9I1WkZIT%Ax{^)XX!CGXN_l4D#U10FPfpys}ZX;*@0;Dv<PXCV6i>}^L
zP|(9M4bIWvMx2q2YCzUJqXTC>mO6pA#_9{Vw6q;XJ8H5ILu}h%u`lX{G|!VpneP(B
zZ!2>NRja0eF?idBsK?o~;gYdjXJ1)hX~1goTK+64T6CGI@Xh988aJIw`6+k(`cX^f
zQM?JsA<$wU2Rd5kkJ7VfWHZ@ChZ?veMjjK<nJraiQW!BAGyrJ9d#$>aO|hR)dmU0c
zeMDHS5TCtCn`CqNkB}iKY`m8Km(%l!r(=CuUTsf02*bjXUigu3uXV2*+yQRl#5w(+
zJaTvDF;IZR_2m1(W@hB&@o*;1x9QuN5rj`q^UP{=)!1OvdrDQqGZW2?*{{wIV;A2Z
z>zNP-E6^e93;=HS5|%d%7>Dq~cMeZ+l1~W!s1_<%m2}y0bu0<D!HmU!3Zmi<UcQS9
zd5`GHgEov~)-Y>~2cl+!gmx~hL5=)iPB!&OVq=!ub$g8GpK~0XGw)>jsD$jQ71QGD
zJL58fE?1<7`eN6{c#)n>bCQ%cB3IqOk-)RLFsjIdF@QCOlO}7Cj=VBOh{Zo}rZM~k
z8xcneIAbCu)|V)2K+?6_?%fX9;*{N5LTb20L&KYydh(_&OM8@Hx<mGza_G7prXv1_
zF7u#2WSB+II`F1jrqr26Yy#Im>f}yX=DIBEA&sLL#nYstVhOY(AkoNV;lZ{*FLhIG
zMLe|BV?bMuLm8273-1{4oj1_mtL49>l4QzZLgWw1uDG1yMH1{qI~3tnm&ys%P&?@r
zjhv{s=+ER#ri;QU5(!D7Bn=>EqRg`R76@tZ!rWTVzO6KsB_k{p8lO=OIl&fd$J=fo
z_)m2)z}8e5K4i)3IEpBOH4HV7dp=Sb)QJwFPyn^lhWH8p9p#1)8AdtBTy8mBDgrsQ
za2s${a)ZONwj>oN?U+9B7!Q&n|4ZPP4XQ2I#Z*wj5PPRrq(8VZA<@?lpN9}yVX7~k
z5`0GwgpXJ4HP9}w(2ueM-_}k!;<8>t4#vrEi7L2P!axQ81Pbci11qQBe{Z~yIrm*N
zNdTl>c0pvQiQtC;ck-OZorn-m#%peTvUuDPfp|fIGj~#8<E8Ngt<SCYlWJ@wFeWUB
ze}7<gb<miP2OZPEY|8^<=8TK2b=^OUcB(_Ih@d-ki6>>r?HfD9;4OQG<FXwQ-QE81
z?)sIb-4+mPDsn9I^%IxAbuLR?#uvlNT>@;*Vc~M>ob#;iBH?>_EM37Cod2G&>S1th
zpJyUB*y48O$tvkW>}bIrnW+r|p7lz&^ZF$;#;AA{Jf8#X^G?OC4db%5o;d03kZ^$e
zgwiMS!AcwCDr`dQ=F2xA>xW^Z()GW+9Sf<MLEkal1Lz=KM0Rv^XKGW9%!8?hssN{N
z@6*HYk*klxs2pV`^|$VLt6D#v-xp5zo6qk?j^E$Y??ykHuaB#%kD2w-flg9*^1I&$
zkTqpf2L^T~b|VNb*T|o^Rz|zEc`9maB6WCDx(`f`)Kp4iWFVSB&GmMB;=mF0TO6G}
zg?!`CUl=BtsJ3WM-+m!m5(SaZO8{Ap0Jo_%eV0TJq@!+og%{&%$RZdii>4w<7^suV
zFt0Hr8MQW=2Ol%+AxrkhEX=iYt!cqzH{DzT=g_TdgjGf}4>`32mCt~`CPo{XMlw#q
ztBtB^S+c5;#u5{tbWs;@?<DDA^i@Ck<9lL@i_x4C4EDs@M1NV*90YcQ`v9*h7d2ZD
z_bT)FLSo70+{*gGOQ5`mbiF;zDe^&z5C|%%&<|oK3d!-I3hByMX$tax{9v50K8Rnd
z4qLWXkBn<77kg5u#hK6c)?{eb{b0+Rp>(he=+%Wx4Qj5oJaWf$7aQu!{h~B(p|>N_
zF*G1>eB-4&!h~8)941%0!2q12a0~GR?-JuqYx;*Zdd&&}L<Jf9QddrwcD-PeXb?G>
zf_c*FH4nv;E46E+4ABZ*HAU5~gv@1>M3zmtQfnx{?Lj~0!9S2Rk5VTkxUD?`#2vcW
z7yVxjQsBHGci1a3K(KcdQWsG}HugQS!d~`#zd`TLjK~8uqzXK#=m4Wi&xnM__AM*R
znjd!$A4&G~Dv@Lxa1w-28?zD?T=nktZ(0hbhC!jnu|2}Re{SHN@;KhsKI<o;C><;N
z(sWX)uNIGxDNHHVmQ11Pt(T~w+lUMO8mwb8$iQ4CK)2Kw!{1AC;Pnw7)Gx`el03uP
zGMVG~l^7EXRUYjBd4EA2nf`H}HxscMrv1VejOjuZaN7c_#IWPcM`=6<ZMz)}A|i_W
ze1f#2TwwS`B3&;kt%!b>pafmy1CQWg5_S-|l!XZ~gmLrln!5_`P$#T9XvI9)4L;&W
z24>igl33#Q_svb)MujS)S%09zu+{I*$kpqcAJkA@l1qEG=K-vcc6155AAoUest_G#
zfk#>4RonfzBlH-Dd32K%4Ex#BPcK{pkhe$jAVjzS?xZBZ4lsgBmS3Q%)Uba?7<xO#
z?APaS)O$x@M))d(T{du%c@_yHEZzNi((4afiYVCE#_W-XBUNJHf5L&swwLzarHYJo
z|CCzBE8gN+b^usUN2XWiz+pBeOKo1m<AL#6{hbg(^M?oq>%nuYM^PnLYp)`(6vTwj
zcXekKZ1nZw0^BdUqfnj23IrFaC}+|xm6Oh@5eTmOS7=Tfq$x-?_Xd`~-M|9}kh3jN
zG*l3Rcht^H&aBTXDD^BUV?TY_5ua_V7IcIxq++gl1_F$;EDCx=1COAZuYcFZK*Xi}
z>lgFCG=SNrOrY>o@VwVdtjh3ZdJ}gBvmv!&CF7>mNZIdtF9-_0?$6K!u=WLC5#N8#
z*TH1rn#!YTt!zZ-u+FAl1W!H~KdCA1=7D|Y;8MjEw(!_XkUSxpAx1fU<hrTcd5%=U
z@D#>F#{u5Q{b0FX(QU)^6+57Rp;?1h3popj2~=58*fCM^wpWftDCB9y$(D*$(<!0y
zHkp?eWf!k5PR-5Fhu-?~Z_IO*oN%qJJ-2Ebii#xLd981`yhQXzOXVBf9eICW4!+nl
zeF47DhXu_<*y5dll^~xDvN<c^^}*1hhCE^dc0jQtXTy$q#gU9ol;h3kmow5^m|y-;
z&<W_g{7ZXTj(jNj9mAE^JAnLndkZALZKo^i#x!@EW4A`cRUUnsZ+hZ`;kLKg7m<y<
z8{^>zU#bmE(JRU1_dorDRMU(JE2rNxumdySZ!v^Oe7KUtgNK6)o(G|7@T5_HuD8-#
zbig5v?Hb<jHxKIB8oPWZGo7XGw8NZ<ug$!y^NZ-O0_$NO4#{rg-SC;sH<5O!K&)gl
z(__H%@LTY?OfTa%UFeVAAeqC<6&AdjVc#g$I9?)tY2d4F8OOJ=bi?>a6o?`71e<Hk
zC+Ge`e>kH87ap7|(-Wqg%#X22)G|vi9)Rr!75g!*1UiQpQ#sgoE<@`nj3w}n8A70u
zUJ)GSHpzkV=FWLa=Wf90BJKU*==SauU~)#K|G&7K<$pvBGbh{s<!%<1|0QBrSpPFp
zVi2>maWQowWJvrW!31dN+8?r`5BK~xgU4eaktBR%l}@|-&2CB@!tsJ>N-r>=<yIq+
z#t)AfeeAH0{HFPi^^%N0t~PONmGC1)7tQgy<vP_nL4jrz^#8c<t!YUF;+5f(4f{cL
z<yX^wGUMXvm0g0Ed>*1Dr_84u$CP7f+LG(i-=X_*PqnuPl>P3Tb$t0Ci>D1VnDT`a
z<3hmFA)wqIRR11coyO{YI7Xn4szp?5Neuu&M5Qn9pw+$wTIiKipo&|xXVjsxB$#do
zyh!mvFM)!D76G5n7^eME$sMfZWthiAhN6N$ginqX<$VI}gVD~}HPg-V#YB{8gnXx6
zvDeXug$PXpG|)E3nP2q3(-Cb~Chd`e)AHqe_NTgD)<$-f_-a0G0Z_#$xG5S*{bHwb
zeyR0inCE~8=*NP{D^#7gB;zX`6lcingGFL>B}kbqNN_j4G8zLFt7s({$$&UV%Jo{_
z-apKG+H|6b16BSaM4Yw*X4PXqvo*Izg)IqYw=D_*h~}EOYZ*U^(YsgpUmM*c9S}%z
znuu#d?)w>RKD4A{Y4dAPC)YOj+t<h59v;p<o->H>{Q?NW3(cr-o(pIb4oQlUqO8Lo
z8Y&1R60`%fd9z66Pq`}?6NsVTZV)wUOm7klB!9#md*x|D9#FE#ifDQRBw43=ZbF6Z
z#Kxlmf(r55Qoifet=E({G6a<vTOJi|i?Gl_hf64`eBZ9`fr$#>mbg;ImhJ&t>+EOf
z+4sPF4&2T5yB@YQ*z3gYNEWM*Z-<u9U+@8pkAx}9A*nrlJLZTSc&tSpfYamxPek*x
z@8w~YcJOfK+fMPa@SVEj;-&LBz;g0`8ttk8k;3p-l_~>&4K|@1BE4e?s`))2%ul5X
zS^VjFH4fOiM*8TxOu0_Zf`Mj#%A4r&gy%49iV0p*>scsm@+z)Dr3lG`3xzPd#W6eV
zLz}xC!QeQav1m37b!mTVyb+&O*FesR;3H8ek6F=9tB7pc3+UM8B!#SC_yU~jLh}(o
z+#V<Xlp(E!gUE<bV4$F`a`dq+9AU*qt^28mv&eK0w=j)fzL)<CT_18OJ31LBux@5w
z?$aP7g;nh`X`qa`rG=#$+9D;CgH%{+N=HS9fr=$t16bfjE;bpMRB*W{mMf+0_-7;J
zo`jP2N=m0Uq((yYAT3V+W1(5rn5!?~5EY_6+T_Jje+}IPMAq@I%A4gH|DXw^lBHll
zj<XMukW51w>=R>`RGu-Jr9MF`LVx>w8Ol28zgn$Q?I&|TdL?w9<*vb<=gU;8VamFG
zwzKtT`P9}8mA<PFHF?%z6>$5STC-K@r$l<twPA<1;p_ioG=#=s2~uCwJ=y?(D*N6s
z!=t-;<n9SZ<nY(`^{~;)=I46o`<0u>V%aN>K>*k1G}2N1$~Dkl$%{!dA@d@5+bGt?
zeap5jw!**2e}!AsJ63=dCD1`dQUOu09+N4lfzYmT#qQM3?j`96sqYmjjSgGa6%AC-
zQ(JC^)k8*2Xm**gT-d~*zFt~DgJujfio`rI+h0mjRb42*+IQfh8KYq!PMYX~9@{Lm
zz5Y2O<&*KiLZ*<xpaw(d#E}Bp<Ql=lv+}+FEGt-wA$HQ+ub#4*(I$9L)!`EPR-C6%
ztECm>se&P=RS98jt1`SPTT+D_s&g-4`nbKyXyqXmN^saR+@}g+7MX7VkZP>(He?E*
z`!R(fX&x0}*;@A~n$n$7M!?7vSS4=H9nE_++0v8sDQ44iw*ZhTRI1yF?@;824s}7F
zr;UeX5BH}6cx})X!gVi#FKd>jJ~4Z65*${qxdmE_2v>4ojpywy9NGcSd?N<K9UL;F
zkbQBaI|h>uB2?O8MV<<vOAQQZUveQiQubQ63*uDmzq(DxG?#4E^JMd#67?_Lr8tvg
zAQY%YhZ;<kEpBAUa)SqgzWgn6f)*qe*e==i)J&IFKxAcc&gFIxORLi^yFD8T8T>ue
zMR+I5bJVJEkGJm%pYI#`3(GI4fhNq2xb_WQ4EZsgGI%1MY}^Up8_XVT@vm`%^A!Zz
z=H_(o@Egbrvm&^n%9?c+Xtch<93ib6_HE{~<WM}0@%ApdAY=>3dVli{62DT*ZH_r2
zu*qH_G&^&_q^+Fms!CM|9<1oK=V<v5lfqxCI55%&#}|zPkcOSMbSPRJkN%JhLm#Br
z*G?zZ>NQYj#?k?pKQw?VV1ZilpMXoHsPF`C%^g6@FSy;rh(eGopmOmb{_H}xUDh=*
zZZ=|*+@s$7Pv%F3ZzGLb<eQllrI{C}dq8)iN$%==@K!s?3;kJS;+1wx2zIj;N>qd=
z*=&_C3i@{REHUc~;8$^_i9}lfvwsyJI~KjTk{YjcS=s~8gpPs3{b_NuI0ZSk@Ccq`
z_Dr2KRkUrOeWpVqS^N)q7JuJuX-Wc{rX}>fp>nE=_fAyX|8XbG&@9KhObyCEh7j9Y
zVN}fM42cjJ2djJd?1<kcJ&7VirKNQ$Nih7<m@?nh)$<mZe8pJhr{_+U6n7^$rMBGB
z3fSx%vD^f-jbkl6)s-uD?p_1IY2D($ar0+;u&_NmbA(Z(GA!YNU1mF>E;sr0z@a+p
zKb$=OyMZ<c!rR)*B?(wl&a0m0uphlm_<i58@tVyPZ;JcuD%<4${>gp?wNJL$2^$qB
z1m0@hL>m5OK$TZ_&51N~@x9Wkurq(eVX+J0#GeIZOio_j&f|Quj<{eJ|K5KeJV_Aj
z$Sps@BfAJuxnEyCI%}S?*=3evt1hFV*&n^@Q~T<F&8X{3IaA3N&hdmbaOwl7Ry?$0
zy^6Cr|DK9=?`)m^ss#u){a5+Yr&z3!)T}hB$iFz$8E+P(ZI}@U#U<+?$lieYD#*su
z_ydsT*xpFCi194v;n^8imQLfDgB9tC?K(ICkd1~ybN@vI@&^XN>}MHe>bS}`xJZ<c
zoh*Nq+v4zof0fM0Are3zC{%%)2p4}+YdroBAw3hwTWAdYZ$kPn^7*g&B{MTC$N!i~
z77jv2r2n4&|I8%kf6OE)U|Qq9f1vrCs>>8BnNpGor1kUKM@-XMlZ?lVRZFG33?gDi
zggNE|E5NFLg3<p*{4()^P8k3tXlbukZ!ZLr8kBrKUAu7b5pNERo$znpa^|j``93%X
z3@a~vM>sz%dOJB{+(A4p7x6|Z3Me3QsbS`O@cHxq-4%S?9(n_u?wXx^T}ONPux0kL
z47i(HwAA9H<W2)}5jPvd4*R}6n3?P>1aCE;g}Unhvc^)#S#WVibbvm?0Zbn;FzG|s
z?es;~8hnVG=8dFTT=EikS!^TkDlyy@A+|~NEQ0fPUA*)6UK-T*KpH5M=1RVXhw(<X
zRRgN~TA`SkkRSl~>dosmPAt-wVuQP#R1W)+G*^oytH@)eEq?mNqJhX8a~W)99$Qrp
z*vD1*Uy6|ehNGl^u6xj+(;Ii~cDu55r^Oii>GAfdWu=T3NSRVuf9kfIN>xdr6frSK
z1Z&Vld+0##kDnEB1eHI3zJ)Z)#`{{(ko9xkm7<&78GZn4E&UHZHy1Zr3*Bx<yjX=n
zwi(ZgIx*jLZD)@Tbn^QLHSC)4xWOkOyCAloe=XL-t#3s&5plH?_sT>xqhK9rN9%3F
zos-R~)WEi2p0AP6J#?wPC>w2O-lV7Iqlu5CB~nZ+W6o%nPZ^tn0BqUaU7emhy`IiI
ze-=u=2HF52R#l3PW)`YunjT_=(ZU!wolR}xnH5`g6_T3K6Cm}(H7}Xu!TgmCHWvi5
zJF~wt*LOvDEe{HUJi>ds)^vRgte81fXmflK@D3PiQw!+tV}J1D>PR>?odOl&0+#}J
zu%<d%L%jDkQ&7refFDRm(pySgRNaP4t3W#*vjqS~H)~O8_ZjG~Q(t{Ag{T8|?oGum
zRPqHxIcV*^ONIR_wZc&3;lyEOrCFY+C^wC5gF(NXa1m?Vsn903Gc&-rA9j$l{(sMg
zGDfk4XWxVGb)m~q1aJP0R3L^EJtR8hQu~?qD`*wA(emxu)1*XI`I`mOF{r$Ne0Ahc
zxBO=tj^mVc$q*(A@S|5>11om(z9&>JM$xmdKY{%ryxLsl{F|kQyUrVJE64-eW?h|M
z>v<zw%c3N=$o2wmG}@XcDgk=vG)=9>+HocP7{$AY%IT+Rwo*o!_wY@4W#<nZB#*t9
z;u5R@EvlApy8h4`LiI$O`6s)N|0PyUF!da8%j!F|7GruIYx}I()xaIHq5~<FB!o!|
z4|36mh-ii7t@UGA0sd2WzZd~bRFC~N{KzJMiOqT8jme%?am80A%9Q|R|LH{4F70MX
z*9G$k7iTw{laJPR?c%07#yDPID2DdgCJQW|aY`#`IfzIhwE;xG!Rml2@ql~XcfJ64
z%rZO=L9rU1jeV0#so4`3$3B!Q;*W}%Y+^r*n!l)<@=2RQ<r%<SsVA}Mt+l8rD@%ni
zeEQB2oum2*vzdJ98uX*t0dFm@nE@*X!_1BNgOMhNLNGr>7bSn5E)7C6<X>;a3J*oQ
z`fL&rK)^rdiR2B$?Ng3&1m<6td_50nC=Ea~yB6?Fgc4%W#UYp0J}!Y1|Le#`?`-jJ
zlbFVGAi;U5nIeZr$WWpRvXXY=HUy<r+(h}|AI#}-swuT0A%IA-%%Y&OVk-VjV>8-9
z74vL%cmbz2A4}MF!{7KS?Jk5l9q7Gce&?S-Hvd)%QQj4qu)*ZHfQo@Q0;({8_6s!6
zdhf(j*RJson$4bZY^=0NS={F!|D1(Nam`4$w+Bs3>+&8xL-S7T>E@3fOnIdtX2}Nl
zo(O(uH3&K5Dq@w{bZ9bO?VPKo>N)dfp|0wKc^8Ps`FL=Cu7y@?q*X6Cfr#zhDL-vg
zB^vca&kEP=5)OK4t_QOMq?sHbQ=<%5UgUsw*IpxlFaH>y%*GXbWo_*lu45WIN5*to
z0A%+NnUmO@QdRJ}Z)y7PM_Uni-@Jw~xCqY2PMF87!8p{A0F`B%u3QuMQ(kph(*1y&
zV%D%K^oW19M>->8nUMz<EiaCov`*jC_Ao@qisv;KaE#|ZT_tl_H8d^&yiseKz3Bk=
zBi&STdRq*s^d%}kgx+7MFPByDSn6y9GouO*zLD@G(OD2o1JZp5yk}>w4W{V?rm?Z*
zb^YJ$!nWZS)0j3SR#kR!nD4*^CN~is;m)yCafnpf;>Xx(jrm3tF0Q{2PMAceh_#Wo
zK1DD|18#FCJ#6wel(7JSuf%+Fq*AeA;$81qZ5G;QS^FAk&d}*)1x4eMgxP_^XJFf#
z0Lc!2b%o2QaO*H|(l5RP%XLgVctrgBK@VsU!?Y0N0Ffi^@A>%o8T3Ie^SXce>U~of
zVEMp{_-ug46gbJPk3C}B1U{zI5wYLXVJOJg5iVIgMp$w3H9sCeA7{oIcKNb9{2YW8
zfGjS%9iAsU7Shd+wXK!;3W36d=*ZvH8VOp}qDQdMzZAn3e|_YeHtGwBl@G@D`P<-T
zLE{@z{hj)!>`CF*h5h^a;pF;R#SN{t7U(?scC@_owrI4s+)_LKLjto2?&#&gEW)?L
z`@NB?+h_UZTn-;#N3ot;+B<!c`Useso8+i1bzj`{*u?QB8@CkC2vLJ$Bj|rD)2|<0
zI0LoC^M9$rhe38i&&Z2pi^7%g=JP8C{)h5lL+IB?j)-r6xEl%YyO(_PICInHHHVS0
zR_Ze(O7I;2wYSHAUceWO@g=P~qFn+7*9RsIfBmlpY;qpJe(iY>!29u3uzm_Bmh`Jb
z{FlLZwz;#wxZ<_W%p>-o&v*CzcI}s+KFBR+*yPWF(Yqn2<?F#FA#4->k^IrMepT-k
zgTm6{@hZ+?v+LICUVa=!_PwhAH#AqN(POpIKs_c>UTs`~&;8M^zHF+7FQy^eHbcic
zSig#CJ2{l}^rv5YRKnX7>^4x&z!`R<_c--Y4v7(pgaj^kzBLkPq)XZiMQ`71t_mRn
z{r{#N&i_k0jO>X49D<1tQ0#ymXMzQizAzx0o_!e_h(Mmxd7>5Q5R&S?a2K)1G0dat
zMkjK@0zzb1M_`lVvs^+G0Y09))6=!Y#&Qm>*kiV%Rr)Z1dv}G7$E^Y`;Y8ZW<dpxS
zN&Hs%OCK>M5VI?$coZZPr;9SEAt<8kQCby{AR>JEf7+5Ml2AKGtX+V49oPh3Y=<FN
zz1ZLoc?Han6#Utd+?iMk0bj13FKnEYP$Uj04lwH&@w2{0TFpR{LRukKjq?F?I_bNt
z)jVx>+3lA-xAm8HE5VYGyCF5|Kg6|Q{S?pt`3olm_6m_#l_^E{A*?_vkl5rCPd{12
zyHOc?)^p(j%e<e9_QegTcSTRH)b#C`CHp;!uFNd*0dnk}is<m-_=VOZ)h*O^D8R?p
z3COqNc}?y5R~u1knQdCJJxL&zft8VOnfw0l#nuitt=2r)J(O;iVYV+^R9Hl`4gTwp
zc1QNylAYs?@ErQYXV*o%P*LBU?LvzK5|P~BkMdTW0DWB6F}Dc7Q0!D5`v<}Mt!lz(
zsh72NxkHKfIUm2$^`MV#C*^ar;p{{1bS{4zG?WE3{r@5BoZ2%ByL1~?Y}>YN+qP}<
zja{*=if!ArZL^Y8ywiR4xBH+^*B`j&n)e*ziEi$WN3Cr=bZiU*DS~Wtld{Xi;JGZh
zMc7<t!%6SaYqO;x6+vC>-`RBJFBrq<-yEq@>kPaJ$e;gq{k6W5&T}5xL9@h5Hb~YH
zM1%3k$#g{TlkDS>@SrBFvU=!WTz#kdr=nwC=a>M5E~x{5Kju9`*!nQ`&!Zjy0PM2H
z4xS_+fep&e#F(TfAq1G#mUH=O>boyB@_nH!Y$Q?kJQ}zpXDqMfY;FFOt0Gf1i%kn6
zA7VKRJM*U2`pCT29tqso1ON$;a!FmA(S(zVAX~cj`hRv57-ZZ!oh%A$_iAjC<Za`B
zdJiqvR=uxUPs*oC%+8{`8F{%B8=TN0(T;;KOs_fnpbqJefC5^0ak&I?^xGyIS3e+L
zh9?g>zBSu+>HWK$7b>wj+Z?ppbLaqE$o@x>gnitTPYI9Q439cmfP!34B%PYrpd}d3
zR5u3J+Vcbj1WtZgzZwFt0u1K@_vuN$9;5%lkve-QEF(`(wLDNYM9b3#;5j0e#T{bb
ze+z4-{}~wq2k?3N&v?C*@987I2emf|=>PLvY`eCf6lkmL?CMIn;qemSobB@q@?WU@
zYPo0)2EBIg;r`)~Vux0|vN#&dZaYjIo6RR6YVP>1{k&#3`g=IVP;~^<)q3-qg&owT
zSDMu5R;#GBd?>KC%Hp<oXyCd?2O~`w)F$;l{+(Q}1BNT3BW?C33pDJb+{m_kyWMLa
zmpeb@dq2~8=qX@A^;3s?n7&>vZ=4MI+4|=%jf;N!E*(2<b^m+(!}o27bK_GU5xRbI
zRc<$<pRHi4kjKb-7u5GMz4&U{@7aa_VvNZ-67l-iV)ij?PC;y9x@f$@lXI<6WQsIM
z2y)WU3_vj8fR4d1V~|5<(CxQqM1z;L0HNYZwGLH9OQZg*ZkC&ec?+Dd&7;;m%^^kt
zC8HuE5@#XIYhJ$2hKjO_H9OK2=#cw`<q6!#{uOTAXtXS!T4jktKB?x{YXbw+Q&W+O
z_GaOz+Vf2Q-a#A_Zv+5d-7DdY`h|0OI$#WD3m6)t*H0Vk#X7irWOUz|^nQMP$SWfB
zjP%3Em@HD{@=}}ZN~x+?*Jih?Zpd2fDL8--9PmBblEGm@^7co^#{Hc$=R5rT8%opE
zX|Nq5($w{XY5J+9WItY=^?tW+;F;bbMMJM^9`vrMEX#eyxus%4xh9!NY_R1Od#)T7
z1u(t7U!%D#r#rSd1Ovxs`!WqCntw*v4C`Nw?%e(o+*#4m*+o~wp^QW7s~YHPxKx=1
zWy(UTksOLZBxA}ekGU7J>FWs3)r~f%K&`bmir+JBFFD#1YE=yq?}<d6&-fRgg1deP
zW4UL23+Hc89fFt-N1zS5k7KNp+`E%UBfxHC2CAVT!>j!UWqD2v5h!k8FJz+PWsp?P
z$r~RBQU$vWnFh}sD}56qFo^@K^htNviDq+4ZOmOvoRZD+p<A|WP>*_*Ii(~*15}tn
zC)=$#flE4x!=*^plPNB{RkMyiz~Cgr-}D9=$!HmFQilApV*v}*vp~@wLkX4^6YxE=
z+P%BHvjVr)mD+m)QxOcdQJsn=wm$LJJwcybNy{!6;MP|;AQVrOhmu8%{dqzd-eIXz
zCl7H}659LdT}?OqP5iqRItn{*S14j^9Rr$fs}(X}ajAkpwI^AxT8260idcjivx)%z
z6BuO-)5Ia?)?LhtXC7%zn;5n_77)>4mroisk8YUC+R`<@_3V=$vfjjDu0O!jFteFZ
zDA<I$dW0jIawjY)RYd4~x8XlplPx|G`vD8<C0@@$<XvgKJPZ~-l+9jUV}6HVxHjfX
zvdYcPlx(bE$Z5KfLS?g|aUl?}lKIa<Bba0Z9=tD^DeL;7WPN)%gk2P+7SK#c_jEo~
zPFmOICY>ohQXaf!dUQ3#-QxpsUWJfvrP2`n=<q}ZqS%}Fo6-IJFZwiA<j^1<5gkAx
zu*STQh8hB_sGY{$MSZIddHH5t$e#VC6S+2i1{q4<D-4K`^{S|fW?grh7cJ^|mp+GV
zs;!(o%f6oyw56VZrZ>q=2QU^!B((fI27%YBFBsZA^zPgI?OdqAIbg0e@H$&e>jXNC
z@Iuhd+)M92u0g<od`jK3lzfUb)F+v=VEcG<dGDWqArcgh06B}Msyg^R91mfZNU^^b
z5g3o7T_0>PnL1JB(_LOu%6l8f_abO=f$La#X#lji5AA37V&ccH0{GxR?LZYKJ@hMa
zfm>rk+NTJ}?-sd9w-4Q`?3*d?`2`w;m?P@TQKqL=>vo`@!>jHVWK?<7R&q7=G{lt<
zFwpRHIZvE^z^NYDqSkB`4{X+xlJySZA7$i)`(ZT5v6M^BEe$?hTGlT#s;th?TK@1v
z68&1VqgX3R%cO-S2H^3pE3U|ktFrnh#USy@&&N7Z9YGLu*stsq@MU0H0&~{!AOqn@
zXw_OS-I~zXPyx}|RaUOPn{eXBFL+T6?FvH=O_VT^qT;z=GCQzH3iV+DEit=;|6!q+
z7_uj>)Qpa7ZXk1Il}!oZ7gPm?A+_|VM~4H{q@?TZ@5F0l{ZmvoFfx}s+5<B_3FeZ;
z(?pUza;nu@K2RiCnK8>fy3f0lh2VRD{2mV?jrMjKTMJFhq(@K^fjA7&qc|zRwTo7;
zhvR{3BUdt;7@Rbbf5<Qu;{nHlA2lHXGoT&7D0NCKmU2a=lV6|>t~lNm9bLbtGVmoC
zINalu3(~Yv2e8dyN$VhC3j&t4R|P!?rIj2Cb4B8(5@<A5=`KV=&Vo?|GcPVWb4Mgl
z&=*6*O06FYS?T$C=?z8W^Y_^^Oi$>G0p&2*^XI$-n7I#A=0Ks>LQ`L3oi!1}ViDxF
z6zj$bcV}5iVxGhUdw>6N9!Hx9fQ{3Ca7wlj6!#NH04(to%l8zx)^y-EzX<Q_tjpsl
zn*+$l<An+qHfF*L17Rkk)SxX$O;w`|Wf+)_Wb$ZcJ8{Tf`#qEOxuub~Ujr#MZi(2`
ze9Ax+2_F@2ZXa@@(9k|Qt$VdZ4yaEASxS@fq%{7r^uWU_m);JXTr-x6V!J5?BR`OU
z;wtZ%0}L&GOdanAr=N^ryw|}p+aR81++xIznxKMFwz6y4DlRGM_X=#0OjqGn<iU5-
zCECZNzj{}&of>d3mcAoP)m=nFL`b_+`+_)FX{>r{9tVpfN{NngnXa6U!SoJv^b6C}
z`0OcVo30SYN{k}>mXXb%D$4AT5K!b{fs;M60ZN={U(VS|JC*YdON!tldTBFq{3uLP
zn*rpwArfdDu1W=nLJpp*U*-N~+SSi)a$p{GLI)4xR`LQ<xVYtPi-9!>vY>TRya_{!
zC#nz9)>Nqb+8Gs6jRVBf`pOugzJTIImLkmUz4_X_>#ecmxkr*?p3{FQ$bGkA9af0z
zfOSn&s|Xc>f)1%bXOhCN`Wq=zJ>Lby%SRam(VAPWZiYzs(z0j>6M7)oGg<&8_1f*R
zYnRmEpQD6!qbfM;Y4#z?GuNZGEd78(xK#UJT(N5#^&@&U66DDse+%d!BF9{})R)~W
zxm!Q2$&Rt-3+=&xOZCAW)1eGT&33Ib0X(iK;+0$)kR1=`Vkms(zjMK*1hEqaauKX+
z%_Ryp?8roVF{fXK9U1S6lP|U-5Dpl>Y#Ye&Z8^OEPRw`V%*W|r&{g4gxt<Ku7M}Al
zL%?6NgnM7#kaZW)|Kj@VF5pf@XzH{T{085JPvLG4yUd4IF;JO7B&f~8w3oq12Ee|r
z(y01DfIc8w;kx+U{tE#LBX~<LY3!|iuGlTc4#^(N@?asHen|>Af#l>A1y>T|51G2o
zzDDd4_bw4?9@N7}C<Oq>*Sb!(DQM$-{)+($tPZ1?9@3OhehMjA0(PK*S@#ne=2)d>
zlD9<MsuaCcci=uJh<cu%D((doOD+uuYh5ZB)c&=QmCQ)zc1(z)hFnVNPLE>6=}x02
zbce-*%@XeQiOl4xWA6wKXF)?v{4qnkn@#^t+eNF<boAL}<3g798frYdcY)$XRnWzq
zh7iGV6@{8DabNVzoQKth(^v{(dI_RE`OMPBN>T)cjK@M=Z@v+qla>U)lR9t7?WZm&
z8Q9dyj_k57UOm1gymGLn(=Dz(`y({?8hF6bXM*x=$_y#OO;sj*9DLQ0^|sgdL=a8-
z+E2pY+PY^Iih;gJr(iEvQ>+*`p}S_xP1^{qOXi{f3x{bw^hOlR7v1ddy{%<rmK@a&
zO1{>m(aeKn#HCpaXFLGxiTJegwsGL;jYReBRJp%QCjSsX<=MPy;d-px^Nyl@Bip`l
zLlO)Zv?<!v?=KKjkE+V>H5HJa{f@<t-#(>Sh;|Ts+#uUpd8lu~#>nl6dU|UXs_3R9
zzkoo3r#=z_x;bhxjc(q6<a@Ke{L^ZSWd;<_<NOtw+_3v)NDl!?8+-)0e;2I$Y0QC3
zdlMog#IjG?GOj0{x})_hW3Jzq=iVr#t~FFMPFv{Qd9eGTAX*XiF>O2rR@fvcpVWgW
z>ZgO}1F)yNy@spA(y&FH$HG6ni%#}b7p1p5E`4B^!Ji1CVkh&b=B6E9bkuKJSC!=g
z_r}EI*4=)~2=V~VHRlJ{SqsCFansrzNhL)&b9&e7A5)56L~iuuQ^&^e-sk`yeyk(j
z?5|p2i%>aAirUBDzHE<c<qzWQ|43kav-}$D#4z%#jipr@<cf4+?7jkVS?SJ*3-mqW
z7o$0Ldlw*&^v%z!WO%Rco~JK|v&i1{tz?^6TBuxNXAJ;&dA_Y}>5j2DL`8*TGYi?r
z3Kpfc3}1fkzD`ch4<G-G?{CwhZ)ea^1`va7cm-mb6nWY$Y|8&yVmqJBfBurVUXJRa
zOW&%Wqog!g)YJE%GRdm8-o45Hw`^Hm{Jr3(Q532hfX>)L;_2hIIm_623b@wfmE{wN
zwsS}wE@=joum{UhRVojBz1N^jxH`m`#v#i9A>I>d28;UoU`G4{@-o{nDD5N_6*Ibx
z_BG}o@-c>}oO!$~^yMcr-)-@$&mHCPxO!POUC0q+&;n~x<46<1$rW3CFYZ_nAxkI|
zB1z&Zp0+gCatDwUaF^XoENIvUp-s8Xv;GiL;_HCz@o9O3W}&~-Ofk?|gQXQO&thj=
z4wZg`{DFpJo6^h}CkPxHg{gE<-$E#-S<|H?>Q-@&Mr0mu`otD?zv&}2>ytmpGNKKZ
z6w!SyfP)oYmQa}q%E@9%-BLPU)(mCSVB5wxNVtLg#1$F@Ia}YWv0Xsk4KmNce~YJQ
z84mL%)2l$Tcn{4G%61_-w6#XUn$fGXU^F9Gj%BNO>D@lQ<wm;Bfcdhycu6xV;MSn)
z)5d*;0={4lK}3_1rj@b5SU5SDlP;BolPqwN0KopG405_;S=*i(&B+<p8+Zt!1IQ*(
zN67hTw>AckMLxiHGEI%^@}s%+bRZZIFS$N5e*j|e<YP((*Rw~QE_43RmoaAwO7A3G
zg&dpf57epzwzuZyOhQCrMpp-v;+uz4aE`LNO?=Z;20Qjw*Kdg*wg$d0Z=)VG@8Qe6
z0Q;&l^H}yc;fF)tcPnu`0+rQJ&P`Wyy@sG`uTN!xe*O(|7LEb>$V2zQHq|)Xr+~hZ
zF`|>eOQSeNKWZB6)S}wl>Su=9h~1rja-|3oAj8f;{(Xj_sxt<xOcY!^Up<%inyNTi
z>D<CXTWD20YjRF*vxfl9ToSK6N}8!cKo#v=?CBq9D;~}{j>4tk?cY%B<=k|0+m0*<
zqlY4s*ldm<C=mq}^l>TK`ay5h(PQdViXQp1yZze0lKM6gR7pTOg+X{+)YBHcrxN;-
zsypWbM1ZsS`^@EWBUPk}Fid!6Bmxgm+ovtxiALjH;ZRl~`dlD*5ZpQ7x_90^fX$^?
z|LM|b?9UP9Irs!>gDl~{u(Egr&yU;d7rdr)V~VIE^x<;sQdV5ep%6wjoqT1oqhuj(
z4=$RUygE>8v;^SN7qx6#0S?CU;Ra!n>7z*|PKFWJA=CBXXeOwGwn<7-{kvk?1@^$V
z!iPT63V(uDyw^3g)>f$i5;+1{z<{L6S$Fwa;3?XY09`xf206@9lqtG!mY6<_&;wG-
zTy%C#O&$x;{O>=)P!TC4-He2eOtsgdZsujPAK6j`n*&F*_AbA!?%$Ij;V7`KV>>b!
z^1G}?p2et4QwjCl=7I7skHm#2RpX9}QtQe^9JgKq&+*qFwv#HJ=jl$o0Bca$?3*2|
z(yR|#JM~BSMK9(`Aw`7v9{bHHLR2S1{qXl7WllTFb(pJb6m!^4tM+lnF4F}%btkgP
zKOVn9UBPBpL$l6?u#)~$sYa^6CU6leDEJ^j5e@2afH-vbG!ctn4#RuN%0W?(pm^s`
z_5HeyPpCDMWIwM6#9ikH@Y%Byh_B&BDluA8()?22#v6WhkH3s}r@@uAszN}OBX18<
z@5=xgN4CyNgPNp(!w_K*^#=$NFF<kE#@U7}{(~}Q+!qF7TUW&a9c2xTESu#8D$s9_
zJ!~rh7uHa-<Ro?PsOibLJz*{8jMcqlS`KxO0Xty4;WTxU%Rr<CEO^vIRYWWwAs597
zTP%<W=K5!`o;UN24#(c+)IV<=3~#CEKAKz-RZa@SJPu|DafssAYv$DJ*$+9m>M*h}
zXV-n2eLg$8RQlcV#uaeP)r%G$NV&g2vX#HqhX~s-uuGarWdxfO-@#)_%oKxb7PJ><
z3sWo%Gm%xpYPzihY(2X(R6%{YopT&kTdQp*fE0j<3w@jYv%#WquiBevu9=S!WVG;d
z)K|y6ls@Snj1l!6{qw_CVH}vafV^wcddwc*??F$$V|K#;{2dr>$sah3%!<6w$z3s+
z>myQ$Ble?kc!TbTkYKf?KZ9-TkYAxAp^#ZW&-ZE7O#c^PSwegaL;L<;c2n3#23{rZ
z)R?Ex^kNlzVqr0l#ln>sl!}TX4X5-5td)<Q3tk_Sv3jX84!np0{X{L4YV-!;oE=Wl
zaZX~0f+KGF34WoZYkUK8ZK{kCyW7CBB*=Pr&vO;uD0teWd$6W7B#|c_tUT!Dpe$Va
zm!K!2q9Y%`6|9!y`jL$3P+z^+_shAY#PAxD)YZ`;e>J|r3lZgN81)T6nJ05sS0YAz
z`K#oJ71+fxndb^vBNXjU@{d5n^JHe$CFQ{ybab_dH9^dW{=aIbf%3+-*^UYG?heoI
zH_(lNzaN7oWU8+6(%nfd@3Pi{s}Pevl;@}mt>Y2E6{y*&0-6_oo2|KJAlbv0jU~Gw
zz`mvxf20T!&rL;NT^bo9-m%OH4n;Vr@oo9Y8BCvHz-Z=U)^zPmJ}|Kc;XD0?Y<H`b
z`$p3*j=e#uQTb!`y|(%`LlJZx#~*-D6bfFI#Xd?PbnmEDLRCv~3bC)Kd1>AJbuLX8
zzz+rJ@QCvd@%%pI`715}$M`##{%+JG>ygCn&#u#)NJmRYOQM;!vC{0mn5Yjr|JZRJ
zbju`v{Sn6<)wNEKMUH1K-Dbbhf!>Pcr{(&t3nn-CP+0t&CX%KDBa`jL-vj<R26xA^
zwr)JK@T(Z}e4`tzQCGvaWXp5P;^=e3-H|SUQQf2Qx0NvWk_&-7{^DJn=}|dztoPzZ
zmHOFJ__RV&AWiz%{@a0ccX(>a=5VF{tNglO*m9?CF50vO328nNa}t*UHn1A!?~AP(
zq26VgD>}!@@z*>93hMz7td3An`^yzD;|L&(YtPC6-*mfgZ@Y4=&pSDyOH@y<3R_G7
zJQ?fXhVqBRKgR7njK(E}dI1P%&L*n10WCF?3|zgTyUQ^yGBl?v9~MGe{C%YQe>`BC
zm|{aH-Rr~k%dUJ;_n;Wi4Y8Ftrag+1#TXrBPq)E!pqIW`n@BI;2qnPltxRu4Zk)uE
z+VQ-AyGVvtbb2ar)CGvK=@9FNvNlN>ozco^D@1Br8UX{V0AQzzw6g!xps+FhPlLk5
z#mbUIY9Iti(a`yU)zHNaPBreTvHK3<m$t<Mxg&qPb3FR9sFs(s=uJcSlq-_Z!}Tm$
zf6E=Bzf!(N@uLdu%Q^Ip`o|)8({6oFdBSgz`caWSYu~eOFu=AMb{H(*X)eBsef}CZ
zYHo|Zg-^R1!K<J$p_1XpqBN~Dd;kps=1#2kKOO+r8{4`D3wc{<wX?JKTLd!z|H~nV
zG)q6*<TVD4Tl5&PbT9n$byJwr#Iz6nF@{YBPQfhK{o%DDsRcYs`X`D)0mU{<6l?x}
z_~uYHIS&tgFn_ac{I<!`tzdq-5Sbw}p%@d$!KZ<h+2!@U(Qu%oHF3`xfhv2->l)^$
zqIdw~k@5=uzcxEvwcB$D4mz;3n_$ih9DH(8c6pz_mS6(nIs4zzINDk4aP_BR>~{C8
zAtLn({RZ!WdxAQlRb;hpGn9u>9Kr?RGuU?3VyNMf3fF(yI!R+G^S~g|6De<IxXk!G
zmnDc{KpZklen$Xb;TJp_QfCn9o0o|JmB#^|+;<7};66|`V1~EZInl*|^yWxPML71J
z%>u340z|j`4ZeMUShb%~6YWQFW!O927}d@@xy6&qk9%>`WFcgcsZs0!sX6VdoG;Ai
z{C?s4`EYXJ?Q(xIksZVDB<s4;I<u}06^Wn5>KHQBI@;A`@MZJ(x#l<KxTfKN8vvkR
zPR8%qg?Jm1fCC1D9M};h3BwjLdN<}YqmFAv#`2z6w*RG-A9(9Cv1E~|W1F+fjXi1>
zloS$LPcl(8ISz6n)QbRTUBL?hO(6o2lX)=8^vnliIJXdHtP0a!T^va+$@r+1W*H!|
z`?qxiigbtIL8{XesVRE+DB&fYG#xM^b>%?-twgPAcM2w*Pu{}C8m`!Jc-&oA4f8Y*
z>45T4bWsDL4#W#Ny%R<wmg1bEalG1G_1v7vRg{mRzxy{2)1{kogcds!1lC%x?X4rM
zrqUxZD@uV9?+dNK2VYB5UVF%rS0u-Xbhsz;418(H_?Z&+7w6JL4U!p&D9+Cc3PBoC
zGuhoZ7CAjEdixY%G_LK)<CQ1ZpLQsT@<C-#nD=+iFZSl|sjJtu2dPDs#s>f?Uk8L8
zTx84y+qC`B#>TgsqLAdkEyHN0wzv;Xe)Yr;>aO^p<)#}4u6fFo+I||n1hN-4ulX{B
zE6Z(FHb0bc=bj8hk|WxBp9#Q%Z4$;cBOLVtW=@DCPw}eGh(3+NJpYAB9AtzXR{ckQ
z(G5zs0KAtP&?_*O`b}5ImjG;pzQ$9A6e@XLKqN2jlg!Q+{5BIQ@%Y6xA0@sRkwI3>
zbtHW@ChfRRs3x@1ArXyL7C8@XBVcEqY@GV|i~sCKl@-qW(vhtZ6&Y{^hil_^T_K+1
z9fCMZ={02TDie{i**e)twiv-9LDC%NjURhpL}1BA8^j$zowduI<qgb@3SC6-TmGLb
zZ(EAc@)Ok5BVqb9gA%=85ELBpDN~wS`>OM6n<;--SSfrOS1(Nno)!Bh=YT7wRhB_b
zZ@2Dur(So-Ke0jHU~B+uv!s!zFkRC>!9aF~RmmdNhi*nWK@mc1JWB{@VYpyJ5ZjI?
z5-jn!DtH^B)kb5_FHdU!mMW}pM`_GVvA|^BnV4Zhpx}Bna(s<Buc0N@Y`D8VZGJ3K
z=7D=jK99m|5B91M;AX=bcozf~45C*VjB&-d*^V<_-ow5)Iyyivh`O+lBuG~kc^7GS
zBP(Cqq1gy{!hmVh!Sd+5sl0fm>t$a<NQH8rr}%ZqX~URNR#0B1dnlI`xD4%6lr-_|
zYu}3-k-TCfiXt^tgD$od*Zk*nN_(`jej(31RP5NDt(OxYh*J!uxf--6#(iOVE=n1_
zwTM{lWqfR)HV$AXkVkdU<d;*ZyY%w(x%ILtL<aPj36z+m@vO%UIDM$L8%Aad2+HsH
z-;s+UPuO8O3c-PIg!!oYj6S((C2{^7I1m$)vb4RreXfiq+2Y=-w;1gRzF6dUzLJ=b
z{ffc}6&rcy#A**f3{AA5a3}fstS^WfzuoqnDk)|@rJ(^yvF34=CQdp@^dzXG!7ZGJ
zkf%vzUAqV>W`2HO4+mFl8y|;P7vXLaW$TAlnmzlufxklhx?<`Kc^?Bv6nNruMD#S2
z3$BGgCP`(x$9EQI0(yE0h9jyEt4qtQtAA4faV}ws1H38Qcyr?9JU7G#2k%<fWn1*~
zi&r}}9y<Yl8((H#JaqZ<o4HNBmOpl1emWAaWbs0bgMA|@C|<2hFPD!TN_>V&S`_CK
zKttbFwn1;Z)oup=&2#%aw3E{lp7*>z+&&zE_Mm`&Yi@^Yb0UQi!9umkrnH(?C{8;p
z2us(Ue02}ziVRC1$nLz)NreusxyaP3aYwBCXb*tuL7dGHM^@Nmm@!0zos5{Idnzs$
z4@{z)dcrkLLGu^#i5%t1#uNXs7JCCEgWbWC$&{?qM1DrF0&u+&1E_((W?^q|gi>}3
z37_ZnsCVnNS&h%YpnkBQXGi->!X3E9`ND6%Im}rvGUfVSQ1(}f2&9qJw;ZJRbgrgm
zpB^!-50tM@sEv=J-~TtP|DzmX;$r&$$DM5dxq<lK+fFvFBq4(z>RiWRQyhJy=RyNE
z2&4eog%v}8G0hFT+36?AW#~3G#F)q>etySQ#}d$v-FDIc8+b7f<6xR;872lsj&R}n
z?<9Z3N0LRF2V?@0u0!&ljy^*&4U`@g8pIgVlGf$Q0Gc)A?o47tB1ThAs71%_2Okg9
z1A6-Z72p64htf%pB*KwEgv-?Pq0;m>+#lfO^dsf{^W&6<q9dztxL)14a#i`pMBu=^
z*@X(aK6TmUGt`KHE(t1*vD9gcwv6Gw^PHeDLh-#ndQaN?25DIT$kG<&3G*3b1(&5x
z4B!f7{x<dlpmSb$hZv*3j~xfDJGt!`Tp5i34$IiQY6Pb2DeYRAqXq+hg54b5S9iH)
z!|o^88N@F5#}4~Cg)FK1<>s=#j}&~QVuBr^7i#wNbhUoS>{8Q;PqA{v!c=HJR(_@3
z+&)H!>gKehghpK5LSRkYy)jyy58tQfA7~u2eIyvAR$WV*S);hzhaoZibEf77*BDUc
za^~(DAAZP5Xs7&5Il_~L(96E*`Pe^-L{a?o$7!|Z+_wN}I2$g<i_O5-&&8>`>t`$F
zt#AuJL|uaZhlY&iucb0r`hz7-8?_EzqcLAYgirc=PWR7E%s&N`D=*H7%|rNsAi?iK
z7t#7!ro{l==kwBZ#*Lec2EVZ-b5ww`K#;FTYFS+8atnSt%$F#gy#roOqZMqVq0rG7
zan4uAhdrWX*<`vqxmMTjnPBEqJXWG0@_=yK+4-I_GSq^NF(k}jphx#$3yv`o<nCVJ
z=ML-J8CvCHo6+nc5`xG4*=((Ns${eZT(WTR^yeifkTiO#>fkk8d{K7^2z&tHFF7EH
zh*jk5^;MwQD)C;8X5r3?txVghiHWw3wpaXXQN3Gsv@O>#S2}$520>|FAXh~$Gk$VK
zjG2OXweE3u3rd}WLe;Z%p_BG^#Wgb0Si^A^*V71I4zKx{9;@t6%1Y%GkHy-*f5bd^
zmW)ao8Uoq`tVETi3YxIkX=VZM#dUq7LY@PNaD2eV0q0%l%ogj(Uf9fAS}7y+S*)5X
zLdPpqq}-N<V*D?7N;WWcT2~F}`{{6A;uGW+{yOi#u|Ce%?JVmN#&kN*xX$2KD;qO~
zMMR3!DPzu(a@3c_6Ykvfp0cP!n1^sNUN)2mC^IllbA#6?H6SggT~GkTQP?r5(la$E
zanwILH|ADuqRTy;B9WAH-GPcxM-c@gxFBX)0{GJs1mSO0rpTb*2+E44DgvaOg-crH
z{NMrD@*n6IdC7Pr>7Gh9e|9yYQqpp^#QI|yt=CKNlmCQ6Asp6caS2lMWo{&wM>3!y
zLTzMazrOpeJZtodN#_B!N56tF7k6a*ge)22LxuJ97IR&#wwPE9hmb`e{kZ;i%EEQh
zVeZAf*;yPtde0$u^5o-4Y<=5?KXk09^TW}@%cUW7&V5{rM&ooxsSvKDrj!Avxj$Vm
zAAeX!`m;g-!=Et-^tN*XUd?+j)uJv@aNqs6xVk=$-?Ao$9aaIS(Zf%dS&zdXt*eh5
zKV&zO;b+e|(roM2^8;i`1GCtr(oKY4&CD-aWfG-vl^&G7aqjoN&N5oq(j{nrRJEvy
z?v3jdtwgjpKy%Qa&5Z`2IL<k-tnTRLwd&{hU6<$}5K^Z(@#Q!>RTdF}k>o;J(lv*>
zy^Q9}J;9+jBUS(*XWWo>Jog1-8GUSbd^52c2PdT|rS;$R$b?t_7?FvMrRkeSV|H<d
zb47g3X(fj_g7LD}uzVVBur=s_v4F7OpGhkomx9_QsxZ{(+;Lje38>>I#o(skWp)W0
zcRGT?48Tq%A+HZIo0}u&jZz}V6Qmv_k2%+V)S!@*glzzjuhik>i?Ctd(>A)7IV=~e
zLOV<Nx`c9UAtZ|w)w$D4Czi#u%fs-KiJ2UP$gT3Q1vT)PnoSKNJDeww)4c(P1y&`c
zHFS}`XGWL^($PPU!MM5&S+1*SM;yvKvlT4qHDz8fFj>ra|1jKe&jzdqWfD{@jOT)H
z;CTJ@cBO#T6xaU1YQ+xcC}csCPgZPrAppnzG;}9q8CYFP8k`kd56~B<LxEjs`43P7
zcg}^+c_7$F_=RX6kyX9nl)#ja3FK<Q{~q&0aw}{5&C6qiu1POh!e_|f6`_;nBhQm3
zrIaO33yLucx|GVsz5GDj0fcVm;b4!E{rR}T{(!Q#AOX9(>c^^n2&i@!&ys=y_5kgF
zHcnu9ZuB^dg7NY4C_LfYjKxN^co1i_Zi4VwAus$G!-H$`(Cty)4{rnSRXN6d&F0J!
zrlIw$Dzo7uflJ20^BQoSW<cNz9`D-ZWT-iChDDH}+~pM%SMJTpD?12B^l*07y4lHo
z(14&u%aR8|R&An?_Aa}%*hJ7xVFqG5eF0O#<XhRuRY!IE6a}D0wx_poqNeSyVDf1H
zrbr+9znxi>FcL_1wH;ZxR>x_PZb~cEGV$Zy-4MK1!VBc69U~7yQf-;!#{Agi)|2{*
z{3Sz%jwE<0=}TuCzv3^wg9gUj87&2r5CNkUt{^Jo*3iNOj%alnp#8?_CZB=>2Q6E%
z$11}{(uiYi^g`m;Ev)coiNHF;ep=<?{&1*}pxBQPAjKNk?x`Xh-WVtRU~{j2-L<f<
z>7|K*!jS2^H^A}7%vKn1XpXxT9L`Huf_L?d7jJ8eDpq5K_6H_YvA$3ID#}^veSn<i
zbB=r#l!Q2F`jv@#hh(Xo*s8~lBs!-JCSc<9v5pm#m2@0X<LDq(YUG<OpnQEtVaQf8
z#0M2RtfZET+maWR5(pSY#L>T^LLp8Zax$P;e44Imwg}68AlISu2+weR!S}rc11WH|
zmq@XZx4&HjXazg_oCSViDW-%Hod6^-*J8?CL{lQ)bz^a~z?OJ1AFEfG5iClbV10&R
z+RHqc$JOWNfKxY-k()of16`9{UFwQhLx~a2pqdqFJet-R{V;=&U*d4o+6~66tDJ={
zC9*%f{Ij}BK(46by+Rb1om@3V>qfP*HngY-EEx3?!&b#_+5CMTv=q9CVgYYV;1R8u
z3bjNxWezRhyQdIG-@LtCU+0V6@{9i95wNVWAaV?#qU@)n<2!ggn(d7F=R`G?7kc03
zn1@J%=NfS7FIis<Vksi;s{&fY0xU5U)#4#xA40Ys?f%J(-T8@BXTl;>nH??#S3B;i
zEg>X0``o^@A>$SiRjGf_kxfMv^waW4C>MH<XiK}OVt#pKBJcFO&9SaJMhWBmaes<l
zucCiZBW@<0A7DJlZA@*8w_dR=vw)5*GgHfhwngw+x&=l6gVsZ^D_Grpc;%~iW}s2#
z^5cgxq;6tqz`xz3-4#x%XF~^&&*46I@Kp8J;H`v7aDOB;=Bh1p6a^ky>ujBv{dzMz
zdKrA28*sANS8z`me)_nKe&n!xefzk07XvLjLrwk+rnzb?pbC!z6!?>4o@w@t8G+h1
z?q27Q7A*HLSN~Wz`I+eQ{laZ?6~-tODEf|g<RZOsgK#zS5r61){TKj*$AO5z#lhWe
z!kVQ+V6wi0{_mFsfggT-C;9@IZt1`Hb%)ztw;q&cbW?`oK~PB;2t^M1*k0q|L$i#M
z2JCHukl>f7tk)-<cm4f+`>Gq#q2cA$vp=uchUgI2{Q|z7oZSn{A9xTsQj8|ehIEU_
ztIMjrZfCin9M;cq!hkJ{ThRxkx8!r3o>N@Y+-dB6#tXd}!%xF?0T;v^wrn^FVWa*C
zf?q{p(~=T5!5ox9A_JZ7$+itB>A>OlC@~qq>!pG+5E2)qRW*K_Cvpm5|M&^3msNT*
z{J(`oGd<LFG*mg_fT!2VAdg_5b<x`|6}^?~OfSUo9brB6$F)W6Z-M1@us~SWm;NAG
zdQah6&*U&rd<O}9gPYe2I{e=`p6fqn%Uo=X|ADmFng8eG|IYF3EdR}DUH>TZx7ZWA
zUuq34Ee6yY<<fzAtDpK06D*oLTbh*(%ypum+|eqs)X}uawW!l5PMTVwzR^BM{h$zm
zA}dl^c}m@E&+^ZR(<P5aC)1$5Fhye^kUnv~4X$en_r5MhX=?o8M!wZM_g*+O@_MJv
z!?UJS^rwP#!Mv~<3t{a6?ix}9p12Skqm{z|zenmWuls7q-mlf#p7+DXyWPCc^QS`3
zZdm=CH=&zU4guXrN;8m2A_u?be=XJ(KI?uZxpk~<T6)9a(Oz1yFmDd$N}>py`n1F~
z1f<z!^@>^Q(*+y9;_T#V!;w%(_aD=aJ>wON!D;fvF)gg~ZhM>o@1%-#v@v0`XZ@!P
zTm%Ma*~eO>LGdund#7>)@b5X08VG7G41=u?tX$JW?!1Ev+Go4!_N_4~Kioc^<ahxn
z_@#B3Hy4=0sEQ+5;~t8LsBD&gZjey}1AKz{N|fE@Gm1D&w-!mTza>vQ{02EDz9|sN
z1qzSOG1sIFE~g0~6#3;sVb|~bVEIua*UWIDT#5au1I?&eKip&a;>V7!q2mHsId-su
zl3dp?MO^gp-g)n2tIyUm@BHJ(*Jt%g{SC9bwehIXvX4X~N<PKTfWKL?vD2!@$9u)g
zwrHw*7y44N{ye<O&@F-ym(6MJge!J({uF*p^w+7u%P|9>vCBAer6tlYllq5VU7+h)
zK%n9Jd-xHQ7FsEW3pvpf4*f508zvk`w5aV-*Y^a1Mq@vYLVMyp?Sc3(lSwyhl!>Vq
zJvr6iaEsa=|JRS<>Brk%9GA}YyfHErVb8MUUaR1d3VPzyr~z}&*2)$)2EJqC2Y{Cp
zN23BUZxIf_hw#*E{CBhfSwY~e@0LuR?&iCuL#t3{nw%nnA7Pf7#|8pheu>Q{QQ6aM
z8QgNF*LygzJQfB3qhtsw)<!Y3Wo0%Ljs+DYH-^6l{Fx4k0!g7^m}i}Cck5$w3YalK
z3ufsE(t~@xB59d0xCLgVfq*--D*IUum7U~fN+ueR<hmoRsY-6bOMha1miG(dvVCa;
z_SDglpXaM<h*K}x6#Bg5$UcAnP7!XRhDg0_@4e*aZJ)a=NNtnV`44LOyP-z48Dmok
zv@XPGxcAduMmz?WjI8K2d^d)CS*(*$^l1(<Dl~d%rF&~_*qc2~voNtRFg>|6-)=S;
z`V|2{Pm-28<k3`WZ<v)`8;?dC?U3Raxq$@jDnao|kLsvOwn~BfI57JUA;G}XimU5e
zX9wTk%_Jy8)kzYd`RKJo#!<$s{nJnL)!E;{wlNFIJp1R8hAXCzT;@ZPL>hgO>z)mW
z6JFND84X0q@h-X#mP${kikCLW<9zVq3DZS@M6EW((~J$~nEulS%I5uN^;mILNtpOx
z4LHo~*fc4u*yQ<0dyM2K$FGtk#^n+l5Aw1#X4ysCd%mx$*uF{|Y0|zv=oz>TIYqX>
zs}6MvlJ>f#^(1B-)m58T9;|xT=OxBSNht2u!vb=35v#gI)O!10>)k4^QH*lZDB2AG
zs1&M1NZ5f4L5d{l*h9};l8HSaTAZX}g1wFk9h;PUihQHe$+)PCZ=l-b$yrsfhp}HN
zlx~Wj#m;qD?K1immS|+GEE0V3usOjg*buJE{stT`_zYk!=<K;hu}(OQgWfIRa}{H@
zTQ4t*A!D@3m~0M41nX*pF+>A)(7hD^y2PL$2dx1it8DtZt2zXI25%|}K{ll6N!T^R
zhdUp&cYUwnh`F_ri%YVr;Pe}_=9GzZ!%HX`T*`xZvGSA<nF>RO&K_|#tFZj;ci=I0
zB`!`@oAvVE4Kiyr)Z_buh$3(VwwYDnb4i21nSl&MNHKC=KDZ0G?hPprX<Jpm)8|(~
zQ9hYJ|4pHdP?Y}|eiHj!W?C{;Y}C43GX%@E(7&-<f|&?cBtAVGdk08g<W0?}QL;5W
zs@(*4pW>__O6X5-&k9u*gvx8yORkRm21@fbtQ?b*ag-=hwwpX{5c<9bVDnW-1luub
zhAc{(WS-x_kP>PWTOT*>PQjyqEcec3_yem*;#kITRZsUavcI=6!=q=;u6#~#!{He-
z82CJgkkk;q-`8ly_Q=Pji?dbbHx~pI%d<LO$(wI5a1SxaKzo-7NLj-MGcUnv#^HZ{
ztsBwDM;s9-9mb&F@n%#S{$^Y4|07q{jm-Z&sH;5o=v=WK{`$UXphRK>sK~w~_y5#e
zs^;gLWhOMN`OddhX^FTu{^3O)M_?8iW1ZE@h^-^G!xO<wnOpxvuq2!(s?{PzKQWBG
z>;vbUjSz<LRS-MN!-=2hFS5k9`0(tTrAnbeKL2$hCv(2gnR=X4q-uZ0Lqn;-x#S<X
zeUQbJ64|u(Q5`7R7{5LTOvzhCLch;5Ex7udf{5L}+Yk^i|63$(NoldGd;-@>jcE%L
zTGm#ugq1&&(X}&M)<f2kUH0iVwV;?mDcRs+V4M*Jj#bK*I|Y|6iDp!*6;I$CmQ`wh
zkZltqL1>f6xg?czP#_99a8h?R-x^lSDx*c0pzYu(=y`G0sNJ9gTySHB8ViI>Yig0k
zdLyn<bjK?IYu^$9UEjPohqiUE;X9%(Q|8HKSsoE~;WmA?**q=hN9pA1Kr)4O-n_1=
zdfgVc;w5spEYh{ns{(UzG=md7Ar@$GB+1Lw=l(*?^^Wugl5%h@2N{;~Vqy|2;lWZg
zJph$1dc1P_68?h^IAuar2Jo{U<?nq?z+g3z+9SSa_5Qm*5Jx*n?)|LJLpvGQOgvZs
z9o+R|!2ET;+MXkguF!B9<PvHK-T{562Ve};Uxg>h^VA{UfC=BQB<}e)ZGc<(c8N)0
zp=sCb#f)=9E@jT64Jb@>w8o|*>nt|Enb-<{+NzbDmC!Q=WK{y*c;LR58hKk)F)GUA
zy`1GT#I33`NAyDBMPCw@9)JH;KcnLOO;SaDi`$#?)JV#$QP|oSW20uSidOe~swy|x
zaJ#*Ef#QkD_KIPClPsx83c36GQO?mCp<jf};gs2W&6XiCE_zpLfPzCaDj~`~1*sg^
zVTS-(&^$2(Aa7{&Hn`X|JtadSUmNHy`IWC-ZMsY2sM7dHA|`jBV^|`l#ug9pB8G1V
zajO||vx2`e4P`-Lt;mT2c<IP@MS1H2>F{LkLo|mwz_c|qma<K&W3I{UUaq<?m)i+A
zUn3)=BCq|Yw_t1(G&&QG97xRgb$L}>CIt1Z>3SXvXu)9+O3WS}vHOF~Ge=+6(4P(D
zcx0QJCAZV6zp;nuxe7+Iv))n}Rk4}YVe)8$_)2~nCnXXwVqJAqB3KHSlCeKo!|m<c
zAee{aXWEuMCp-Rw$l6KCRa{BlX;P`NX9-EN$7VaLZv>7y;g4IUIBRS+6)4mByQxii
z<2?HU$kA44>9D%=Y%BhZmCeRkVcK%h&+#IeCrfyraxX2Vm+Do+>q(H^%NJfuPAkv-
zcqP#}=M8_AXR=0s%<*AqM2xouMW~7lBD4MB$<kF+mvspkX{RfGfdC2k<@X%Ajt;AW
zZq-0|vq;@=M6OnV4+@<rW3}U9<o<+}A^mfdI9;4;<o5*QA3MSiiFEKmH3EeM2ST3Z
z@x;Il8T?hiXS>SEtukolSa~zYnr~L((;Aqus93@3O3%<f9?lg9x5J^2>0B)6b^aA<
zkI)4p!~;^N#3YPfH~?>sfdlc2GQ!C^L_#~iqW~Ps+QZuxvJH$nB`G5rK5bYYcoR4s
zK(*>fNEi_WiuaCQP~^g6B4t!#LbrsA2x`t>(Pi;Q5M*d3?aVc11MwgogVszv_sGBz
z)83~f+_>vC%XIp8rUiG-^md58#1orIG=yo}CSKWFe=hEjP)hT_wX>}z4V<t<Py>pl
z(|1xU@%LtN4EZZ{)z}nHCT%J)4Z7NIfIIXkZ^cVP&~UlYqUFcOCC!r9P}2M*NKMep
zsnkQSps>YJqhyyS%o)V4X3Lao619L_vt^rPx5T%5q@(Jh)b!Q-G-8cv1QycyX2syA
zTV439_xOjXun$|e+AA1F@M>gSL0hL)%#yVmQc2N0BRe7MWozTgq@(-ph9=)%0JoPV
zNJh!9ue7AyCTn^IM_qKO-cd|IyOLzh2u|v`{{;uw&63xIu?|3gx*Q962i{O+-*SCB
zITfw`IBmYok~Agr(DMq`jM81wWGHi%yRiPstOY^0X(yo%Oj*AqZ8kKP=80QwGhSE0
z9t$jJ$1PLbp#uW;tRe0~J|D~+5T)hPs?0GcphV(JkwA@n-hzMowtyNzk1K3`xI6?W
z=OJEEtzdGCwP-uhz@W<-G`>y@un;glCyRRIw2#DE#lYv{_K>m0SiR1!p?0HvcBrBY
zNZHcAifhPsSz8S@?RQZNKhp;Yr!_L;tC)06gP4*O{7QC8SHzhCSAw<#G|?UMcxdP%
z%hg$kNEA-WiVCJ@&o1&=t2Ru@H<A-TO!sgi*LOGII1o}Lm5*EiM^G*3e@d=*d4fHj
zCq@rNqYbhpp4|6l1D}~lalKLpfH36ln14eHY`uPaH6H$QWPMZQ@I1^v;YI-%Tt>Sv
zfGXA?+n0v7OPUK}H#!#sTB-gd)jM5sTgw;WawM^LURS2TMurCeyRN89d#@<cnQ!!l
zhNL@qUAI#Cb`j*c%g`&40Q+#am}cJ}($-^KY2wn3^WSB^WD*eRR}w<;V0%=2LZJ7!
z4i{wVC_GZO%xAU?mgU6z*y9g<)3Hk(E=sJw20qc{iq@OsA6wS}xXALz%|$dW%uGe<
z4&C5LegY5PKiGK)5jdu{01XcaZx7{@!BRsTaKgcs#RET9bXL0_E-I4NzeQNFmb?|l
zV|o=)jM26cWtLnJ_?1{o@T#4{MV5)U#fcptG@lR{5zEdIvW9Qx6cfAiq@@gc$g3aS
z-+Dc#?938ByT{T3c07@g9|}$XO#)Yj6S|KsB)FljRAFZ2BsEwR=`d&uwL@x!+O#TM
zGylmeG_BW?I}_NT<&Y8_hP1)#5-O-Z&8UW;DItz_vQez1SUE<)Pz+eB*cDLSVga8?
zcpLR}#^b%`%_z8TG=gIyp5~=y#!&TFoD<D!lf*|0d2w3?oI3iSSJY4}X5k5_QoT5|
zX3JX79*!o{U@E{`KXv|_wJ43TST!X`L(G*Cv`O<nc(0oQM>BtZEen9bKB8?kpz%wD
zx8RTZb|M(wZ(k}mo;Tr-I#*F)QoEhn&W%*8;U%(^mF9R+-N=TypBA0YD*P60Lh!ke
zU{h)`aHF~d&>|93in>0k&H;rh>+d3h0a>ORih1TuimDqo!$y<R%%juxBzSBWT*wDf
z)_@`b(*TP(AvOB;qlxo&w!bNSyc2K~BC7tMEdcv}ymhRMj9mYJ3-BMa^#5)FK-f8c
z>OAtKd<kLzDrtR*WGZ2Go5A}vIe_f@9vw(XxoNR!(aHRZsDJpzIL{(a%wG(hd<<D&
z`t~1V!<_x!%ZRbkvR5>MxyfZq@8f8Q%4<nF^0Cq}1UuXiOE*j|c=DFt>Z1wwkC%Vi
zwYy4B);HIOv)W%jKT2^(+OUd_L2K8Hy57u0=`d6Pn()u;B!_;<Vm#{nX%2PK>i1*t
zb#eoBT7A3G8mXQ_dxL$%7oj3`7Aoyl$;(PnJx$I3e7(gaQ39o?`iCA9tbCk<XIbh8
zn(9cN&xAwoY&WgC{xO|*5ptewRX&5hhZt|dWVYsEP}jsSs2ql{(~v9Ka1I4ZNTJ}j
ziI}+pR>db=RFhu|%I4S^ltQ8+9*qsev-j)Ixlxn)*wo)cNdEmuf(i|BT;BuOZF#<K
zFL=g0BlKv_U@IG=E}Dc}X=ANt6q_xW;g;O$FMo}JAsk!JdK_QatE`C)%eqa~K$Jtf
z&82BvxZzYv7W1=%>hh2;>)S@4TWFMxEs~-G2-ed7J$#73KnU4f?*r7bh^V2fo56m?
znyI2nwTO63V<B7h!_^&XsY2kg6V?4l(nrts=bSffFBywqm4hx~8Y#`PgtEz>Xl>hT
zW@7sZk=1j<Wc*~M)-cJ}&@s8j4JJ5mofXMD{m7V^WT~BmuQ>HlZ28x~C#D?gfjY|o
za@v*K_9&=kIG*H{BIc1`1CBT$WW7~fhLnDSTKZC;QtI_p1J;X*qYAbld0w3H{L>8n
zoM{$zD7Y>0K)T+!O<rF2{{HpC0uf}2>Z#Y(OH(y777V-7X>jhkcDtd2&PFLSw-=|w
zmoJk~#x1(^JNnb9k58Mgox{G0hE34`aGltV_n#*o0{I;|=6IsP?R7qr^m93*q*wM}
ztyPKPkTn`CLB|EX$QK7_JTX&nl2_G~G@PXpBYQo;We{}Dr+x|k+e?9d_T_<Hgtxsy
zdcYVYl@F+%Th?+HL5t|)RmnB=8tMClxX%H#;Zr)R)7ZNZ?qw$*UqkXmToZQ#B>&CN
zH!~S6b+^#{!z85=7~U{5=Z6e;;3#s1A~ERXon^WRjJ1*KZDn#nRdeF=my7@R<a7P?
z8}_Xlee@DMrMvKHv1BbAXD*YIBc}3hn*uv*J>^aws!yU&UL?DwcnS4WPCzROm&4OF
z8{+YyiE4QGLpARapA3vTG;=jFfHIUi{Ai$;7e@r5f%XCuA-wD4Ol87!BT&HXHz}F~
zP-d~|GH6trbD%WD-xCqr2KMYYCL5?8>LOCKrqp_-P`b!NED4m{2%y%wQdT(EQ>l(3
zbi>#SSqSD?1k7sgnn$O#`vPe)PUIAmd-A68`bvbo_Mtu)t1g3@hMyb+^#2Qky;yLF
zwO3+B0pS!)5mZbSnP<flc|g9C5uvkIN`$GAdkpLNv5K6b(^XTcXXV>rz#LU#Kq3~6
z2^8zFibw7cZHUSQPuOpl8aM*z$8|f}A}b^VsH5Rwk1w$9TE-ISk>jx~^XizX5B(In
z6w6Lp+6A`U?W14hAW$g)n-rN6@IJYmvnxjLR^he3E#&+(d+c!YA{Q(@d&)_EUPbM7
zrYl~%c)O@SD_y!pm8<1;Nr*QAIq#M$y0Sl`2yBGrMt>i9EzFy@ui7dWPc~gxEcV{<
zfX~Fcj_j#94JTXyBGj8brJVtG<r7oAF1i3yQ}}21tHyFzXthTWK>M$Uw%`$E&B1x3
zQ9RDuSd8~UDB+hn&8y}t*Y14~`%D~E?c8rLE(n|Q01p>l0&p%!OxCjnIyTrk0`3jg
zf-l1Gnj4)VjlLc%5ebPb(hW1N+C<E8&{MYLMC-q>@ep^?K9-E&A|ZIcXty~@U4UIl
zy97sc=w!xBknEV{0Mnb4J%f_XOlLxY7-1BuiG55lk$*g)(<`ZZs{lRp5%$>DWqd~p
zz#;<(5$UJvqUD%afdMf8u(wahfXpeSC>7H$-9|UY5tv{J_dCZ4nG{*`+})_GB+?11
zE!)^n*4N;{;ZV+~|2S{nj6yl8o{zDN1HUk%p_j<}xGH6c0$K^L!w8)O{~ufL0A1O#
z?GMMct&VNmw%xI9?bzO7$F^-d>7-*P-LcJ1(qGOw_uhBk`+sAsvDV&e&ze;=tM*zo
zYvQ*edUWaY?jo~t#kiB5+f;Q_ptJl1eLQZ7_a>~^-YA=r9K`%9Dg!<fBhw*x1IGQ*
z!~VUgme%dtsf|1-MbH_HK%Gsi{VHSscA-By<-klR8?*Tv_nDkS)zI_O$jb-`{NqIN
zb+hB>%gEW3)azA3kv9i`Cv5<*T6^<zX3whg>(3ZUO|7Pev+~gFnG)D1x8f$kb1SLq
zs<MfPbz?XhO&n>+%5N8Y=L0CHAMXfA4Zr$r=ZB&LVbH*3s#Si-(Vol%+F+#4(<nF;
z90?$V63qqgt*^6at2ryqz@2|18ImZ@I1=NbqZT<5&<w%0B9K`@nxkw1gdhcoD>%jB
z*&a&VuoJB@!*!@r;V7HHZ-$Pxo=)gxOm5XiAqdm%?&~P|)M>8shSkWwdz6Q{Pey!=
z-U#=ogx;7hJke%mg*Hq#8M#~umv#Uff(flak~~2*;GC0L+?{W2FVOwM{Pubguz=W=
zr#Vu<uT5*oPEuxmW?h*9a1-E4JaJlgGavGMVczCn-;?8O|Gu+DI<rT;CD!FDV$Z9b
zSBkhm^#Hwh-hiu5D}87|2HoxgzI8CVd;a4@FL<^YM*pK(KhMCh`tXlVj>G=hZ3oMF
z*3HcG4?Bb!eiDEGf~?WxAVCFU>~N1vQQ{lDKoQD<M{X&;<0=X|fJ?5rH!QeB*rSHV
zHTD8c_u7i8Ub1j3wEfM<%U9aIqZh1FKJ8tRQodR!Zz1~&+m8AP(~6H&vIM-5-SyQA
zC|fbdn!ZsJ=J2|ortv_1O0fhz#z+6MI4LKDUDTW4k%=<x%R#DR5K(4<s7hMfj4e(S
z@L03CdrxyiY@GcYfNLQ4F}70rl!Gp7?ut2m2n)WXYX3YPeqU63jV<LzFZja5N*m@9
zy_?$9Y1c^uvxrn=R+6<rv3K)NHJG}!4jo_K2E!mxZ2KWl>#w4C(-L&BMUAXcJRvWn
z6(GkP@=9s#OoJm9eAbM_^U~8W63wOr$SFnbeSV@3^w@VzfV(xmW*@$;=YX|o&4GN4
zmSOOniV!f(i-efY5?Xf9w0K{V;!bMekOF%H*^1V$RBaBV(hrZalkHbkW^mC%)&u&H
zHo$y(5@;FyGL;vTNJ@~Bof+XiWS@v_NI1I&0LNRJ-$U2SPfpsaxyDK^neTsYpH@aa
zQL%>x<vcv00n>K%$;b&uvtG`B1b6K2Ax(alv}Zf$-7onSFsh3fc@5#WV#0vjtM)!H
zBMR6*4`m%BQV<eEKGhuBPYLbpXQZ2Ip~+b7`g6QXVQo?NiQhO{tM!oh#M3L3E;)`o
z_D3*`9oJkj{MLfoLxJ8fMq?&eU44RD*<G~p6}uuL0Cawx(gq`>(ttW{P?D8jZy{b;
zE44)JOg2B;rw(?FY&UixrV{sMILK|!d_l*35wpXadLfwEW?+K$FB2;u)poC8%u$-H
zx%kcnrSd2BtB=3};zXpc8_wcwxV};Iric6`8odLxu+|bWWJMB)Rkdtoih`DDSClf#
zt`Df)7eKAWvT~~X<OffT=_rr#FFa1|^ciOONq1<PdCWS-_TjBG<LbKP%62C>yCZ8x
zgY3-t(t3|H%4?en?k-n*mBT#M*6_ZS{%%`cZQBPUIX{17w$kG7CG$;l?sn(-mSlXy
z+{(vIu)1;J0%e2slw52u;iu|Ul*;6nXA%PCKu3u*W|R5;&6nw~sBvQ!yI#!C5u>&q
zddqX(D2SAix{J73<S3q9y&@$iFE;m%&o4rh8RXyo-<9`gKE!{LByw|e{Cnli_3zx$
z|FiP`Tz3;t0(9&@6Gwl7w;cWj-ZB{`5mRgkj?sQz+osT!wQtwvY44)VjAdVyM4^$q
z_ds;H;LmqocQ3S^i1CnSXQWKtZ^4k1?QL<GX?dKN6awqAuXK0i131jTSevyJ_mBPt
zSpIa1cjwfDxD8o4l<$*Q7FI!FA&|6c5xT?ifDx+#>}5Xeot5--ddpp;J04=g|K4~(
z_SE$H#L-gIh<P`ASip7Xm&Xk;(7effNVD{#o19%jKQCB%jSb64qP8(C-=36;_Y*e$
zdW`bk?^-Wa&I`1J&Mi#Hrq|j)Ds>52BeU78ulP)&Rb8K17vIr&9Pd2POU(}T{UBs5
zIMIRzK*4=Y7;Wdx+kO32ZOy%*?2#9<yP0^n;z$me8w`re_oI$o(>u<Hlr2E#*Q$<a
zz1%MKL%&LIT6bb@Va7@~8i$XS2boP7$j3FJ8`3f<Dpkt8JlIqBBOx7K=R!G)GNHTe
zO=V>~5Jn31L5z;cbhrtJhD+tWVD+4i98}5|pyFyhyKhwG2!#{E6Ii6+M^HJGCZun$
zL(i1{MVu7EpP5T0TP<s>!GCrIIik=z3zx*&wrnXsf5&Q;0!6RR^StWi_Tbm8g}b+Z
z$qqs;fuF5`osCN280-zb3T2jBvOPXv9q1qZ&PnjzMDa0X)#YHjm-IA11rpFDLBV?s
z$O%9)JG)h1B$FH~-j18Q1sm_<4B$oj(kANqTth)>Cq~`qh4JO^XMPn2?#xe3_Wowy
zfZFU55ttYRm)uE~U=`9y1w$LXZWy(6P6wY=PxpdlzM$dR2(!d@`u<p4aU$;+=};M*
zFo!!5Or5yf8E#jy$Vgk|kbRLe!r9hAfI6u-yi_gApOtQ%OWZ4*j8BM;WOk!F-iaor
z7}g!^hht{2)Y<G^)2uZFr-GoBLsmO#(4P<Kkm{-pbRF?eB<b%*tQ|9C;8W_PlA@gA
zIVR0CVakbY#8UQPJPezuyEOYh5-B%9fbm+q-;SMw5<=#jjK!c!GL(_|6#J{k0OUgI
zC$NOHt6krd=3x04aefJ#!hD2AEIv4~-zR-lkM<X=CvIHcA1Ru19__W0V70YkvaRgA
zgPEUZ%dAJ=lMk%<`t|Pl{RI5`v;Qr+5kPuGrFf#FmW{tT*Nf8c57EVu$%2p>=w#<_
z#5UhE5KpJ#^klIsAE~VOKMRnE*#M`Fkpg<+Emjxm8D3OOa=Bh&^ZXf-(s^WHOCKR6
zWZ(s~zbdvVbCmo@Ymmpgv+}q1@5hf#nrD#Z1j8x_ITT4R_%SvHlwtIW{1(2%@vgp5
zGj+Xv`sK+a+%^+2#yd|-petIAM_P3EJ!G`f$BYb&Sn1eI+tcZLlTbCN-T=d_jOEj@
ztQE)fD+k83sjNC|?5UTox+6!2!x&W0R`p%uu_ens?jXA85$X(lANwi~{hZ6U#AUTb
zRLL+en#98|{UQTk3hfyDk}~192o<z-KgEzfv)?X`6lm6wXTDWc{#>GT&V<%bP%!G;
z<R`61c}`3eI-ztHI~UItSp&p0e~}3*7EDSr^QP?g!}P%3elTww)G0VZT_`J^7<MN+
z51Xz`h?a7bWjlvTanG{F0kTUxfu%+u2vGX%L$l}Q+rl;dCeMo72rnXLmG|GutR#GO
z7dS0UW(EU}v{;Z}sh(Hb6$w~`Udsz>iU1J<@l35;{CdtHo#6&RUI0_3)%**YuTX`T
zUD3W;Mw_}-mV@OX(Dq7@-c+j8W)S_NEOhG!xNnEJR#^Gwr@CbVbF8lvm~b8v-xI&c
z7=Vhb$k3dk|4QWyq6MG+>GHd`qtN~6T^GY$EzTWw1f~<lyb~Q|r7fP*kBo4$Khwt6
z*m`Hd4T3`oalT;iB^2<ZQfVSdD6y@re>(9R{e|3Qah>SVxT7-2bwPjKt%TNS-R?a$
z_I92<H%oQ36Lku1(nT8YqD)mQQjAgN4^X}j0t37w^;`VHGg#F4I{PBx9k)c*#~jLo
z4gv`H8>mCSeLf}cod6HC`{6=Dh7j}@((`%oFRyI9*wia|QR;y67EaYakgyRRQPkcY
z+YfG3VRn?^!%9!HRsnM3<Bw5?Q3Jxw0bEahqq$tq%dhNbDT6m^nRpLKjaUKhL<6R{
zQ=`q1CS|F3%MHh3>kFkl=hGA<V-UMNO5Tsmtw7=G!T1qDS0Nj!9mVF%#a}X|^a`i5
zzehV%jQ%|Cix&f+7(&X?bk7K)6~W61YCOA%)R)*iHVPtiR*92^BO!uh3#LTY#yZLy
zE#w~$@R=_@o$q)r$Vq%gA!~_S1A3Jz@wTjaV7f{gyR)vl)A#ekV}I(S1Pxz>vK0(y
zKWFqxfElcM0xQl}V0SFMHK=Th!3+sQiSQ2AGU@A@wGaWVW|8Gpe_@u4=qvM9b{nU-
z=%y)uP5M-amfRwf98Bjz1|6=K)RTpADD!hLlt5iMPSQW$Sg6!7<0<PjfLdnt7f@6!
zZ%&PPD`c~dz?wHfrUK*9%22Q{8jYpU79g>WSz7CcsN#b6<J6-v?YfHY?3v`eH|JLy
zw=Z)VvH*L|v)`}><v+*SMnDtb;BcxpIo-PDpZ#eoos-%TBthCtXO~=Lc6vHKY;Y`R
z^%wNb-bt}&TeF1opzU1+A;?pT*jQX%PG4;V(d1D2;~`6jMlRU-jOZybNMHq4It|%*
zHaP8&C%19q<o9BTO?QNRo&*GorO&?qI=!_C1p@##cfKFaZde!?_Vfl6{t4K~(z?S&
zKR~#vzUuWkjXUGJ_iWW>V5H2g0`=z6(u=*!$%rv9g$a1z@7UHA)rv+BlMOnx_>Ca|
z=l@dog}W9Ln+RxFGmZu-s4%jwE`h8*A7ztgb3<98_H9#amM`uvW$28>6sKEF3$w*`
z6|e$@%P26SA(+;bjD~P&%QymZUVDN!sus~$PbX9;btD-_lZ05cWR6nAeO(TUQyDtZ
z8C9*Y1#H7$w^$J$b;U?cmzdS9+cAS0)GQ5PSssMCZOBshk&*6dTmRufNUR&ZBT~Kg
zzMQ-}35&M581%zuxERq5O`yG*!J&G2ACRLzm&+A1vWE~p=yGK>ZN=Rwe21tZ-<69`
z%e{$JYZt2pvNr={6Z8l^`dC8WcUS2Q@$gi{C9F`&8n|EULY(ipSVdsu2*g!d0?`_s
zGq|iiJ;At;7GxuHdKtRinmVgmddsW&DH0@;#}~7ua7n2&YHD>Li`eoy$c~7!2@rV`
zR6sCg4HHCbhAfrzk``_b>(z}Wt4ro(`kG(<qqa8Y)Q>ZSsw-qZjXY&fB+Kv2Pe|>o
z%1^E8%$_*$vK?>#y?SeBJdE3j?x7Bo#}OlBtbPS?IgMw%dentEe5t;DP^Pw@c`q#@
zq~HEMi2(c|vQo4fXmsCW#3A8}0ti0ouj=IQKgS9|W=<Aa*hzaS=qE`Kia>*Y|CQyo
z_FY!xAi||4y8&NvKFoaE?wm4ow?6avH`H`#AE0{Lq9RLIbLV?}7$R>WRJ}z6*^IaT
zOn=Ye{^8co;ZBe+#*J|J`9Ub0^DIrY+s4)?f6zNIRj~qMW1nCK?Z_A}Hh?`Nu_~iw
zXt1M1*jU@gxz18kcV=IAw^xX!k&(WCmz_nG(_*FWuON3`<^IZd=cLEJPax5>cs`P1
zF_l0lu`IEQVqJQu^suCEX$Rj~QzMF}I=F@I#I@4sMi7ML2hxLsm-cV@)FBQ~uUF5M
zQ~JeM!!wslUJNf=?sxA3OaS7!M!{hj!%sJ_wq>sF<e@?Mn`@A1yQoIIh@%AUn`h31
zpft%NWQTXGyDVG(i9-{B-%u+UXrLi`+dTX2%;=7P3qezHjMz)}Qn&r<k#l^N%P$(T
zDEjUy%RD#FMqXc$`|+tYojZ#0@&oNWge#}4m5;PRZuNofdWuD-ae&kA!dEiYvJ1qX
zt1tQZt+5nUritdt0(OZeHb#%^v%j|E=TZqQ`hP$ip?MGN3qTHQ*X-wZXTE?(9<MKA
zo<Q8Xv`c}`aCsqFthQKNIfDO$Q(Qska|3@~^r2Wb0U)pKE26qn=ZrIvh+?b7l=~l5
zHT4b6{sC2!?Qr>29k^WGT+F}P|3^*ucfc$gGduTxZvH##`hV*V*Pl?ppCLG(pfjWY
z0i9t;?)=_sSGw0~ZOOW}%CK$`9h_vP7f0WbOtA77=*-Jspfg@c;xxF;5@6(s)VKP*
zcm7A$T>D>x`Cm*wN`GfYv^MQnhzm#@Ds@WLEjNwWlM`2SvGru+M;20l<yM^Y5poT9
zbvdYY+*W;>0d&2*uINZN%<^}*<;(=*G({FXSRd;5dh{85Ja0$s%>FptY&K!iLeKlP
zYU<N+mzM5FcZz+BI0C9$#s<ZgNY3)P8-JThWt0fA&@M#P&!SB+`|}_P+sY(`e-yc5
zZG=^#*G)kFAU<YenEUjVXn-9yaZ2=I<l(@nHi1U&7vTG^62FFaieW!l*m%(dvUKH^
z-Jw$FjiKC5i4nFZk!*&Y>Tw@I{&~HRI<IXhr4HyWl7kHDg;zf-2}*wnTu1LOy7$He
zWI?T|znIy7pBD8*m9a-PT!nOy#xFH4C9GUIXlhkO8KJ;zlqlqCEFS0_Zr|Pi^qQ;k
z^`ySo>HuWf?eCGp_AnLzQWltIV)AAzr@I3o*k;cL9X6M2eT<~#nTrYzrq2#eV>YU?
z9+tY!Zg@iYh~kHYzql<#;|WwkPz3V!@hL369A>9)M9I+i6Cvj6k`D<f))5<HJ#OT*
z>yPXvDWVMoiN}hx<1{KcWjq@czq;k!dT>QqCj#z&ItUSP{<ipKXF>=#8jqbpmj*{P
zl}cHAJ9^;K#L<Zi;XXc3(#Fr^vy=NGA2Hv}jTHVFkaJY=N5gMQ^14vuLQ&rMbPVKf
z+)kXC<!l7^=IbnsZ<JE*c_yijHsYlFv5t5kY#~vV_nIcKISI#CtXoR@^lqtV#Aab`
z!3c2QK3~!fB^8e-OzAjRQ2R*BmsP1rBx=2HZ<yLI0lm#0VSqTMPoh&)mP4(g3%?Ck
znhOi9fVPR*!$ua16Co@RkUk#cr|6$4ZK+m4ekwgcJOAQ&lmeDx*18u6iRAd1^nt;n
zK>fO0S5q`Y8`7X!G#kNe#Z~7sU{}-4&H|vp#L~+1?Z}*&ds2Mr4$K4?MOkwff&ibJ
z<^V&r#(uAed4Y}<9XJa``K=K;k;!xvBAjL}Y<l4gE|!|EjhDXhHTKlhJLofZ(l@mi
zA&SKk3N_wJ>RZC8dEl20EnYd0a!s&FKO%7uNzrTtKC?j44qp*19Hl#Wr_;)ipZx%B
zSgTnnOVD3M)R#_k+9jX)z1<I3+jT$+8=GjMlPaFW(N1!xrgq}J%REFPfTV2+Lm#k|
zAwWgaNvsEnMXJFua@YwF1T}w>c$Lkgv1NX4t_&3E*+?clxo@v*<Z<=8Kv@=QiwFK<
z97y)nXG22(z`bfbcDLA)v5<t~%QN8e_2Skiu2;(%#Dy5Cue+zy@4=$uTS^4J7dNc2
z#?kd_Sr*eyZ9qqdevLzKZ;w6$;Kk?V(88N9$eKAa;pnW%D5rp*vvPT0vz<?eaqe_D
zLBjW|vrLE=!)W(V5F!PPvSDGR`t*GBb>a$cW&Fj@)k+F)nm?c0E1iz&i`oDbu){7V
zL;F&P#thK1#J&?s7-}bvISC%=<}V$;NX%t)Qo*LRo<WqU3dnel=|cjw$&Y;V9a&u0
zff}X=zfsMH4tZm}RmMBR@uU)X@}5Ciag!9qvPb+48B6OQUn}9<`PR<oh)={7zf1?0
z57jav!l1fkL=RZip?D${TPgy~#>BoHvCKlC@o&XJkTMlu9%h!B#Vv9rKFnzu+`Z;`
z%36G)1W$-9Nm6)IMTevna6(fz_j^*jX&w;ZNzWGbx^8QYLHW~%!gZMl^h<AZ!c_9r
zNx-XaSfQ7*=JV-0IA+oLcm^nq6mTHyEDK+&PRp`D-`+(M^HO2wN<#y<oJz3>oTgAn
z76~rMYSzwTf2?EuE>5>Xm#wIH(C?MOac><H(EdbiE;%uRYF7<QC#uN<!ZLmVc4q0e
z@Al`mH3m<@2^YPq3t;^Uq&NW>o=Wty1lAO?+FAI4k~9*9`z-Pp<j2h{M;%0hgN8hd
zwUat@`jjn62Kj=l^}GP?(GQshqzk&@YTub&3`rJ(B1Ok>+)08YkuF?R?s&I!7$70p
zpA?>60+@Y|cf+Qu71)&!pl*;Nl8#&-y9YeKTS5^V4reb|qTyX2DZ}^SNnPt6&S#`4
zpO5qi=OB4V7Zuzz&*@AAX1l;#`43D*ROCRoU?S5$cKngyd+`9&&J-if%9&el_twXS
z^iJ6XWG!pXqQIG<{E;li#K=L)KSB29tE{v<_b|00D}EANh=OHrMHAI3YMiD0kz!$n
zbP(-^H84l;#HL9{zegq%>njA9&BE%@lGyHd2%~od=I&7Nl&hHX6ZU_4AdA5k{2&h(
zDbpjL4|@*?AoT_GXFE<+THj$*gmOs*ChwDZd(cc()mILrA|xSj?79yYWWdWxrKVr$
z#dXWZq)Zelf1#1o9Tg7w#VjMKo-BrUIA=he3wFqQO?UAI#T+qLOxNQ2p#Qb}7M#q1
z_Lv$|jrJdvqPJ3SA!-erOIh34okHw4D5mT+va~KTV8K5egp;^!OcynwbGUvzJP~S(
z3#4AOc#EtHm+0Pyic(a{<jmsdO93j{*3O<+a$*Vr(VeFBlq`3niYhpv<z$RZ4Mk_v
z`J+;noyn$`a$tW+p*2X1pKJuPp9rB_T4j?5NOAh~9e=3`@ei|2ZA!z4>!-WlJaN>D
z*{+;60HVTxT{pK43aXf1hnd{ci@{?)fwbS^SW^7OMnOwYIFG@`WbcKcy^tiI5mj&Q
z8nlc7p+Sg}EP34B-(UPmOV=^M@t=nDRxD+V-<ac#*xmXPLk>yi{lM{%tTwe0^B=J3
z$cxAyglFr?A@V;RJQD+=H74OjaKD+9)yC7Q0F>|zt$v$w_8-p9e{*IogTPCY)y<>I
z8p(B6JEmv7X%9S^XOrjb5QXi`VS=iR%U2<S!px{FTd;-jJ{hrh&dz1#A-m5NAj7@A
zDU-@T7j*7-g1loArXU{<`SGqF=k)2OUUKrIr4Fc%vmAKslg$&+G;)R>4h|Q*-MJ7j
z05}6HHWHjK4k*BxHSz5g!npMjtq^8lJ%+_Bk-lW~s_MHawNT(5WUs+$W5J2Ai*%=N
zL7ThAP<WsTX4SN%W>q7F3QEQg2-_28ZmXAz@v!%`GGxS3aIaP)-9TN#7@hWP1xqh9
z$Uy!k0k6ki=rB6dlHiYqFb54rkx?jc4Ct;cN~mynxMfAZ!)`*U6rG)NnSTm4<a^<l
zhq-@SWFf0y1uZ(LAJtx8ma@8S!WjNZz4R5{gRq{RU(@fG9d^syrS#`J6icgZS`}t5
zNRMD+u%fZvQp4Q6>FrZJMAQZNd%s^yg3uCyyS5{SUAb9R-fZb{5!g^b#b$d51Ng><
zK-rP(<6Dvk?fig+?D=(9QeE%`kC0;SiJR0?q~p$r41*234^t=XSCIV^{sbR<Jzl3c
zu2c>lb!9urLhlY8eMb-Ax-Db$b>I5l-*fH|9nIJtW%>DqZGVECmX6$LReSmAnP-+$
z9YrL$M>%(OdzUe>_z@^NGB0bb0E`N>PVFO4oIb&Jw5o2BYRzuR&lQ4SD#2}2HQFnV
zZo$N(vA0`d04Z;Re^Sech3iuSA$wiXBzl?ShQx;nY<pVHcOaXy5YG|yK0|1-iNoAn
zO3okH9k-;sxleUaOVj;AS@W4WgEQ9C1x9o%E~p)6w3$qGN1_OJL&`u;0M)tB7Ps&4
zs3#8E<_0X3=97gyJrE*BA^z#3mz-$5yX-k#4afvT*(+q2zkP*)fS_`zlT8Yi7=L-f
z!bgKz%RfPRf4~81_<#PNJ$$Zz$HKF6bNwfV=D(KV>fTP~Ou!i%Jy0$njqMjuZeXvC
zH6`m`J~ygxf`V{NVvY`O<_>PIBrJbL<NST^vy#7|lYl)oHdL&C843OmDeGUA{x8zM
z*;29nr4;;M+W*UzjrFf4P_g}o$Nx0pZwSl(=F7(U7cKD79ut(S3Bf@L42*;8@6w!q
zSt<TcO@C(q`0vu3EPv7BbN-Ej`M*2+ca)JT95BiU|5G@+RGfch5BNX)IRElN`d|Eb
z{;r$ruL!08L;JVY<iBaT*#4r$<oXYf|LG+cP|k^q@Sh4<|7jcRKi}B?;r!X_JSS2{
zj(;T2`HxUJ|B)BxKjP&2X8;XIKH0iExRJ1M0H>Vz(7FH9jem_H3m5RlnFOflLJ8ck
zMSxOeWr1U50oFQ;fU*Ad3o$Up85N9;<=;eLY#jgk$Og&A1INbm7b&pY1rhk>jPVyO
z5YH6};@>=g_O4{W5?50&PUe3z0Di(RpsM~|^e-VX{ZEC2e~b99dG)Cr{{K<nf3m_y
z`&+pGi|Vf?d`{j0S1GX1_Mp0B0QG$EKIgH3Cm|R&8!$gm6u9Dp2lm-5RCjbBp&L1{
zzz-j&?=}vls-mVOCkCW-Ur+Xc_|E}E@vs2rVr2z-dejhbFf)^|Fn^wyNjNw-4d9q0
z984X}tQ{;#xY>b%o&;c@m;696V4f!d3>VX<P`|ob0lPgJp(ItbbaZ8#u01h9f!Dqe
zz;FKa|GFXp#k`}yxH<kQ&hd9~CLe6ztq%s2vYMQRybSP9KPHgWHwPHzh0!$U>kS6R
z&G`>C=U>!K)d7p3pB)SeB>X(*1sVfwo#BCSLC0uZf6s`|f9=0Umx~LCGsxb=9UKn*
z@6HZKjeu$bBcp9V9f0T2tl-uT=0JiNJs?}9C>qz_v*W*tbN^Kwz{SDMEhzXe_1-Hx
z$IDw^ZKd-up48V-&lVF;p`UVn*~XTzN~6ks7?<i$L`3D#8;O(@Hc_}S8H5x9CXsoT
z4d$0Pp%al!&RnZ1-}=w&<<>IWg^`XYJ$zq>zN_uebS8d6&mlAGzKFBGyFZT@F>ZM>
zZi4R^vymBq#Nx0^XO;-lwWBs%Y$P^Yv^!c)c-A*ke6<^#9~fZrKZ9wIG@1?(cvxu`
zJ`FlwPuT~9hIBfn%FKGxyJq#^vAUah7zG7b$msdK9~&v;(r1wr^WKlf?N$<tBkNb!
z9DfO^iWTntG8HueK8X)Ql#$QmYJ0Z&N^8sB{~Z1U_zeKeJpSPl5<$tuH}&Tld9jaw
z@>Ez&Zs)MpyM0U{tl(Qfx=M!VDj{BD5a^^bb3E>?cY1<Jke;Qkv%12`ORX~0dw>0H
zE11Fcrv~Jm4;tGB8<N2=xj~&uj}nmH<Tv8m1pAA_gsI`1SI(+bw^FyrIn^?XE3D@)
zg~5;vfRq>79W2u?hQTbatZPy%l-^;=Uxb4RtMc^ZZ?IY>sHnnrq*&;BQ53_RCNvE>
zt0LWU=j3VVU6Gif_%}oiS=ut^q?)K;qS8*VmV-e~q!y@T!IYHfOenTdIKL=N2w74i
zzZg<-qAWz741*3P&7ncVQjsNkg~5<L4<ndR0tQICo&0W&NQeCuH_6LnM1Yr0ZB9(Q
ziAXd^Mt5)CV-q}P@DGe7#Q`Pn$7HVw6SY9%9unWACzG2PQ#JiEgueSzxzY4m#Vx^>
zgM$gCDx(jRZ)5jdrRjX%-C|u`+~)b>y3t-IVRoX3IflF?-(xq}JZITw-jqaQ^F_un
z0pC$y;V%a3vdj3mc!b=4c6A>#PL8Zl3`(5bnk`T2$TT%tV19pnTyn27#P~s`^#k`t
z^ajl;n->f2e6B4a)AT6Td*eAsQp5RKz|6Q7eqP$mO}_!Yr(zst4vu1OM-s9)l|2<_
z3Ql$;#EBJIccK@P;-(aW1Up#Vy0tAn4bV?!!;g-2M+%8g8i(htmdS5y`FzBk7c07=
z;&6a~<3RBqi(8Tp48K^M*ju8o4;0kE?-7d?rM^&<2nP@`gh<t-0D>CDJ)^@<7Cl9d
zxQJrYF4rl2#1C-%$Wdj9GnHjCV=a0h=i)3f`*2QZwgk;fjfe!C3masfxj&yafIF46
zQ2r{0S<ngLQrQGpF@AD1g5LHcnRymv1_%#Zm8@PBruqU`v{N6$l5<CC1Rkpn5C#du
zsY5Flf7hFd15O*G-e#CZkgAqiTa;dyBluparVW3(!a#YLc{X*_PW}8v8f_584eBdV
zotuKM`>^;B*9z@-uVTIvEq*^20SzPhG2RxQq1~3scjx}nGj2Y*ESx~0%7*fL{No${
z6bG?V6L+HAeRvy)&5Bc-E4vnAXsUt0X0A$_Qqo>C%NJ#94QG4Ii+fjtmX^B=HaBhF
zSk6dgeAxFNT5rSy`JHN#d;&d*n<(8IxLzeh0?7oaMA<#yb041>HE|w!0m3vTb>Eq)
z=a7#f6@|oVZ#u77E$f$`uE7Z7ib_6>A{;K?dc)0)TnmzThNalj8HLH%&rbM{VF&@w
zh|vYcH=f6s&K3lK`(I%9v}E9Ij@)><8(FmR_>=93f~9@L-7Zr1MnQpXxz1z!tH#4J
z<D>=>oYG*G`eCx+hEf$^0Cr+Z+NmYXelm#G#zIXoL24*00edlfwA12N`49AO;Fe@c
zpzGo%+cT58$uTz_Rz+#JtPGu~cs^=Qg7Q6Y=Kc?vu(1c=(@Z@C@`9H*1JBn@#&Arj
z>SY$x^TJq(xaN=_m;n;d{WkTqK5a*7Tck0d-^7c=lp`$$K*oPt1Fje33hyTsYBx+Z
zK@0G&>xoYv`7z%)0+HA^Z!qSaF2f2Ii+T!|scp0EsbX-VgIFpxElw%MeitzxOvsnb
zgJBFse3NwvF;uDUk{l{Y0g^X1NxDx%_C6!J1-kxh{)BM3Kuy`lB_}FagsNM-mRG7^
z4q-imzd1Sa0G<YV0r<1Qwq=(DIWF7?7)^AaXO8%wuX1z~C}Xnyevtn`%tCJW<cuk0
zMR8+G=;E0kn@c5T<0B(N?O>;+#ML?^=0Ed7ObuVYJDrHm<I5s3Fa8R~(`))h%#Z7u
zSs7N#&na&(ePobrl*dB8?=)rE&xkg^+tx~VRA+Sl3ik%n3yAkWc6Qj1id={?gk-Nw
zN=$HxZv0bxP8ntr5*~gz%@H8y{G)-X)?7RrL*V{Y4-^G-4t{`cM`#zn%cy~1P6{I<
zkba1fZ2_OBMag)S8atki_!|7obXw|qIR1)+@moykj`ri$b;m0Z+$8kqNqTlQSx&B?
zG4_^rg2nn%{)c?B6-V}>2`?lxTxzMQ$wU>AP(Mg|xo5DJvV9OYi+{osZ@<6E%I(L)
zdYxaZ60>`{etg7E`9TZqjwOM*f}#I7<K@lu+bUlOA;JS|kHlL_qm|WK;80GJr`=Ac
z)3mW}hM`P;J$!qU6c)pdjag=7GLl?L^1gQ8_9_bP22{~Zu-jQA%{hEeaU9(@>nyLh
zhQ;d9@c160;xK@aVM@`4&pO$RZJi<7Ld3VFZM9rZPgYeet_F9kYb#-@S1ItzNq^Ep
z=%y`YbT<i&@=1Ekjd}=93+$NJRWcC=m!>8`_o8$-<@fa;9#ypI-8}}i$rjZYo9=@S
zbUjWye82;H_CueYH++e&Qi*=uz{{dV(K7yld1n`UY?y1stlPnD^3#o|s7A}+_v&(I
zepkraUIBFU8?5e$*|56XlwwLfU>TH6J}WhRa!fLOGDy$zmSvOFS<)={@K6$=HKq)S
zE)E9fQ5Q$|Z=FVJa0VI*g^?F1KQbyKc<LX^^?*f9uEnEu10qAhUVq*Sd&e>y)RkYf
zW-a+5t1I)&UIjcZ)`)Zzw}yvLhKh9LnQKBWV{f}xe(EWTf{ULn;L8ig0<<=cZ<Nh0
zMC3nnukiYCxhYPC+*^KPaU(0rbq;+qokBl-oZ~R#MA$1yJZ-+8R?i2+9d%R7e-Kt7
zIRqGjU=?{E&*>rJf4@TCS$#Ey$%g0!anhA?ghmXZ9x|7k2=nuywNpW4QPbsVV{wnc
zas0?iq>O2ijI;VPnGva7!74Q)nq0Pm*K!|mOyAM?GB={O)goqJC@&`~Dya#F5<ZDn
z8~t^5cJXfA*9F95ou^MI<S5VCp3OKWZWEwfPW@x6;43qKf}c}tV+wISi%o+HAfEX*
z_50SZU#RF<6Iieug^ZdfT=V1jIb$}@j*^sQ0xa-Z{zI`vId?bIo4nB#uHWiN-w}Bv
zI?>tRKpB9lTDP+5{RxtAaKqO7F6Mr+&16t>Qbp?tQ9r-jmuB+@ap({W7lGMa$m{^R
z3<M4k5eq*8wrOdNeAl<FdDJMg^Z$h2s?DxO1J)&LImf4(pH_45FVoZbIe)$9q$%h9
z(Rf*=OQE}4eV@3P*5!+k>E9)5h_#z(stklEZ?4o|@>3_vfS);S>}EB_3YLwj7?RdY
zs*62c{-z${*iTcgWvq<v8oTyPHC7H_**~<6%SXwOtueU9^irC0tD0N1GmB!lviJaZ
zoWndqo=7V-gng-4XAN3LrBzP)MxuqibP%adh<gAV7_TG~FSLoxh7dL7x$DLv_RBP5
zCJ(F8VQ&_3XAnP4<$`B~M;OlRl-&GHHHBIm7FZGj5~xaA-kPD9aqSUermh8Wh#I^!
zAmO6Il1<MC8Sv9i)2n8H8WB}Cr#T%TbF@!a;aDfrXkl^_*@2fWjA4Zr0i~v;vF?BP
zB6W?Zsw;+ohmP`1IH;o=J9>8qGIcB#(xV%KBXzB;b60R0#)fcKDEv-nBx>rsV<3GJ
z6Aw2Z=sF2CJQo2b_Ki}<UiJt;x*;gcw0V4$W+zuwQ`4w*bOz@}*|1zq2S(Xh(9-#&
zE>@jxg&c-;DKpE9k(^AK0FuNVu>}>(h<vYsXn@6&>VvIb`q0rFQkfj@z#ocb>K^}t
zS`9Pm_W4|0IAW~jDdvvmy(GwiyW@%}9jfdn4E+e>v8tg8BPSHi1WPWU*9u;jG%$kZ
z{oMr14F7ac{}Z}BTw%7O+AkNCkkiH>Xt1zLYN$uue@Vy?U+3wkW+FL6qr7{yB6y1N
zU=rd6HSuT0wuuC3q&To+q^GS;LqoSJVJk6u^=cvimB}Cmwp|fAT*UdwBIr4~Ijw6P
z#Rd*`oecz0I$g@5Z!IGL8xm+Z30ae7$r|Zd`6))!ahpcjmY3wTY#05unv$>?AA+tg
ztZYjNlWclOei7R!Bxp79u$l+rhp^^OwW-k>SSjD&<fbZz6LzO|^4DH$LZJ4I@iT$=
z6*=Q`nujA**$I+g*VFaeozB5~M^We#X5q#$MlJ4G%SC%oF+e*3E7|Va{Dz7W36cSD
zkh8nw&%D{KA1B=czlYxE#kY|JsCXmr&eW4>RczfJIO{VdHv<i-{K2ZusBBD-?|?Zq
zMAr~gAMpUaao%#E6FO58|MhwS#PDoM8}JNaP14{KbVND4tE2?^j_O?LoZ1zaN|+$4
zfsxyEs)^Ob{j?iEaI;Ykt5UCQkft}P+BI);%4O^oe4y^{5Y{LSCsT}`GJNI^St;3f
zt4sopJK<aWqj6Y0ilE90i;@1M^!^P&m`a8`Dv2TLy$x!1pyOzG6{$yU-G-)?15T%M
z=c|`Ob|)(19iILm@+w-|KGN}sL!R*IiffzD1-(WXMhrYaE!u>xWJy@t$h?ZD?_gLK
zu+v;`++d`<$ypyR`6d-Z^5o^{Emu}vFuJ_zmz4WDCI>)EVe3~n0sl=GqXrU%Hi}3c
z!g8J17y3rOQpj%n?vpkDeIljSf~TTCdpcdi8t{o^hA~YnG(h*IAhTlz|0#>)a$RWZ
z;_z*n^&%9If`6Hkvdz#heF;7j>&h14jof*?aJPUxi3xujDlI-}bI6d3`7VA?fbErP
z_G8R^nGOmsTG|XB0ROu^T^nt$aes5%+6!!<zM3xlC6kw9e8f8492bLarM`kY5w&1*
zz-OAwACwuqbE+B+tB68f+O|84!)TFg6Tc_iu%it?;4<sEq0}7Xsq*6Ow2gwy&^`>!
z!vmM9`YkO#8uDJYPHC6@*y(gTq=^dIE5@0T?m~xNJDy(q3TfIcIrgRAiH3Zi>YHkX
zGg4e{>F7&rXvDJIcz|-+mTw@@&by;ZmPCU|m~)k}jr3k!31)&kJ!fTtu^nA8FV8fe
z6Q&Tr_|wPJpr4SyCb}naJ7=M?M|5b)?9p9A&BRvzXn>Y@7aFNJLYx35-V?IQn!K|K
zOm%0c4<^c#>>j0esEyz5suO`RWW9a<0G(`m;!TRGjBq2yJ#l{!5MT4_3o<)=R&ak<
zP0Va(OvF|%?<>V)V1N^rLm=26qTj=Jg{v2UqSPFC5W+)d7^nrlqVKP5^bp4q^-2vK
zOH_0!-!ifZh=?*S5s`xXC+o3x2FCM1_k%6tgoyY=p6>H11)-0RG;dloz1oxR;5jk1
zR_T3kyP{)S4=+zuHS9{t`3uA~g8WU)%@r(_-wnC)p8Fx3MU6c&91weWPubjniw?>F
z8iTdgjz!rTPFjXtK}5&FibdBl?In06Pv-z1C^l{1gpx<YRvx)OWhsYdHM8E|$6MOP
zn^Zf2l`ERZrvqQEzd8dhN|wJ*?Lu)=Ud21|vetJyla|Uta_ZE+K>;g3JN0?4M>l@I
zp`=o-;3rF<yEuUw)`TPpK*nW{ZZMkyiVKpa#96@tW_f8b$K$L^Q^-U_o%KN(t714i
z89l0yJ8)?frDYY=sPA0DDrjsd81rec4jP(g1Ywg%QXYw5Uw?iKy_$*@UZzEB&LP$k
z9B*VKJcofXi6!Hvfcxr6iK$rTD%gS;<gcvH&n;VBfRu><OC`5ui?W?91AM;&#2#>k
z0b6Oft$=rxVZFm`c4gDn$6O5T{<622IKmKyhxrVbB!*2inD{v&=bzA?&_;hm?z{P?
zxu-h#;GTA;C+lx}rtyH6rg%`weUNzuJy%Zi+aY9LLGw66m{DuFxPxAr#di--=X}Q>
zh38_wZm8)izS%ty5ae6Ywe*nyHVQ{}swzxFW-xm`bzAIKiP$%q8r!sagAgOQvehmy
zzPsv}yK~&>VHNx=%e@Gkg=o_a6=r%2;j+%AvVpdIp(eTlnqo)ucQS%hN?32EuIE0m
ztdjNo(IETW@+6Atrl+Fs_{LbB(;;-@Hz0?weLqwe;meSTb&u11KDU7YycsC9hWX|K
zjE26?nR`Q)S8?CnUSYUGY3VwONXDiW!7B8>=$=mizY@~0q#VZt)q4~QB&n>&=~UW#
zH!mE`eYJxX66E1wY~?L!=;-XMpy}Yn@(duJ<WoCGIE|_23wVQ=1mvFFBkcvTF{HYE
zOHHm)mo`ur{>H>mn6o|!5EY9dGe8O<u{N{wa(n%{3%-otB^=@J8IMF*0ncKIRU9nt
z6R|U(Am^DEqV_I6Va5h`qybcP;PjWtTp9tRb+PC1qSWy;@<@O$?(@4pv&>yd+>L*3
zfscUh=Xu?1sHGcAkQw9^XHYSRJ^1Yu5t<NhvQe-xeAAc1{h@XY7$MlVjqL)8vI=Ow
z(0?vNH6K?wENJ2{rZBYg(#z%5s`l4h^as=_tu=h&He+KnT{_t*Dyd#Jg&lPaLfV^J
zUa`Ey`QFd@T0eGzLN?S7$4m*V1_Q=dMvZdvbb_0bXn5s*BGt<3#&NqbRD_>-?WN0b
z=#EuU*pif0f~i6QUeCRVD)f>{bSGp_ZiE<S$oP($RBElErkj(kUxy^mft{gqaluVL
zw*BH%OsCPYDq?N&3z`}i;gZCmOl!;%S=K$C5p-dCAQcduc-^e1`$|V1j}o&_f9SY~
zP>xSdrdSqg{ZI#Oik{>k&=|Jpm<nZ~KazW}5b*W>`W*oUkWi+|d)3Xabr9N)#2lM*
zcgFTS3woJ>t%qZV<|1yYz}78Nga>D*79nl=3*1A(5u~=ikMl#^$5s)$U3RDoeQTP^
zj%$IYfarbgNWW}uR7q>dJ<+vqPcxzXF~b`rcCJ2__059j_u^Z2e|BG-OO=IiNvazg
zZH)WTnqG)LAjDC!d>&J(A+hmT?tWFG1#1d9atxh1CtbgnFFlvq+>~jJ$FytBo+vHx
z$c0XW1j%fFn9gLb+qo8mA#g{0d#V;nle9iPQx6fczmUoNs>%-S6yq}PHC<%uIlo_a
zP~4*ZB5A}0tt*8EA1TT>^3DvSv!U;tL#{COe#ufB;MT)_o*!6HzG_xkby9Z>axd)8
ztr?0VdseIJQ{S0uSHd6It?wHb4yo=6uswhkHY$%bqLBQW;*rN|*@xGMVOfHPpaLmN
zcZ@n{4A<*)Ki~P@3;VlA`~;f}uUnWTa#p`3rdR0zr<(#**6|UkW&efHribT?a4Z~6
zja2C-03EwTNI!4rdW;qe>fG(S6>TaBQE|ndhO-s#t7ag?byxOeH<^7ebCs+;IF_=W
znqOMj0Am5;adgxAN^=d?v?Sp%qJ^xY`Q`Atp}Wq{Oux5iP0^em+6!G+qIEYOSQQe}
zc<p|Eh_kYSL7Hlq`-8~#Vpw+(Bh>@bt!$oG0B4*u?mhAj<e94R%Pwm=fjaC#9JH4N
zp#uY|ug|Nt=LSvP&UQ9MdoR#>mjmqy{KV64ctP(7BY#fpe2Lp7ggknlDSvhM`A;b7
zojb-zC>oJ|uUuTM`R*vNi6p~qzCX(J1(oWD+)m{D&hE}b1tK`n{rCR<oHPH3JpH=U
zE`XQnKD&!eXrCRo9ZGgtM8cCn&k}L7yV78ieNek{H`^nWM~v9CMQ_8rvJG>(5VH}O
zf?G>5E00WaE<J;u?n^7oOx{gj>@RR(4WYfcaqEvXUzRXrLfP3hhn&}k0dsCdVQjow
zLoli$+~W~*M>1^ohwr}=xjn19uf$ZCbpcWBO+WZx*}GxJo=F(E<T5ey2*{AZ?_UFd
zUyr~aq*tDfU_SE7q38E;_kz`6Dvd+j3qa@04&<!%Ne$?J@XsUVc=zS_X4!=Yb-$Y-
z!0nTguCd;r%m{Yx!crwwjAuqz&F)M{W6a=FZWyy8^X@r67KHilCQ3s*-7Ty>WdkN?
z`Kc6TDUhm&TzK+C8L_{c1V6JxMX5BnM=3Bow9GKTKCqaC5`2vPxsI^$9j#M_?udVu
zlbDq+yXY(8c}rOT%@ibepLu=RU%#IMlcZ*7)>1rWHh%^$q4+Z#Okl1H1GBQJ=$B}Z
z=*ZTzSg+cf5pab=ATPTEp=>koI~Rak9-b{ksCH-ISZ4qH`VIMfCL<x>px<6#6TqzZ
z%(W43G)k9?bOno`BpV-DndX)Sw{`%B0D=QDQ;UU*9j-M*+-S!A5(=;M>$UZV5GBif
z{@LxdH;4k%acXT_U-kyJavm#&hAN}BD@QHchvB@!f&VqzbIrZ;(7`C(Ob);^{6vT<
z2vn(k%L@L_cEw?5?Lb1`@iT1y1V}I1>t5Gvuo9*E?`B$7h`e@=P%ek^Er&IbZHPMa
z+V~yxK0aQzy8sWg=3<9w{jrx@P;8_)g`<^%dVpc*S9iK{n4Zn(td53*l-?y1>jj}c
zZL`DXfg<<pzJ$S^qD?Fd$UguqA7LBMa*SNwYL*-ANT;LVDXO<~*oQC7HV=lYD5{+`
zr{`PW06qD%O9o{HsbCcSm2D>x5FMjmcvQRxgd@`)ft|H)xxu&dAKQm}`Kao&r-Sx4
zCDlVUjcF_Qzd5S)`h*6A<O$HL5j5%w+I}(P=s<A~QgA;;5bdr0X_E#-W>*$|M86k&
zE(rUW1Bv-}TZ=N^#Bn%1P{Sw$3)bDuS^aU|XAe>sWh-JA8v;eHs<Mg7_a6IAdhr(x
z%;9PIy`sV6kUr$MY2dD))iPbPN^b7+KB!`J(CN8nzPcm@0(|r@B804xHpaxc(|R%x
zH)K*iW^20j$mz5mOydC$+3Uo{C&>C%gCV)QPLfuu0SPFd(XHmH_=QSdZjd=Lcu<zY
z013;n>kbEL@MkncWTqh3Ie8UBFu*<c<(8<j^xQcnU2s5z)YoBW?i1K;>DyJm?$b+O
z{bzXHu^r9a`9fdep_Y_OSDCHRNncLAo`4kpWubD14h=;;YIXo3LEPf60DHQUjpW?+
zFYn>StSWtBl6us8=a<s-V)vmAu?j<XlEwjj%;20l6Yjz`KXQsQi7V{D*Ly=FE`nQ@
zL%XJFo9Ja@^^9t=)O(4Fen*@eNq>-<Ch<GnK|N8jUOT>#ZViBe5ixT-abIUq=~E*0
zPR`Q9Y}HNk<f8)$?a*q&YK;Ugyg`WI06u_yccr|PF9n6=FghuVEwW#Z-}R)<?1cdV
z+x`dZAu(Ev=tVVFLP`VNYJWsYL5rA8?P&g3NGdc32*h1i>@-nq%k5AnksoU|&UQXb
z{McZ#q6kY^Td;VBMr>1k-AHxkvg4y&ICE>WZV#Ib5tjzg`5=Ki;PrLv!w3anxIq6l
zYex}0G=kt*|5jZ!u|;G|_ntde8|Q3Yx~{BZSF%Vx60c0Dgm|UY@xH6#zaw)K)!X^i
z2_3;4VYH=KQ%)9Xt=_ZOy|DJI`p(kf2<rt>rf5){#kp~Kv1eId<f><{Mhn#6ba$?n
zS;xyHm>UX!Y%e$X`#Ah#C2oZ$7P@;viT_(|BxnUmi?B_=Q|K^8sPF7*GdSO@B>brl
zt*ovvX1y(KQ!hffIx%!e{*Qp$*So+$@0AQ>Cvd>q&rZ~HpG>QafxM}6WU?PKH}BmB
z^@KGA*#SgBwz)}Gzc~aaNxve!eJ$MgV8JGGCUMOIz<V<1T^BIvfX4cmsyt~0(*x-l
z<Z^-+1VhCMis!9^kgUQ^{p?k2l@t$IP>V$)9s|AagM09oOU*MXO~qAOXb#PU$0jhN
zNJC_hiFT~HT_yeAyp|xZK{k^RUh|Ofoa#iF)D?Dj#<>w(*7FA6>N;Y7uR;luY5b<h
z@<VN~b08)Ib%C0~-@bS{L*mVHgKWE8$n`^(NbGw-XXl}2pc+=#1i==DmhLZkV26_w
zcw<tuAKkW?{~@5a{qTy!D5$n*)fQbfsW(k%m*<d8%VgRe^VJx4?R{_$yDLtulz%es
z7ER=hxE0?j9vD#0_b=Nuu&<o<)2@D6E)34{iIhNJp$T-{#sQ{P?4WV|?PTy@hGL$-
z4aFRsJUstxDAs{iS6}HA{4&imW<?(h4LU<mBuT+ZFG7I|n{QG;qkw`4hF3w0(DQ}F
zE|GO;t_l%!B$6;k1z~_lxNZwV!KAxkIDP*>NGB`n=@DT(R;R<W=V95U!`LFd&+pIE
z`yWYhT%-bVGE`e^#*GFJCqTsEQRX0b5_3T0b*>132iC`%X{mN1QkhFc%$yTA`(}Lr
zf8V&Y6Fwrgl;}D2q%yhg?y(xnjDK9&%l!%4`C!|~<!a}_-8if(!{KyZJ&ng;KNtEr
z_?K1(*evF-Hxx`9v|a{wX8L(++ha<dVTiHo`fFH5TdHc<O)~hK4ZzJ~Stt4*fTuFX
z!L@Zpy8Sb6m;LsmoF{#ZHqi-*9xCQV8?D8{sWxD&9i&Y7XogWw(5T7XK2fjUH&W_2
zI4q``67V)*l9k!S`MotVkB!SY*Xlzm4V~JC>_DEOkWz&)1(PGwr9`k)FuzpUwxS{h
zpCittY?=o7RBRG>`}v@#z+L2>jQ=L%t@gM`KN+DbJ5!pbg0<*kgLEKVlYgi}SMjn)
zd-}zO!(4_(6`q=EGL*Gsy4*P>15c?(N~Yqe0(DV(G8|7Lu5?*VG9`3fIIe(GmB3s+
zu0(thE?ICgF<FIVl4uaY8OLSRICp>rd|+;<Ue1oep+MmH3XpLyjp!kmHSU4jg5z^a
znC0mc&VxXQ_jq)@`*Wv{@4(=tt1m&DrO>C?%xrjENOC0Z)&G9}M_t@`Tr`D6GQ`9Q
z%XG%OsSgkGW&DlRo|Ng#r~_`-%04=}5fB1M3#=-ISEy3R%V6NLC9>qGHQB7X!5@2y
z|D))|BI*^S4lu3^4xvq|$I*19wWBpulqxA68KYUS@vhIemBUEIq=CaF7T<FZ7L9$k
z){*tm*N-~11;^WXe2E(R?U_=%bj@tgHk2y}U1}n&<;<P^fr%7-;PxkMr!tmT<h&wW
z^+8*P$&Z$Px7tdFmPf<2V&4J$a(S~*AbHb7bcMD>3Lts&ktkx++0*uhW+SqM>)zm7
zC`a~#6RRwot@DAbv((JkALqRAis2%gA@!cOfT4lNR;LCsI8PR$$0-(^FA^i&N}*Oh
zY0Aq^SRc23k2#L&r-m16H5!*S0|{NB7r*$C9W3G_H(K3j#V?2+l-Q-P{*ds@UC5^T
zbg!ITDS!_h8ng*oHJDN=DuUY3S9e<2DMx1c5%05-Lg2?y&gGaESB}AEzZ``7-u4&E
znO*}I_ezZPV>>~)ss<|PT;_z6&fTNS(@tyD1gc*)NWouO|G&b%I;^Uu>swOkPDMII
z;v}3yN=is~H%K=E0!NWf>FyFxT3R}!k&qS%X^@hR?{Giw_uh~2UDr4NoO7+c)~w&G
ziM{vincs{CCxfU>w0i70l|HxX4Co4aCCK({@3Eg~G1q4WTq`|nNoZ5XPm$y4CKlL0
zOcWa8b~QJmGE%}%q4B#^`m?13Hu-Yblb*e##SPp(o({js=4ppxsfi%(w+XV|qv@~_
zO^l4^b&`?wguIkfyiY$WwS)z`r{H&Q?`<=|Yfd~_$6!kP#NM@3?qLx__D@hPDb--U
zF-*}9ifyNlT|ephKYBmvW{?ryWF#9!g0SxVxo7D292K#>|6_DD_x@3wY9?_t$7dKl
zr?ZA<{n*?$i*Bb5<E{(lGA|0W!x&nT!;^>_>$ebY$#nI%lQRC%x`KX%a!(^dWo3iE
zcVL&Qww|-EsoJVjsrf!>-Ib00Xt7J*x=SjEi$GL!_oc)OjMn{>pLlZLiOYlUAp>H4
z)OxyRUX+9Ki#uk!doUGl#uaJgDROyyk1YEh=BC(eF~2P53Rii?)k1VSZBv8uK}I8f
z<40=kpyRKU>Lll})aTi`lcWZQKbwBCG=-d(F_Yv;6^_B^G0@(FPxR-t_hig>!!)dF
zb9mhI7TXRLtJ5%-QVm)G6fEW2FYpmBlF<VuVS$}9u2fc;<K8~0KkqBA6lDK^V@$sJ
zY*NAM4e4WuynLECFg7$!&m`(yhW-G10Cnx<C#B8~HhBw=dpwMpf;L$e`yEZc!tf`&
zeLO$Yol0mD#8(a4qj{CjbFZn}GEmqv@w&ZDT}E$~ea>9a*`1L4eP6G3#`hu~kvweR
zH>aJ<rohGW;IscdZDZuQp)2(yOIC_%)9DXR2j`}+JK~?lk#$mqBs%%%e0f3SEAZ`X
z`+$7&{K>{KNdWOlvm;0*s>m^C#Xhz1q&jBPl?^c?Ej1E_&a-|0auvE;U}cRLyd^RD
z+VP_))a$`-2eK!<=-U|T(=ksW#|W8Zu_hQT!tzn$!FK04=eNLj)~A{E12Wxh9-T>b
z6(gEvGH`a2$aMQ!kImU?IrRPV{i=PGuZRJuE|Q!j5)~DaiXQ3nYCASpTHeksBu_K@
zvLVMj;Y`^9E&mMo$ZSh?GDVeMOzGqC24{TeBYYa#OcHCdF{@sc%m<R2t%yjKwbR9K
zLzul)e2-t0$GXiBRg8wJE{gY^1LB)|GLJ43<f|UTy|S}u1SR!SaJ-yy=EqF%uF+Id
z^dCJ;h^J<r>$I_PDb<v#mTwEt3={sjO({Sj9@DyU_NzDE8m&u!g(~@((~{)Rdja)U
zUC0eEBC_>m(fUqibA4cnI5mXr2%{NU-iK69StS;8^IxX9(rBiAi*tkx#-puZ0XDjz
zLKS?)37u!|8hA2`<uoEF_($Jja<TZXFEN^_1>saBOI<u$!EryQ^1DOZUDY&3R|~j9
zJXz14?a~S8A1CPfPm^?*Fr&1AmIC=UVmth>0&*D`RPKKn%wsP2UfX~OD1Ed_GAZiS
z0Pv?`Dz9|swRQcr^sunwiv7$<;T$fwH>-f^X`o10wyE`6)`Bzf&#4hu5Hdd^_9jXF
z0MZrmGYP1P6|l(Y+1)?9_mWj^tXL=Y#S%fL&c&~J?la#2g)`jFcNW;zVYE?<eV_ew
zlGr21*oRZbS=ZH0PDG^;WDUci4jb4oE}_eKLOd>xf@bCd9|_?AJ%wE^M}(i+Zd3?c
zC6Q7e53$K;c{EL%?$U%OP<|H^!@KY5;;<!78fZ7t(Vw=?mL#W|A4|S9IKUm}gFKGz
zhu`E*^)Ox|<C1QZ$uXv{;nL}#vxju@A86#N-nQ#1cTB~3uR|W9(qb9Z!FK|!c6F(_
z@~Yqjf6-Dv3$Vnpc=+nLD>AEF56Ra&O6x+sBt6qw^lW@f{Q;^)49JtP%ssK>D*2^u
zfJq18Xy=-!q1^SuX$)&U{Dg1zC+g_J&tUhRTXj=QDfZ~=pG8Yrk>>9?WJ)vUH5(HK
zo<jONSKO(t#8XQU6H-YVJI)10#EEU<BN?6>p8(%JO-eWS4A)HKu8&QHe>fNtPh-~S
z!*JxENsv37dc7MnQDfOd)m<HGB)DX_Ts#4wmP~2x$Z_up&ie{CeTRed{dq7QH!#D_
zRxm9gHQ7k+EQ9~}5bA-^^PHhDxWMyQS}xAYsE{y@9st7tF)1~1D2uj`O;ww^ZqMz<
z;iM`?U-PJ$wJYZ^JL7}wjyCnaKZj$vzIxyq7oXfxQZ30)fczeo;7f2lS>9nvb!1SF
zceo~Y3P!|%{ow}}dPA=vFHB43+SN*<+3?MA&ehX*&|hleTrw)L((6f6mX;%~P4ZE0
zLEiKE=YQ;L5S~5=7e)s?`V0zA1#a40%V2-?laXL9yy_s{F<%s{5njX2w-}A2$KKUp
z-<S`?^vL|bNJPiH6rd4q1uq1<S8&n!5w@?@xDoiOOnyKa!zstl@gq4VHjfyqLcdOy
zBw%-V$ONp#n<qiAI0%ziDs@@KjXg{NIpFUE&v&T?BB+ZXP=q?$FoO*1oIChS)@a?g
zbaDITszUVNIr?&Mi3Af;n)syIT34XpwPfD#oCO_J<`m1uT&;Kc1PQa=dl!Rq8M*Hi
zJqt1A>{IMH*r+LK5{1SrB{VWP!-udz<vxo;SAjv3BM#LH-+vSIYqYwz#r*l%)04!2
z+4bTQ3z1?JLtwu6svIjw=-w3uuJyTS4uVQ+ifUc?T9H2qoa{$#Am=q$g!`0su5p*q
zGX(j9t6BbT`@|A?%3m6tos&DZk|{nSjN&cj!}jxBcf1}BBMh7}`b0y0u=Kr4Qk4@y
z8}qk;@5eF80q9+C*HuP7hMe#wF}4>zFkK#d=Zm1fU;KyN+Lhn?Onfws5wBr{KUV^N
z%0^I5*1Nbr;v%tVCsg}VD@)keg1>fV*DmxdPO}{n>2Pc#NVYwq!kmI4Q>h~2By5at
zjl~m!#z;L$Ykz&H(5Iu>u@r`oeQ#f5LumG(2M}EMddhjc*K7ypq`98}UGDe{y4+Ou
z=n4@!Gr3R~IV|{?&jgd@`Wk{3upg~skaKXZpl@0p)bq+wuaYmJ^W)0Zr2BR_?j`J?
zCr59-EV{>cN=p({UY%iJCa}=($9=(kM~i@pVQZU{W9uuS<H5@DMG95wJ?%}iq^`c^
zmOAcpZnP7_V^poft9NnZ{up?#k0=mtBeD_H1C)=&x^^8v0q2_oHul@o(!$!`;q4wO
zRe=h^{nE|i^(>!I0;`M$zxkaWt#*HD>OPn%b$MO$?YrTl>H7RXj_p)r^}R>hKN!IF
zKd$9+>AK&)Xi`bqDb}~vBY!>gsAHUfj>k89$8~yPyD5N-d>uX1u=?T9cm4x~FO7rw
z2<FmC|I)fV&DqQRZDJ?s8E7ueU={MvbmB+;+Jo0+_MO_%vb|QPv*FOIK!#Jvsi@_h
z<@DI(FhQ*I#iyc5fQJ6oKI0!F-~@0U9J(Ij-eFZ6$eP3=^Cuv)m$K){wTVG*N%%XZ
z`9F=S&r=WQ+XGbt`zR9l$m|oItBS|6BDN*)w&EgG2<%?jXzS1ogsbCL@0TVe`w;tp
z8;M=N)nCcJs_$}b^^H}_po*z<YL}E_6qGFGU0o}f5)_<L&}t>B0lm}a^uW_ngsk}p
z8%4Q&6~(KRW}y85iCNepdl3dI&sNsg<@V3=*4b5*{Qg@h?T}CN@KkQpI^xx4HlkSL
zNRoycWg^#tlVdf42KA}UX@W((h~QyPIk)?JqnEiSvHC@@G+qfNYjHAW;}ho){G4cu
zOWPLfFADkujodaG!Rg1N4v)VbVtSU9J-{O{F2$M85q8qti^^;N)2&=Pk@x)jN_`)}
zd$q(<yT@fMKG!q=H1Q0<$>-Po3mAw)y610242}?QGOCBjl)tXXEIozTkdrQ6dWOGA
zcNK)V?dU`%;B0mpY<@~C(Q!1)B)L{GQ+*Ji&z@LtTHq1;I&iF`+mnD=53iO#EdJ2y
zBg3f6=ar;zO*N%L?_qaJe5d+f7p-SvLAC;f7x2htpUjv>z;*)OpMfA-A;Nk@T(=+r
z<rh}uu?l&vtEoKxU8g6qjPjThXY}eLn~`mcVyMu?Xcfkn>8uIZ&tU@1+^qbJtT<*#
z(E;@zKbDmhDPrUJF*v@OPmFXWw0<L&Y{xEwak@$uFvgO1G}_2x$KdWspV$K3k#SzK
z9BUQQbGMkT@|We%P4Oy4mu7B8z|im4m-2uS7kj_2FHc(go}z3&rOu0{aL#;x{ycCM
zyBjK0U2Q$hWv~gGACUEF4G)Oq@|c|AFVVXQUg}IQk==fEdZqJ4ZTQ7LSRIdZ71!_C
zNmQSlge4meypuoh^mJ0ozD%T?&FGbth?R)C9i}nznT?oHXK_%kq3QS#fpK*d7q5@b
zfm0n1K#feSpCk@tnXkN9_w1(NjgWfvW0B!fWs!JMtQu3&o?fhQ=GP1Xx9(1zcbCN?
z$|n?P+iNJp%Xdnt1`aQuJyZGWs4q=xZzbRfImx8WK(+XBbzxY1<Xqv5Un`<8U;-GK
zyvm_|={txfK1h+z2dCE|MJRr$1DYGmwvH9|7_i2fjWdt4#z_+Xc;&jM^Rl_94yux@
z7p!P5VtzF^N2SdZx<Ub-zE4|MA(=e16)ZsO4N2(?@Km4+=(qm$8Q+CAEzA<D2&eQ1
zR}H7Lk|ae(toW0d&EdyK7ycv@{9JzbDP&%ClWu#p+Zb5>Kv^Un9YGMkl5XFqeu|1c
zsZw7+z8DIK>S&=gcRGS`v&x1hCGPtrJ9!w{29x$@sW(0-y3(WLTOefBT<Y-E^M_-6
zRgGB2IF;~dklWvPK2Q=;HYLv^T}=3Cj9S_vp{1$lN1D$j%!<(P8MKRe;o&L5C+%kL
z*2RVQrd9e68j1r{;3q<g=t$#5MreN1QWXPN?a$*n5w6Ya{O0{0^8#mp4l}Msu#ft2
zkr8QD4jd50FS914uU4TF)tC}Uy^`d8%+arHj3yu!vI_iKGQAfxK{TX7ltA?Qx7`8#
zNG+?Wskw#O{tTn9a$^($cG0X4)1kN*|5*qI4rUk^;(B>H=?~&*-c^6Dp4;F{6ziGw
zBdNl#15abp!C^y#;)Ox3I5vFV3m4_-y5V|?&vbi{A0FBZ8qM6>=0y}KjQXQ5BLRJQ
z`^xj-HAgsm2udf6&N`0|Z#d=DSy+DeznFZ|NpSs{>1moNcob5|l=m_BLuR8?5htG!
zZ6Qo%M(#o3E>03ciULidOWqu~4qBBNpc44~IR6dG*<(e3LI~~k*Q`FZ32OOq9;n)5
zu}>eKl<?FViH*xFe;u@Vud)?VhNsjj;)wD!!|!R)lP%RPR~P9N#ckP|_gz`}8}(fm
zXLI|asy*=qq}}yrXE5nKV@%t)9^Z<b%Fz*}M<E)y6Q;Zth>4zI^?0vUm+69>5J*wn
zx_?wd9z6!|^M_!JiUMez(8ubmYEuHMZG<IJD@u4aHo{?Y0M5e5h{jA@8Y8<Oa^Q53
z2RQps%T1QD{$!nV4jsDtHJdn=X^>|*(UE<pZN1OH=ipwLp}QQK^hISIK>@5j;2d2h
z=M|HGHYHCI!ojMr@dJZ__SD{ZxpmNG_c-*aaOfP+8ozlr2D$BmFE1|z_F#p;)s?&`
zOKb9Z#C$?W)=x?;DfQ)&LtN5s7B-b)KKUBGXe$AJRgL*njhN#1IWnqIERlmay)olC
z=HU|wUNgETD#|2_%T#|Fa>KR8K_irw3~L6&Q-oyXh`2{@FQ$00c!;;EN_+H%(Gd<x
zPYU;@Q9aYWC#a^%+^XddzI&?C97W}mnXhb%+bGM(D0^8d%W{<B3&-S&ax@-Xq)beB
zadX=)Gk-~-#!stzd34EYpm4MsLhvU+vWulF%akV=T|~dOq3qf8i08+O81#kgQfCJn
zDNS73C<I{|)tjmZ4-{!w9p(I3b%}d>Lt-S*dlt>u9-FOtR+k7S(GiGd<ZNSQocA$|
zkSG-$DM}dml<Ru#`-(PE#95~&nv{5sG4tk_yOb6Ea(A^=!cu-Ixz+I&Gl`x8fZmUr
z6c02h<z*WhzDA=M%@pQ&IF#+EJ5O1DAMLg3BYZ@j5t<h(SHZdKdJ(ock*b`!7*IMX
z!6E(~sUC%Y<N_aG6D+T>jIOjy)w81Hb1hjp!HgbfL5Z%A$tR0BELtJCl5iVi85v_y
ztu`a7QfxltQ;oRWat!S=)T%!@$HFtokCz1L{068wnT(y}4<@iRv3}{w1C=vT$F#mp
zIW!`+SLRe|l*rhJxCS`}`-h&0+h~<nRQWjP9ru#)d(C;IjO%a^J?>ppc)j<4a_``a
zKH+6W?W->AglB=ABMdqvO=?<N>fc;WLN~}e^zC0&l{>wvs@bzVw@vAKL$pWM_MFU6
z*C{hry*Y>4O%&*Lf_1w4>d6KI#a>so9=YWyrnLq3?+z+PG+rP$hPhP{g$FrzEg93;
zijCa()Y&RR1p8-i;J>riuo#Lq<X1+X|DL+muvAplAosz$EcrxivL&#EpKov<YSj_O
z62YQPgv(w_9~2~Mg6bPm;V+lj8W3Q<j`QG486%rra7cq=>+^S*;ax<tOCar-fqs~y
zG-x%C%Vc2Nu53n?T{!<lOm9%|cf+dJ{40E7$&D^4rs&oyEJUF+@SF4!xp-HXS2VRP
z|3g+!=?){i#o`?*(^h-htCg-0c7ps4F<-&i@<5l-GLdkxpM$c)hYZWO=DEZ@%O132
z5%@ZkLgrhVwAX$eVY!Lp*2-h{;TZrWnxw3q%TP~A7pMLW_dlD52~}&8ejT-IC$X7{
zwO_|f|6KT;pd(xzK6tvxh}-n{t`ekST{kNLaC1Twb`?^iVpF5}_&FIsCT8ZUhebcf
zt;xGS>QOYn>>jmq82Tm=y?6kQ#xf%Z8uc5m;IX87Wb9c88JYw75|jElSl%SHpo1!t
zYLejny5^6;8A<)<z;~4C-=m_CGtX+$Vau;;05zjKd597E5o1eU{!~F<$;|M}TA$)`
zy%@PTnw`=u`^NyQmLn7e%riUzAwmIj_lt|RzQuPUi)b7zdLj%PGjmz;sr_F<qj{H2
zO_L6I_xOi7Mg}Camu=2P7zwbe>Z*&f)HTY}BPDI$BM#1vrkypXd><a-QGK53deQiJ
z(;-TPRvzIJ;y%-PXmc)sX}jK#D8)@4pDgoYGItA~|IBW<H%!7=jWkH|O`z|xM)Bm(
z23HgN;PO|>Y=%clujdcZuufWvcR`Iuo3Ay3V<$KluD(&7l_UcgvG|Qdx@o9e1bnX=
z1tSwVrF^oa?Ly;p$6CwsJz)2Su9#drCif#PY#$(c6SLWR*}ofxhq)t{T<F)jm|2{A
zj7ONqU}*HQyRz8Yi72JZlfe*5%J<^K_nI$$CyyjoXg5_CQxPH;M!t*d-Yx&QVydFA
z!okH6p}tn^n(rB!SFSsbYnNvpwkK&8H&{gv=6&V;cH7o8;$A71gQO-iE|IYPL-uBZ
z)2c}Xqmqn)Z6sscA!&uIEo*hQ?IL{``6s8CFE5vrp62dgSzaz<tG7M)*@C9O@GGSI
z3c<KDN>RX(SRBp$cB-Map`hLSc_d{)daYvZ6>?XQ!|FB-IpfQ~$f~+`;y)M9nx4%>
z2epv26FSUbv={S{{tC~NtJTN6^tLA|3}ND9MAYP%2@=hU0evyZDi-IabSCVAizC{e
zI?6k`m8&n6N>P^_B`LBv6Bg+Nkp_JIwELzh3U}l6GRswVni4{!P;0uML)Hh4V2(#}
zd}4)q)MGI)LX`BW#x==uU`nJrbTPTHi_}D4s~oFu!`gbIzkZ`%+s9k19!M0pw9EAS
z7-4$kR%+>2Ad34rAX6n1E~qN>J7F$W#Gb7~qT-Qf!Jx4vyGGn$%y0dg^V*eE3U{H6
zGdJs_h$=pzEK4~xMSogb&EzL@v3h~lW`Rvsbxp^WUfV2j@MiinH(vQDgFNtrhITSf
zkrnrJicWqkL5{`rR;q5eKJ)w+&V{990D_yr+xo4&jH|K<Pcziy^;Mi#u}`s&vzxcP
z8s9JNld8zB^MIXM19fG6W7W9W1&}U#aX-}h$@39xRc`_hCfv8d-?R3;hefR?aCeRf
z;+1)lUQflo&~(dJiJ?$pD<@s0-gk%q)e3I>X7?x~Gx%g{JFTW-nf1GTVT^(b+X<nz
z?_Egbla!?&`rT$qM?^_=x1go1jV};#z&_%xL1=}|pp?4q(am*Ao%St%Rwp|)@6s!O
zGn6gNP`!zp$w9u&ru1uv?R}njO3Ou@;noP3>PvLIr<^0yPHd8o3}~9+UqmXQ_S`~|
zL(mNSIQSE4wq*FO6Dos-?sBGhjwgaabMcpxODDOuK|!TI`+Lqvyhe1NU34`6`g!J<
zND_Hg25UCF&tEC(rv`;XESHb7?O*49%%MYlL2QUTvi#xG*#fm5Vpew{H_EK-?@nVV
zEE^W)x>*;X<=x!1^7SceRjsoN-H&mW1NFW8%DVc+_1~&Kc@e~?@xN~@x<^5c2szoR
zleIGL(=cSFlBaA2Ha0Sq+5Y-cGB{wH@FdS_&`IT;sLDmT&B8QiU{n1J_6TDjwhN~h
zZEgc9Zmzyl5UMt6Lr383rrR!cOw)vH2#x-t`@Wd!tME8lyy;Q$iC-A)3uKCKj!ByP
zN(ZpR@U*_RH(t(8q~Ul6cg&<nA%0-3*JAAm3uAWhf0X6Og<g(*4QFAG$8|IJx2eht
z;8T6<`T>A0&SA>Q^~=Rs(kDU+b=~VB-_(#E>id{3wGZ~FlYX-qO+~T->`uD<7PMpc
zO{l08V#VdV+zs&Vjky+<=fwz@<u##9D7EugA7F>N!izG0IV<OzO!+A;d`FZAe4o32
z+WsBP&$S?S^2{!#D|#YTs<Tl$t8_%mM*WM@_=#SrN?-RV(?bZn&eFd~=sG%x!sf>x
zgIJy}MMJh037LjC)oCvEbkp^|*OX3-$BgRB!z&q{dRZE|s)KM@EoFc4SGBD|^JVuB
z&7LD(2On9R8Z;-rY*v3iUOa^0oLg6z`YA_xXmRpkb2LMjujXJ&OFumwp7xofq-jun
z-7F}~zhO2_B{Y9`Kh4TsCPO-FyQcNBhtcr${dIAa0IcYY=?)a%2KUEp@TH~^YO8Hw
zxi8|m9f9P|gbTrk5!~(<xMB*As~W_O%7rxk7|m9V(QzCk9dv$iLVjpQbc9}FL<mT5
z*8Fz8c+=cUK~COu-TzBOI+#908GnTzLu4hh*R9XdXu{*;Y^d;4t06FzjT>umX<<pt
zTKF_bsG6aL(to~Vl-&BFDl4Q%er~Q>A;@tMZOy3!zk>qaw8i}<zWQaxI1MpfI2t_L
zYv-5|z>6k-y2~^_?rD>cSja}79Ik24oe{{1(=X`Jq<qU&RieAa3v}SPZt%E#U%eIZ
z(yv>0Yu#+dLJ8!l#NH$o5YYrVFq)v4kxyHU8L!6xi>}162lwyDYnc~`K3mgo<$h(g
z^L07rcd-7Jv_-Ha<0<j}5B8k^*WmdNKq1Bgzl_GKHRM{ReeZKhL|%w^f5A}YRaQmD
ze2?d5jQM;Iw*2Gv+Ubw8qZfr{v_e4-v3c@F2VRKrR*H)0J6;jjCrQ-DiY;*1lM>UF
z_A47Z+L*_P3F*>4o-Gb?K>4mDb-s=tg^Q`v$=$JqZO=+#W}&OmVD>Yq9x;`5U6l$C
zE$u16NcYi^kh%K!5HXrsgZ4hoTnK+tlQO(Xpw4OCCgbOV7wvcxnmU7gm8DZipKD<n
zmuX|)3-^t-1YROsVs0m}5;0Bk+*(q~RE*^ld)8w%s5AMeL|ND4ia!00tluHOU3tB(
zxq(t5_;sY`Oq7;9GY@t|hl1(QP-{tEKNDdoPvSZW;A<79+eeW5wQ^AQKXwh{Y|s=)
z`$iUoPJBAC8|%7$f+fz>eC*WS!jXTeDY-84!_i@Ih3V(YgX@@($%5QOG2nzp`f~>f
zNF~2wWqa3?bl$UQ=)PXiqctrdHC=hxRb0x=v6bo{QRlG?mIeJm+1p9`=hw80y6<6E
zcx!qrd@b(T-oFv?f|_-ofy_<A=9OOe){X7IWr@DqPsecGnws^E8=q8GMczZ8R=5ux
z%Cm+uGbFg4+QGk*Jl~}#OTstCq3N(KKH`kfjcYQlW8aiA9_@x<myU~<R-BTnDwe5#
z_-WJdnMQhOb8wJgWGoo*32mr|W?YKWkjA}Zd7%|>jrIu*9pytM)<7@{G3*~ciT`>$
z2L3}LFgYkdNDTXjfa1Tdf&RIsJ#R*a0;_B}WJE=W^Fcu|t4E;!{GmB+VKRdOKs@Hg
za84i?Y{Ur!nj3K<85IDWKr^6`nK{G^2r>m%qMU4?puv%*JEye&{1Tq=>cQaHH=6%R
zbUaWfk`%<8?msdJ7|BaO_s=CdyZ@2#!g&Bl;)|Q~zcL7z=Z3!FZy68*0mbB=F(JTE
z5R!r8?~73I4W-6kGAICY!xHkB48qF;L#~7QOU4U=+)$_dC4=w+;I{$rz(D^1MIbf*
zMaqMGW4UF_gCwB1<Cq5kLy~>`<pc`j1>VsE!|s9sLSg@<cjF(Kz);BTC;)iDAY^6V
zq<;ZI0dOS4#NRR)=x$`dF!*hN5FqajiOFBK0A2(ba=XL;80@YSF#Lv_;xA(e5O%`_
z@|O$%g9C5t0f8{cZ9NDC@E<V9^8Z^p5CC{P3P|Id<EQ>|0z`Vgn<0`U<dz-;1iWFP
zxn=vGdPfTX@%vBwfjp3#KKGX*1OmSy(YYl<#_+Zbgyh$}B?BTG&22p(FER|b^pJf3
z0lnh{1cBTMAus5T6A%!1M-Ku41McPrh2I8)w7sFJK_<k%;Rk{LUkJfBj5U8p0mKWw
zT}>b`=#FC$6bQdtVq{$ZJHMOwLqM>b8G*l?fS@4Y?UI0yz3EQthaeSi*&>5*!`kzA
zelXCT!3qolgAsqBL7G4yQ26Zz2LS_bxN-i<5NUj;ae<*=;9Y<`usbp^82CR`g81Lo
zk2D6~aRP(fK@EZM-f$WH1qK3!KyOzG7zVjnCHS`<5ZNdGk|E=dY;MpyC5A!ogb)e@
zK>juc0FX@!bQ=s0vLLq`91je7r!63dBM<=b7aAlO<Zycj3>1F1m+<i19UXaj0Ji}m
zJNBKb<As5t|5uL;dFOI*GP1NWb3)P{(Q&I-dYaL}Vp^{0^hG6Mkejhf9KZ{J!gzp^
x;$VOXP*h9|E&>CIi|`5w{C_p{ZaA%+U5uPu+?~wKv3cQ0gxJi?5(<*o{|AhOwxIw3

delta 44980
zcmZUaV{j%=x20p-b~?6g+g8W6@y51o+crA3ZL^cSNyqa|&Al^Ib$^{x`|nv*d#`8h
zlm89T9|+M14+@yo-geoZK=nV@lDD@{D@tX~#@%^Uuw^s1q})W!s@`1)zyT9Owbi!*
z!N{og3z{A{0?5yUgy73as3yx!A-BWIzh2%gSNJ|aqROKt0kQ{1+(Z|4Po_hwjZ~hr
zGK&k&Q)2X#zL|{_t}<vIaUQ|oKR~l9(Emjo>ss~a-~a$WPcylIPR@qC*)w9qpJUwY
z+iBTS%cp&+Snf<6tlR=A^y6&HPeqJ|74(}zZ|){PyG0T!L+XZ8ax!9N?hABXAsFgk
zjB0yc?WeH34>a>x5NzJhN1RrLIWvEokiQkCHIN(_`Jg#T;QbKoX^HiBRJRDsF?<<K
zCQ9Y|9srHBvo<N&GWwbVp9b0d_yJXM{=065{9kk`4>8;|%A<6K(Qq2bIU2gf>gxL6
z>f}~UYG)yy*dJ48Hyt^z#1{7!<e4bzG@(*O43g*e1Q3jiZ$IBJR#pdv0pHe(P-`tB
zurFCP`)`H_c^wfyEaCA6S{9u=SR4rq{)!pD&;U6${umh&`5`d_2<wj+^_0j$Ib<>M
zqAg$N!rT1_x-Lf>RI7-w@7xcy>BKQABv|eAqU>`TxslDc+jEt2lG@MCw>N@H?Ny1$
zRpMOLi8Z7qvA$6kco^^cFP76!T+5r++n&T{_j~&YL2mL!I9kGg(KKv>G`*8gED@}3
zwgD>}W1ECq7;lmo8uYTMmeOV>P5bIBpDhzl)t{F)%b!fFNK)e>TL|X8un^zAt8@=F
zL<mx^a9+e3(4s{_4d}XDuhdXFr~{}R!S?f7#f5}L3E_jDUX|dCL+R_Pkm3n(c4(Ix
zS}cy;4T#8Qb8Y;H-HR|5;kNm^uum-;2>@>K+p|^OsWySQa31bPgRP>Xf9pk%DUhJ4
zE7mPO80fcFJI2L;T&OW=BQeb81j};}q%Y=BOHfq2mNVzci<AJ9PZV%ZFp>n*TGlZH
z3FTj|TVOM6K}Tp|-Y>TfdXZKbhzPjRgadKd2N{?R?Pd8gbBRycBELd-Y9+S>jsRax
zCpJy-=>77e%-G5x1NeH!kJ1KB&nxWhxQ@&V7NzeFe75&|1tK}E{o{<nHeEOtp-9X#
z>%}NKs~!G0`AygY&{)Q6Gk6@3t^L<;votV)lZfC;Xbp*xMbmJtGuNOCBPV>B%ndC6
z#=k)={cwNgMk2&-#L<4#J&DuvRsqs(OkoG5?lACUA|ebp-vJ3j6}QBytF95?1=wI1
zGO3A7lk4n^awt_#CY#1NWCkiNerD+T9=FNUsW(Te=GZTI%Dak!{x_RI%@@XH^QCLa
zD7e4o_~7~63KAGkvLschy<qyi)dw2Nldi2HrPniZQK$G-m0^AW3a@VWG=T7u$Fp@Q
z0I#p!+CDt$V9X?^r!mP}LBZt1W)wAdACuoct&$B|!);ele1YZ-2Ig11tM<KS2dV9?
zdPevW!tVsk0ZIx$>qS$3SJ+<;!IrED|0~>@YARBqc6%u{jHQ1%9Wlw^50^Ft#tl&#
zH;c_`V8ohsh;r0CZ1!Lu6o4iUHrU?7>J*dw;ofZvnK^RQyb=punX}5I8#V&v@-UMD
z{JTxX^&gpOG!h2pkebCV+DD8kmbTr>H*t|CyK2`5EJ<c|iof)xRO(1u!no89J>&SV
z#goAX(_qit>5$QNztX`DJpWOv3nvUP?s34lbj@|hgtD?s)RJdVa01+@mk$WM*rR*z
z|G?Shg){G9g}62kSZxQNZ{OvHt}y!I-YB=-=mn8GcZ8`H%2BJfrSnZGzMS$hMSEr4
zEY?q)IyT>%ja*)fbWE(!XbA*B%D_-iZywX7o*MYdRnc&f#SX|oIZ>NW)hNH=JBnNx
zc&nhGzDK9~VnkuOH32B03y6f4l=AHQ6=-FudNGVu_YTRp*{;ach}WvU-9VSVcy(Rm
z6M!CruQp$NomXBq11o3OJ+ci9r(~NhlYeb-bHgMMoW<al_|Z^oNtgUKq9FF#pZ^U7
zxIP#bx({G7%;RliE!aSoqG5HY+If*e0&}E`Rez<DS3N}uV*-qV3x&(QLm$&z6s$>l
zoTcNH?-p^jw1Xh6XCqujM#{gx^tpySXz=&D-#3{ZARlmTpgrgH|B|7Z!<Z&n4u<-z
zCYP5jSp#mWGTQe3+z<v0(@{tESF~H`cQ9c|+3CnDt%of>3Zj9DPrAXd?197;QNp$v
zjOq5>c7&`A5do~B8E`=fU0P!Dhah>4L)@OEmKYqVXlIY>`J{e}3v`Vkq*m)_NARWr
z-KrG=lY$N`z1_RXMV@r1bd{{fP1y7l8;+E^p$e$GWu^0jmIyDD>3p(7jyG>0Nob`+
zFY22Da*~dfb=?IKmZ0L`q1<=BYr6Ac#H^34M)g2rkpTh&uT(X9FX=x+??`C7_76Y?
zFvf00t)(G2CEs7y9N&rK^~kXom>h3E(H=N-{vx%zo{$%A13zDO@7Jfmh?*)QTE%rx
zUVNeWDz5Ir7r|O!y<}aqFYt9TXZo7v{p}IRboP9vAkdD_*ShyNAnThm$7t?{Q><Zs
zAa7665pV{SchZy76mX|ARNwInj4ip#7ij-;@0|zIiha6~*xYh~+pRqU6}-X)(a95N
z2sQu(RjM1jFxfyXw5IpPjXx`uzst;U!Iv;`xg(t-<ytbp*_lvYUUDNEP$7E~$u9C>
zA9;ZC<C?@I<=NyjOHwk=(AOxvU?l$S>JHH90_5X642{bw)*6oHy@qriRzDa;eE?=&
z-))J_$x*PU=kbj<YtBV*yatqri!R}}>EF08F8(rJ2RmJP-0I#gOq9rYsfrXBpQ|h6
z+x{WWQ3>-7PTSK`c#B(Y#r60KY?u2e){#M>m)qdXa@_MC#>x$|EO+#MptCD2lFld=
zR)6979SVwC<@m;F0j0s7IY$Ku6Z(Nb@dHCKcQA8xb1^ruhx^aX@wW{eCkZpj|2|n+
zxViqj#>)I(MSgxJd2<I#H!BiWmXt&;ij)RnPC))gG7+dGgz*!ir7jQ74o?D7lO{8P
zHKbxGTej36634tWHc(W^B;!bU5<00L2vYFJ%^)G6@%&tczDaNT2GRi!k<XrMjngUL
zh$9e{KkP;pNV&gaP88dqu|z-<t46qgi$@L><>0~K2U?Mhn?b?^J4x5+Hf#T)^eVCT
zDgkuisJ>VYqONxn!6OzFG9xeu<i`o+5i13Ly7;|uaMB}_J3w$j+Qv&=47SkggqWr1
zgjzLD!Rxis54jqKIBc@JZ-;D~Z=Y8~X5kH^>s6sd_F_R4tl07w!DH?a2R1v<wp}2L
zG=V5Ay-0M^r@UA-2o`@-pR<(0{?s0<M*-?I%<3)PE(J3_Q@H9Kl3zeazgX$6?sh-v
zypr7F9EPHNyqsXet8aIV9*_ET_!X|{)o$|xaI7t?!pr^7jyF5HoQ?bQG4}}D`3LyH
zsjv`HF%Nkk5?Z{pmX_@t9!SgRGGG0d3F9RF^HwWucS(dZA;5}ziT$-HxW@dG`vIv_
zWrAq@4~H$ZF)BYxJDS(Bz?BFeyLxnJhrjJRLg^Cgp1NWY9>@f9%4VAWzN9pUj^l?G
zh>((~<sp3vProg<pMfTPH5SLs9UtlT5@wOV+Z|LLkKaPcj36BGTjsV9-Jl`jzAM-!
z+W+jxFs&FAozdVjE@J9;U5rPO?pv1Z^u(k#pk;Rxy^`C9RnTgz#_iGmpeV~%U8Bx*
zCQz4h-f8ph17EQ{;5Z@whu&CO{!3e&%sl^BZ|wh5Zyf*88zn$j!F5{_t?yb(zN?+~
z1Pjy@YJc*KglA<dXJbvaRvnF|4KkS=mIam>#7ejSj^T75`KPnNk~sufcCYlMIZX@=
zEc5a*;OpHzA;3I;I!o%O^~ca&iQmKX@fucZp!vn9hJjBnmwzDkGGgpDDj=&xyOA5X
zOJN>!8%5kj^9tBJa$<eE{G8I!?>!UZW-`q0fBV>Z^Y}iVrRd6Pu8HVQ+P*x>KtBwt
zfAFtu(JqiTw3P6ms$p6|=Q4{~jVkCAR9b!sd*={%yZ{}Kh#Cii3ps%^uGH%^&2!#N
z_FejpyFxPj{baRIIErL;M&CI6m$Y>;Yu%v&0>3<($qlH0o@e556vEtzBUfUMco~N$
zcC@Y7w10!PbT7d4T=J$O_Bp@oQd&^*S>4y%^>8ZOol}!iy<SM#;I(bm<-9TQMW|ns
z_nODdujykV)?VJmu7DxG9&f&RY0<oxg`2!8uRY05gS5S)48aE`@mW&#<5zGypZv1v
zsv+L*?E`fBxO2E5`tdwQw@hA34w&ztK(E2Cm)wJMDUi=^e10_h-{3=MXVSN<_I%BC
z&2l}eC`qY&9L=x4Z1mZ8p8q04v&f05Xz%iJ=3(Cz#Kphs>A&|ryR>UHX4g;XK}8@C
z9r1f_x$gEKr6M~#TeQ;Pzq#E6GbiX|7w7zIcmn9pGV1H}b8qqjz9_&~nOVtVi}|6A
z!I8xzW3JI2_81ae+b1R8(wVo-qS(s7;1L^j@+1B;4bN5pXK^uLQXiIlV#}0GN>Q;?
zE4AZ2$w8#^Y&P~*W7Davjxb08Kh@CTq+b^b$!u=p+gd~A_wb+padj&HdKN?79PB1a
z3Iq5Y;&pLKC<_pYr@S_2fA{{Aa-<AO8zx1qrOo0<PQ%oj?yj05+9JOTCzKPIK;q~f
zr%E|2x^CF$=ll!1?VmCP?Y2ak<c{@A<RjSvsJF4YV;T3De;k3Tvof;fZMZrcYi_53
z6{b%^_n2+p!eOk6SD)21;@{sb<f4BA6%K%H|7cnl84mbuZ&)2haQA&sJ9W!w`*<p8
zQxgiEujC`y*G)LYCP5Tt?S!CIylvtDQ8aBTM-UOa_jp;cc3*@DEZqabuD9USr@oqU
ziN~Rb50+?yzxW&8UC)LD(Ne!9a=nt<l_$ZU<E*n2dv<L5To4G|=44@BGtwZk{R2q<
zW|UV{J#+)$lu;<olY{I3)|dKSHo^`m<2zhn#$jSDpys?Y^~)6_e~2dtKkSz)KNsee
z)B04K{3*qeMo3Q#l%;{aS@_YhVjeT5!|2GQ9=$f<ASD}^;F4QdWaDGHIb@24##Qg%
zU1910_=7p6Sb*jA+`WzCHI$v<q!HkiM}t@NP7^+&*UAiN_?Pv{6%UtWkoQ1?oDUK{
z=y4{A*JVfqNn?+_FcWLR9UNe}s;d|MBLU@ziNOIj5VDfE%!HxaX^9F_QKcbN=|{8G
zjJ4drZ4#}{tSv;)4gLp(_Rk*e_U+@5Ln%gKxj2e;8A|)MFx^QALm^i3gbTpUf88==
zqO_0W32!e+V-0~Fytpj#*EUIYD7L69+WR3y!>#9yg{s`9YJL!@5{<_%aYqfEZoI?9
ze@o@7vl!o?2)0@FC%RHp!B`juZad72n=4r_Y46B|ZDik@8V8Z(5}?fHGZsCy^`5Vo
zMTm=|wusVl{=6=<GSm)v$rOMhXB#F?8Xms3c*lJa-fM8HyVRSjM?HTyVvQv^Xq=vW
zH>_El$-xl;QU+hCAjXPf21;m%lKy#5w)FjGu(I1t5eLq>9<YYQQZyDr?{E+j_M4Jg
zS)F}(1I*|#qXsJYOlLg@&f8!UI6G7STmV(guM7^c;Og5XWZr;0O*jCr!pGax_o;OD
zLnK^9Rl^U_DuqMgzr({4J+tZ03_GARxpV!eoPsx_2tq8osuibFKhYg_H>!=klekyq
zb79Q^faRo8{*fC8Z*keqpU&gKc2POYJw3;T=giyjqKllT%5{(?V*sT53p4gM{$AqU
zuKb_>oVyGJ>w!VJD<WWn1ND$9u&_(&E;AtXpk{Ecs{dUe7^RNDZ@tE#{c12*5mr#s
z{WE}#-C2G!={m_(^f0<UKtLA)oj?lbnZvxRDhX7gJuN4KTu6d~En#I(MQ;86RNgHW
zBRftdB*a6vP|rcl;#vyp394ABL7JXL7gK_dS66j)UTW<Gybd7wCMd{0RTmjQ<lL%$
zQZj<gkmkJXX`}=Ko$Qg*>|_H=U*pp_{TOWn6rkCigqH5ph@Tr2A*E35$~vic+iW@D
zkN3aN8eVMafWF5)p&;$lRIdvQ-CRfOv6d1P(F~5ExO%Hk<^a*9W9;kYC1l}{YDtDF
zV#(`(53KTiqz8oSM=@kcMfpgi2xZCBrC4WoJe4z$K6heT$)8c^tmOFrnM+%7^9sb<
z!pFI3jXzh8Z;zttfU1MiPpM=*Jv^nMdXsN1#tlJ;I8H(hW;z>+d7_R_;pT@wx0J~i
zU43*MUVeVgogY9Qssdz>29$Et;B7va)xjVX4%pP%76SNC${N{Jl<=g_Celi-HANMw
zFM?0Rvahash{mPRv6e$6Dr}m2nHdH78I3~|Bxks?%zn|80<4i(3zv1)*!T~tW<lV#
zRc5|(JPA?5qfrz#=9b?0&kngPpAO_9zTYmbhtDevL6Y-)lZajCl|H+Omv{?RhYDO8
zdoDcx^#krVS5%2rY(N!~NkhQO+Ng*Z+}A2^YSp>PNlR2A^tzi!jo$UW_co~~k^huD
z+xWI%2uO3QH%cq4;#Y&5Oz@|EeArd|mVo@}-*H?^?2P7Fn4vM3TEhH_tq2KOx$JJ#
zS)Qj!3bkJ;4DDS2iNNT@ox}};yU5|#do`U%VFYxpFa&D-0VfBO8gMrk8$Qd;uGx_H
znNo>05t3)a4Rz!^r6p(i*R~dUY!X`dt;FA!jZQ*9cGn7l)mzpj{p6lTC@H}YOY$0P
zl0Zjwfj0k$)>nJwtYA`X{vphXD0WhnP93KrVISj#<NO<>P<$kIxa&D%B-X_UF}*B&
ziVJYpoxfwDhMLq0w5}KNQg;@^#)LWa4DYxtxQduswK38Vcanoe%jl4G^%3D6O2T6!
zw8Ebph0YNtmq9RBq--cm7e%d4tIB4VqgTDBbXS>pmEsj(3tU7b`g-4-i<5`dXHxIa
z$qf(%^Sa&O{EIlcI1`3<v?5jMpjx;S*$D8h^+nS;Enpw*{#*i2It8zJfm}Sqajy*V
z=!6V}%{v`04*oKXrOHZFtArV+j%gJM*$l^l$cravTZVV)9a^$y8b{URTkD*Eo(NS9
z6l^^u!K#YiuHJFbIBz$qE7d30U5O((Sg8R)Qailtyunv+jqu2};y8yB(b_AvDh7<#
zF0_!qN|UQ@v>4v5-cYOe)R|pihrsq<AVcM+s^;PU6~PcMP*~dtyOm7XlV`sVe>UBg
zh}pw&N>>ugo+o!bSYULmTz4>9;=B5tDB|d8nn56nH7-zjKX|QTCpD_Pdkjk3n~eun
z%3%tgkE&LTs>C<;j?p2J;G{QyZ3^h{-!r%PSEOXk`w`*N@UBoTG7(i9zy-O)&-7v)
z9~dI0j-p}aKe02rfizT8W{aoJH+iZ8cz=}&p5@!~AAYPncKB+}UbXRBl8<ep(1^p4
zC48uFP262q_hYL=E7^$i*5c>w=q{PtypMSqnknr`h+HKM(YZ$6FMa;ARSJ-oC+wVp
z!i2b*G872Qj@y&NOxz<BX`p%D%Bai&w=Lo0&aWy={AaPV!C-sW+S~3V5xk9Gx0s|n
zC6*taP#||u<aHEpwT8b{NFMFY+n)1hIo4vqrn49;w)46I^?q+<Dl-&MIB+I$qTZb^
zSW~o_DyhT+uA?yCr>c(?4**z}Z<)T9I@@0`ZkK1eMI<tN>$kzzFK{rpP;a`Z3DV(7
zG}^iDIO*tE!$vjB8n@p(teaKL<FYz1tWquM25!95$$oL7Z+SCN<6ka={5TbP=tGlr
zS2PiRe%yVNg}L2ONH5N`1_L8OLW+U~!cn1#x3-V>W-ku9HU7QawF3G?%16ssWlvA4
zcy9_9VL!;hIB(AQC<J||EUQ**b_WPq=GA02dosul-oBFNe(r%~O0Bn^7Z2{1{^{57
zQ7R{3Ztfx(DpdtYI3O_3YEPCRFVUT~A6?g=+`A6%9|rBoNU&mMLfs-`8`cm^sK`n-
zul$0Sz|wDqg7@5SH~<+QhI96Dc{|<uE2BpdX*;o||MduWlaY#f{$~4zwY7L<jFud^
zNa^91_BuiFiXJSH6eltixDEU38D<NXfep$eDRJ|u<m^yYIcB%}`YTQ~{FNXELxxCJ
zQO^EdN9~4VhN?o)!GvzYrh8nB2;Zdg;>ad@aReGcdY3VYG(em=e_*reX;%C`VyBOY
zAt{;fS#R&*!zmKz_T2I?j?P<B*gEy|W^vW*dK%aIYKdjY_hGi3%qX}znp$p_quYVA
zeFM&8rN1B{-{-(oaqid;C_|mtU0Kq}@!B}N%~^lqf`92-%CxeyQ{&|6^K<uk+5NN`
z<xz}`g%jhG1LV*LbaMmzfekUsH8n9A85LSjfWBOSCkruZ_=Ul-w@78!)+V@~T$xl#
zpjg5k7q?A?=Cl3KMSPf~$Y%E4<CYxmwq4qX1@u^hq%GuE#$AsM!--#OU=rcbcFnd!
z_@>~G>-dq#k&m^RZwotX9Y-6knXC#H+KW(Yo^rJ>z?8xlM-MD85_u4h;wVQ<Y4l@)
zZuwhrOHNcB<3(^@@=UCE+@q1#yMHF;-1PU0-8S~6x1axffKlA9U6$u$31PK%SDw~G
zYwmufYFPnwv?e@u)~x@4cZ+n14`|ft5Ss>ifw5oOL;BcpBNZVQsk?nUH_saQ;tgmc
zm5sQ5fNCE{C5V&=`>uvfDij27J(;te&os#tt!C20ecL1cmN&0a+FNJA+7rcnIkVcT
z1xi#ptmYmH*M}IqsozQh#t#?y*`jBpZJ~c#>s65%uj4L{h_Jma#Gwn7E@iG_CU*mB
z{^SmRXOu%;{)&S8g;feTB<J30R+Ew9(n#fz0KhJ^t|!?nh<&l<2{Ap(v5RX@#Vxwt
z>Of$+g4-)xMc`h$5x&`uYCZ_<C?K}x`SA3U<c;RyAjw=XMv^o*!r-{2;d7HY-~Gm&
zkgqLAlI8l(#58x>yk)rxjy@R+8|riQ5ZcV1?{u2+c63tk?_4N*&FTO1>@5EUiC8)Q
z%b>IIurdF)YiIkPl!)#BP@*eUGyq6I1(Sk4WzMdbR$FS;?G_=T_%NDj^a)xa=Dn@a
zQ;9EVV(}<N&aK-`6d_tCcjxPlYyBr3SteQWKzG5ViRgmE<8^3uMde2l(LxQ-ECBry
z`uZcvKwf23In|3>ap9f$uV}6^a$N%YdB!@OXJ2o*P><Gr-{;@i;V+ZF4FEo>{+!~~
z6!jx!13)G-n(>)8ie;WcuC3u?o>hJh7q{@W+tJuYiOdp1;`%%0A``V;ENmMSKk-Lu
zmYVnGBbYzXt`86(7IKHg7)MS34zdnE3kxvu7`seP5(vsXh|#~52st25bsj5It~`Mb
zqWzG^I3ke^tM+{|0ttNS0$6#a+|AdI_QHT``<7JPI+1_v31WJ8iMgv0+EB8(8F83y
z&?7icB-Sw1srVX6`d{<Yjio|nCQi7<&nwp_ouUnKiAxX+T>}~h?u#f9Qn;h|Fvfib
z&yKCA!84loxSYOltKCH7yD+Tu9v%-{o>@tt2%X-I#wI=0;8S?`0ZfQX`T|1G=Tw<_
zDk6D<l$qf&OO_aDOcJ_jIvK*QDsAU*s{;w!ao{(X+db@~O*FjaDt2%`YnpCM(Rfz{
z8lvfha$<dCdE$f18}}sC&fyG?rc3KUQ%1~gS2t?dCO9*!a16#XPxUoR$+MY+uH*}t
z*cKkS?p#pc;ANRqfJ8~`i`1@yrScyAc~5gPtx{4|w_T7DflCQ#s)lQzVUsm0u5swm
z==HQY5Aug@l_#kAGui$)1%*Mog0<T^W?0YZCAg&HZ86Tci4h(8`PyU=hMFvMQ2-1F
zBQIR~IR_GTt0Wq5R>i-HM;@Ltc)B__%Xb6*A|15WPmf~(!2XZbnz1CY-HDoE%mfGT
zLig9hymW~tq#0D@ll3~M{;5V)h_K{`pYSx~7ZHgL=~BR=G6-j*e;>Ai&_X{ii-pRL
zn)a9GKJm$^$3jmekPgOzo&|b}Q%h8g?od8T9kPv~Iu*MlT&@uN=)g^wwgr{<2V*n3
z71M0On6?xGVB^9Ojf1w0!CB1XiX7^5h$_mz4VF|v$4-!(*k5yBzD*N@qxgH?drH12
zDovPxQXqoBgc@B$Leao3#O8Nf*ziRkd)6~e;(4pW=5x2;UuM`(__aOW;@tOaTahFF
zGX)JilYm@S;=z9_hYE8YVVDCg+rjt?hoL~G>Gky*Kpac*G{5Ax@HpJ0Zt2?>`bsHk
z1RPvjzb<JWr9D!3)F7WRL0=-4aoAz92V9CYGF7Yx>jAq)58AAaIwEuT2Kj!yqt<#X
zcs`mqM5!c)Qi(CkQ2+S*(j41gZY^MtTel=r4Bm5+WynLYI~d1j%0qeyc;UI?5|<-D
zC_wrfF#pfsACuJUaeguYTrxacswh2!P13`8snuO!?3o>cNuMc7<U#S-<*I_snV5z^
zT3I7{?+4Nmt`YDx0rxgTou9chmnifoW)O(0!(=6%&ZVi^>V~bq*++d!xfQMG)Y_`E
zl;1i_9(Ww9(<fUOD%_j6x(-n-W)FMe9=G@xpeQ#C&5b1Q3ax^%MW->1{nS;v^$XL7
zBIriU=wnXtK(*4lLu3v!G_g1dt0D~OP)yZoOu`RC-ATk7xW4`JmWnqf;hhzA`4mM&
z9!I_qd5{vcCpuMbBHC2IeDPD{M>IB)jZ|f$i^JA}F;ld9*9fl9u{LO$_r0+>i*M2Z
zD2Y0@p|6Lv_G3m;9KO#bC*X^DmC({*z}9j!>KC)c5dvtthek8WSbH=(6eu8Gyc>I?
zS`58C!xHe^iP&#-LnVm4+MCugqYD__B2+LG636C^KdFS~xvQzH>Y`aDI#oJ@ql@Z2
zoQ++$V4OW!WwQOS;c>pJ6_!qa3H|W}TyniKAnEP#7pB>?^d|p2ee0e3G6IEPWcm3A
ztqwu1|IGfCQsy_*()pFW_-4Y6vDT$S59nTmFH{okxwi}T`Z&gap6W$pksB6#_~5FU
zCO4?tm+=aAyMDGWtF9ex&VmX8()VgT38nev01hr457hp2fbH`{lNES|j7;<Za$A6w
z)8B@J3pAvhp`m}GhkQnoOxRq|UV{Q)hfx12dZgYx!Dk1Bdt(!@1#O;-PtS?^WFo%U
z&*DSz3Bd{~NhkQ=4bGxteI>>E)yG=)UDjg3KR@nXRV)r-#-BKOyMtF(K@;xYK90$}
z#lMNg11-DAn6?u%rG>@R>)}`c9bnbYx~rS?A_F3n$oL1EdXYi{^1x6?*47|!P6bOa
zSn<G^m)=$3J%u$upZjxc|4(@$5RPAHjS(RN4$o(AO=66V$H-8JWqGlFFhaJinU+&n
zk8`y`)b7Aj;Mh)Ef%B!LYlnZB!qD=St+hEm6z8QeA^-BGH{$?y-ohAw=PWe)T9PWp
z;xu!z`!o~|B!-No$ayCz4(X)#@JxDuw7gu2`$7>Ur<}8Gve(_?C&ijaX&fyWwsciW
znKJqH{9E9S%I^yshR3w(e?WA$|Ay%Q32oT_Z$JM3DLTymiEY^aH%6yO+0#V?pcy+$
zU)@OrxubQs<MSELLr7oKW3`TEsnjN6M4MWwK36%$e5ZXS_)=fpbz3JvlaoK{_dn&`
z69kAusEI!hyf`)+p|l$K=`WmVt$fS8T#WfN^}+&?uV;q|%Bjt$V+{z#ton?+1jBy{
zfycw|Z`)}t{r#o)xfu=f^A5QH;(36Nqr|;^EAN`@%`Gqjl3dWD9^PW@a=7~hav$!^
z{R#5JDvy2#riVR#8yr~nE&dD*hfOXz3q3zZZxN?vNZ=Kp?^@Tu2f=1<;*H)B#XXbY
z1YyGMu<);o7yr`>#hAbyHUAoU8eew1CiaM#1c4`&16t70MoPo?eNqPCGF0Zu6#pI`
z0~-~)OeBCeoM2-6Z=e~zP9_Ix!+nI&{x5f^Sd-L{(NmDIkzQCWWrN!s^=b6FXwk<S
zo_%c?26U5DkDQ9H41o$KED|%N$x41pw9P|xLMS0jZ~gTzGN{I$(76yA^JuT6Vkpp3
zL9HDBI5&<5zE<pLJ_RQLJq#%CfRti{!{F^S*s2pqROMU$`{mUv@ai`Qov^D#a9@gL
zn~hS}ZPfxeZ_*yJFuSV+&8X1h%atGS@$AUQ|L@sUE<(XSa^6k7YrB$Aab!*)18K`F
z3tjumz`9UuA2b5A|KcCe3pfRxL&PA#M-^h>-LFC}m6#%S<@tU9lxEU|X_<I55nEdh
z>8Wk+hbF6e)+v_zoMRnd{?0Z_yeXD=I`tA~1rjs%mfwY(+76F0Hxb_X$_jsU<GBaO
zJE9)7WLjd5YPQuU4qHN7)PL4z<n?OugpZC%bKIivMKjzo`5%Z<aF(g#dtbyD;lie7
zbGcYnO0QuR2vctWUQL(=<Dz{|H}0_C4R#G52KzlIx}Ny;C+5Q%nppel%{y8)XR*QZ
zo&F6%EN7i2p*q~pU^pv*PCy07S<PDtE=*$Q=;nh2nBAw!kke9;SV^`OTuIfN=_q+&
z1-==g&>;|L-BpfayU<E&CNUxEp#7p&bl22Dc6~b`0B-=`59GkK;KPY4BauXY9v;?_
z_07t?>W8_-{0LzIy8s8>55?u8fR(MZnR>mo2l;y5ml5>e5Q^S!m(nV8iVldaYWWo_
zaLNLWap$ZAcOp}F-+pOC5Ji;uQ^lE~(v)yK#B5kcsV?RvT37T2+&*EtQ587a+*1<t
zs!H@MjqEOfSAArWLm(+xCaK7RwoRFS#vrQh`Sj82tqA9*W8iHR0u0+gPl!!YOer7x
z=%iJ`Qn#h@KF^}nj1ZOXp%n~Ei|<N=JS?FOD5Gtu?1b*Cl^{3=r|#mW(iLu*_P94V
zv70B^6<%LQXSNO;j0bc)N56-8ouYwgq-`p{8Cy4CtTbi&^(AkX{b+4bx~?ccX2ePx
z91jt`2&r)DtYfWw&ljm{_@ZtRHX;7JjkS`OD2V0mqveefZks$)S*V?eRR_zLAp@E7
ziJ6_ht#js|0b_U4nmK-0CK9>**AuWKqvnSle;s3B@gNLuB~98`T$G{ppK#C`la_Re
z`a>UpSwR?_1dq@P8cq~3#2Bo0yN;YlGJzhMj#R7VcjulLZ9r2kO@tF1PPTV^D*s%p
z1PMq;lQ}I>`hxf93VSA^(?E+KYou9ZNs`Z<ILp1=2891sP#6D<z>Ge`39`Ycm_YwU
zG4LT4oaxHy4cV9yBXo3d+GSX7iBB#$gv}6OL4ZOdFPUTDPM~n+RVvegMK4!L4-sp*
zBJaicgwRg&ugXC)Gexp7w2n&+t$U5Czrn>h_$n_@RVK+|NqQ>k&ar;RAoT%kH%ik<
zJlb+P<`^x~RJ=*COxO)|{`!$8$fkr--EAAm8n?3T5WG_iv)2Sg%c??Mqku8P-8&Hw
z707Q#ElSXp--g+VVzX&jnE@xiBD(fV5q-@T$Abt6eH9X@>eYGUt(htKzH3K7O{Z!C
z=nK3w{=<z3jNWH*Dd;2|eXxndg&9&7#jf5euqM}d1VL_L4?;XEEM(V<tQqEgs9Z$1
z?MWRjE!jN2(9Zo+Is!AcSje!(J^ThR!)*YLsOuOM4D@pQ#;xra7<_fwz;gJqAx?Ac
zuq^~OCS;(VC0G(Uoj5}`yH-}K(zfzQ8)t=9ac%l$<1W0uhTt^0_X1DM%i8`zfJESp
zTqq&&WK=vg!7^<*c_II21!FP~oB9%Xx0)g~fqkEMf8W_FMdvQv()_*s>R1OL=1!F?
z#y<MqD~HIZ2ln!O%VHpBm}kTBJPGL-JIpog@37CyA$NT2ScP?Vz9aQn^+P?lA@hzn
z4(KTu@aj$;7b0J-U2VyxSx4DgfAr%TdR3$wAzqi^8uwdX3b<}EBDIiO_;VOYZJYkA
zAWz`gg~(Xd!h|~wmW!K}X1oCwTS5*RwIs4`nqjAfhj(Dd@Otjl^2^9$9tM9o2>qGC
zs6fcx1i(pSx83@_Z(@C8ipL(Y6J8FJ3oZ57Gr8VQ6TaZx3@y)Yh7Y6XQnsUe7qZj?
zWhs6GpzR(NQOILA-}6wtGj&><eESVQ;lIC#?Zpd6|6k|+Z!69A-&UH1hvolSY3~0K
zfV1)Z@6HV<)7gyQmc$zCy`qB)2UQbkQHR$$H{WVU^R(;m)s;;wC4{hRrdU+KG;dyM
z{^WH8|B?N6cF=G}-_57M*$4!0O7F?_z3WOtjx>&r{9gXdaiD^zqayyb@)?~CSYq&L
z&z-3k`x<fKXo{hM!-X@AFTr8xKtEr<$GUsGLi_@3`hR(J`w7ARCivIrkfq=kT{XY>
z$m~34)Y))0(Cb?4sn*K9CTj=Oo$|kt+Nt;0qhQsExr+K8ZcIqO43)}U=61kZaeSsK
z7E&f|iB$d=iaC(AxRW^%q*>Vbb;WW6S<7Q#9P@pFHuId+a^2~?0)!c(e@U7KZ#jPK
z9oPVj#Ez@jKI#K94b-;m%rPQBO(x1_=>N4=8?<dNB{-=3%JQX(2fv3ZDudt>as5`~
zzoBG78m5u%2?uzD$=4h!M#+D~G>cQVDPPq8je3892=}(F>&uPJJv~4}96SP%ve-Pz
znC{Sui5Z*VAd2mCiRsn!(72Yqa1Ypteenfw$Ad4OJtBK|C$(?B)ouRCK^BbXCar^y
z%kWS*2RkKj<$OLI^ZWbxeq`hQ_vP_9e-9o;MV^6MOIH12&kU;YWRcTQqo4Q8MW8v-
zH}fN}4?M<gMd|6vn>%v*7%6JD?^~iG{I`)<*--mMiz16j>+UM$TVl;Db!h;E^&LGx
zrNE=cUcd$WGfKB}kGn(0hbxX0l|GVywB^!qniwi5)Fsy1GC6GXg1^#Xj}(o}3e0OF
z2JF_Hq3~rzGL{(!BC`XZzej{XW$6RoxPk8RPCkp&fc1=m=q(f4|7<2$zevB@C6xfn
zc#G{1tbTWCE7EUQFO*F}La#t%w_RcYiJ_d6g%LRSBc6Y~O_+y97ssY{TAH)F^B3H0
za`&D+ZRaJzB^tk7s5osG_(h@1l%G7c>6}P(_1;MjTWUihJ*JNvip1fbOi$=2D!q5;
z9*>MlX0Mf{5!YM*ng-34=dvTPthq;EvRVJMEVNU|N?bQe+?vf!Gyhq}Bq#w8@(_xH
zrwKL+GUUx*Hup&L#BSEvLK|nmY28>GG8IP-$!ldSA^4hCx`t)kvSH3L!h*jPgQ76^
z+5Q4f@S3}&X3;HkqT5=^a{{+i+lDA1MJ|%1EMq8a!>UrD(ZB3GWLgX}gyU#DqbG)H
zq-+owLgZlNgqg^Ht`Nv=A*=}Cm0*%(7EO2P$}wL>)$sKWUlK3Y11~~|LS>2IhL~y&
z*vUx{L;~tuQb27HmkOV$2~lttujo_>LI&a~eqvo2r4o{7da2l!?Q6rPWfbg448=3s
zY?c$HmPNoKA2;Pd3e)msZ((FbF=3#<Zsp{@MfmTvYYa%p7VLg}2jc*i_vHLVte8+#
zi|XsGmAcvQGI5!IM}fX0!hbQUjr@X#`d7lajr&$g<TiYVWHpTXI<QsrzNRUNz=+hB
zj@+~G`B)KS+ZU}yvX-7!37X*nygki%J4O34LjxmNFbW9pcmBQs`mt1FtW$Bne092d
zy<M+*I${kN<uPGtF*N|@v7h#h=8TMH8>9k(ALUZ~`!3rp<myvX7<E!zDL3%$oW@Cb
zlxf_jJrLYFmc(AzX-iJBbqC|6Q_5XhJ$<ZlE>%A@nvHIHdRPaj(A`!oo=tc?s{ud0
z4k{=C6i8c@?@e(w4j1E@WO6iv0U^-ywW|=&TdT+=phMmiYrKFJl?V}c=bNzF)$;Bk
z5mGUgk`I2|tow29(prVx8_tXt79W|2$3dHTpO9~9sXh(}gGJIoO%QRYQrnw?)_#2G
zCDt-s<)($MdA1<&WCulEVMY-%sw~6-NQ!4P6fVgGrh%qD`&_{scJ+FB7p~%s&Akej
zz(BCzl!uN~wQ2x9)>H0r`;M3;eP~pB5znAxy$ys!u9m1sLBsg0yit7uaW);Vr(pT-
z3OrdYOy+I}Bh?MgE66!e^$Lvgs9#I%IK@;*BVNk7wQ;RwHRO`h`Aeb%p2;<^Wp~A^
z>VPO7*R>A@ZHLC6R#Yhg*{mQL=%sNti1GG3Lycib=ypKVQX07&NE~q4iW}l<H<T;G
z163K;xP}^k$;J=#(|J#H8%ZUCtrc&{mEUPJC{W~+bO(h?ukD!3RG0<iV$Sac^Xc5U
zwDG-|kk+gjvvQH37=>4oL0XuySb?#+RF(@Ia|mQMk5ypr#iAu%B5dv^(YT)(C)IRe
zUNzxu1PZXvoq*?;n8+6)g@<PYUKuukCH0_l-pqms0ei{b<hp?<hWE1N95|;6eUd2V
z<rpKr7k68lSW`*WFutdCE5D{@`^z<1A5YE|Xl6wq&A^%Iwc4l$rA*@A(IBBKy0{6#
z8O^Lhr2!1wtxsRt`Uu)7E2>M2Nok%JcAB!lK?aDHV2a|5Z-?Jfvotb1lP#SA$>qaH
zOci_sTi|N^z;LRn)|HToZeNHwbe>BTc3g}0cg1zMqpf^bdoHsy1H7Bl&Fda9vTE0T
z2UC7g*axq0Xd=iCud<^)Ei$X<y#zn9P(p>^UuF)MN(wOs>aU|?NVbQFd_)Cv3l^bg
z$^taiP|(6_0{ie_rcC02JuorbE_~_8m=QE0B*)zlxYip>+=X&bb_x#DvK)`Lg~B)s
znL;QeeM^lk1WRi@%&(+@bLYT*))P}hX(%{S<A5G$Va>=^19tU6|C+r>l@{=!@!`sA
zQ)Hzw(wOe31Qx!>)en7G`|MCY+hs>#OF+2{3vH)1-FUxBxjSd`+_hr+sP#BRq%rN4
zu9CK?141MN+)|}<rz?1%&lD`_PP*`fQk$9lR&@YZ-+x|JJ205rf(ni-w#Ql*XX0Y0
zxaPNSB@~twQ*1!1BM4FK&lgI)otHs^lf0i}DR?NvE!gxIj+wBAtk}#eb0e<GIe<bV
ze+TRL&IDQE*-)lqTe>&X$CWA4N%3A3yOD?(w6=qs^vdHK*d_JlnX!~LoCMJVx=oSh
zomG>`J2M339Wht6%K*x%_G$210{7d~C#Ux;TB8)%6HHO{@kL{#aY74cTZ{b8ym2=L
zVnf`X?dQu$OTL#F0nii<rGY@H0YG|J>Dd0We-3@}!#}|DeYo7GxEuf<iNGEYroaR)
z&Us#XxkuQq-NjsZNm^fXW$>epbBsE2sfC#Nn)A(+Tpjq*0B9Buu)tB$j)OsbGi~0*
zd{-HM4wf}5ghwp1x?)5#e{C;mrX*N|SwCc>lou2;Yol*NA@Pas{=^eW0(?_i@|-G|
zuy-z}J`mN1ly`-zVQf*i)fCKGxOX+E7EwlFg`>XawhgLQ>a-N)({LAKY53DN3f!m+
zK=Y$ey9u<089Gj%yV{%@GP1Gwv%(tFwz4%7-EY(H3s01b$cwzPRsIP2GfTYK;>l^W
zK^GO2EfBnP^VJU36Rw3z0eC-?TJkl9yGw$OZS;1|%%R?mPhLl!7KWWI50O36##TSy
z#@=jO{k#L-Y!*Ric_Gbz4&XlQtfmf+jVcRZp?I;FT{b|rZ#?-foUPg#<mqM<3zX#H
zt@cTC&e0#omSLIS6xE7}B1pzDsYCsf)Ro3V`2H3VyF34Tm9}f`00_%Aa5DYzy)3xP
zadb?%LSk4EoSuGnydQ85khWo%$dBsbOT<DdbkHXNj75KNnWsnDxB*a*_UP)*wH$AK
z!y<Z`x>HcFGxkd?&ujyA2wI_k{(T)i%W6G&61e>uid_wEn~~MmQu|sf^2OS#+!Qi%
z$r(^uQd+2x-+vT12arVjt-(a7+`B+sLr;HK{b-3JT8<<sYcn533{{%2EhT*%AVwb~
zKGYMI<$OX|44QmGn4THGP%bnNCB4(s*zUJ`FQ<_9BTL%?R~*at2T+pE3|7}LS7%Ly
zT|HpIctQj+B<^@I@};$T-N});!}*xRY1=yjf88SlW!YUVvB0nkSRiqn&t;?lh6;Yb
zOfm%;{@+ahU+EYd&wowttUT<jDGtISfLq<!<ehfZ{(H4TjEWiObY{?RP)$E40v;8#
z?dVo)%Q9JKOXi+diwTy=MX%gP8m<f@iTg~4KoIGf8`=8YBiYNsEz%9E=lOLbu789w
z)a0<=_&-JtOlU5?e|I652a^8|oTh&sUL75uQ+_+O^)tud((urj%Z5>CZO71;0O%Da
zR}abF$FZ4?YAlT&|2+u-URDe8M*;qiv(wVO`ia=%0m|EBs~y<<lQa>hB#!Q={yH41
zbytEbN>+;X>DX0;G$}6n3xKEuG{3<Ei6rJH64O@cuDw>9m(}o{4vu~zs??Iugo5e6
zBrNlgn1zzLSUv>}f=?f2g@qWJfDx*H2gm2JaSbk#(`1Jf7Wz#8Om@dd9Hx&?4OVxm
z|F!WdDzY^Z(j8EdKUb9P*A*_^reA<t^LUXoSBF<?fqM(&2U}+aD<C8(oBFs@jF=g5
ziyLy&wb$(@=rPP##F2e1c-Tm6g(G-I2cphK_0>%!r=ub1D;JIR{X45^02K6jy^}Q}
zWU?~L_Evoi)izsDvss2+AAH5i>QHE&cW@maui!0opOowN@7*7{_o-Mi7+@R^YpvgH
zq}XeVLNayko^ASXtLJRD*F^N#7h2@U!3)CfwQdW3e7=3oD4Ka4rIuSKZ&YL;PlrTC
zq|BO5^}k1}Ud`dT{<2Q`0HFALZSU{4-2NQBfs#XDo7#+0?-@e~QdyP+jgaN*{%4~X
zp1s55@k*mGx3pF|Q^Q$)h1of@u=ylq=IuBIyFdu=esguXZWKqua7OjW12N73U-zjY
zhgUE_iAm-ewQEl|!GcMhk^W4ydn1U89DCO*m(px}`tSLWpV1zR67Vm14XEtMS-M*l
zz9Oci-f|P)Qv_vox#dC9_J(UC(pEh5r<U4k@`R5oewn_kSKh$wINbu4Nnd{ff<<?_
z8!A>$*qDMoV-bIq!O-B#oGf8P<dFx2iBAJDx|L9;D&S%Zb_yf*te=}8?G--fz>8hT
z^C$BrFX7SIh{YFl9>B*$Vkl;UKDV;Oalx^p5yD9_ic=xOD{;<rRZq+)Bav>uTv@hO
zd^g#yOT*fVb<8w*SZ}zOhf`mg1sw7q-XgLwqRpM-(p5(I7@zj&sR@6#D3Po~qi*<J
zys`|G`A(&GrOFwlPVe$oG&|_wCr;tzRqv!7E0F9tpIcQK0OascxLRJezR6{Sw>gRA
zl)yZ^=5+7A=9D06Rfa(i_K^ruipDS)j3D;_+Y9ii($qL=EW*n3$wjAv_&Td&-6&C#
zjLqO1jKbdyuA{N(61}vAfwGx1CDr4Zx&}6Yy8|zrRr(}jkDPz++G;6(XcF7WCJnB7
zHP_P73c$;Q0G@S9@e#N{+OTII8GEi7cbH)Jib1pM`rWMqR_&QY(z82Ca1^7F<U5c=
z_oz3>z($Di6c2^!@XC7I9u@MqX9R?^>5-}H6!|=)CNW;%Zoec}$Yv8qYNG?xYTshD
z@PY1n)vq<qNi^w8ik5cftcH|R=KO1rRYwpC{FHKHz+i<&2dm9+K_Hr*t196s0353d
zi})(iEDD~LQ6bU4!L=EeMvjJ!A0|VwVPtfNl6heUenADrebqsWs{<4lqI;%gCTYk|
zAHl6L{}v)t8N<V1Wnb~B6y?xj-T2q4#z-ty@Hl(92L1#l!em&f>WMYcQ1e%OZ>&$5
zq+1&*VBQQg(L?~)R`16YtQxv-ll$fZY7s1buhFKmbu7HdmhF7WFX0-9bz6r;->qhV
zEFsDPZtd6)*_&e}|1vA<{?3GWB!9vVte*^Hj}RC%nKVG8x&uK=ig*+iA0IC@Jf6-I
z1qrLG?%&^a$7!6H8u!=rH_I<%sbvz$S26evSU$?i+#cy{WM+h*;sFojLL0eA$OvE5
z+sZH7Aq6KA?SO+*DHH>GBm(eyn8B|Oo7QFpYdO^jj2AwoNi71ibAvBgP~dQFz>RI-
z9>D1F2Opu{LFwTpgL{WR7m3;wMMGC7U4e`4ZjcG<w-(Ec|FkQRaV|-)dihr1kQQ_R
zISHU=Z$4+d*`CUIN?<;J;BF*pZNCXuEG=A5KaP=Gs~oNzYfh2z-Ia6R(ZPQ(TtSq1
z3S$}J1oQ5pEo20`bswO8&08nF@i`P>!0B4L;O4Yl3H`1{|Iqzi7J@R1Npq>*9fA1%
z+fbR(=sw?pKJd+XwUtYh<;5ub1Z|N6XqSLvItwG*>4h6+S46jxXK!mvy)U8w&4!%~
zX-yo52locT{cifkee~}HUuix@hA0Rr!T?Fj{aBZ8vh7(%|8q8x9%#&TPo+mtT}#Y9
zmTp?5aZ!n3mE^uAFxv23=5DpEfZWzt)o$a;&!Way^rzWVA)(x~1ovYA;jjn<;K@7c
zvBYWL#!Eh(CTPz|j#6V!!VZ~^BdhPAzM6+lQ-0N_zmS41RxuH?+{uj!X_ZUCNbzV^
zJFDG?H+zZ|n5vpe)*V*7Mnlpk5Dt$Ko$|<9LfhX=p(+lo?dBS4vsYu^XUC;Hwg`rE
z{<kui94|PB6~0QW5uI|d`y)>mAR3u}i;9D>FdA1dV+DH-&p*Mn?x*zbvlAEQ{{>fb
z9S7GQ^hy5-0l#fV=;rEr7QYPZ&@9&w%w3ZsGf>W>2o6Ey8|4GSyO-IVD&}mqIf@lV
z`XC(J^v`xxkxe2Ui?N6{VFWw20C0!zhT`3Wa0Jeawhsw-Xkg~fy;&jxymkyAstpP@
zomL<O-j^IePGbe+;>$0&CCgg&PV-<c$Y|f+iMp-*Vnrr~)DzW*O;}jq^?Mu|;17Fu
zj!hvWz~!?inuY4zENwt^i)9NJD2+LEwMp;wW8(0XQ-3l{koMi!{}k;JLPD4)AeEYB
z{!L`?yWB+c`p!vDWWWRuAZhm`Njt6Z<7k1_ehSq0Seq%fT4u8YVP$leSPZ=1O4qqe
zoMf`sz1UEbb&FTZrf2IBG)OV+q4Heq^`tB0qtn0FjE~u;7N_z=$rmNV@<>XvT5#Bd
zcPRvB!HkK}dF6Jbmm!n|IVAoo)n(M!w>4WPFZZR-53wHOW5_oLl(le+T;P6m2ko?y
z46N2^H2k6`2Av30g7Q+sY9Tt>n!#HCIP<kz0##_oSH_aHOOgt&5I0)E``ZM29(eMH
zn)0~=$%HW?i$+|q8|D3hqJv>|GAT&bjNW%WX;x<2J&{TW_Sug2g8WH$p2Rd}sr+P{
za{_NcNNHyfdvCK9Fb!wBT~W>hFNfkY9&{ST4x^HrZ;^t!;2gJV@vpT83Dgw>*Ze;p
zXZ;)@`(g}|F2=I|05{S~Hk#zG)Z0rEhG#s?WXdWmBfKfZ%9#Aa*gS$=v$)1;ql%O)
ze-CA{ww-myudN1SZ(LSzLwcBD74jeR1EaBjjXs-I7%;vX03v`7k|MKOwj+eBxI;-$
zd~zJILGXjOGNq!@GJHA0Q!59?;t3aue=sr;mp8_n9N?Ee1kM29gupiw&FtXCu$&s_
z7Gl;S%_j<>I@S=zo`AK)0%EfuOoc(If-eM_)K~%K^b@2~ocXvaC%6a6`PCHGICZTb
zyW!+#&)a|&z%Xbw5fAwK)r$f+`>e+uqk0f7+;%l<?{D#0MQ(cUZ3yQ{5-JKlHokC_
zLmg)RGn3p*OdKk2n-Rxb6VR&?rS(ymm5k=WxUE~OCA9NeJJzIT(AHI)4rl@mx(Av<
z)IacU*Z7g;kSW}{v?T%%L3trIj+_6Bt+xPbtn1RYad&rX++7;i#@$^SY1|!xy9al7
zcXxMp8h3}rq4{{8cV=q-slO`8$w^l3)ULBCwb#zN?kx{3tcj20gS6NL06&ZH#+1fn
zSzr`&n?s;rr&)0tWvl!cNCOo{1w1#TWl_0T8IDa)j3Sr?cUv(7$pqSr+A6WZ{KSP;
zV2c0zQlGEHkxM%#Y>J;vJ`W}su~tL;KqI)y-KK+(bBg4dT@8LxQA8Bq{qsGr7`8D?
z>lNvJVrD0Y>r$$<Yej7xpjmVQf_}~~UuEwd_95}9J#*z!Z=sD$h|n(u>Cop;nu9s_
z_c7t3*R(4?&pZ#1{<~yzB}Gmb;b)BCi807^=3ALBE7=%M;9K2W?`d~NN%oJrjb-tZ
zZZ6z_Z^L}pPP2XLHhBH)IHN@ioDLEl@1+Hc`|u;S+fU#8$A(Oi0Eer_Bau9$ft9Z4
z%X|+%FU+KegXowH8@%74h7_d+eu1e&9a25KGZ1dqZd;L?w9!#c8Q4>jfbcY6)0lVr
zjs`x?yO5>;=^&AmW<<J3G0zVP`yvJCxd$6pS$F52Rxf{3OCmy^HnHyFu%(^aPVMTG
zMkiI<>$0I)7Ibwe1190=<FJBfHfi=SV{@#r_aTR)-x!ND6k|q|q@~l^rm0^N`E{F}
zLdu6Uqcm%>FyV5)S_HilgQFb`kRuXG+NTSL#OhZ@^i)74L>UnkTl-waruM0zRh?Jt
z{yJ)sG1x~z;-RRB-;4_#l>qPj;H9)%d6o{Ga@M%S_*{q~0MW$aMo1>G9Q#N*0fDwG
zCD}L@%vs1W-Y^kPLVIr#Z_iIuvmOTDJqg|WoF!ftKQVoQ_n%Vr=8!uUCrH8P!Z`L0
z3tk_2oGnMfP(pd*x=<iW1R6Rpa%BYf0-@fH1@X%*vj|jNoRS}|9hPOr2U|iH&1#z!
zdP}=m$5J$3Kg7;!yhKD?Q&+d%f*m{x^OJVgy%3q2=Mw{XPa*mR+f7rJlQXGorCDh=
zDIscrW2Y6Lec&E;oH;tUC0NXRaXTp7ar1UtjBj~fQJ-iykDd%wmx^<VS^W`?Yi2HT
z!Ti)+yhPz&I*EIa{@wSbrd|c+qR*IkUW<%Xg@6xlfQw`$sK16uA6Qg{E$6s`lu3*M
zG|LFeA9LQD09?UxObQLjQF|IzIl=z2c0;HjhEl*}gS{EYXB1jK*okk$_HXJ+traIN
zis$hOX|Q7c8BW~y$pypX!Ce^?R2KAvdS|dgP~%oYido0gqsDq>Q4%(@Z)PBwR!1>o
z8nOc1fR31$OR|xi1bS^IsyuKTV2-j-c$ihKJ9uzYc1e9&>MGnMJlCD)fw#ads6<%B
z-G|-~m`<<o-3?AG<5)p&5@e$TlD9CzOr&3syYThBFKvD3Z?2^*{{<hHSg^D{vFGY>
zEqB2~)4i@Ap4+<+rq$c0EvJGCNGa2d?Y|jF0Rl-NQybt%X<f+6JO%v&kBE?&bGd~@
zZ$~d(&fK?3uiJ0b(F#TKm@-%QN)ZN;cV(VbS4grDYBVSTCl}CZ+8HXOd1<x$3x9}S
z{`iIxmXHQ5Ff|!7l8EIJrGS|iP5x}heMbi|OYe(#ZdOeze|AKL7edw^KY@2yxU9I6
z#BXgSC#dxRMM;cEOh#Rpy*W7ByS}*=q(%7j2O^8&L9p>~asuf^g@Jj#<N$K=x?;&>
zCiTsl4_Dw9K<W<fx08`ooF&hS9t%tFiv7m-Mt?`g$}9}^x$urpL<P03;G2bVtF!oy
zPBb?$_0#w8&cNCgy)Bg_g=~eZ?zmve!B{Ibm2y3ka($*|<<;yV`^?-98{01V^=Tr<
zmi^i+Vj0<VC}v@b3Egrv70~Zki!ImqB#d{Vb*t;$$GIMazA!*}`(Y;hk_}*eh6cmu
z4;)3t>Wh&Y$`jUxhJBr%^L~4eh@%9{QVs~;C);u!1kJ(r4z@Ln%$W;@+f6H8a=$g%
z^boFHY11H-c!V7)-sh6H%+X+F&Pf+N58|XV6Si6#$rkMzW_=bF2e_|jE1OX>)tl(&
z>8a;}913e4g_2R@W}h{Sv)o$SIEBeT046%PXS9NBi4_N3Rg4V>YP}gsfpA;(%%w6R
z<=`2A-R`%<S_rIHF-~`4xECC3;^(g*m}$Nh%I~*d3K@IX+<x9k``Uu<|58aQ^d~N9
z{eA;JcXk1HsD&2l4G0Vmr?cJQsy%L6Ci<(<beh{)sV!r;qYB|cRO02lvWbI=WsR&8
zBdoUmP6_eo*MBunaDmUMWTl!a3`ZmEqFqm7G)FC;^*xSvLw#)yN31`>sC99uu?i|c
z4v^R#lw_I`K=zxMHapBgKK#&R!d7HT!dytI&1P!=H=D1p39z2UDJqQDcP&N{Mvkh0
zqmE6_xlFM`;UV-(J^aH#yRNbSPSHSIK^AO--~u)$8Cx(jGJ_NL(F>F}=9{&?ey4%H
z^(?Y?xQ)p`Bc=$J#&KlIb@DkBRdc=FfZAHEw5i+u{n^9YgKLv!jfPzf*7@P%<=vJg
z4=vOBPypgYG62MbMrLcI+Z<IT@wGA~2@Mj`3Izg^h8f})ttN`_1+|Pg);OFmE(YrO
z8Ep++9l89Af+?g-ECp5^3qLxqnA+isEkW|@-<5u{<WR(IC9Ni(G&Ll1N<FEDME_4@
z?;MI{5v>8O>`Ts_wq>*1MOJTXuVVGApcXVq%4Xei8~~R*n*Ja0to%1_oHo0+RSH$T
zt#?lO<8Qufh%a-4i=_QycYXq)1NO4m8Lm2@YLwD*f2f<^jTrQ;>={&yjkZgwU5S4n
z)RFKZNPm~lbAgDL?V%raBN#}w;K{J7@qZ;U$mwKHyc|3v(oARwSTMm9g;m8p!1!x+
zijf{+qzI7l;x=;$7od>+i7%<VD50AKQ;UjS=_w>kqnFzc>hg@^Ux|2ZGO9gZ9YG?`
z?N($hy(?+Vvo007eFNfVUwmK!BV&*Eh0v**uA_VS_F62Urbm9n{P{`S7oVGY$J8y=
z<l_S|BYxR~GW@0{EuPjW{)&j3RIs7DRc`nl!XAJ?8<WW%nEz`%z>qjMK1BE+pL;(j
z{U@RzSDoT-H0{TPO%BlxMyyc{CX^k)Y=9(}oeNl#Nt{xKRoJx8E96s3KwWU8k|HF5
z%rE<&)W9Ba*CQTfaj-K`LSuCZarcu`RJf(h=JU{vX`8=YzntF9-XQKrjYf8#*1lT{
zT;2eh9xKa`2RND**!1xbGq_w5$A`CCk5sIkr|uJ<RL)$<iZrrt6-H@7{`{sC_T+j5
z_Ud^Mdia?5%*_}ICfO=8gsJTQ(&fMAg=UC;bk<#2^_evQiL0(lp`QeC=8sk(46yVo
zr+Q!J&v+84Iakhw(G5?!2fZkWO8WJUg|Hhymf1?e%3pLvyL>;@#3#CSKGIq_8|~)~
z+l)qz^&JANL7PQbS0nQ!9tasaR2whyuzD#K)Lsx(USL~1+o^;B{l-pL!7aA8Jb`y6
z_2>+B10F@eFL{zl>Fu<-Wt3yc<QMCQQ|eS;3g^I~`%E70iy!2MGlm3pIpX9E5TXLG
z=my8dW`6z0l8z?(=4Kt3T-+V7A^M2H4FTaFH9?;x)kOxj69;M#xKRl*8?^)tiPw;I
zWyxFA$04xSeU5Mk7JUE906W056?XnH#mXj4UM@$4#eZ5^vSrFQ6GSR4h8~m8o=Mrr
z&{B)RIfA<t5|s-o0ul@>-F4+?#i||P<Mv|a-qCE?9@+SVIu5_UWe;9zqYH;}5M0S9
zPJ+Y&I|X|pp7HLL)su76nr@M?rn)$Bf_!7IU(YqT`PT-BPvE26iQ=iFEpFPpukN3w
zrn%ksv%PoYL`WxQG``CWSKr&$yZFVoeG7dC1Gp*kjONGPseOy~vYkjuPK`)Fnax;G
zCPOf+7k6ozI@RQDMG5Sqwn|{~HS7Zo{?-0PU*pc_2SQApai97809+`{Ucrx2#W@+;
zQ$#OSIBv$AglDYR-vg2tpbVPL<D~Ru;|XV&sY}9k_d*V7(ZTfQ5czj#<FN3~(^-XR
z(i}xSg_$8sWKz|UdMnmN^tt^22yR7@CcPzKJ+t0M@%W;DwBZ=&LFqy$5*J-kjx@W~
zb_`~%^c^=VE!e%zMt{C7E;FK6SKi=5SfN7p42~IcnA-2)L{hmTloWO+>5a8vvglsJ
z^X3mDqPjPaB;v>d(qr>8MEE781LpJZRnVs=n)|);4&9sGvWh>vcR@A)uN~0jS~%p;
z7IsXfQa=(@xQyxxuPjvgIToZL%c9JTwdu$#sJOJpi1fPqU}b4~9u&?m*A9owUUH^x
zNHmu2qs@NH+7-th>2CwkN-;6ZWh!yQ<_{e7s8jNE8Ct|K$kC*ci$D3<=K~J4a5c0*
zRm6gk)RIz|j+~wyOM`O(<U~2J>+A3h`??oQ4TQ3ex=upHypB+Ef_9g59w?@Haqr3@
z(9t5ba@KC54aG6)9V|HkMqJj64w>OUOK~Tl#I$YrGF5XO@>tD{-f1vO64{&~9#RnU
z%OmihnqiFnco5p(yGPFm0x5k3{B=U>#FyrL^=nxxA{8MDxG=~84n^vmzUY6?C`Wv%
zu6w;7A51)0oU#_@pM8DDT~LtTmrV4JrLe>f3Hq(%ZI_Wo7U|*+lidwwuUsSpyAy!l
zM*rlNI_EPPT7=R0c_4lR_8I)LC%QD7k`YC_=_5gYtn`pL!OVOqoYbmGHb0JZv$%J4
zxcz9yEtLqv;QiGAP|(Lfu>we_@~h^<);fO&Azbo6%7?!^6R~IrL;StqJ$roV1a#eA
z8O9(FSqk7eUZNCA6Ghsql@Hh(!jS`!Zo&8VC3b;#fx}omyRqy{@pjq1bH~SUv(Q^o
z%1i=yd^SDmDc-^EQgrMiN}GuDbY~0h4}HARM=UNFb^rwdtS$U6mTd_NMI_YgZrSP!
zA|pSThBTm6wv|EzJGEl9=KG00e@ARKzc)}1n6flM#y{f;sNMq#`)uB2Q2r*fFTv9u
z4<@+le<WYW9JcOSbUk#Leo7m{(e`nsLLhiix@OH;adNExp7ojzF|$ae#XyP`P6PFx
z6pn@+_~VcV5a$QZCTXK3LYT+*RVb&R95&6mz4II?{5(LeE2~P8X>@PtCV0p~3dS>E
zs`8d6`mM8(X~$0XDI?<MS&W~s%XGk;W{TL>ZP9j#u|1S3DB~AbF6gNIjc8UAQv)``
zuGkDc?`Q8N+-gYAh;<(AdC-RwYDgu$KU#}@Z?j<npiQX!id4LO@2~<3FuND^pr(9S
zBb)t;f2yd0O>gyJc{%|{po+rWt-31WLZ!d?<{m56O~%QD?lZD<^Y?%vO{o(DB)u~s
zy3Psi%ycLk^`A8ao8oLdS)=dhp}!zRUB>bEsrPCQI*AUZ$O7@_%1W;F%<B9?RJIxj
zaGrcFNjW+gEKm5tJlP-~OyykmZryY>3i|&zvb}J<zX%G=;&cNemGK~0xj8w2Wy&G|
zt*w|1PAmz#W128Bp@aT>apfLxj8&;U@&(Flt&K}t-Ub+MPMeB&3blk02Q059x5#ek
zZ3kp2B><aLhTbGdnkI&a?>~*@vpr<c=m(=YuiHz1Cxtf}3}(V!F_u0nA5YfqtXYu{
zpeLr%^ko%=lu%d*BrMtl?{QpVL?;0IX%F`k!CjrcGMC48#n?`7Z>I_^>h8QEkt$l@
z9~LhYxGsFMxPf}f=WOQ;3NPvy3QOo0d533F!Kv}o<=BaKhu?k(klYxbpnUW?)&3~`
z4lIGr&Q-{y-)<(9J%j>!sCF2sFb$Gw8nGD=vUOO*I`nl@vqQ-r299OMy{ZAE?RR)F
z*6y4&ZyZ$C)w)X_X;C|Cw<A?XQsj4FaCEO<a{4t7mwbaKpH0I}tYG^X{R<Ysf4pel
z=z2yhckUIH&c1n4<-5Y|Aa4gv_kE|>3)+j3+R0w2tefxTkH!OEQsTm5nz-YRu*Xmm
zY^*nqc5jy$ms9nb<a$FJ^D6*!m9{pT|A{?x>%s}-LHUvK%&i*A;G3?e$Ha&o7$yP-
z)z=7Ytvpk!)W>X<d$&A(2sq*<+<k1sUKqN6IefUgvn<wtLZ0rZW8_Stp8W`OPp00R
zqLFWD!k_9B81e-MU#+oTe2{lkMgRC6&EucSrIVN+-L@d-(@rbzL9q-t!O`dtj_U+5
zTq%?b1?;F>AobK;J)ijidE%>~%Z!MS*3p1c7k1*{vKz<8<63w@HwodHCAs3v<KlH=
za5j<HMrY}-g97g~*lN7~gEgV8p&nR<!vs$K{B~q$MraawI)aj7+IiM&5V8=sc}iY!
zN1!0c+L!L_n8k3UHrxPK+!y|emfNTl*>1~vup08U2n~m1-wf<Eff}e1v{LV*pq%w7
zGZYd$cf@2PQCwVopA1oo!;XOSLAPA-(odX1d~V#0VOm%6pC30WQJldjw2zY`N`d4h
zu--K8V18!{LHLIAchWNGgp4;1D0oPfr@1KK&WuK2Q(cJ7Ls<bld7`jh8n|e9Z3E+^
zNbDgy@O*{Up#|Ns2n8Y+4cQ+c2H<gCdG}F1YZ2t$7SICeVvRpQxMy~3s6rI|s&<E7
zZ$lS;WZrc=V|Tx%h80NeIqBKA+VS7YzW(J|of(3nsz);g^&P&P_Cj&94{D6N@LJ(n
zzxb@-{IwIb(MbRp|31&~EfBBDSP4wC{sY9HGcZ$H5W!L~hY}NH1G&ABF{F<iEkX|5
z=FOyry(4SxGGF~1vXo$O4)41R{cQ)<VR@L7R;Ih;n*hPFD?<9TZ)avj0tvUJW|ZOf
z(-NpgL(9S%+D9o4Jjho6p0TgT?ZuQcOQrQJUi>jfZ(}k*(4fb=!`;oNPE)rh+kn3K
zT3=yXSK$~O&8D=sFXsG|%+nRjfHNUoG=({mIKeVX+m{-Z31a>axNQZs&<q2FK>@e8
zR)ngO#tmtxZzf^+yJ8uI1MMd*ohGdVEnR%Dko}<FspGw0?b)%x5tf7Kg;;lZIreGk
zFhzo=Sb74$tPJE$EnTk(s~6ThSRW-FiX-MnHM$YgPjwg7WlI>g3#i4g0dA?;ETJJ%
z@h2AIROBg2i*!GZw#bFCS~>1l(t*X5s?yE8ZH>Tc8jn0-p`!4RV2lo>48bg3$qAT6
zboM0>9D78)=o;6ogJ@FNT*nvfPy_Hg#Gl)4m_v+!p0>K=*g^#=#Pv++D|vFo8kjv;
zj*8W!lADa8TqQrBGOMh|-tLnYu~G{<Bq-}aHCR5~q2N;au#|O(as=kkiOY_oh~X?`
zx_AwjIW@>df)kQN%YLeAJ3`_3qWM0=%(7-E)<^!S?~2-sV&7FA1dJLlSnUp;R4))w
zm_d91<T+wd+8YBz^ct&zT>OQ?G-}MhgkFOXb}U{eTu80A>`V^}as4FT$`&#9{3uQV
znP=j?<bG9y?8)ocy*apYl3UoZCXJ`lP)aG4B!(ye7_Px8Dm?9bex9qwqXmUjLC9~U
zm-Au;mnz-Z)C)P`Vi!$V%Ab&9A+B}Q?se+`7iUUHcJzUzl8zsRT@*jfIw0<Q4R=&}
z2<@_KM-aQ~y5)6*?ccRU3f4g_cQy85h$eKGi^VZ`qw{NHJh%!88P<i(DZw41NITtN
z6}FKt$>S<&DQc*$s4fpS;yHoZeDX;}4iAl1nfNXbwm&$;EVEfr)jTbegy&8{Xn#}y
z2x~mm9>TU<PmHi!%}HnR{i~BE^w(<Gl!_nNFD5XV7yI}&sneyMt>HIkSv)>K(9zqM
z(vcsf<FrrE?I$H2J<M{a-$};u30d=#;k%B=MFR8I%W^hjhU>XTyfe&9F>B(+Jv~r7
zg%T+X>xUEMrB)Lt$(Bu2*Vr(;gkMSlXo0t5zfwhtB;=o@jAc-R<F5>7efwR9mz>c=
zX(dR27#g5nODM7(JdZGm5<kZ;6ZzE%%Kxoo2<ZeH!Rvqas{5v3Dzb}$iueyF`jx9}
z&?0gW%52z>LLbwA*mzN6JWy*LH<_HUf7!uQqn^+Qb7r`F1SKr)jw%m<KLKblnC04R
zRlbW)UZW`?!4H|{K5iuor$j>fJRO~>33g=vYRCTNW*=N`Q!+gg*vxYcO`f>V$};Zm
z%8`NOj7nZ>8sPAGXcmw)ef*8qG~rlV<G!7aU2Y?A-VJJD?j~kr^{HigDFzwk*Jj!b
zqj?}T^VsJU-``f7<-?1^C2&C5lZTzYY!1!TG0V*B?vkjT?sguacF56}<xZC{?pUR1
zXeT1PZIvTr2Rj!1BAUXvh+C<2vBb6&x!^~jtK;A8Z`_rb*hE12s!=phdAY%HRdK4)
z!lfC3B{2E%67ufAZa2Iz{#?ivHkKd?H7(_i02`axjd>+qGf`4HTz^1nYh^12L@lpk
zb3U3hLqSjDS2;r~DeM>M$Dxc>9w5x4C{iW26km@KMDcboNCQ90Rq}*bt%1iIZPDC~
zOKXUJkY}#?<rVBzL1?pbn-}jKl0ZV9E?~-c=nd0-rfY$#{4E%wFk2;kniJ#KAka;8
zID1TcQ^D|n?lA^$zz{%w4Zg&6z--HFLv1&Tx4atej8l_Khdzm#!`<ujxeb1xrdS{N
z=qis(C@G)O_j9f7bZ+WGQ-KaM$dO-tLAx%*)zK;mnd;{cv{WVE$Q-QeY=f!fg&w9i
zXh^7;7OW1!tr()HZlzKR#c#B-DSmkb7}uh@I6%;9+ga5_ycqx}zydzH5yeA&SWUeb
zLn%*B?eOsBCzygOGzGO3wRr%PSB15p(sjyOv9iXBfLJ?)`RpH{8Q>f8@|v`iFT;RG
z6$)QSm#and<lK=BeTktvzW!G!Q)ZZoI}sS+j1M3$6WSLsWmLbldzG&tDBv&cDLhtF
zBQP}72}EWN6$YeiW37>n<c8;D3ojd4vv9A=!zr1C8W&~OS;5V_n5r+kqKnv<j`&nq
z_5OSx8Ifj|$y%I!c6FSzK|#WVuyPy)M%7Hfwrb?))?CJxImI1Tw;R-6*}w$)R8jqi
zJMApBHa6&;MbS_^g2qWRgvZ+R?!sN+LWE5T6rOI$?*>SmfW+|AI$^CW9H(I0&E7o>
zUA&3&D<aa?cR7VVIp_OncCe9M`o0(nGZ4B7{RriQo(tv-75UZBbfO0#ao61Xi}Oj(
zX0r=Qwq7^?i<>}V3DXD-!ag3b49G`V?>pWe(4lqG=|*4az#ecLBktzf+P>Z6*H#U6
z$xJeM{|ktIAY?iWx{>WnK^#XD=aHSssoVQ&(+s7Jm$}_Bm!VKo^9M3LGQ%rd;-5-p
z<_zB)@5OANSf3$;{&Y`Kz)s8-{L?yXw;snMLXr&rx_nII(x*a#sg%Iu_Ip{+DGocq
zdBxuk>#hr?JFfz?#}J0R5YZ6uoCkl&tYR+bZh*6&*$MN01br;gWUjX+vWcb1D~iSW
zbn<Kx9@-+ral-E^WqcHqrg^u!??(z^Vk^bfl2mcnJ%n(jJy}l71J!b(UidH?_U(9U
zdHB60%kXt*Z@fZ4UI{}=!Z9Xn5p0#nQlFBEhMxYfRI3=T1OGqmZon9AcnCITHcnuc
zw(u98qGR`krwn(WX&^*^<Y66!u?<)~nr2DZY!0V1E#_CLV3;_PvlL4P7gkc&yfu#+
zoB}r4xDt#rZ6bpa2T4NNj_<Orz0L24JW@#%{-y#JE(b-=$KGI-6yjf~w(?UZ#x6J$
zkdrIIzbXMSr9@@|DvP!(?jG+3`xLH}MSzbJzg~An5XRdiP$p%KJd7n0N1KRp`i1W4
z?PbO;>-iFcAx4g_*^%RxCWgOQgEyt~z)DFl#f}<jmNkoc)t@|EYgTt$BimaTOm_b&
z6J*3Ni7zz8OFuVW=?+J*&@9ED=C0`6h}JE0i*i_L<q4)(%1;-ooT+;H&B;er3xK8*
zd3-l?k&JRrL%|KlAE7I<6cAf6Y~!YLhJ`t^3GG1e%o$dBJn*gS5D-z~^C!`(7G60f
zoV6;pL;dHxM&fNUSH3v%Fe#da4h@oMLyf>XzK1jr=S?6Le@~M^=iS@Ir=e9d>ODXx
zO7{y*`Sn11F0tt4!1eljL<-H56A;^zQbLTDk!~<$KH2Hl$vV^U#haXQWWfiqOj>Z?
z>@IoVK3on>-R-@e{mJ|dk35oB<KJc}9!;dCj|P&VVBLG>?J_y>FiMVP7+X&zn_wg;
zS3zuu<@!e0sylS>Er}oiJRBp?dd@s+hxxSoY~FixV~V;|IN*c4xww(o4Nzgj=ExmC
zl7{Iv&96XQ3|klwQul5A%f<JuLzr4CERegFQYuv|@`rm7YO#-6_NCW`n(max-L=qA
zt2G1@-lFXwOr9?SOv{oOGt2o9>aFh#j8}M$ce8oOPdN_il{s@%P&AnDsYj+d(aJxJ
zFCIt*g;i2m->@p=L=^yYMgSR&T{MC<E|82);g0t8a)_#OZI96gdb|5_2)y;%;x!vf
z?jwY;J3ec%@OkYUEc*vBZi@uN*i4Md-3Xk}-tXOV2U-F}-Li!Z<*H~dg@%}Qf46vw
zgrL(dxefgX@PC1-N9s{ydn>cRlgd_t;a8wg@z1!hC)>KWVI_}3VFF~MY+{PtaS>uz
z=k7ZFR)6M8oqJOa1dJTw_e+UFwW|le;ev__nexL%<3hNnu$X`iU{H%5ovJ}fBqr%x
znrZonJ#_Pl(lE_+NgIR=(&#~<#*`jT{CHsPjo+lpB8My00~`0o69bVD$yD1g_Y)cN
z@@I&exreu}U+S|rtOP(b9#ffv?iElsb6Y?a?U=-hkF8FDp(GKi@r20^aV1K&Q1RS9
zy=}U-_ktBET$uob0;H~s_(<lV!|KKLcwA_1Sx&>@NQ}==z8~Zwg+?PIz(}ah<Gys_
z{wcXakfNr4Hr_tLmw#Yy#evjCh!^O2z1>rv!|Rh8F%t8aX$N@vxbXC7=M$@m_?^8C
z%-Ata8+4~JNd)gf5y^vTniA^&b-bTC+-u3WAKE*5xO_4GyK(-Kk@0c~Q!Bh3!Dpbf
zo^^i*lT@$FagKg;<1?3yC|M}niB%Fb;16Z`sHC4?u9`UCcoVmRTmEG{zg<q@LGx*;
zt=VqF4qKZFssmWP(5oD_U3&sdF@Qx~QRGEi#+{TNMffDrn5x0m8tnFISW$HOXCmag
z3)yw22(cN<d*P^J5BQ2zX-`IqV6kFwcuu~IdRs)J=5e|-yme+q&z-waBZsrrujOtp
zD1AmT!+(c3f%6;nOP76pKiw48E*2Xnz~hPapp4r&JpvShA5e_yXP@3!33dBlgmx>B
zPV{V-b+gLn$m5l()3)I&T{v(5a`F>`htTM^Q<E2__au7A+HYRxI#D52ZN!`c<-BVa
zRvh$T&_1b(=Jclpzu0wr%WKPbIu@mMt;+k;3?-4WRe_;m$Q%2d=LEu_DGjY*Uwp;9
zlWfFC%>c0cR&{z7Hs`py1+1pZP#mY!RyfQEQZnz_4mgB+V~R37Rg%V({T?Uq?HjiQ
zr3+V+eV;$WSA~#>`A>!5jQMYcpnoPVMB!JJ&su2u#gwp^<yDQO58!Gep7P*w?+Nvi
z{6(=1%cx#=h*!$R0dY1L_y~A$Vpg{BFe(E0j<tZ{j*-HVn*0<78%MNpRJ#AZg}@F0
z$?hio=DwXF$BTu@+8`S6GHH0SY$W)b&qM*=``Fv`W><WY$D1N=&K9KUrosWD#*{Jo
z7wnLJ33%3kEzW$YMmo5&Ix9&iLBE&5&7F}omA~!~zX$()j|G*1LQ~q}u16XD)W$JD
zbYI8<aj}}n)4ByAPw3TlJFGDve*u&|Ag<*LDhb-MMJN~c+^&$7CDWtBrZUY@%cq%g
zCy<b)6JsX%f=U{V4RsDivZv0WQ<r9S)b<cB)GQ9s`x7^&c<*GlE(Im)Pe!5(kNb0Z
z!)Glpl)M%<PSaF<c??q27LI6?wd??oepFJD^FhkXnk>|?8uMcP@;GXb2t)dc0_B6=
zfZX3|mIti{7}c4U%=3f@>k0&vW3X8VaS=2yutRFS`cMIf%p;%(#O!s4u9exeNNNE>
z!*Y<U%5_DKLdgiL<JT4KUr-6RA$T+-IOsebVySWfKxE!C^@t5(_NDRnN(8`rv1mw$
zG>E-+8)OtNeqCG?a<k<u8i#`y#hX2%L*Q|-5GU|4x`QTC<XV;AA*V$oUA;do`iv`=
zO+`Nnjxm0`&Mxs6FuL--Ba6e~j0Kb|HKG{Q;*N!@|I6M%TG8AVM3E`=*yC#++Nq6a
zIX2j!_TlO&ScD2mIFxDPnhzk!FU$Z54u~S4Z>L?(kT&#x>_36#PkDprUGP~xyJ_zp
zsl|T&Mo1z(%UH`NDFn5sRu=YxI?O?FMxcNE-i@*^fd$U-M1@mDfqJ)qU86~YJtbfG
z0*Cj#*HK3}KiPmOE-Jwq$uodL@qm;k4@;z-RQ<sSMp}fILQ~@{xD+r#i{0ou*(o?(
zGiEj1myISV_PF%Qy-xpFJ5wrmNsk`OhQr7|U{xTK*n8!@jBXdS?<)(s$1pNr6~ud%
zaryc5H}45>W!DVweENHJNbEPNxJRA%hgGO>jY{t6>IQEt7*r0)K~L@a6}}T976*wM
z=4aF8XTS<%Bj806{RNO_%$LVO#(se8-9dMd6?6vKG%AEmD;>Y6ccTul`e7=^-4C+@
z+QO3R9Wq+~AFibM6-^kof&(Ot1|g7F3if)3+ald+wMaapd5eR|tf6>)r7SK%3~nIx
zWm<bjxsmN&n9a&4QettctoN}_A%N&cD0lW@7R$4XF-HMVmhAPfNsSbYN?vySp}Sp!
zH#BKR2rTH9Lf+rEKYbW$H7v=^4@5z}$s$gx6IZoR9j=;qL=!h7)1K<^moX4AbT$r6
z*2zB1NUysd7Q3wtwNxGBduD$hhF<U+y?uNiKKemu1t3iUh;ZAdv#KT7w(K}(n!Te&
z;MNV>mw?=nyrpjSDrVj;0VRgqjxJ9E>G-~-f1ncOe1b2igyRb;={v{X@7sdU{TC{E
zZXQEBl-RV^kM8+uQ{VFTnmLDVw0P3e=K#FC@gDR3mK1(e=Hv5gv<Gq7-+N|L=hIi$
zqCES@qNcT`HEUb<{0)xS&BTR@l(D*79Kf`+fwDl}i2r$Wx%Wp><IWAu^$RL7?b9~J
zv^^{9Jdfjtw_9J^miEo**+2bpqEc=L+3kcPF2L4rwAhi^_u5wv82==(Ftl4mgM*iN
zrzYUAK65z`XbrrxKdAd3rsM+RpIJ7~7gLgaNBhN;w0i*mVM@Z9%slZ@PoEUT2K6h(
z+l^&8V?n1*DPRr|9`*1#&Ly7%7M#z91?&-=^utxHuR-Ph;)1cAE>f^qc*+vyKV~se
zeFl6nC92TayZ>jBZ3)Nm-<bH<x;r;;J<kc08z`Uu4QNzsNy*Ck#hWO@2?)S3iQ3sZ
zo7y@%k^F1f|L<%61*Nb8Z~qDX2Q2@;q5t^A{C`9LQDyu8QT^BA?SF@|{j19M&!z$Y
zN0sgWs<Hw7ODuu-MVO%64J<_pU_ixkD#CwA8D%(Dw*MUdbH?_cGd3<@VmT?i9?93B
zTx^|5SeSwP<-A~Dqc_UO2l7^6L2$vbZ~+x-7=U4&2*C47O0<7R_s`}9U;7j&vvR_*
zassm}g~8ZZfh-jyz>#Wvu&*+Or9uK2Rf!1XtKbE0S0Y0GcO3rz=%KOyFZ}+0bpGr8
z-fA-7&nmM22?pj>NrHWS5nU}8C>PML9S`VJI|`+utfitP3zVr_hhrw;VE)e?$X0Iw
z$_&h|uL8<7;DB-ht7{0sIN5+C&GNv72Gp-BdeOiLC8?z%BBk9x(ufHPRBS^5ZZ|;#
zdz-Mop5p)kP5xk<?7*5Df`1Mq&DubgIt*Y!4gQxHXfxs0BXP4R5V;l)=+TS`r64D*
zDlH96Y_13PG{OP>+7KG_TU@}vzIvU$6o3}K2te9qo(9hLMNlwKuK%cVeW{89Z8`~n
z6BY14x*<YfUFQTU2iHFr=qthgE15VNqPsev|9h13LqkB!;a|YuVR~Tmuoe(~L;#KB
z-$eUgpWp_@bg=`tzS37f;J<d9aL>$g|D~y-(eW5V>UFK%1Q$(N8osVwwOps&r2QjP
zDc%DO!!-LC1ua1cO;R0=B#1_+pKpdF4Be&Iqtr!YL;CWMtLJvIyw!sE%tKY~@t?P8
zkDB}ajveTXrYF3sW8beER%C64SgmFy&DHK)UpQbw*Q6kJXf->9xj}0(Q)*K8QNHj~
zg|&ExIe-QtwI535g7$b4zQMfTyw|FxFYz>pFtW+EN8{EQS)-;Uh0(|ShqbP@h`WX6
zeCHCKMpYViBIottC|}9W;LU8RhuyBAazKIcetw`y0#e8iXbP(73{AIeD|-va#k!!+
zHvj-I^Z3anD2&3mVcgj=@_G?=?-H?{R!isLHlKaaMf0W{dx;InQ$i?6BH+OMtQaO^
zk!sbd6XaF+L$z_G{Q>^BJ76C=607I3#Orvp{?MOJy|`vxT3u$_v`ULNmIMnWGz@VN
zKM4L-;Fi)Mbybp{TsOQ0hRYarSDv1dFAUHEt6&VfD^5?*8Gbp)8-!dJs44M`CO_!d
zAG<15N#cr17rr$}Ym8i%;-0elqmuLy-3r!xkADxuAx=}_21cNd@*-?)kU&Iec93rH
zr!hLJoGb+=`a;-BSk<7jG1RWYDmvaC%&rgwN)5U{L`teu?bq6S@$-V=9x9z{!T_MK
zSL$hvcTM9$vg2n*4NrHb%7J%%nrBLaO3%E2Gw8=LoqP>n7QIK(z2$C&iArWMf?O8w
z67$1wBmY9Wf!86&l9hq1TgL5C6ziMTV;#~X()ZBa6;XZSqwn@i(|pWqHb>VDzjKzj
z&w1?FW^yz}y~eTcvR(|nckiC;x%UH<PBl+fzk8is>^D?3Y?$X{>@!mtPcu2KOh#wC
zeQW|m1{&*741<4nO?uN=O)m5!GE>715RvgaMW#sSqwm*$oG@s$=Y%i?bYqP(HMQ2Q
zDyD0Y5%|^E=cZlgX%m=7K`RSLqL_PF{z9eC9cD8m#a6BboiFugiyi}25Ag!TKa9aR
z;~8m81{s;nkHqPNeYaSZ$l_5`+k`u5;85}krcRx|0Dd(_&Z4>Z%f1|qMK+oLN|o@z
zcK@{zPksA$E1)Ft%eWaX#Y^hhc-(^dGy-JHFyR?4K4!jsl+D}mBpf|ju7AXVNT**s
zjqEO<SQa+HPb?mbFoIjMm)8|=xN|=U%#A><JPJ_P3yd)r#ui_!%7hyej7O=T#Us)V
z=2M^1F!wUw2g)!c%2c<4sDd}NH9LWH!(rcd|F~c8ocQJ+ggifwxw~#nvNCQBlG&h`
z{gTjMAUaC8e7~b(zg<POyqD4T{>y|;h>Fd!DKt~5l*orzxq+aYfj9#&M5u&K<E(S)
zfGyp@A=*p|t#Aj)fpDea+U(M(so>9+Yp{vFhNDNU(OF|%TUcLPoZ$N0);zxHFps)k
zg(so|S(+5oeL{B?Ybdltnn&2(m8nYX+>7d7n8}@uk%pDnggx7>tP+XxxGKz2R53oq
zwDNH7jwC4Byqo-F`J)yv_O`0b5M5AYVW`eki`NrUWYCc3&oeIGpw1u;#(umZK1;Oz
zd4rE3@;l;s_Pjqz^J+Ay$byj!{Lz{pRe1qO7DXuA11(V8L)_|XaAV-_=k{aG#J1UR
zFk)2L#sf<dBEmXNB;dCY4PPS;<>-X!VQv^QeGw$XtF9tUgmWVRvMHjJEnWFk!9pN2
zc+<mzx5$T!&B>H=_&6e1yK07d9%*3~7!YYR-o$iXKCNI#e`)S}YGia*Hv%&pnE?yr
zp(&)L&`XA6^&cb|yJvW!xq-&-eJusQ;zfq20kJ@fju8<^2mc^BF7a2Wft#mo=DiHp
zM}D5}o$_p)_^<{nu7Ir1*<ZKBg}^f*7iXTJHj1U2FuYlZ<yqiVSr`@TH38VcfH^ac
z)MKJ^x~0`5EoVQ2*E864#d*TWzL#TCnGb06_`BMZW_I6KP}us1U-|bNNf$jy!cN#@
z-!ISr8HsbUZP{qwgZGUvZW8HqRT~FrS~Gtgaq6AnxVr;f;XTE7cA_a?Y`1o=*XPJn
zhlOT`_|A=4h()Pv|8(APi~U?Ejr*CIy3KQRYe|b~v%467DCov6GA=aW?&y8}d`$rB
z6kYBwPoR_fJ#B_pt0#t){Ab;SS-(8m{7%dAd5W#x={wvzOm~dOo~y&tkFX{GBQQL*
z$kCGVfXWm=;ua&&Mr~m>scp=Lk)HcyXzI@mTL2YNmlY@(NIF5|l@H)Lb)cTZPk?a%
zqLJkSkFCI8?Vg}Gwsx2M9+WGWaow3f!TJ-)xFFbK_;P6*QLmDBfl18Wx25q<)><RZ
zxC~9Kagox(54LS3M?!O6&tb^$HQb2FgGLxFj4&{OLvUI0XmMi34iX|2;Cbi%d<xZz
zYNxKhqHA_>=yioU;|0mLH=5$(2%0>XtI?U@B}BLae2X2zo`)l!CO*kJw<3=`Jh6)@
zscK=?f=8CbMXs$4(J!Qdg%Pi!(V9a~=BSs8dmoYP&cB^ov}YhB$m~amGc+aDf|Oj~
zOx+2fs->PNw)Wmkq$q8(K!IsVH_wQ5$?;BCv|Fl*8ZDJ#=nPG0C3ON{TcvV$#2D!I
z4D%^m_Fy}fr`*CW8>(DsKjc@<Q3MSa??3NeraJ8?+lKs^^Nph4nejI(#Ws1eZLf|#
zcb#cqp74(Wp3jM7H|6ywj5`L)Oob{e%Sd5>cDawx08VS%tE>(sgD)}DpoZ#L<>b2M
z+x^OJh*twM>UBTwrZsoUH>xGAGXhLS&|v-S6xF!I6qpmaYJJ{K?HIrn6+wiB0)qmC
z(tGcy=Cz)YUV&7Ab7OrFJJ!+JZ8$+^q)=V)x`d6Ik6yFOBM@KoX_}&$=nREy&&(Ro
zRtU9t@0D>5&B!HQS>7xa-Wd8)5V`~=W%fJvf`#}Q8XL1PUSSbZ>y?4sGd6+`qlK_a
z2SUpIrX$4ebq4Nr`gds$Jfpu;e)Vi|YW?$ipfg7rq$tl=AuR{PH%MxscG4*v!$&5V
z-p%^~<3<=lpAO%13hdoWJwd1esU3I#NJ-06;{tQsya63;cczR&;8cXLnKb-4QL!!P
z{+JK^{Lj4MTr2{8Y(k=M$#iO*l8(-JfgyiU^hj1X2)i7cE6i%u;*=5za<bD9o=Fp4
z@kLfY*dFp9vrj__)t8A2Zsw^sSkXCkMyp=xjW2!hp!#G+;YX-d{`xaWOkte?4q^61
zPKhwEknrmyIU`Gr)bd1Hq9w9V(9{P2Y^<oK;ab*fT!X7RTEwxvdf!sNAGcc0Yt+!s
zW*6@wTQsG%XRB0#2(Tw8k*G5yjqfKE{G9U>KwWcHhRMlqDO~(jIrd!;?@%dY+FkJE
zg0Z3o`_F^JvPxUJ({fDyebGBC;8lTIki)X#`I!Cys;g1;ezw`^qab0=9ICU&iR|pY
zhi)4y&08<V2B1vWFg9+y$I>cEO{(KK2}c437fq&9hl6>KB?2sGFTqHC&dncPwauLx
z)e&*|6&2ynwTrPhuuy>@EsFJ532*WBLN^-p0Nf<J4ZRzQ_zv&-2tNY>z-cVgk^0$-
z@7(_)x-P8}8}_cM#_qrDKr57t#-xV1NDCS9_@~}oXoP}li10j`C}6PZ%|0ZK^p-`o
zSmEBrcK<NsdJj>il+!d1EzDmmi8@v%7|s3MFu@%JM6n-QO?-GkqH{|Kb}3DdzQOZI
zN)GmAFKINk1t-}I+Y(L~KuWBNh1qz#*YYS?YANTRKaM{wv3(y=0LOYKOhir1SUvI}
zI`#%NHr40ZgnAQAGNZZ-4tZnH837F8qtg#aA8w^)>_B4a#CwyO+1XQY*kgsZa~e`k
z(*`>sH~rOv;;Ce)xJ6wib;WJz0Q#rirh8f{c`-d*+DfgOQ^5)YU@5x}W>|QxQ|>vv
zJmL<6q-?R)*Em_wH&!-pkK*sN+9r6T4X``h;qVs?H`f=pyuRR6)Y|+V96AeEIX!3T
z5kW7Emy!f_QoGtLV8mF|vAzvyaQd-P)OX4aR#6Mzo~{xX9WCsr+}Odj9=?3H!y^4u
zItx_~>0-=S5&82KaLLq44~R#-#IkhCu9SR>3kfZ4AK%7Cu={I|EqMSg6+$af0p-ZN
zI~qctm?E#;diR4o7>dX_n9<EH33GF5UndTcHbc;7WinujZ5Ndd7gBj5|8?$sHsc9F
zzHX5#UFX4@O`9PvojsVA1d>(DQ6y2DLS{m8iuOpVoK1!u(3Wpzid(&Ll<-bT7_;RN
z9&QO{iaYgpJCDmFObkCi5Mw-ypc{gbU4`YY6V1d|>Q~VXjrS!!JCjC{1~^4?{P+dT
zlvqeJbIor<A9gU6o}UAzCdBqjuOz>8iw&RzDI<aMhvx{nAhZ0%lP3MQthAQodn%*&
z!N47S``2VU05%~X!4Z)5rtw^0i)B@@0!0l@JHOmDkdWQ@?Q(kuQ&Eje3B4mNr?UAB
zRAFOv`>!3m7OxAG?J;@WU-+2eZ?>FWp_`R6tQNc$l<D(=)HEImyhZ?HiBv0YP-7ch
zUVL+FEi=z%^`rs}M&anNfS2<53uXK!y2)Vy{tzljfb^1S$^`sioS3%0L#BL2iNy^K
zJSbXRwzDDug_I<!R9%GGUVnm_?1UV&bG~FE%3S8Go7)bVuDep$<t#4+gLp6pRCn~*
z6R!NX3fI&rdOx~0UtUpkJ<zWH7j(%F&)eT6gcK1wB1XQB!m`1wa5v|)3`;4l+4{%l
zS$KHlfIqNNTZo+VVQ<bnKXcA#tgcWNHFWUOt7jMfX1*rmR{9o$;jbFlaKFS;`|8Hd
z<MKnlM2ybVM;>@q8pu#jy(8R0;ZvEW0^1U#r<m9q!UEd%OL&UN*;$^r_XW@gxBk>`
zUX4ysFUd-_{q=Pi3*?I`gtssz$k3ehvghPt0C3r)sW!8R#zK%+8vi~@ol{UnN}ntv
zffr!pFj!eo6e62=-dG)xYl_E7p%{Tu|8Po;FxBH6oSH2c;*{^0%m*cPLeGHv{A2&3
zpD{u|dkBi2%PSW_LaHqV*)oW^Hi_Lt@FW30dyc#!^jO4re#*J)OUnh#h<A`%q|qi+
z21uki*jscLN620A@CGXp?Px$IHsIdBrWtIbZ!uf%t#9#vu>GWmo=Z(ZWK0Wt7t<r-
zoGh7JS>#SZb(qCMU4xcx@O(eL1^>iq;z^XNWVSt&<@oj7RQO&t7ZSbq4QBzY3<>KV
zNq6R9!;#%g&>r#!z6oQA3ylu@$}jimNkDs%g{(#R6}R#!q_-bH+rAZ`n2EkB^sVos
zDem>}9HwL@MlRJ2q3s;7dD?0RuQZ%Ni;Z-Ta1!8LyI$M1iXg@LZe`7n-Im9*iUC1y
zrRC74#(nU<6wXu!{m0+Q9vtJQCiVDABWRkq>Rc1<M6m;uIc^!%qp!sSSEvRI8?aW5
zQ8NkQAfl|SsVS6B#SI2VE0WO#P38*~hbV#X%jc1Pb;YaWf;!7oxfg)tUg`e;&xyHW
zqxA>R6;p#=PEU;@A{9<p%eyY0;B7D>;w+}OU36OC0ra;2*{@RZQo>X8!2ATMY^^+w
zcWwO$jjgGVgb6Ix!W~+^K%aYP96;n=4SZOjmTg({qHjWOkWFh(Q7)g{%=hjam1`B-
zD0C)PE1_9g_Al8P=<iOiU?5!SwXs)T$6Rsm1jr4r$|gBl*JrjqNSN?v`fPnpQ7{UG
zNhh8CkqUt2X+^MG><_!@gi;^iPZiMJ?lmLBA!_krO9CqlQ8jS{W$I?;1R$p@9d2Z*
zbFV;dhocNr6&H>l@T|Qj{!Ajko;@IY8CxXOzeObpdL%%4-<<=t0|Nu9kM6K$A*<h>
zY$wDwy|Y6F<{-xXnwq-0bH9z`&jrfQn%Gv`*)X>RI^`<qG1%nAJ8s5r6np1?M?R_1
zVG}{N<MHRN(8GVLkUPp|1N8GfGdxL)z6m*HaktAF!qUNkjQna@t^EcaVEaMhu0&*}
zZ^)115A9%9l+i{+*`)Nwg7{Io9l&U9&y(za5(c7Qycoi)C6es*U2vLmzU@2zBcZc_
z@UqgbJ9)CIOL7GoH1)VF;q(OU{LZ!7;+TK&9g$E@72+0+Sa;$u4M63pe3&U%sksA;
zj%|Gmk1!aQ+tMVGe$!CY(nuB`F5rdlMA2)P;2HX4;v~ur;Yv@Vh2Te#l9<3G?R!nH
z8Etd9y<rBW<<GjQwKv6-Kg{TQ`@KyEt;F}48;Yv4;N}Q~dPhJ<dR206G~#0I@;VRQ
z&d1r(58&LBgc*-_5CC5!IBhedgnf<DU$q&u%KligHU{H7(k0l>fNd^Yl6tCHcIb*=
zeb>o?t2qHbB@qK(C24b3Rc&cCRTVRkw+Fe1a7-QQAw=g=&=;vlaK_O+)L|ekS>*eq
z)O7O1U<0O5CLLogp|*^u2ppLiF}VL;SZZx)qe(Bk^@UrYD}eDy0fDFnk<;{`$PdD^
zW+wi!0!cS$!5c#ACpz4|YCO_3mYzeIhbt=eOf&VZY(n+#%B!`wzjvoKIc?iwop1e+
zDX|ZMk$;AOSt|-z7{Sf(>EC4bCv@#YgJNTh*K_X&Z$DWa-tF?Boq{Sj2_zAw?Hk6-
zv!^S$He&Q_&;a|Z-4gx`Jg|4FNh0YKLzuEg7#hWDGIFgJ6h+~{Zyi9!$EU>QWq4lg
z@~eQ7#(|mNCOUr!xm)E-efh=$BrZZb88#8yaEG|@(*oczu6AgL)WXD9;%Hmb*nFc^
z^QJQK>hbDnCrFD*n4*s3)|=8ITsUd?ALi%jTj~YyjR5%O{RnJn<-BIS0%bttEE;ZP
z!f`eH#Sj8t|NdMs%kOL|6zE~(%)_!!c=_}r(*>rpz!gnobD@sc`V2g4K#X*mt&I}r
zC`eiw?mPlJw%k6;d71SGtd?wXMG&#gzIXU^VS}E2D(idDK272>8`X%E0BQ9Hf{E$J
zceu|pb3m-eDqNtL7*fSl*(=vCRXP7J=F7o3bNg>;RWI!G@?e&{m6B@!KD#&b+?2QR
zx!HHI#f21~X$Cl(H)rro1g+ThYgc$n`E;mWW<(j94?FRqoOFGZ)Q1^V*F#xqF5onj
zN8V$?<uZxRbrunsTffp|Nrdyz_ltaOxT3%Pw*YtPbJ8TD(cz3H!xQ(w%HwadYmZhP
zNK(we-|c_MY>*K*XmXjT+3~C@-o`gTw+t{t*tpW?TWJq$IX~oBRcwW{i`%3I_{z&_
ziuTxZnKTBgu=5qA_w$vB)OS;ir&K!ySQTucw!Cq~`o^fLZ3Qj}0jr{Mt~{N;!6E!w
zqW}+Yr$4?HkZ8UZkk+rhM;dIpET_$X1X1VAx0*_BIov)kNZAr*Sekyc{SNtRi9TM!
zbVPwxR&$8ZWC#BU40XTZH5Hflr%cJwDy#P+Q&iD&?{n=k!&FLX3Qn`Z*WtQ3%5(ig
z$tJE9&+mY&p_UF1!0yRMRXSceYMeHmH34)+n^V?ZufwcF*&U>g9nV@<23bGnnbwZ}
zG0K~QG1E$eM%IdA=-nqj4Zun=fB0ROs5^ga#2)TF(sQ^;X0*BrwvkoaXk@J&_)#>%
zOWeO2yGcCbh!f(2F!XUMqQlfGBk0tAhh^N=V}2+gGigT$fn-3s{F<1m7h@;576`z9
zrx|Dg;35eI7W;ma^a8&1R#0NJ&b@(wJ=)w7dHPn=KaJ!158SL7U7h94g4%}@eP8n0
zw>8+Q4!j+4gEkZfm|w_UoI#}#>WT(;i`mh7S+~RCozg0aE9X-)Na?nh8;651WWV%8
z$^XRp(+xw&)bF$UD$$R3MK%vd$OGun(-q<D1DQ5r#e=j*$+6CM53A>wbqxiMVjPSL
zH@*@7goxNfh_7Of04Ka{z06yC>?Ml_Av!8v|LsIhcbl0y;~3S5RIimI!ihg^1lBeO
z3mebU1RFi&!XY<x>oO-2bn$oO^Cpzm>a|7@e(mvDM(c?_lpm1$vKhPnS`7%O`14X*
z?KfL^VDB#~FP2ogV6k|52Z?0#%11am#W<>ADn9)G3VX}AteUQETuMr$ySw2mPB=;F
z?ht9D8!73NZjg{pDe009X(XjVI;6Wqnm^vp`@YY8d42fLr~Nx-)~q$h?Aago%p5Dk
zJqWEOg;_7Ov7Ncn&Kn4G#!_m+qICF@Vs6g#Uaui}Jg$HIsF(W341oH6FrcMnt{p7U
z^j=3<zneV^bN?lpyaL9DGCWt(bGxC<U4${D`Fb4*TNVQ>xFtMtG<Dn7{dsbT-Pdt+
zTIr0LAWp;`LO+9Jy|c|OgZAc)&i-}Kavym$<vVQr<9=%Y>`n*9(Y;C@J%_zU5sCH;
z<QpN2_n$HsLoL#+1yF?_a_^a+86uqgilttm#Nx*{+?=M9-}YJ8qn@d%GglthIw8`I
zt)@LPTJ$f9r3{7JCFCU5nH1{GB!8H5bhLfmKotDoiV`wYQPAb820jYxn^9>_%FWeU
ziWGpE`?3qF4&BV62|~K;&1amBbHC-ASBh;_^jcAe)*+<(>UpeMj22V-i{_no7(`4Q
zshLr#JZ@t~;2m<3rLn5K80L?(k4?7YtB4v#NA#{O`7i}{+j84ZOuYC7$wb7;5z`_!
z4`;7V?Ur+X<C?8}zr`8)(?>jbT=WcQTFR67WngFDGp|OxZx1_QirYsbbboQPjg@MV
zn-!Bs-sdNQ-wvRV$n<C8-zsv(g0?l%>osyQ3m$dEt>`z;(8{p@J05}4Sak>X+WoE}
z^W+4}&$hVW`&rQqVBeeU+B#CHWf)OHwELp-Pd4g1(Jxc{OdXy3oog%NxwY+X?~dZ3
z14ZOtDov*Ep2_<fiPKZLpnjVW7sGBrp|=j8NYKIcnJ)*Qc(3E|Vc!f2%!hKhiIQ~`
zLj>#bzDs{WhMg|PsW*<IOLh96&s1RDA!YfkeO}FnZ@bgWnna$Kpi<SWaa)4lzklQO
z<r0X+t2#d_S+~GOrNiOcjJxpV=$+>I5~w*$Y_c;P4eQ9x?de>Q6}s1?eIy&6i-1*a
z0%&+Y!fz5mh?c-)^0aj=Wh}v>OA6dX8Wve=VYwyECja5GY-4r8x&pW!Q#Qd6POuJD
z{mGF8x9@a(VD*>&UX#=L{kQVKn-@`!nF|L3GNWzxpWQ35a86Q+eftAe1TDbTj$FL-
z+#6MTyOo=H9C-EtN`^iQ_auUAj~5Ro<VOYr-^7vQ*5YNV)eF*Q&qptly!;;S;`f^s
zrM1d*IVD=gjANqS<v-vDyGL~mS8FZ`>`tpT!#N>cpM6K;PXKo5G6a?S7G5*<vJvwM
zN<*yP!$(^8$B;$I-6PGZ<@$qinbPUyyfq~@RJ=~k9h4W1oi|%0LU&hICq4(PYoMzr
zFBA=%60ie<Ym>kJg_r$pLvJCOjTmyHGH*n+SG<gR*G>Gfkgv|Hmy~;RgB#i+Lf|eE
zyn2LHGj~0Y=m312RdLw5dX;+KyD99y-mfC+QpP~L84G(#0e7M?g!O9WNTgXr11|}O
zJE~8-1^-mIIp>(Oo0I70^J7PRrTl?hQ4E;@{PblZPSEppVNRxL_)0K~f!%wLci<vq
zEmz5{WM9G(b)#nx?a@U~T$RQhrgH>)xSO)joM03s9X`rr6J~0+KSMLvH{}a;{io=U
z-J{)(KUu;r7dPk_(GyQX!)s;-^n3>chJ~PuL*8A%%cd~E&I=TM!&6Xn{FH(w==-@5
zUUjTkDS}SUTB#Ec3g^;bR05(*@Cz#B$en`FdV4uVUM)#XI-7V!S-+UXLA(G|K|E@a
z7DM<$>&aB{;Ls|tk(=y9i1^2`PBhc&^<juYLJ}w|7?AVvAnop8nydRGtFrTF1;(&P
zByZJLV1mr1!2j8uO$gs)OCG>Lz)bkM2}Oi~l3!pxZR|2{F(r4BBM>B*ZLQ$({AV-!
zzcxT&|JeZLfr3E)y#e|LRYPNT<}3Yh+pNqKzyKKnmWr0M)eexO!+WKX&!!kgh73{D
zB=MBq`!ou;D3L-Ypm%eT0zMsx7j6kp(>CBZRX%I?`SOzcI5Sn$e0b1n-|$g~i+DJr
zW~iav;W*F_L?MNaj5s5#)@<i|0)_t?1z*2I^t}T-_yi&!^gW*5D$sI6b1|Zj`}?1f
zl0rWaza~4cIPTn4#SuvZ5ugz@Ud<|;>uj0;eQsXd_H&*tKpmcLK6mL2!Ood&!?FQa
zBgmnvMI-5SObWCjJ;<Sw_UPC#VQxzlUq#7yIvGK9P64-j=%oR?vfYUFZSeczqn^hV
zN&-okFVUI}aZ}&Zk@xNiyBO7>++=x^w@6xjc8)RFF0yD&SZ)hDUw4Nz(_e?Whj<1D
zb89#Dd!8|8bJb_UZ0>D`dSK28+vr<xTOR*hCN=vhI%~X5r8nvctk`?_d*ap@bx*&&
zJk%yxxCaBy3cXnj2V>Gi%i*66ic>#QZ@wDIy(=!5vK@@8$xl*sF4~;Ju%_CS82PNF
zMy>w+BjKi4lUm_NQZuFKyr3!fJs&v*pI6cOQmXY+mU}{b&Vwm<s{2L2DbI*Jg`(<@
zemYWk(xhr?7|0&oDaJ#gl)Nbxj$?kj7tjOzc{Bk_hZ|ILQs>~z(Jgq5a;Wsn(D!G{
z*Rx@S^e;&jAtk`($BM}oFKIRUHYo#=U*kphdD~IT0-mdFOUK407C(K*1;>+sd3|Lh
zdF!@K$oSF;3JG7Uk7Jg2E)RZuE3Do1o@4^|*%r+CI)C^6#@GE$_~-X%L*Q~M92gJx
z|7cVgBqWE>PLct8+Np(e<(W)?@bC#pqw%Wp$=NsRc&wa?8G`z3+?#MvCnjo#gMu)A
z%|3_JlcV8CS-;mXg~%8++lM0g;0*`G7H>E*+_N9x4q6@tudqjZiSFbD$W3dHBV9!q
zcD$LKaB(WRQ5!EOTCDsk>CDj7`_W#*GA1exS&Yc%sPFrpa}g4J+JdL|IIKKON>@9B
zYG7vub0;LC^A~Qc{EET6fG&sUY6P^`tJ0i@=mbFyLC`Od;)i%`m6(Z>U77-0=kuOK
zQGv^GcRYh|=59IT^ghHII;nur-Hh^_P6TNaiwrJ>3CvDyeY94q6!fnE%v+4v9gqA5
zIu8KTC%F?<vTigu;emQVLe<@K`i~je25g?Y?JG~2Xx?>)_j2OlR$4DLJqBI>mgiC;
z{E3k{!fZ)+xz>TY1@!rh)G8<l<%nMmZ_El*Ng2M#tuLE#*SgS^RxsHycg8-h8|vA(
zlwiCoBhXXrY}a^xg4O=9dn<vn3hl##D_e@+0C!~viIk!*JX$iI!|-UfrGByy{uXQ&
z@vEFzWU1|5E*HyEC-9k0|D~78pg*Ms8u{+c;8|LlhDRBHk$9|C!6`CD5VKgU<8Q;z
zwz!ajMzOG2MKhQ0$vZTF#F>;~W_A=IHYDMU%GDXF6HC4DB>LHMoBP?yXzd8SH#W~d
zpqdC`FeHCJh6}o>wR*jl#40f=oft|0)i{H}y#`zl3rVy@U?Oh+#0%gn5l@VOP~Lk%
zxt`#6HBn?eGlPU1d&UYTQXXPrQaWY)T0dmbsaZa~Zc??<!!$?k=9aC=>Xb(AR=)t;
z{S5b~5Yf3%*bX3G$|o6a+8MA7EBsKtx9mw-ZFILz3Xh5n8}78c!57>DKeD_wtnSCQ
zy>zOy=c>zS=`p^Mmah<gSlg;=mv>n;(;O3Rm1bI1I8ZM-jKnnod#Cvew0=IJqw3I7
zh!QN<It(It@v3ii0jV@tX?TpZQo~W*>_l!ra_5sRI~LP*dw?;5!rPWq?-U67i)vZn
z$c8=86kM$IIU=9%vz}pPGwiL8Mo2SR1L+s197AH4qejrzLa&44(6Bo2XjmZFxh6bP
ziTHVZnVX_NGW^`K3$h0AQImlDdf3Q2(*Zlg56)G&uD;}}V4e0H!zO>d)~v-JsGxZK
zJ1)wEw73-QxMh~z?)#*Th6@He+)EqFT>iQY8u--90L!>d%$)i3mmh3ixsnRxnl411
zZG@F;u~-j&*?2b{&pD#zL2@RV?U31^y`t<tqfDZ-`q(!>;?X=G9n$W2HoTzZTOoeE
zpd=O%!%&q<bYTeXpdK8-VyLk&+D@&ev$#TAUbCJckWIrZ<6)jHIwq_O_3>dlUF37$
zzJ-I|^S}Ka43!g0gR<$#Z6{g~%dr0>w3;r85OOTpod1=e3&rXGHUug`rG4b2CsU46
zQczM>9;9bJoNuj|uvsL~ZQrDIHTGI(<UHkEc&u*|uz5XGk)O%Rqejqu19Pa+sr5eo
zB+6f{DwfwQ=n-L5ONz+Xl*PTQ1647F$ih2bL|Tp7887(AGAh+JBbhMHl1$xCH+5&;
z{-&(hmBLnC>BD;r_`&<@2aU%t#60O6vuXafFz3`?<pw<8P4^jW!-B8G!-WF31B^i0
zhQfvm@2tjBLK(#IW$XpfDLPbMkNg;mBdy8DX5V2Xo@o{Il~SE$TsG8H4=<T3fk?ug
z+?0H^Lil9%Qg*_B5RzX~B>Pc_r7-o<xVE7Lz1Pg4p<2KvSXF@w$)@F;i^O7EKFLzj
zQ}VhQQ<pu<<`Oc1OlazNzw-OavX{Ao{Ym`9y_~a!ED;;+TSS1nbb=TE9zn0<Nk~3j
z?qp~ySB|9gYYz_z{^)b;Bbu+7SzRySaX--YBy_V+ACx$p8pFQMjr*ttdj6tBbT>zw
zY5nBbo>dNZxtNv5AKxV|oVXI-A@)6=jr>};Hi;m<HkNwFmT<e#Z;hoqQ#h2%({*b8
z3)hoTxE5z3_~?Qz<16Az^bc(X)Z&<>yT=2?7Q3Obw`kiKb^fYd-{k0u`Xn}*;WC!P
zeG&Di&WZ;6!At|#8yBvj>XU()YU_f%19J;tRkrjpnNki`HkJwkxcYmUnUEh36(_EE
z#C_$Sy5szaf(h65&WyP)(&d*&Z=2JVGMT5HX2u3anCEe;hmdqyJZ}Wx!V`&^a~0A{
z^bo=7;1<_St1H?M`#)9=s+GvR;g(+7q-7aP=(MZmI+ECHFFuSVDw0Q+I%eRk-;n5|
z+3q}cBpKxeM$q4fFrl1~(7{qLiMrmlg<(&k#9xTy0i&b+nC?G3M9^LlOah2?jim32
z0qT{Hz{#a;$!-QfV0eD{#kj6<iEeeKZ^EZz9@2^M5@y`#?C_!pZ`Yn<xW`+X5B()8
zW6YHfW4S-M^eyNrVggkw4Z6KfvU=qOb?Eq837Ue-oh>@Io{f()5>49K7RpOVTl|Qv
z-`ukEVbvEsiyIzlV)oQb&BfeG@P8(+54f(Y%Ca8=@qdaXZA=??L-BqID=GM>8?r*Y
zKJGcLJj3{&2dmdRrb>^y6yEJZOqqA8uo!6}UU^bQRZF@QA$OzLAO%^C(fN55E%*(k
z-gCAYAMn)y80hkB@q7+&G`M*aqaH7WHSHR-$v#QInmXq}O1jQtqn~$(d+TraxW7_i
zc>nF5z0*dHF}S*Bc#qbN@Qw8aTSEVUip6`$Uh-HPAJiEN?JoJX4mfd46jv(sZVAge
zr+vD_&)qBBEc6dS39bmVf<&V2bzW#0cb+^s257D%j2iU`IM%f~1COw1D!lJpGRBU?
zUpemrwtbl*a>8cOa;PgzR~Z(GzD5^Q5l$7`JRlq9ihfjjcPiznU#VM)6uw+!rH;NV
z-JXU>Uzz0~;1#42a0s_C@8=OA`_}avS+0JPA=iy3O<2cizxO=7!50r(bhiLwiqq;T
zgOr1@i_wjY^r;V$8$`HMKKLeF<kXPvt#o%dLh%fBN@dV#5OaEGXadmeMO5kyKJ;55
z_4l6Rx9T|FXz|2=+<lumTeHm#GqVV!?!y9mOFSKK;5DoiQU-5>A6}?mAnX4wt2Pg9
z-Z5cY7Mr{>{CPq^mrwD4%#BD3^~aVuC5y-HAR{so2lV3odiLxBUt#TcbrU0%loq*m
z7k~uS{3#nHYi#QPMJg)_4ddsdH7uCpOex2<{mqZHddyp0C$LwK*>!IbPBl-&+1{Xn
zhf^Fw?Qk^&ryBkx*=tTtkk|@EV+8X1-J`A0>Hee*vn?v?hyi-BPS3$4j_nK7K1h|a
z!`;RE(tT~3&Nq*7G%H87G<`T~#(2*At)p_x(v>LjB6au3iVbySPN9a+AG^zsPv<0e
zsIaqvNC}VdG=y%(-2IhYbwf&6_ge(@gQM!fCcoaYn+N!n#7Ojud%*4Z{o=9qxasm8
zGJV>QqRrREK_^Sw?rTy<bD9&k0({y!^9jq3^L5mW4pJ6~meI+Y*4&TC+y1R0BO~I9
zs2gL3hsEXGoK|zEn%A>C&#YCHN8g!x#xP7e=PVcfnyEOv@cFh(YES;Q?Y<7cZ1>X2
z4f6b8ItT_gq}(Dmq&mCD9km$UyR`pg*TK;0thwEt^i$3y&d10#GpZ!`kvA^DTO3rS
zWOl=SQ{iTK!0U|m`h%$D3$uG02zZu~hn-^rov71RB&+=W7PY5GredVQ_UVd~e09~M
zVnYvcti6>sFU2txJO5zINwnVT*E*h3SuWOnGv`@2FY-}zQmx$Y&zGMK6m9zF<7(Nf
znJ9v5VupM;w>gD;g>^GlVp)|X%F?_T7$zl(mvJ-*>G{drPsn!*-T`hxOSv^wr4irD
zbnVfbMY8J;H4Nrj=a#6u<q}<rjgGhQdP2*%aEW^cL-|i;6#|ojR)#Yq^dS|G6WPUX
znGFnZGajSw8v^CJl}GSzJ9SeO_YB8-)2+-L#{mMVwB<x?Arvg+PKNT@`II#powo7)
zEpoqJ@p_@)f0n5zPE6#DG`{L!63mFR7P7`Od_LswXXPnm7su7?Y38t)N95@0snrcS
zS~aNZ(}H_al1_9#BdbJl0Ch*<QBBJeem*aRN0~+!<;tMJ6~>J<E)*7?x6a&d{966e
zp;fTjloWy)Uf3`u9xQ3;j^^ca1-(B#Bc#^lY`;@^(QtdwKQH$F+P($@EHaEl^n)7y
z%sh7I9PO^1j<!WS0-HN0ln>*@^RoxcyIP+kYPp|kfD6qo!CxZ3_Gbl<d$V`iC@$(&
z;SXp!7q5I?lIreHAHUhiNYfb^>THvV9jE+!2|1Ru-9H-RX1rQx;g5?L^PZbnjQMf7
zw3g0zwWlw2%xR12V?QE0i?xRS;J;o(|0x<Fj8F(o0yo^a(;C+AusVJ0Cx3lUktGtF
zot&5*=rk;Ysi&!_qw|_A1jReG3T`ya4Chy=?J#hCOvn#fPr#8b30FfY%Kin#L2g}D
zT*G_+sqGiZo^duuE6i@bi!q7H&W1ZEOtPH=8|%^u+TeaQAoB2gZ7G>Jp!s!ege3RY
zE7so)RM~`FrFVx1TCSPxQ_dyX3b&2ZCl4?ORMh0@ND)_<bKSAtZ_e;bEfL1r1h`9-
zrsy|WBw>;)CzM?lq)nPxiH5LeaIbXNdKM~1!h+=d<P8E-S}0726V^<>wox!7@F6p4
zv2pD58NyINCSg<${b#QFu7H7ta^L2~^IwVg>xZ*VI~}z_`8`!5oz?067uy~WeQlH5
zmCJlbBJUdd{GLDDKSyxswB(|J2*O#4I1geaM5(Q9gdAyHl>Hd6V%qPovy?`*O}8md
zf=aQlJGJd@)d|Otm0QA}aVxxcm2_h%@-?wptOyd?C01`&EFQFyvr;OKqEk3rqpBJ+
zHuJKm=c^?8bP#{Aekl2d>>)gn!yLlR4g%c~g9UPxd#U<Osy{932GXAEyn`2`E{RI7
z^NXd??Kcb_lq?cfGrl7PMocl)1`4^}oNQ)I#(gSS&uy$ZbZFcu^ITPu`Q9({olqKL
zmx!8JCGF}!)<f(|7cNROyg}h;>>KkO{BBwnYr1Bl4+E(ED$fyj>i+Yqi!OthhRy-T
zrh;q6euWTI#$K~v$->}XlwNod$-tMP3As~wN8aGqs}(Gqtl~~!jSRyK-3&w1G|nN8
z0fvF^--iY@kx29sKcM^VuW?E9N$CQSj`kuH#`?LAV?<U%en{U&*J}-!&n5tL2gq4b
zL`tcOj3BhJFhHEZD>MnM*VX!2It>2Lw^GF)IfiwNkp#t~wt@X$m(Aeq$G+Kls@u3;
zw_3Lb6V}XTX4{*l^7T@|`PZ~?0<{)b_|;mEy-N~`{PU>M$E%%*)6vWx|KWT+FWy?e
zy8U0Rm9fMGTH(rMOj~AoE<K*l8z=>Q_Ex76>-1H`^aca*gt|Ysnz>IHimDJB569pC
z1`c6iQ6jxwo*!j?u<wT_ek3Ny#j6Kt#$_}M30Sp|tlVzLXDGyv*nasKQCkvG6Tb(l
zF5J1&&tGSWemLJf!AzwkMv{CkX%5`Q+>YQR5j=(#`XSsvRRGFS)WVx%*Uj>r(&P*C
z*4Vj9Q%Pea^EDOU(VMEyNjJ#a>E7xqSjvduU@)vjSVi)Y!AaqnlMEW?`NI~DMde?M
z>l&M6v?8qM_G-`EKh!-`ylqVpO)r>;ZT-<2rSQ=YZ!;Ck<IqD<tu~c$rHShNxR}1&
z%+B1(C62F*p#rzA`qiaNAygVt579b!l{p_Oh;X1~L-QyQDzvm-Q&Xb?I_0m+t!k~x
z(SC7EiSshw#90V_*iw=1QFWb@#U_(sHvs(kadFpVyZ!ozizHB098>o0OVjVdMt6xD
z)JT(tf}lJ;XriNaL0MU$w%&sC<tk&(!{IvHXYTceku>@@SG(~A^7>$qV)8lBZx>gh
zio!QPBx6<*yFQKaS!pY|*qal{86^<xx(a=3{vJM^b!cY|x97HHi5*hmEE$OHB?=*s
zOIK}~-*>iY5nP{~NWe3FGt#s^li|r~Wj2NTqAbilJUmP`TFn0-9hv<6GR<N^*fMaX
zDW&#8LJ>h|v}H5I_KlaotVgNO{^fNfSndmE13i?HlasL;R6uW#8zGpLE5Xrve%CUa
zJd<TO&xR`m=bNqheMNdsEpqQx)8O#dJ%^897=}<#!^(hGGm$%i_fC4dbKU?i2yC+?
z_OqLAok3N$dQMa((2r)57H`(ny{8~2BLmq=BMhP%fv0NVue`lSFI$6i!8o6GVU`17
z1Ctimyi80cN*?NwRvI!BP_4V+<UM*y3u!H2E$y`j=YKiPo1{t8<jJB$Wot$1gdpBA
z9D7X!e(9Na_~O2u0myk1STVps#{41**ArYNKCtFUHq(jSWvx>xPn-yd%(1S)7?d6K
zzQ(7>-@T#o#^D_g-?W-8U<@uuT&Gve+{_GXn>{q<nYNmXnif_Jy=No^DViosPQ)ja
z#9zw783$t%!avKJN(*_upv$p4f}iwm4fC~&(%QbZp~X!|*b~9@!`E=W-js=vQ*lsq
z82VIU(-5=#%C(5UQm{p^g|D5UT5~gEa4WjbSLrDM&9C?${0=o@?tGCVUVhSD{n-v8
z&pNpysfV@Ks9L=f8i!+Sjx?sUrfUyxo4+Deb0@dx+m^TKQP|$M_%7r^jZEKSJ-)+A
z(Kx8c*F0vCrbr?urA#7ilUIFwp8N7zI${1^;Q!v^A%CDpf<j>lq7NzvfdBi)nFw8+
zTY_7bTZLOK;pc-WA{3CYP)?SR(#8e{@q+(x*G9`jL*0T1?%z6E6jhgxosjFnYCVlB
zFwZ|fuilv(KpqfgR98<^#G*TgjQAYUcmNd*-B?;>QHStdIi@h8POXl#W986Js=ZrZ
zvHU_)<+iinIU@qTkkGx!%SXqri(V^j?YAxMUW`#w!ErJS;_!PswS>312}~SOQPI~7
zJo7hD(Tk5^-TFPa6{MzX4hg=_#*&HT>g!CM_7y)Ao2{;5QH~scnpt|HJB5JM!cF(?
zu=n~xxG>0heOnt0#okJ(4e#-=?(s4!rIp1DtNgyt%_7aD_`+{+&wtO%$q%Ika`6i@
z0+_f!Ja5`)o<yfbDG74367X=zznoo5OLsgT<G<*R3R6Cj&q)245zo)eNe419GuOB%
z$(gnx>MheJCg=4xCIX2LvoNKQjsyWBQ&r5-&n=juJhD$sgpJHWLn&{DZTqrQdyoOn
zDGe!2!-D3*U;NNbLjY_Tbo6F&sqFD21HZXGaeda4FMuCSytU#Mh!={I`V@`Sh){~E
zm)OQG08xQeIgO==E}#lg9SB_gFmhZta?@!Qk!byZ(nv2O;q#e&DpI}ay~<fgMpW70
zo#Nd~Ncu%h91CpWa;zs1(XOJ@zHCynY&%aCbz`NmzU_!ZtA1U|$3#lM9*AH0jbG1n
zEEG4BZW+Fpl4a*?I+o=7O=3@5+nNn%oKVAi(J$c74kj8^AD4h23gR%d>+~QHy?z(O
z7fJs!EW%OZ(6yVGVHJyhmC*fg_ICviYbECP!#L$xOd22$UBJqC*3P;^Fv!1^GbV*o
z#`lw`eYmFHl>gY)^$+UNYX(z~owE-X4rs$Eg)Hzvwi%=7sKzBPqz9MNv+v)XODH*+
zz!h<ty9)D*0l9*iY(|~y3~&ze?f1JYbp>^1uHO2}m^87ANYB|ntmnPq94Ktv($>?a
zC?A{MQNS{HR&Odn(UW5b_K_z}^G}8hFE0K<nVIj`LomQ!t*w%CBo;X)VQNRcCO8;p
zDWHZgn1lh8G3E+ph}kXE-O&niH0^5qp}2M8ds(ZO%3LOlQHU=WS2YbP+&6ynuJfD7
z4t9C4dGHO-^)A5(x4>>w$iFruyXrze9Qm_5>{pS93V1hm6EYwY&px8eCrKbvkt}wa
z5l59BseR;4g#LU^`r@KVHlHnir)n`KNhln?N)?97Q51`E{C&CEO<qrtz#!Z?;!9*5
znTX_sOx^E%P->=1n^^uTS3`%74n66F;Re$~K(s1cwD`^ZFo&}*J$9Rx6wlNq*`&vM
zWXvl9_ScX28=*Qcy`XFJt%U?825+j-pCopz_t{-}QeE$E`dm!tUUnPH8XOPU9vV!-
zk(Gl}nBJoaqNk~MZ=A#DMo2G0#Pk@3J_-LacXn<nG4=EQ-MsV-Vj<M|(|EK&_sjeI
z>2vfEn-U~;Z>#PJh26pfPd#RVE6x47w(LzC-eR_M@=2@rKMAg<n+HSKoX@2+mr!(_
zhd!RIT_~n!CX|ksZnQKodh3zz$>uw7!7pTsWv!o5iJRMwwr4nuJ4`!#x9=}j`mBeU
z{xB|)9h-SOC^sk{RT2-<3z0X|Y)aG_jH^Y|gwtZ9yic(uWpW7AiqOYwoEO%Xo70&4
zR%qH)^MwNJfe?)2{H}r)dz&SYKkuO;9`(&hV)Nyeex0Vd&IcZ4pSVvnuNfWWqv0nb
zFHZGZ&4-pT(j-yfc*7iJUp|-{NRl0A1f?;>v3x&kv?IUP$sFfz;+15TzrD7t;LcGA
zc;lh#*s&M{%ZdwMxOCtEPIPR4iljWWynSb_rIXLIF-GyuTk&q|LTY5Dwe5;Rc)_Vc
ze=En*PkX@sGd-=-oE61K%i#pHBzHK!kbZp{bZWn>5W_UuM9~0I#NE%ouz8d<zJWf|
zUSdXt%sLMHqGqYxVzTF0az!|<#_bhy3S9?H=RG;*VqTGHc!D6+T=3Xl9fhlZ_}&}F
z3Kd^cZ%et0tBV7k5)L0<u9?Bw#O9JSH9dpR&C9Lj-q=Z*OWCa@&xpw)t`6WHYjxF|
z>{anm3{l5?1_pRz)o1p~zqexKKdRMPG`>d?SG%jS9iQh!ZEv1@Inj-Z=~C_umwS&)
zqENR%qsT(x7LMIGYd2t{a3jpgT5l8Hwt-soz{W0u*Z7&f;v2qHS82|(%5Ptj4bmxb
z$XmlguWuVGTZpf5!jp;PS}7Odu1I=tU*xa``DASw;Qds8G$UKm3s;F?+uDL8HVrDx
zA{Ar_4$~1O$7Vhb5ord0mv)q;gKeef{h~jur`i$90tI8Wrs=70VO(2Zu*m|dq7)e9
z=$L=DR$L+NHT{^HA30u`7z^7kHhOJ+juGh!E9uyDRyQ}Ad&)|+HQsj#UqZbSPns0q
zS`T!G+kffHn2nbS^{5jwEC=frc;=Ptwg?v_Dd&qqEuEYuF*NUQ7;#5+>-O7O>@q%e
zsQ5*Ggt8Xb@M~onS#2tlI0^lx*V-7{%D&O~<RG)lx6NTD%Y&!C#((SGeKa{3b9V_k
zoZWfw<(c#?rzw4%t=~Ke|4`Ez$+EN351cg@{OazuoeFLh6mouUL$4>^M!0Jh78NS6
zc$g6R`SdK)np-ZLl{T}X<JYOU(Jj%gDMAQld^UfNXh5m^%Pu|>T`SJS%k1Sgnf#vg
z09eq8gy#b4qHl;X^UEI^xmDWPr8fY3PivYakJ0;ed)Tt}+x1?5IHGh`?u_pH7T=DQ
z)$>S<6?oxUPJR!LBr7T=1(N7iZi&)4(0CSBwiqeGzBddeEpuYFDJr)D>_^XogzLLj
zNP<^7CX+3_>u4j2W13pb7I5$>u*ZJ#QHEjHz~_{oaoVY-_Y&gKL?gj+y{S&<0lat0
zp63iJZ#>I#*C6Qds!xw0vJKW!0<NDswMl}%H&p7a3&4y7AG^N#zS4Emhjh_%T~5^;
zeqkjQVkI=B>+Uni_?5FAX~(R5HekKfmD+hOpD1Cj{<%z!KiF?<DZtQvb~$O_+cKfh
z9RAC&J~|IR4+p~cOL#{D<{7_ttc;l}gjyeeR(d}QNfp!K!q2Tdl2$SgwjFAOy(esW
z-*krOk<4na{jT-4w(mxDH0dmK@l3VaG1Ic_XaA1<Ir&XKJ_QD9tE$YCZjy8OoNuZk
z)`O#uw#te`5PDTiVeN-yoB^XMI$vS)*V@df90G^l^PET@rhJB8K79UlLF%pP#<M!5
z%cgcFy_9lvatW6vBD*FjGco44IqMlLaBdBhI=k1neW@MJH^-kanXy;^ZH^6B5?Cw7
zH(Y)NkZA1~5tDVXy3Dn(HpeV1XwAHlC{As0?-k^KU&*&5NpVwgW$*Cw_ahz>;YJSr
z59SV;yf?2Mu|4h4KpoivUr`B6G17NGt^lM#xM8j6p8#<3kQ(U&n;|F%)ysVh3B<5F
z8}~te*E>GCc;dRnrxcM^B1x*Au?>eAU)azae~dgn!@W)Nmdg~d0_U;hP8tYa|IElZ
zO!iuNI7a+=`n^r}(r9z0@Z*(ODd_AWKeSEu_cNYBFY~E73ukt%86#&^N#DAeBA{(Y
zZ-`i+FSJQ5ztO6l<)F{7!@OBw#O1wPnYAun6Pr)3ljh7?&(?=`1O`tkUS^48ML7dH
zIRRg?y6Y9PT8}Jea1`6FW<5`emQ@3TM3Xv0747X`oQw2}&E++`!9WN{z=Hz+c^e%H
z{ByLTf#n5)APye%Ke7e?d+q`X`cGvE1%eqN0<-}Kgg}po4CMzylX)Qsp#OQYgCKM;
z@Pa|+V4k<UoIo(xm=g#zH|7L96;7BL*c`$K1Q-LLCJm}Q2zv-f&?jqQUIgm@JQzLQ
z``3rUF#a_DpF#uW;Q{l|nA7|Z2IAx6dlE?aQ)uk}4+aIp08e-7|AB${c%e_y2mi#L
zqT)%u;6-47gCNkSBPIW=g~6at_w4_Hfq6iG^dSC;fgq5-z41VKL4RXlAm1P9gMZla
zfO!5BDf|ijf8m3H5Z=E-g}}g2z+c8-0F?J{ClD}@=U)K=!GNbp{fA=^AB^X}us{9*
z01z((`gex_5QOh<W&mIy@87|IV1PfO6o1P98wiLO3j8l8|EYYkh5c;{;DrNWe@6|1
z@dEzt5DW(Vi~c9ae1EqC@$&wW^!P_G0A3LAZ&m>?;GdI30Kn7u|2JwF@Lw!|c==%e
zVgUx^`+FonAn?x;`G;c=4D?4j<DVEG0P^3#{D=Q1W4`|e|5yMaK-k|?0)l~`!u`8L
zAm88ZfDjPyZ^uAB5YOMs<*C0X>4<-I2nPQ>cTdLudf`Ao5b$60!ywRqIpKrw{yim6
zwofbh&p_b+MLz`m4{H8YgJ3+6zv+L{x&ZzQgMgv`3WgW_ulEQ9gZ>d<`BVO9+W+tm
z27~zi0sg^wc=`Tj;mHTj-_rzn`c(WqVxFfp_BZ`Jyg<<30fGTMJn(;kPqh9$$6z3s
z_wNydpBVf%1_S*a3>5VA+5F!TyEqwJ*_t^$Nx9H)t6O=RA<{sTbA%CS3;+_md{9Z=
zrxc+um?Q)Sk%Wj!hy$efB%pjxUs_(Uu;Bl13;jP@InFM|PA=|FX66`B2mlJfU}Th3
Imcsb|0M1jzg8%>k

diff --git a/tzpfms.ps b/tzpfms.ps
index e9411f8..2dbfd15 100644
--- a/tzpfms.ps
+++ b/tzpfms.ps
@@ -1,15 +1,15 @@
 %!PS-Adobe-3.0
 %%Creator: groff version 1.23.0
-%%CreationDate: Tue Mar  5 18:26:36 2024
+%%CreationDate: Tue Mar  5 18:29:52 2024
 %%DocumentNeededResources: font Times-Roman
 %%+ font Times-Bold
 %%+ font Courier-Bold
 %%+ font Courier-Oblique
 %%+ font Courier
-%%+ font Symbol
 %%+ font Times-Italic
+%%+ font Symbol
 %%DocumentSuppliedResources: procset grops 1.23 0
-%%Pages: 10
+%%Pages: 15
 %%PageOrder: Ascend
 %%DocumentMedia: Default 595 842 0 () ()
 %%Orientation: Portrait
@@ -237,8 +237,8 @@ setpacking
 %%IncludeResource: font Courier-Bold
 %%IncludeResource: font Courier-Oblique
 %%IncludeResource: font Courier
-%%IncludeResource: font Symbol
 %%IncludeResource: font Times-Italic
+%%IncludeResource: font Symbol
 grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
 def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 /Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
@@ -276,20 +276,389 @@ def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 %%BeginPageSetup
 BP
 %%EndPageSetup
+/F0 10/Times-Roman@0 SF(ZFS-FIDO2-ADD-B)72 48 Q -.4(AC)-.35 G 42.103
+(KUP\(8\) System).4 F(Manager')2.5 E 2.5(sM)-.55 G 39.602
+(anual ZFS-FIDO2-ADD-B)-2.5 F -.4(AC)-.35 G(KUP\(8\)).4 E/F1 10
+/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
+(zfs-fido2-add-backup)108 96 Q F0 2.5<8a61>2.5 G(llo)-2.5 E 2.5(wa)-.25
+G(nother FIDO2 de)-2.5 E(vice to unlock ZFS dataset)-.25 E F1(SYNOPSIS)
+72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q/F3 10/Courier-Oblique@0
+SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0(After)108 153.6 Q/F4 10
+/Courier@0 SF(zfs-fido2-change-key)7.564 E F0 5.064(\(8\) deri)B -.15
+(ve)-.25 G 7.563(st).15 G 5.063(he k)-7.563 F 5.363 -.15(ey f)-.1 H
+5.063(or a dataset from a FIDO2 de).15 F(vice,)-.25 E F2
+(zfs-fido2-add-backup)108 165.6 Q F0(may be e)2.5 E -.15(xe)-.15 G
+(cuted to e).15 E(xtend this to an)-.15 E 2.5(yn)-.15 G
+(umber of additional de)-2.5 E(vices.)-.25 E .273(First, the wrapping k)
+108 182.4 R .574 -.15(ey i)-.1 H 2.774(se).15 G .274
+(xtracted as normally during)-2.924 F F4(zfs-fido2-load-key)2.774 E F0
+.274(\(8\), then a credential)B 1.604(is made as-if during)108 194.4 R
+F4(zfs-fido2-change-key)4.104 E F0 1.604(\(8\) \(e)B 1.604
+(xcept the "primary" de)-.15 F 1.603(vice and all the ones)-.25 F .185
+(holding backups are e)108 206.4 R .185(xcluded from the search\); ho)
+-.15 F(we)-.25 E -.15(ve)-.25 G .985 -.4(r, t).15 H(he).4 E F4
+(hmac-secret)2.685 E F0 .185(is instead used as a sym-)2.685 F 1.555
+(metric AES-256-GCM \()108 218.4 R F4(EVP_CIPHER-AES)A F0 1.555
+(\(7ssl\)\) k)B 1.855 -.15(ey t)-.1 H 4.055(oe).15 G 1.555
+(ncrypt the wrapping k)-4.055 F 1.855 -.15(ey d)-.1 H 1.555
+(irectly with a).15 F(random IV)108 230.4 Q(.)-1.29 E(This turns the)108
+247.2 Q F4(xyz.nabijaczleweli:tzpfms.key)2.5 E F0 -.25(va)2.5 G
+(riable into).25 E F3(salt)108 259.2 Q F2(:)A F3(credential-ID)A F2(:)A
+F3(credential-public-key)A F0([)A F2(.)A F3(backup-salt)A F2(:)A F3
+(backup-credential-ID)108 271.2 Q F2(:)A F3
+(backup-credential-public-key)A F2(:)A F3(IV)A F2(:)A F3(encrypted-key)A
+F0 1.666(]...)C F4(tzpfms.key)108 288 Q F0 2.238
+(is actually a dot-separated list of de)4.738 F 2.238(vice b)-.25 F
+4.738(undles. The)-.2 F 2.239(\214rst one is as-described in)4.738 F F4
+(zfs-fido2-change-key)108 300 Q F0 5.181(\(8\). Subsequent)B 2.681
+(ones also include \(identically-encoded\) IVs and en-)5.181 F
+(crypted blobs.)108 312 Q F4(zfs-fido2-load-key)108 328.8 Q F0 .081
+(\(8\) shops assertions around de)B .081(vices in a de)-.25 F .082
+(vice-major order \212 depending on)-.25 F(de)108 340.8 Q
+(vice numbering, a backup may be loaded e)-.25 E -.15(ve)-.25 G 2.5(ni)
+.15 G 2.5(ft)-2.5 G(he primary de)-2.5 E(vice is present.)-.25 E F1
+(ENVIR)72 357.6 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4
+(TZPFMS_PASSPHRASE_HELPER)108 369.6 Q F0 .046(By def)133 381.6 R .045(a\
+ult, passphrases are prompted for and read in on the standard output an\
+d input streams.)-.1 F(If)5.045 E F4(TZPFMS_PASSPHRASE_HELPER)133 393.6
+Q F0 1.595(is set and nonempty)4.095 F 4.096(,i)-.65 G 4.096(tw)-4.096 G
+1.596(ill be run via)-4.096 F F4(/bin/)4.096 E F2 3.262(sh \255c)B F0
+(to)4.096 E(pro)133 405.6 Q(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 422.4 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 434.4 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 446.4 Q F0
+(Pre-formatted noun phrase with all the information belo)160 446.4 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 458.4 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 458.4 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 470.4 Q F0("ne)160
+470.4 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 482.4 Q F0("ag)160 482.4 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 499.2 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+511.2 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
+(FIDO2 back-end con\214guration)72 528 R(En)87 540 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F4(FIDO_DEBUG)108 552 Q F0
+(If set, enables lib\214do2 deb)173 552 Q
+(ug logging to the standard error stream.)-.2 E F1(De)87 568.8 Q .625
+(vice selection)-.15 F F0 .727(When creating, the \214rst de)108 580.8 R
+.727(vice which supports the)-.25 F F4(hmac-secret)3.226 E F0 -.15(ex)
+3.226 G .726(tension is used.).15 F .726(When loading,)5.726 F
+(the assertion is shopped around to e)108 592.8 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F1 .625(See also)87 609.6 R F0
+(The lib\214do2 documentation at https://de)108 621.6 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F1 1.666(SPECIAL THANKS)72 638.4 R
+F0 1.6 -.8(To a)108 650.4 T(ll who support further de).8 E -.15(ve)-.25
+G(lopment, in particular:).15 E F1<83>128 662.4 Q F0(ThePhD)7.5 E F1<83>
+128 674.4 Q F0(Embark Studios)7.5 E F1<83>128 686.4 Q F0(Jasper Bekk)7.5
+E(ers)-.1 E F1<83>128 698.4 Q F0(EvModder)7.5 E F1(REPOR)72 715.2 Q
+1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 727.2 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 744 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 756 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 29, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 1 2
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 41.363(ZFS-FIDO2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 38.862(anual ZFS-FIDO2-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0
+SF(zfs-fido2-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)
+-2.5 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne authenticated by a FIDO2 de)
+-2.5 E(vice)-.25 E F1(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108
+124.8 Q F0([)2.5 E F2<ad62>1.666 E/F3 10/Courier-Oblique@0 SF
+(backup-file)6 E F0(])A F3(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0
+2.867 -.8(To n)108 153.6 T 1.267(ormalise the).8 F F3(dataset)3.767 E F0
+(,)A F2(zfs-fido2-add-backup)3.766 E F0 1.266
+(will open its encryption root in its stead.)3.766 F F2
+(zfs-fido2-add-backup)108 165.6 Q F0(will)14.654 E/F4 10/Times-Italic@0
+SF(ne)14.654 E(ver)-.15 E F0 12.154(create or destro)14.654 F 14.655(ye)
+-.1 G 12.155(ncryption roots; use)-14.655 F/F5 10/Courier@0 SF
+(zfs-change-key)108 177.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the FIDO2 de)108 194.4 Q(vice, which)
+-.25 E F4(must)2.5 E F0(support the)2.5 E F5(hmac-secret)2.5 E F0 -.15
+(ex)2.5 G(tension.).15 E(If)108 211.2 Q F3(dataset)3.555 E F0 -.1(wa)
+3.555 G 3.555(sp).1 G(re)-3.555 E 1.054(viously encrypted with)-.25 F F2
+(fzifdso)3.554 E F0 1.054(and the)3.554 F F1(FIDO2)3.554 E F0 1.054
+(back-end w)3.554 F 1.054(as used, pre)-.1 F(vious)-.25 E 1.272
+(credentials will be deleted from their de)108 223.2 R 1.272
+(vices \(as-if via)-.25 F F5(zfs-fido2-clear-key)3.773 E F0 1.273
+(\(8\)\), if a)B -.25(va)-.2 G(ilable.).25 E .594
+(Otherwise, or in case of an error)108 235.2 R 3.093(,d)-.4 G .593
+(ata required for manual interv)-3.093 F .593
+(ention will be written to the standard)-.15 F(error stream.)108 247.2 Q
+(Ne)108 264 Q .464(xt, a ne)-.15 F 2.964(wc)-.25 G .464
+(redential of type ES256 is generated on the de)-2.964 F .465
+(vice \(with relying party ID)-.25 F F5(fzifdso)2.965 E F0(and)2.965 E
+.499(name equal to the dataset name\) with the)108 276 R F5(hmac-secret)
+2.999 E F0 -.15(ex)2.999 G .499(tension requested; the de).15 F .499
+(vice PIN, if an)-.25 F -.65(y,)-.15 G(is prompted for here.)108 288 Q
+(This mimicks a W)5 E(ebAuthn re)-.8 E(gistration step.)-.15 E .962(The\
+n, the credential is asserted with a 32-byte random salt, which hashes \
+it with de)108 304.8 R(vice-pri)-.25 E -.25(va)-.25 G .963(te data,).25
+F .138(and thus generates the wrapping k)108 316.8 R .438 -.15(ey \()-.1
+H .138(which is optionally back).15 F .138(ed up \(see)-.1 F F1(OPTIONS)
+2.637 E F0 2.637(\)\). This)B .137(mimicks a)2.637 F -.8(We)108 328.8 S
+(bAuthn login step.).8 E(The follo)108 345.6 Q
+(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>128
+357.6 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(FIDO2)A<83>
+128 369.6 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(salt)A F2
+(:)A F3(credential-ID)A F2(:)A F3(credential-public-key)139 381.6 Q F0
+([)A F2(.)A F0 1.666(...)1.666 G 1.666(]...)-1.666 G F5(tzpfms.backend)
+108 398.4 Q F0 2.707(identi\214es this dataset for w)5.207 F 2.708
+(ork with)-.1 F F1(FIDO2)5.208 E F0(-back-ended)A F2(tzpfms)5.208 E F0
+2.708(tools \(i.e.)5.208 F F2(fzifdso)108 410.4 Q F5
+(zfs-fido2-change-key)60.228 E F0(\(8\),)A F5(zfs-fido2-load-key)56.727
+E F0(\(8\),)A F5(zfs-fido2-add-backup)108 422.4 Q F0(\(8\), and)A F5
+(zfs-fido2-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 439.2 Q F0
+.486(is a colon-separated tuple of unpadded URL-safe base64 blobs; the \
+\214rst one is the ran-)2.985 F .217(dom salt; the second represents th\
+e ID of created credential, and the third \211 its public k)108 451.2 R
+-.15(ey)-.1 G 5.217(.T)-.5 G .216(here e)-5.217 F(xists)-.15 E
+(no other user)108 463.2 Q
+(-land tool for deciphering this; perhaps there should be.)-.2 E
+(Finally)108 480 Q 12.005(,t)-.65 G 9.505(he equi)-12.005 F -.25(va)-.25
+G 9.505(lent of).25 F F2 9.505(zfs change-key)12.005 F<ad6f>17.172 E F5
+(keylocation=prompt)15.506 E F2<ad6f>17.172 E F5(keyformat=raw)108 492 Q
+F3(dataset)6.107 E F0 .107(is performed with the ne)2.607 F 2.606(wk)
+-.25 G -.15(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606
+G .106(rror occurred, best ef)-2.606 F .106(fort is made)-.25 F
+(to clean up the properties, or to issue a note for manual interv)108
+504 Q(ention into the standard error stream.)-.15 E 4.055<418c>108 520.8
+S 1.555(nal v)-4.055 F 1.556(eri\214cation should be made by running)
+-.15 F F2 3.222(zfs-fido2-load-key \255n)4.056 F F3(dataset)7.556 E F0
+6.556(.I)C 4.056(ft)-6.556 G(hat)-4.056 E .729
+(command succeeds, all is well, b)108 532.8 R .729
+(ut otherwise the dataset can be manually rolled back to a passphrase)
+-.2 F(with)108 544.8 Q F2(zfs-fido2-clear-key)5.146 E F3(dataset)8.646 E
+F0(\(or)5.146 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
+2.646(ails to w)-.1 F(ork,)-.1 E F2 2.647(zfs change-key)5.147 F<ad6f>
+10.313 E F5(keyformat=passphrase)108 556.8 Q F3(dataset)6 E F0
+(\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
+F2(zfs-fido2-clear-key)108 573.6 Q F3(dataset)7.607 E F0 1.607
+(can be used to clear the properties and go back to using a)4.107 F
+(passphrase.)108 585.6 Q F1(OPTIONS)72 602.4 Q F2<ad62>109.666 614.4 Q
+F3(backup-file)6 E F0(Sa)203 614.4 Q .352 -.15(ve a b)-.2 H .052
+(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
+F .694(This back-up)203 626.4 R F4(must)3.194 E F0 .694
+(be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 638.4 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 650.4 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F1(ENVIR)72 667.2 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35
+E F5(TZPFMS_PASSPHRASE_HELPER)108 679.2 Q F0 .045(By def)133 691.2 R
+.045(ault, passphrases are prompted for and read in on the standard out\
+put and input streams.)-.1 F(If)5.046 E F5(TZPFMS_PASSPHRASE_HELPER)133
+703.2 Q F0 1.596(is set and nonempty)4.096 F 4.096(,i)-.65 G 4.096(tw)
+-4.096 G 1.596(ill be run via)-4.096 F F5(/bin/)4.095 E F2 3.261
+(sh \255c)B F0(to)4.095 E(pro)133 715.2 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 732 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 744 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E(fzifdso 0)72 817.889 Q
+(March 4, 2024)161.068 E(1)191.337 E 0 Cg EP
+%%Page: 2 3
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 41.363(ZFS-FIDO2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 38.862(anual ZFS-FIDO2-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Courier@0 SF($1)143 84 Q F0
+(Pre-formatted noun phrase with all the information belo)160 84 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F1($2)143 96 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 96 Q 2.5
+(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 108 Q F0("ne)160 108 Q
+(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
+-2.5 E F1($4)143 120 Q F0("ag)160 120 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .178
+(If the helper doesn')133 136.8 R 2.678(te)-.18 G .178
+(xist \(the shell e)-2.828 F .177(xits with)-.15 F/F2 10/Times-Bold@0 SF
+(127)2.677 E F0 .177(\), a diagnostic is issued and the normal prompt)B
+(is used as f)133 148.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
+-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F2
+1.666(FIDO2 back-end con\214guration)72 165.6 R(En)87 177.6 Q(vir)-.4 E
+.625(onment v)-.18 F(ariables)-.1 E F1(FIDO_DEBUG)108 189.6 Q F0
+(If set, enables lib\214do2 deb)173 189.6 Q
+(ug logging to the standard error stream.)-.2 E F2(De)87 206.4 Q .625
+(vice selection)-.15 F F0 .726(When creating, the \214rst de)108 218.4 R
+.726(vice which supports the)-.25 F F1(hmac-secret)3.227 E F0 -.15(ex)
+3.227 G .727(tension is used.).15 F .727(When loading,)5.727 F
+(the assertion is shopped around to e)108 230.4 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F2 .625(See also)87 247.2 R F0
+(The lib\214do2 documentation at https://de)108 259.2 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F2 1.666(SPECIAL THANKS)72 276 R
+F0 1.6 -.8(To a)108 288 T(ll who support further de).8 E -.15(ve)-.25 G
+(lopment, in particular:).15 E F2<83>128 300 Q F0(ThePhD)7.5 E F2<83>128
+312 Q F0(Embark Studios)7.5 E F2<83>128 324 Q F0(Jasper Bekk)7.5 E(ers)
+-.1 E F2<83>128 336 Q F0(EvModder)7.5 E F2(REPOR)72 352.8 Q 1.666
+(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 364.8 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F1
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 381.6 Q F0 83.763(,a)C(rchi)
+-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E(https://lists.sr)
+108 393.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(March 4, 2024)161.068 E(2)191.337 E 0 Cg EP
+%%Page: 1 4
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 50.243(ZFS-FIDO2-CLEAR-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 47.742(anual ZFS-FIDO2-CLEAR-KEY\(8\))-2.5
+F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
+(zfs-fido2-clear-key)108 96 Q F0 3.587<8a72>3.587 G -.25(ew)-3.587 G
+1.087(rap ZFS dataset k).25 F 1.387 -.15(ey i)-.1 H 3.587(np).15 G
+(asssw)-3.587 E 1.087(ord and clear tzpfms FIDO2 meta-)-.1 F(data)108
+108 Q F1(SYNOPSIS)72 124.8 Q F2(zfs-fido2-add-backup)108 136.8 Q/F3 10
+/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0
+(After v)108 165.6 Q(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E
+F1(FIDO2)2.5 E F0(:)A 5(1. performs)118 177.6 R 5.642(the equi)8.142 F
+-.25(va)-.25 G 5.642(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>
+13.307 E/F4 10/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E
+F4(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. loads)118
+201.6 R .79(the primary and e)3.29 F -.15(ve)-.25 G .79
+(ry backup credential, and for each success, if the de).15 F .791
+(vice containing it)-.25 F(supports the)133 213.6 Q F4(credMgmt)2.5 E F0
+(feature and has a PIN set, tries to delete the credential from the de)
+2.5 E(vice,)-.25 E 5(3. remo)118 225.6 R -.15(ve)-.15 G 10.689(st).15 G
+(he)-10.689 E F4(xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A
+F0(,)A F4(key)14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3
+(dataset)133 237.6 Q F0(.)A -.15(Fo)108 254.4 S 5.859(re).15 G -.15(ve)
+-6.109 G 3.359(ry remo).15 F -.25(va)-.15 G 5.859(lf).25 G 3.359
+(ailure and missing de)-5.959 F 3.36
+(vice or PIN an instruction for manual remo)-.25 F -.25(va)-.15 G 5.86
+(lw).25 G(ith)-5.86 E F4(fido2-token)108 266.4 Q F0(\(1\) is issued.)A
+(See)108 283.2 Q F4(zfs-fido2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(ENVIR)72 300 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 312 Q F0 .046
+(By def)133 324 R .045(ault, passphrases are prompted for and read in o\
+n the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 336 Q F0 1.595(is set and nonempty)4.095 F
+4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 348 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 364.8 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 376.8 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 388.8 Q F0
+(Pre-formatted noun phrase with all the information belo)160 388.8 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 400.8 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 400.8 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 412.8 Q F0("ne)160
+412.8 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 424.8 Q F0("ag)160 424.8 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 441.6 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+453.6 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
+(FIDO2 back-end con\214guration)72 470.4 R(En)87 482.4 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F4(FIDO_DEBUG)108 494.4 Q F0
+(If set, enables lib\214do2 deb)173 494.4 Q
+(ug logging to the standard error stream.)-.2 E F1(De)87 511.2 Q .625
+(vice selection)-.15 F F0 .727(When creating, the \214rst de)108 523.2 R
+.727(vice which supports the)-.25 F F4(hmac-secret)3.226 E F0 -.15(ex)
+3.226 G .726(tension is used.).15 F .726(When loading,)5.726 F
+(the assertion is shopped around to e)108 535.2 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F1 .625(See also)87 552 R F0
+(The lib\214do2 documentation at https://de)108 564 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F1 1.666(SPECIAL THANKS)72 580.8 R
+F0 1.6 -.8(To a)108 592.8 T(ll who support further de).8 E -.15(ve)-.25
+G(lopment, in particular:).15 E F1<83>128 604.8 Q F0(ThePhD)7.5 E F1<83>
+128 616.8 Q F0(Embark Studios)7.5 E F1<83>128 628.8 Q F0(Jasper Bekk)7.5
+E(ers)-.1 E F1<83>128 640.8 Q F0(EvModder)7.5 E F1(REPOR)72 657.6 Q
+1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 669.6 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 686.4 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 698.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(March 4, 2024)161.068 E(1)191.337 E 0 Cg EP
+%%Page: 1 5
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF(ZFS-FIDO2-LO)72 48 Q 55.603(AD-KEY\(8\) System)
+-.35 F(Manager')2.5 E 2.5(sM)-.55 G 53.102(anual ZFS-FIDO2-LO)-2.5 F
+(AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
+/Courier-Bold@0 SF(zfs-fido2-load-key)108 96 Q F0 2.5<8a6c>2.5 G
+(oad FIDO2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 1.142(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.642 E F0 -.1
+(wa)3.642 G 3.641(se).1 G 1.141(ncrypted with)-3.641 F F2(tzpfms)3.641 E
+F0(back)3.641 E(end)-.1 E F1(FIDO2)3.641 E F0 3.641(,a)C 1.141
+(sserts the preserv)-3.641 F 1.141(ed chal-)-.15 F(lenge, HMA)108 165.6
+Q(Cking the salt with the on-de)-.4 E
+(vice secret, and loads the resulting k)-.25 E .3 -.15(ey i)-.1 H(nto)
+.15 E F3(dataset)2.5 E F0(.)A(See)108 182.4 Q/F4 10/Courier@0 SF
+(zfs-fido2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
+(OPTIONS)72 199.2 Q F2<ad6e>109.666 211.2 Q F0 3.208
+(Do a no-op/dry run, can be used e)131 211.2 R -.15(ve)-.25 G 5.708(ni)
+.15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)-.1 H 5.708
+(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.208 E -.25(va)-.25 G
+3.208(lent to).25 F F2(zfs)5.708 E(load-key)131 223.2 Q F0 -.55('s)C F2
+<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 240 Q 1.666(ONMENT V)-.3 F
+(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 252 Q F0 .046(By def)
+133 264 R .045(ault, passphrases are prompted for and read in on the st\
+andard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 276 Q F0 1.595(is set and nonempty)4.095 F
+4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 288 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 304.8 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 316.8 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 328.8 Q F0
+(Pre-formatted noun phrase with all the information belo)160 328.8 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 340.8 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 340.8 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 352.8 Q F0("ne)160
+352.8 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 364.8 Q F0("ag)160 364.8 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 381.6 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+393.6 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666(SPECIAL THANKS)
+72 410.4 R F0 1.6 -.8(To a)108 422.4 T(ll who support further de).8 E
+-.15(ve)-.25 G(lopment, in particular:).15 E F1<83>128 434.4 Q F0
+(ThePhD)7.5 E F1<83>128 446.4 Q F0(Embark Studios)7.5 E F1<83>128 458.4
+Q F0(Jasper Bekk)7.5 E(ers)-.1 E F1<83>128 470.4 Q F0(EvModder)7.5 E F1
+(REPOR)72 487.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+499.2 Q(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 516 Q F0 83.763(,a)C(rchi)
+-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E(https://lists.sr)
+108 528 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 28, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 1 6
+%%BeginPageSetup
+BP
+%%EndPageSetup
 /F0 10/Times-Roman@0 SF 93.563(ZFS-TPM-LIST\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 91.062(anual ZFS-TPM-LIST\(8\))-2.5 F/F1
 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm-list)108 96 Q F0 2.5<8a70>2.5 G(rint dataset tzpfms metadata)
--2.5 E F1(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2
-<ad48>1.666 E F0 2.5(][)C F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E/F3 10
-/Courier-Oblique@0 SF(depth)6 E F0 2.5(][)C F2<ad61>-.834 E F0(|)A F2
-<ad62>1.666 E F3(back-end)6 E F0 2.5(][)C F2<ad75>-.834 E F0(|)A F2
-<ad6c>1.666 E F0(])A([)186 136.8 Q F3(filesystem)A F0(|)A F3(volume)A F0
+-2.5 E F1(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)
+2.5 E F2<ad48>1.666 E F0 2.5(][)C F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E
+/F3 10/Courier-Oblique@0 SF(depth)6 E F0 2.5(][)C F2<ad61>-.834 E F0(|)A
+F2<ad62>1.666 E F3(back-end)6 E F0 2.5(][)C F2<ad75>-.834 E F0(|)A F2
+<ad6c>1.666 E F0(])A([)234 136.8 Q F3(filesystem)A F0(|)A F3(volume)A F0
 1.666(]...)C F1(DESCRIPTION)72 153.6 Q F0(Lists the follo)108 165.6 Q
 (wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)128
-177.6 Q(back-end)128 189.6 Q F0(the)187 189.6 Q F2(tzpfms)2.979 E F0
+177.6 Q(back-end)128 189.6 Q F0(the)187 189.6 Q F2(tzpfms)2.978 E F0
 .478(back-end \(e.g.)2.978 F F1(TPM2)2.978 E F0(for)2.978 E F4
-(zfs-tpm2-change-key)2.978 E F0 .478(\(8\) or)B F1(TPM1.X)2.978 E F0
+(zfs-tpm2-change-key)2.978 E F0 .478(\(8\) or)B F1(TPM1.X)2.979 E F0
 (for)187 201.6 Q F4(zfs-tpm1x-change-key)2.5 E F0(\(8\)\), or ")A F1(-)A
 F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4(keystatus)128
 213.6 Q F1 -2.1 -.25(av a)187 213.6 T(ilable).25 E F0(or)2.5 E F1(una)
@@ -300,18 +669,18 @@ F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4(keystatus)128
 2.5 E F1(no)2.5 E F0(otherwise)2.5 E 8.743(Incoherent datasets require \
 immediate operator attention, with either the appropriate)108 254.4 R F2
 (zfs-tpm)108 266.4 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 1.778
-(program or)4.277 F F2 1.778(zfs change-key)4.278 F F0(and)4.278 E F2
+(program or)4.278 F F2 1.778(zfs change-key)4.278 F F0(and)4.278 E F2
 1.778(zfs inherit)4.278 F F0 4.278<8a69>4.278 G 4.278(ft)-4.278 G 1.778
-(he k)-4.278 F 2.078 -.15(ey b)-.1 H(e-).15 E .566(comes unloaded, the)
-108 278.4 R 3.066(yw)-.15 G .566(ill require restoration from back-up.)
--3.066 F(Ho)5.566 E(we)-.25 E -.15(ve)-.25 G 1.366 -.4(r, t).15 H .566
-(his should ne).4 F -.15(ve)-.25 G 3.065(ro).15 G(ccur)-3.065 E 3.065
-(,u)-.4 G(nless)-3.065 E
+(he k)-4.278 F 2.077 -.15(ey b)-.1 H(e-).15 E .565(comes unloaded, the)
+108 278.4 R 3.065(yw)-.15 G .566(ill require restoration from back-up.)
+-3.065 F(Ho)5.566 E(we)-.25 E -.15(ve)-.25 G 1.366 -.4(r, t).15 H .566
+(his should ne).4 F -.15(ve)-.25 G 3.066(ro).15 G(ccur)-3.066 E 3.066
+(,u)-.4 G(nless)-3.066 E
 (something went horribly wrong with the dataset properties.)108 290.4 Q
 .965(If no datasets are speci\214ed, all matching encryption roots are \
-listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F2
+listed \212 by def)108 307.2 R .965(ault, those managed by)-.1 F F2
 (tzpfms)108 319.2 Q F0(.)A F1(OPTIONS)72 336 Q F2<ad48>109.666 348 Q F0
-1.583(Scripting mode \212 remo)185 348 R 1.883 -.15(ve h)-.15 H 1.583
+1.582(Scripting mode \212 remo)185 348 R 1.882 -.15(ve h)-.15 H 1.583
 (eaders and separate \214elds by a single tab instead of).15 F
 (columnating them with spaces.)185 360 Q F2<ad72>109.666 376.8 Q F0
 (Recurse into all descendants of speci\214ed datasets.)185 376.8 Q F2
@@ -326,26 +695,28 @@ listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F2
 G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2<ad6c>109.666 446.4 Q F0
 (List only encryption roots whose k)185 446.4 Q -.15(ey)-.1 G 2.5(sa).15
 G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 463.2 Q F4($)
-108 475.2 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)108 487.2 R 18
-(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
+108 475.2 Q F2(zfs-fido2-add-backup)6 E F4 72(NAME BACK-END)108 487.2 R
+18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
 (available yes)24 F 6(tarta-zoot/home TPM2)108 511.2 R 6
-(unavailable yes)36 F($)108 535.2 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4
-24(NAME BACK-END)108 547.2 R 6(KEYSTATUS COHERENT)12 F 6(filling -)108
-559.2 R 6(available yes)54 F($)108 583.2 Q F2 1.666(zfs-tpm-list \255b)6
-F F1(TPM2)6 E F4 72(NAME BACK-END)108 595.2 R 18(KEYSTATUS COHERENT)12 F
-6(tarta-zoot/home TPM2)108 607.2 R 6(unavailable yes)36 F($)108 631.2 Q
-F2 1.666(zfs-tpm-list \255ra)6 F F3(tarta-zoot)6 E F4 72(NAME BACK-END)
-108 643.2 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 655.2 R
-18(available yes)24 F 6(tarta-zoot/home TPM2)108 667.2 R 6
-(unavailable yes)36 F 12(tarta-zoot/bkp -)108 679.2 R 18(available yes)
-54 F 18(tarta-zoot/vm -)108 691.2 R 18(available yes)54 F($)108 715.2 Q
-F2 1.666(zfs-tpm-list \255al)6 F F4 72(NAME BACK-END)108 727.2 R 6
+(unavailable yes)36 F($)108 535.2 Q F2 1.666
+(zfs-fido2-add-backup \255ad0)6 F F4 24(NAME BACK-END)108 547.2 R 6
+(KEYSTATUS COHERENT)12 F 6(filling -)108 559.2 R 6(available yes)54 F($)
+108 583.2 Q F2 1.666(zfs-fido2-add-backup \255b)6 F F1(TPM2)6 E F4 72
+(NAME BACK-END)108 595.2 R 18(KEYSTATUS COHERENT)12 F 6
+(tarta-zoot/home TPM2)108 607.2 R 6(unavailable yes)36 F($)108 631.2 Q
+F2 1.666(zfs-fido2-add-backup \255ra)6 F F3(tarta-zoot)6 E F4 72
+(NAME BACK-END)108 643.2 R 18(KEYSTATUS COHERENT)12 F 36
+(tarta-zoot TPM1.X)108 655.2 R 18(available yes)24 F 6
+(tarta-zoot/home TPM2)108 667.2 R 6(unavailable yes)36 F 12
+(tarta-zoot/bkp -)108 679.2 R 18(available yes)54 F 18(tarta-zoot/vm -)
+108 691.2 R 18(available yes)54 F($)108 715.2 Q F2 1.666
+(zfs-fido2-add-backup \255al)6 F F4 72(NAME BACK-END)108 727.2 R 6
 (KEYSTATUS COHERENT)12 F 54(filling -)108 739.2 R 6(available yes)54 F
 36(tarta-zoot TPM1.X)108 751.2 R 6(available yes)24 F 12
 (tarta-zoot/bkp -)108 763.2 R 6(available yes)54 F 18(tarta-zoot/vm -)
 108 775.2 R 6(available yes)54 F F0(tzpfms 0.3.4-28-g7e4ea2c)72 817.889
 Q(December 4, 2022)84.703 E(1)183.842 E 0 Cg EP
-%%Page: 2 2
+%%Page: 2 7
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -358,11 +729,11 @@ BP
 (EvModder)7.5 E F1(REPOR)72 160.8 Q 1.666(TING B)-.4 F(UGS)-.1 E F0
 (https://todo.sr)108 172.8 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25
 E/F2 10/Courier@0 SF(\001nabijaczleweli/tzpfms@lists.sr.ht)108 189.6 Q
-F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
+F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
 (https://lists.sr)108 201.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
 -.25 E(tzpfms 0.3.4-28-g7e4ea2c)72 817.889 Q(December 4, 2022)84.703 E
 (2)183.842 E 0 Cg EP
-%%Page: 1 3
+%%Page: 1 8
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -371,159 +742,161 @@ BP
 -2.5 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0
 SF(zfs-tpm1x-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)
 -2.5 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne stored on the TPM)-2.5 E F1
-(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>
-1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>
--.834 E F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-1.666 E F3
-(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 6.867 -.8(To n)108 153.6 T
-5.267(ormalise the).8 F F3(dataset)7.767 E F0(,)A F2(zfs-tpm-list)7.766
-E F0 5.266(will open its encryption root in its stead.)7.766 F F2
-(zfs-tpm-list)108 165.6 Q F0(will)2.5 E/F4 10/Times-Italic@0 SF(ne)2.5 E
-(ver)-.15 E F0(create or destro)2.5 E 2.5(ye)-.1 G(ncryption roots; use)
--2.5 E/F5 10/Courier@0 SF(zfs-change-key)2.5 E F0(\(8\) for that.)A
-(First, a connection is made to the TPM, which)108 182.4 Q F4(must)2.5 E
-F0(be TPM-1.X-compatible.)2.5 E(If)108 199.2 Q F3(dataset)3.176 E F0 -.1
+(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2
+<ad62>1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2
+<ad50>-.834 E F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-1.666
+E F3(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 2.866 -.8(To n)108 153.6
+T 1.266(ormalise the).8 F F3(dataset)3.766 E F0(,)A F2
+(zfs-fido2-add-backup)3.766 E F0 1.266
+(will open its encryption root in its stead.)3.766 F F2
+(zfs-fido2-add-backup)108 165.6 Q F0(will)14.655 E/F4 10/Times-Italic@0
+SF(ne)14.655 E(ver)-.15 E F0 12.154(create or destro)14.655 F 14.654(ye)
+-.1 G 12.154(ncryption roots; use)-14.654 F/F5 10/Courier@0 SF
+(zfs-change-key)108 177.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 194.4 Q F4(must)2.5 E
+F0(be TPM-1.X-compatible.)2.5 E(If)108 211.2 Q F3(dataset)3.176 E F0 -.1
 (wa)3.176 G 3.176(sp).1 G(re)-3.176 E .676(viously encrypted with)-.25 F
 F2(tzpfms)3.176 E F0 .676(and the)3.176 F F1(TPM1.X)3.176 E F0 .676
 (back-end w)3.176 F .676(as used, the meta-)-.1 F .926
-(data will be silently cleared.)108 211.2 R .926
+(data will be silently cleared.)108 223.2 R .926
 (Otherwise, or in case of an error)5.926 F 3.426(,d)-.4 G .926
 (ata required for manual interv)-3.426 F(ention)-.15 E
-(will be written to the standard error stream.)108 223.2 Q(Ne)108 240 Q
+(will be written to the standard error stream.)108 235.2 Q(Ne)108 252 Q
 .294(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594 -.15
 (ey i)-.1 H 2.794(sg).15 G .294(enerated on the TPM, optionally back)
 -2.794 F .294(ed up \(see)-.1 F F1(OPTIONS)2.794 E F0 .294
 (\), and sealed)B .586(on the TPM; the user is prompted for an optional\
- passphrase to protect the k)108 252 R .885 -.15(ey w)-.1 H .585
-(ith, and for the SRK).15 F(passphrase, set when taking o)108 264 Q
+ passphrase to protect the k)108 264 R .885 -.15(ey w)-.1 H .585
+(ith, and for the SRK).15 F(passphrase, set when taking o)108 276 Q
 (wnership, if not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E(The follo)
-108 280.8 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
-<83>128 292.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
-(TPM1.X)A<83>128 304.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A
+108 292.8 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
+<83>128 304.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
+(TPM1.X)A<83>128 316.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A
 F3(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)
-108 321.6 Q F0 .291(identi\214es this dataset for w)2.791 F .292
+108 333.6 Q F0 .291(identi\214es this dataset for w)2.791 F .292
 (ork with)-.1 F F1(TPM1.X)2.792 E F0(-back-ended)A F2(tzpfms)2.792 E F0
-.292(tools \(namely)2.792 F F5(zfs-tpm1x-change-key)108 333.6 Q F0
+.292(tools \(namely)2.792 F F5(zfs-tpm1x-change-key)108 345.6 Q F0
 (\(8\),)A F5(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5
-(zfs-tpm1x-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 350.4 Q F0
+(zfs-tpm1x-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 362.4 Q F0
 1.412(is a colon-separated pair of he)3.913 F 1.412
 (xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the)-.15 F .867
-(\214rst one represents the RSA k)108 362.4 R 1.167 -.15(ey p)-.1 H .868
+(\214rst one represents the RSA k)108 374.4 R 1.167 -.15(ey p)-.1 H .868
 (rotecting the blob, and it is protected with either the passphrase, if)
-.15 F(pro)108 374.4 Q 1.414(vided, or the SHA1 constant)-.15 F F5
+.15 F(pro)108 386.4 Q 1.414(vided, or the SHA1 constant)-.15 F F5
 (CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)3.913 E F0 3.913(;t)C 1.413
 (he sec-)-3.913 F .379
-(ond represents the sealed object containing the wrapping k)108 386.4 R
+(ond represents the sealed object containing the wrapping k)108 398.4 R
 -.15(ey)-.1 G 2.879(,a)-.5 G .379
 (nd is protected with the SHA1 constant)-2.879 F F5
-(B9EE715DBE4B243FAA81EA04306E063710383E35)108 398.4 Q F0 6.721(.T)C
+(B9EE715DBE4B243FAA81EA04306E063710383E35)108 410.4 Q F0 6.721(.T)C
 1.721(here e)-6.721 F 1.721(xists no other user)-.15 F 1.72
 (-land tool for)-.2 F(decrypting this; perhaps there should be.)108
-410.4 Q(Finally)108 427.2 Q 12.005(,t)-.65 G 9.505(he equi)-12.005 F
+422.4 Q(Finally)108 439.2 Q 12.005(,t)-.65 G 9.505(he equi)-12.005 F
 -.25(va)-.25 G 9.505(lent of).25 F F2 9.505(zfs change-key)12.005 F
 <ad6f>17.172 E F5(keylocation=prompt)15.506 E F2<ad6f>17.172 E F5
-(keyformat=raw)108 439.2 Q F3(dataset)6.107 E F0 .107
+(keyformat=raw)108 451.2 Q F3(dataset)6.107 E F0 .107
 (is performed with the ne)2.607 F 2.606(wk)-.25 G -.15(ey)-2.706 G 5.106
 (.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .106
 (rror occurred, best ef)-2.606 F .106(fort is made)-.25 F
 (to clean up the properties, or to issue a note for manual interv)108
-451.2 Q(ention into the standard error stream.)-.15 E 4.055<418c>108 468
+463.2 Q(ention into the standard error stream.)-.15 E 4.055<418c>108 480
 S 1.555(nal v)-4.055 F 1.556(eri\214cation should be made by running)
 -.15 F F2 3.222(zfs-tpm1x-load-key \255n)4.056 F F3(dataset)7.556 E F0
 6.556(.I)C 4.056(ft)-6.556 G(hat)-4.056 E .729
-(command succeeds, all is well, b)108 480 R .729
+(command succeeds, all is well, b)108 492 R .729
 (ut otherwise the dataset can be manually rolled back to a passphrase)
--.2 F(with)108 492 Q F2(zfs-tpm1x-clear-key)5.146 E F3(dataset)8.646 E
+-.2 F(with)108 504 Q F2(zfs-tpm1x-clear-key)5.146 E F3(dataset)8.646 E
 F0(\(or)5.146 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
 2.646(ails to w)-.1 F(ork,)-.1 E F2 2.647(zfs change-key)5.147 F<ad6f>
-10.313 E F5(keyformat=passphrase)108 504 Q F3(dataset)6 E F0
+10.313 E F5(keyformat=passphrase)108 516 Q F3(dataset)6 E F0
 (\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F2(zfs-tpm1x-clear-key)108 520.8 Q F3(dataset)7.607 E F0 1.607
+F2(zfs-tpm1x-clear-key)108 532.8 Q F3(dataset)7.607 E F0 1.607
 (can be used to clear the properties and go back to using a)4.107 F
-(passphrase.)108 532.8 Q F1(OPTIONS)72 549.6 Q F2<ad62>109.666 561.6 Q
-F3(backup-file)6 E F0(Sa)203 561.6 Q .352 -.15(ve a b)-.2 H .052
+(passphrase.)108 544.8 Q F1(OPTIONS)72 561.6 Q F2<ad62>109.666 573.6 Q
+F3(backup-file)6 E F0(Sa)203 573.6 Q .352 -.15(ve a b)-.2 H .052
 (ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
 E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
-F .694(This back-up)203 573.6 R F4(must)3.194 E F0 .694
+F .694(This back-up)203 585.6 R F4(must)3.194 E F0 .694
 (be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
 (-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
-(nt,).15 E(the k)203 585.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)233 597.6 Q F3(dataset)6 E F5(<)6 E F3
-(backup-file)6 E F2<ad50>109.666 614.4 Q F3(PCR)6 E F0([)A F2(,)A F3
-(PCR)A F0 1.666(]...)C .638(Bind the k)203 614.4 R .939 -.15(ey t)-.1 H
+(nt,).15 E(the k)203 597.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 609.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 626.4 Q F3(PCR)6 E F0([)A F2(,)A F3
+(PCR)A F0 1.666(]...)C .638(Bind the k)203 626.4 R .939 -.15(ey t)-.1 H
 3.139(os).15 G .639(pace- or comma-separated)-3.139 F F3(PCR)3.139 E F0
 3.139(s\212i)C 3.139(ft)-3.139 G(he)-3.139 E 3.139(yc)-.15 G .639
-(hange, the wrap-)-3.139 F .463(ping k)203 626.4 R .763 -.15(ey w)-.1 H
+(hange, the wrap-)-3.139 F .463(ping k)203 638.4 R .763 -.15(ey w)-.1 H
 .463(ill not be able to be unsealed.).15 F .462
-(The minimum number of PCRs for a)5.462 F(PC TPM is)203 638.4 Q F1(24)
+(The minimum number of PCRs for a)5.462 F(PC TPM is)203 650.4 Q F1(24)
 2.5 E F0(\(numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0 2.5(]\). F)B
-(or most, this is also the maximum.)-.15 E F1(ENVIR)72 655.2 Q 1.666
-(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108 667.2 Q
-F0 .045(By def)133 679.2 R .045(ault, passphrases are prompted for and \
+(or most, this is also the maximum.)-.15 E F1(ENVIR)72 667.2 Q 1.666
+(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108 679.2 Q
+F0 .045(By def)133 691.2 R .045(ault, passphrases are prompted for and \
 read in on the standard output and input streams.)-.1 F(If)5.046 E F5
-(TZPFMS_PASSPHRASE_HELPER)133 691.2 Q F0 1.596(is set and nonempty)4.096
+(TZPFMS_PASSPHRASE_HELPER)133 703.2 Q F0 1.596(is set and nonempty)4.096
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F5
-(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 703.2 Q
+(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 715.2 Q
 (vide each passphrase, instead.)-.15 E .643
-(The standard output stream of the helper is tied to an anon)133 720 R
+(The standard output stream of the helper is tied to an anon)133 732 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
-133 732 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F5($1)143 744 Q F0
-(Pre-formatted noun phrase with all the information belo)160 744 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E(tzpfms 0.3.4-28-g7e4ea2c)72
+133 744 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E(tzpfms 0.3.4-28-g7e4ea2c)72
 817.889 Q(February 28, 2024)84.698 E(1)183.837 E 0 Cg EP
-%%Page: 2 4
+%%Page: 2 9
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF 36.913(ZFS-TPM1X-CHANGE-KEY\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 34.412(anual ZFS-TPM1X-CHANGE-KEY\(8\))
--2.5 F/F1 10/Courier@0 SF($2)143 84 Q F0
-(Either the dataset name or the element of the TPM hierarch)160 84 Q 2.5
-(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 96 Q F0("ne)160 96 Q
+-2.5 F/F1 10/Courier@0 SF($1)143 84 Q F0
+(Pre-formatted noun phrase with all the information belo)160 84 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F1($2)143 96 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 96 Q 2.5
+(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 108 Q F0("ne)160 108 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F1($4)143 108 Q F0("ag)160 108 Q(ain" if it')-.05 E 2.5(st)-.55 G
+-2.5 E F1($4)143 120 Q F0("ag)160 120 Q(ain" if it')-.05 E 2.5(st)-.55 G
 (he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 124.8 R 2.678(te)-.18 G .178
+(If the helper doesn')133 136.8 R 2.678(te)-.18 G .178
 (xist \(the shell e)-2.828 F .177(xits with)-.15 F/F2 10/Times-Bold@0 SF
 (127)2.677 E F0 .177(\), a diagnostic is issued and the normal prompt)B
-(is used as f)133 136.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
+(is used as f)133 148.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
 -.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F2
-1.666(TPM1.X back-end con\214guration)72 153.6 R .625(TPM selection)87
-165.6 R F0(The)108 177.6 Q/F3 10/Courier-Bold@0 SF(tzpfms)2.729 E F0
+1.666(TPM1.X back-end con\214guration)72 165.6 R .625(TPM selection)87
+177.6 R F0(The)108 189.6 Q/F3 10/Courier-Bold@0 SF(tzpfms)2.729 E F0
 .229(suite connects to a local)2.729 F F1(tcsd)2.73 E F0 .23
 (\(8\) process \(at)B F1(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
--2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 189.6 Q
+-2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 201.6 Q
 (vironment v)-.4 E(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .111(The T)108 206.4 R(rouSerS)
+(to specify a remote TCS hostname.)2.5 E .111(The T)108 218.4 R(rouSerS)
 -.35 E F1(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F1(/dev/tpm0)2.61
 E F0 2.61(,t)C(hen)-2.61 E F1(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
 F1(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
-218.4 S(ing one of the earlier ones with, for e).1 E
+230.4 S(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F2 .625
-(See also)87 235.2 R F0(The T)108 247.2 Q
+(See also)87 247.2 R F0(The T)108 259.2 Q
 (rouSerS project page at https://sourcefor)-.35 E
 (ge.net/projects/trousers.)-.18 E 4.415
-(The TPM 1.2 main speci\214cation inde)108 264 R 6.915(xa)-.15 G 6.915
+(The TPM 1.2 main speci\214cation inde)108 276 R 6.915(xa)-.15 G 6.915
 (th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
-(g/resource/tpm-main-)-.18 E(speci\214cation.)108 276 Q F2 1.666
-(SPECIAL THANKS)72 292.8 R F0 1.6 -.8(To a)108 304.8 T
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 288 Q F2 1.666
+(SPECIAL THANKS)72 304.8 R F0 1.6 -.8(To a)108 316.8 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F2<83>128 316.8 Q F0(ThePhD)7.5 E F2<83>128 328.8 Q F0
-(Embark Studios)7.5 E F2<83>128 340.8 Q F0(Jasper Bekk)7.5 E(ers)-.1 E
-F2<83>128 352.8 Q F0(EvModder)7.5 E F2(REPOR)72 369.6 Q 1.666(TING B)-.4
-F(UGS)-.1 E F0(https://todo.sr)108 381.6 Q(.ht/\001nabijaczle)-.55 E
-(weli/tzpfms)-.25 E F1(\001nabijaczleweli/tzpfms@lists.sr.ht)108 398.4 Q
+.15 E F2<83>128 328.8 Q F0(ThePhD)7.5 E F2<83>128 340.8 Q F0
+(Embark Studios)7.5 E F2<83>128 352.8 Q F0(Jasper Bekk)7.5 E(ers)-.1 E
+F2<83>128 364.8 Q F0(EvModder)7.5 E F2(REPOR)72 381.6 Q 1.666(TING B)-.4
+F(UGS)-.1 E F0(https://todo.sr)108 393.6 Q(.ht/\001nabijaczle)-.55 E
+(weli/tzpfms)-.25 E F1(\001nabijaczleweli/tzpfms@lists.sr.ht)108 410.4 Q
 F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
-(https://lists.sr)108 410.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
--.25 E F2 1.666(SEE ALSO)72 427.2 R F0
-(PCR allocations: https://wiki.archlinux.or)108 439.2 Q(g/title/T)-.18 E
+(https://lists.sr)108 422.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
+-.25 E F2 1.666(SEE ALSO)72 439.2 R F0
+(PCR allocations: https://wiki.archlinux.or)108 451.2 Q(g/title/T)-.18 E
 (rusted_Platform_Module#Accessing_PCR_re)-.35 E(gisters)-.15 E
-(and https://trustedcomputinggroup.or)108 451.2 Q
+(and https://trustedcomputinggroup.or)108 463.2 Q
 (g/wp-content/uploads/PC-)-.18 E(ClientSpeci\214c_Platform_Pro\214le_fo\
-r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 463.2 Q
-(able)-.8 E(1.)108 475.2 Q(tzpfms 0.3.4-28-g7e4ea2c)72 817.889 Q
+r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 475.2 Q
+(able)-.8 E(1.)108 487.2 Q(tzpfms 0.3.4-28-g7e4ea2c)72 817.889 Q
 (February 28, 2024)84.698 E(2)183.837 E 0 Cg EP
-%%Page: 1 5
+%%Page: 1 10
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -533,14 +906,14 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm1x-clear-key)108 96 Q F0 3.008<8a72>3.007 G -.25(ew)-3.008 G
 .508(rap ZFS dataset k).25 F .808 -.15(ey i)-.1 H 3.008(np).15 G(asssw)
 -3.008 E .508(ord and clear tzpfms TPM1.X meta-)-.1 F(data)108 108 Q F1
-(SYNOPSIS)72 124.8 Q F2(zfs-tpm-list)108 136.8 Q/F3 10/Courier-Oblique@0
-SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0(After v)108 165.6 Q
-(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G
-(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM1.X)
-2.5 E F0(:)A 5(1. performs)118 177.6 R 5.642(the equi)8.142 F -.25(va)
--.25 G 5.642(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.307 E
-/F4 10/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E F4
-(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
+(SYNOPSIS)72 124.8 Q F2(zfs-fido2-add-backup)108 136.8 Q/F3 10
+/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0
+(After v)108 165.6 Q(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E
+F1(TPM1.X)2.5 E F0(:)A 5(1. performs)118 177.6 R 5.642(the equi)8.142 F
+-.25(va)-.25 G 5.642(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>
+13.307 E/F4 10/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E
+F4(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
 201.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F4
 (xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A F0(,)A F4(key)
 14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
@@ -575,7 +948,7 @@ F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 504 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-28-g7e4ea2c)72 817.889 Q(December 4, 2022)84.703 E(1)
 183.842 E 0 Cg EP
-%%Page: 1 6
+%%Page: 1 11
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -584,13 +957,13 @@ BP
 (AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
 /Courier-Bold@0 SF(zfs-tpm1x-load-key)108 96 Q F0 2.5<8a6c>2.5 G
 (oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E F0(])A/F3
-10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 .191
-(After v)108 153.6 R(erifying)-.15 E F3(dataset)2.691 E F0 -.1(wa)2.691
-G 2.691(se).1 G .191(ncrypted with)-2.691 F F2(tzpfms)2.69 E F0(back)
-2.69 E(end)-.1 E F1(TPM1.X)2.69 E F0 .19(will unseal the k)2.69 F .49
--.15(ey a)-.1 H .19(nd load).15 F(it into)108 165.6 Q F3(dataset)2.5 E
-F0(.)A .236
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 .191(After v)108 153.6 R(erifying)-.15 E F3(dataset)2.691 E F0 -.1
+(wa)2.691 G 2.691(se).1 G .191(ncrypted with)-2.691 F F2(tzpfms)2.69 E
+F0(back)2.69 E(end)-.1 E F1(TPM1.X)2.69 E F0 .19(will unseal the k)2.69
+F .49 -.15(ey a)-.1 H .19(nd load).15 F(it into)108 165.6 Q F3(dataset)
+2.5 E F0(.)A .236
 (The user is \214rst prompted for the SRK passphrase, set when taking o)
 108 182.4 R .236(wnership, if not "well-kno)-.25 F .236(wn" \(all)-.25 F
 (zeroes\); then for the additional passphrase, set when creating the k)
@@ -655,7 +1028,7 @@ F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
 (https://lists.sr)108 696 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-28-g7e4ea2c)72 817.889 Q(December 4, 2022)84.703 E(1)
 183.842 E 0 Cg EP
-%%Page: 1 7
+%%Page: 1 12
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -664,132 +1037,132 @@ BP
 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm2-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5
 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne stored on the TPM)-2.5 E F1
-(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>
-1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>
--.834 E F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666
-(]...)C([)186 136.8 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)
-A F3(PCR)A F0 1.666(]...)C -3.332 1.666(]... [)-1.666 H F2<ad41>A F0(]])
-A F3(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0 1.676 -.8(To n)108 165.6
-T(ormalise).8 E F3(dataset)2.576 E F0(,)A F2(zfs-tpm-list)2.576 E F0
-.076(will open its encryption root in its stead.)2.576 F F2
-(zfs-tpm-list)5.077 E F0(will)108 177.6 Q/F4 10/Times-Italic@0 SF(ne)2.5
-E(ver)-.15 E F0(create or destro)2.5 E 2.5(ye)-.1 G
-(ncryption roots; use)-2.5 E/F5 10/Courier@0 SF(zfs-change-key)2.5 E F0
-(\(8\) for that.)A(First, a connection is made to the TPM, which)108
-194.4 Q F4(must)2.5 E F0(be TPM-2.0-compatible.)2.5 E(If)108 211.2 Q F3
-(dataset)3.055 E F0 -.1(wa)3.055 G 3.055(sp).1 G(re)-3.055 E .555
-(viously encrypted with)-.25 F F2(tzpfms)3.055 E F0 .555(and the)3.055 F
-F1(TPM2)3.055 E F0 .554(back-end w)3.054 F .554(as used, the pre)-.1 F
-(vious)-.25 E -.1(ke)108 223.2 S 3.059(yw)-.05 G .559
-(ill be freed from the TPM.)-3.059 F .56
-(Otherwise, or in case of an error)5.56 F 3.06(,d)-.4 G .56
-(ata required for manual interv)-3.06 F(en-)-.15 E
-(tion will be written to the standard error stream.)108 235.2 Q(Ne)108
-252 Q .295(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594
+(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2
+<ad62>1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2
+<ad50>-.834 E F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0
+1.666(]...)C([)234 136.8 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A
+F2(,)A F3(PCR)A F0 1.666(]...)C -3.332 1.666(]... [)-1.666 H F2<ad41>A
+F0(]])A F3(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0 4.319 -.8(To n)108
+165.6 T(ormalise).8 E F3(dataset)5.219 E F0(,)A F2(zfs-fido2-add-backup)
+5.219 E F0 2.72(will open its encryption root in its stead.)5.219 F F2
+(zfs-fido2-add-backup)108 177.6 Q F0(will)14.655 E/F4 10/Times-Italic@0
+SF(ne)14.655 E(ver)-.15 E F0 12.154(create or destro)14.655 F 14.654(ye)
+-.1 G 12.154(ncryption roots; use)-14.654 F/F5 10/Courier@0 SF
+(zfs-change-key)108 189.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 206.4 Q F4(must)2.5 E
+F0(be TPM-2.0-compatible.)2.5 E(If)108 223.2 Q F3(dataset)3.054 E F0 -.1
+(wa)3.054 G 3.054(sp).1 G(re)-3.054 E .554(viously encrypted with)-.25 F
+F2(tzpfms)3.055 E F0 .555(and the)3.055 F F1(TPM2)3.055 E F0 .555
+(back-end w)3.055 F .555(as used, the pre)-.1 F(vious)-.25 E -.1(ke)108
+235.2 S 3.06(yw)-.05 G .56(ill be freed from the TPM.)-3.06 F .56
+(Otherwise, or in case of an error)5.56 F 3.059(,d)-.4 G .559
+(ata required for manual interv)-3.059 F(en-)-.15 E
+(tion will be written to the standard error stream.)108 247.2 Q(Ne)108
+264 Q .294(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594
 -.15(ey i)-.1 H 2.794(sg).15 G .294
 (enerated on the TPM, optionally back)-2.794 F .294(ed up \(see)-.1 F F1
-(OPTIONS)2.794 E F0 .294(\), and sealed)B .588
-(to a persistent object on the TPM under the o)108 264 R .589
-(wner hierarch)-.25 F .589(y; if there is a passphrase set on the o)-.05
-F(wner)-.25 E(hierarch)108 276 Q 1.603 -.65(y, t)-.05 H .302
+(OPTIONS)2.794 E F0 .294(\), and sealed)B .589
+(to a persistent object on the TPM under the o)108 276 R .589
+(wner hierarch)-.25 F .588(y; if there is a passphrase set on the o)-.05
+F(wner)-.25 E(hierarch)108 288 Q 1.602 -.65(y, t)-.05 H .302
 (he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .302
 (ys prompted for an optional passphrase to protect).1 F
-(the sealed object with.)108 288 Q(The follo)108 304.8 Q
+(the sealed object with.)108 300 Q(The follo)108 316.8 Q
 (wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>128
-316.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>
-128 328.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
-(persistent-object-ID)A F0([)139 340.8 Q F2(;)A F3(algorithm)A F2(:)A F3
+328.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>
+128 340.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
+(persistent-object-ID)A F0([)139 352.8 Q F2(;)A F3(algorithm)A F2(:)A F3
 (PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3
 (algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C
-1.666(]...)-1.666 G(])-1.666 E F5(tzpfms.backend)108 357.6 Q F0 1.263
-(identi\214es this dataset for w)3.763 F 1.264(ork with)-.1 F F1(TPM2)
-3.764 E F0(-back-ended)A F2(tzpfms)3.764 E F0 1.264(tools \(namely)3.764
-F F5(zfs-tpm2-change-key)108 369.6 Q F0(\(8\),)A F5(zfs-tpm2-load-key)
+1.666(]...)-1.666 G(])-1.666 E F5(tzpfms.backend)108 369.6 Q F0 1.264
+(identi\214es this dataset for w)3.764 F 1.263(ork with)-.1 F F1(TPM2)
+3.763 E F0(-back-ended)A F2(tzpfms)3.763 E F0 1.263(tools \(namely)3.763
+F F5(zfs-tpm2-change-key)108 381.6 Q F0(\(8\),)A F5(zfs-tpm2-load-key)
 2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0(\(8\)\).)A F5
-(tzpfms.key)108 386.4 Q F0 1.509(is an inte)4.009 F 1.509
+(tzpfms.key)108 398.4 Q F0 1.508(is an inte)4.008 F 1.509
 (ger representing the sealed object, optionally follo)-.15 F 1.509
-(wed by a semicolon and)-.25 F .822(PCR list as speci\214ed with)108
-398.4 R F2<ad50>4.988 E F0 3.322(,n)C .822(ormalised to be)-3.322 F F2
-(tpm-tools)3.322 E F0 .823(-toolchain-compatible; if needed, it can)B
-.866(be passed to)108 410.4 R F2 2.532(tpm2_unseal \255c)3.366 F F5
+(wed by a semicolon and)-.25 F .823(PCR list as speci\214ed with)108
+410.4 R F2<ad50>4.988 E F0 3.322(,n)C .822(ormalised to be)-3.322 F F2
+(tpm-tools)3.322 E F0 .822(-toolchain-compatible; if needed, it can)B
+.865(be passed to)108 422.4 R F2 2.532(tpm2_unseal \255c)3.366 F F5
 (${tzpfms.key)6.866 E F2(%%)A F5(;)A/F6 10/Symbol SF(*)A F5(})A F0(with)
-3.366 E F2<ad70>5.032 E F0(")6.866 E F5(str:${passphrase})A F0 3.365("o)
-C(r)-3.365 E F2<ad70>109.666 422.4 Q F0(")6.727 E F5(pcr:${tzpfms.key)A
-F2(#)A F6(*)A F5(;})A F0 .727(", as the case may be, or equi)B -.25(va)
--.25 G .728(lent, for back-up \(see).25 F F1(OPTIONS)3.228 E F0(\).)A
-.448(If you ha)108 434.4 R .748 -.15(ve a s)-.2 H .448(ealed k).15 F
+3.366 E F2<ad70>5.032 E F0(")6.866 E F5(str:${passphrase})A F0 3.366("o)
+C(r)-3.366 E F2<ad70>109.666 434.4 Q F0(")6.728 E F5(pcr:${tzpfms.key)A
+F2(#)A F6(*)A F5(;})A F0 .728(", as the case may be, or equi)B -.25(va)
+-.25 G .727(lent, for back-up \(see).25 F F1(OPTIONS)3.227 E F0(\).)A
+.447(If you ha)108 446.4 R .747 -.15(ve a s)-.2 H .447(ealed k).15 F
 .748 -.15(ey y)-.1 H .448(ou can access with that or equi).15 F -.25(va)
--.25 G .447(lent tool and set both of these properties, it).25 F
-(will funxion seamlessly)108 446.4 Q(.)-.65 E(Finally)108 463.2 Q 12.005
-(,t)-.65 G 9.505(he equi)-12.005 F -.25(va)-.25 G 9.505(lent of).25 F F2
-9.505(zfs change-key)12.005 F<ad6f>17.172 E F5(keylocation=prompt)15.506
-E F2<ad6f>17.172 E F5(keyformat=raw)108 475.2 Q F3(dataset)6.107 E F0
-.107(is performed with the ne)2.607 F 2.606(wk)-.25 G -.15(ey)-2.706 G
-5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .106
-(rror occurred, best ef)-2.606 F .106(fort is made)-.25 F .289(to clean\
+-.25 G .448(lent tool and set both of these properties, it).25 F
+(will funxion seamlessly)108 458.4 Q(.)-.65 E(Finally)108 475.2 Q 12.006
+(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506(lent of).25 F F2
+9.505(zfs change-key)12.005 F<ad6f>17.171 E F5(keylocation=prompt)15.505
+E F2<ad6f>17.171 E F5(keyformat=raw)108 487.2 Q F3(dataset)6.106 E F0
+.106(is performed with the ne)2.606 F 2.606(wk)-.25 G -.15(ey)-2.706 G
+5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .107
+(rror occurred, best ef)-2.606 F .107(fort is made)-.25 F .289(to clean\
  up the persistent object and properties, or to issue a note for manual\
- interv)108 487.2 R .29(ention into the stan-)-.15 F(dard error stream.)
-108 499.2 Q 2.625<418c>108 516 S .125(nal v)-2.625 F .125
-(eri\214cation should be made by running)-.15 F F2 1.79
-(zfs-tpm2-load-key \255n)2.624 F F3(dataset)6.124 E F0 5.124(.I)C 2.624
-(ft)-5.124 G .124(hat com-)-2.624 F .506(mand succeeds, all is well, b)
-108 528 R .506(ut otherwise the dataset can be manually rolled back to \
-a passphrase with)-.2 F F2(zfs-tpm2-clear-key)108 540 Q F3(dataset)
-11.539 E F0(\(or)8.039 E 8.039(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)
+ interv)108 499.2 R .289(ention into the stan-)-.15 F
+(dard error stream.)108 511.2 Q 2.624<418c>108 528 S .124(nal v)-2.624 F
+.124(eri\214cation should be made by running)-.15 F F2 1.791
+(zfs-tpm2-load-key \255n)2.625 F F3(dataset)6.125 E F0 5.125(.I)C 2.625
+(ft)-5.125 G .125(hat com-)-2.625 F .507(mand succeeds, all is well, b)
+108 540 R .506(ut otherwise the dataset can be manually rolled back to \
+a passphrase with)-.2 F F2(zfs-tpm2-clear-key)108 552 Q F3(dataset)
+11.538 E F0(\(or)8.039 E 8.039(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)
 -8.039 F 5.539(ails to w)-.1 F(ork,)-.1 E F2 5.539(zfs change-key)8.039
-F<ad6f>13.204 E F5(keyformat=passphrase)108 552 Q F3(dataset)6 E F0
+F<ad6f>13.205 E F5(keyformat=passphrase)108 564 Q F3(dataset)6 E F0
 (\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F2(zfs-tpm2-clear-key)108 568.8 Q F3(dataset)6.029 E F0 .029
+F2(zfs-tpm2-clear-key)108 580.8 Q F3(dataset)6.029 E F0 .029
 (can be used to free the TPM persistent object and go back to us-)2.529
-F(ing a passphrase.)108 580.8 Q F1(OPTIONS)72 597.6 Q F2<ad62>109.666
-609.6 Q F3(backup-file)6 E F0(Sa)203 609.6 Q .353 -.15(ve a b)-.2 H .052
+F(ing a passphrase.)108 592.8 Q F1(OPTIONS)72 609.6 Q F2<ad62>109.666
+621.6 Q F3(backup-file)6 E F0(Sa)203 621.6 Q .352 -.15(ve a b)-.2 H .052
 (ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
-E F0 2.552(,w)C .052(hich must not e)-2.552 F .052(xist beforehand.)-.15
-F .693(This back-up)203 621.6 R F4(must)3.193 E F0 .694
-(be stored securely)3.193 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
-(-site. In).25 F .694(case of a catastrophic e)3.194 F -.15(ve)-.25 G
-(nt,).15 E(the k)203 633.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)233 645.6 Q F3(dataset)6 E F5(<)6 E F3
-(backup-file)6 E F2<ad50>109.666 662.4 Q F3(algorithm)6 E F2(:)A F3(PCR)
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
+F .694(This back-up)203 633.6 R F4(must)3.194 E F0 .694
+(be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 645.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 657.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 674.4 Q F3(algorithm)6 E F2(:)A F3(PCR)
 A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)
 A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)
--1.666 G 1.425(Bind the k)203 674.4 R 1.725 -.15(ey t)-.1 H 3.925(os).15
-G 1.425(pace- or comma-separated)-3.925 F F3(PCR)3.924 E F0 3.924(sw)C
-1.424(ithin their corresponding)-3.924 F(hashing)203 686.4 Q F3
-(algorithm)2.523 E F0 2.523<8a69>2.523 G 2.523(ft)-2.523 G(he)-2.523 E
+-1.666 G 1.424(Bind the k)203 686.4 R 1.724 -.15(ey t)-.1 H 3.924(os).15
+G 1.424(pace- or comma-separated)-3.924 F F3(PCR)3.925 E F0 3.925(sw)C
+1.425(ithin their corresponding)-3.925 F(hashing)203 698.4 Q F3
+(algorithm)2.524 E F0 2.524<8a69>2.524 G 2.523(ft)-2.524 G(he)-2.523 E
 2.523(yc)-.15 G .023(hange, the wrapping k)-2.523 F .323 -.15(ey w)-.1 H
-.024(ill not be able to be).15 F 2.5(unsealed. There)203 698.4 R(are)2.5
+.023(ill not be able to be).15 F 2.5(unsealed. There)203 710.4 R(are)2.5
 E F1(24)2.5 E F0(PCRs, numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0(].)
-A F3(algorithm)203 715.2 Q F0 2.968(may be an)5.469 F 5.468(yo)-.15 G
+A F3(algorithm)203 727.2 Q F0 2.968(may be an)5.468 F 5.468(yo)-.15 G
 5.468(fc)-5.468 G(ase-insensiti)-5.468 E 3.268 -.15(ve ")-.25 H F1(sha1)
-.15 E F0 2.968(", ")B F1(sha256)A F0 2.968(", ")B F1(sha384)A F0(",)A(")
-203 727.2 Q F1(sha512)A F0 4.983(", ")B F1(sm3_256)A F0 4.983(", ")B F1
+.15 E F0 2.968(", ")B F1(sha256)A F0 2.969(", ")B F1(sha384)A F0(",)A(")
+203 739.2 Q F1(sha512)A F0 4.983(", ")B F1(sm3_256)A F0 4.983(", ")B F1
 (sm3-256)A F0 4.983(", ")B F1(sha3_256)A F0 4.983(", ")B F1(sha3-256)A
-F0 4.983(", ")B F1(sha3_384)A F0(",)A(")203 739.2 Q F1(sha3-384)A F0
+F0 4.983(", ")B F1(sha3_384)A F0(",)A(")203 751.2 Q F1(sha3-384)A F0
 (", ")A F1(sha3_512)A F0(", or ")A F1(sha3-512)A F0
 (", and must be supported by the TPM.)A(tzpfms 0.3.4-28-g7e4ea2c)72
 817.889 Q(February 28, 2024)84.698 E(1)183.837 E 0 Cg EP
-%%Page: 2 8
+%%Page: 2 13
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF 44.133(ZFS-TPM2-CHANGE-KEY\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 41.632(anual ZFS-TPM2-CHANGE-KEY\(8\))-2.5
 F/F1 10/Courier-Bold@0 SF<ad41>109.666 84 Q F0 -.4(Wi)203 84 S(th).4 E
-F1<ad50>4.589 E F0 2.923(,a)C .422(lso prompt for a passphrase.)-2.923 F
-.422(This is skipped by def)5.422 F .422(ault because the)-.1 F .675
+F1<ad50>4.588 E F0 2.922(,a)C .422(lso prompt for a passphrase.)-2.922 F
+.422(This is skipped by def)5.422 F .423(ault because the)-.1 F .675
 (passphrase is)203 96 R/F2 10/Times-Italic@0 SF(OR)3.175 E F0 .675
 (ed with the PCR polic)B 3.175(y\212t)-.15 G .675(he wrapping k)-3.175 F
 .975 -.15(ey c)-.1 H .675(an be unsealed).15 F F2(either)203 108 Q F0
-1.39(passphraseless with the right PCRs)3.89 F F2(or)3.89 E F0 1.389
+1.389(passphraseless with the right PCRs)3.889 F F2(or)3.89 E F0 1.39
 (with the passphrase, and this is)3.89 F(usually not the intent.)203 120
 Q/F3 10/Times-Bold@0 SF(ENVIR)72 136.8 Q 1.666(ONMENT V)-.3 F(ARIABLES)
--1.35 E/F4 10/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)108 148.8 Q F0 .045
+-1.35 E/F4 10/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)108 148.8 Q F0 .046
 (By def)133 160.8 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.046 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 172.8 Q F0 1.596(is set and nonempty)4.096
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 172.8 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
-(/bin/)4.095 E F1 3.261(sh \255c)B F0(to)4.095 E(pro)133 184.8 Q
+(/bin/)4.096 E F1 3.262(sh \255c)B F0(to)4.096 E(pro)133 184.8 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 201.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -802,10 +1175,10 @@ F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
 249.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
 (assphrase, otherwise blank)-2.5 E F4($4)143 261.6 Q F0("ag)160 261.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 278.4 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F3(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 278.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F3(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 290.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F3 1.666
 (TPM2 back-end con\214guration)72 307.2 R(En)87 319.2 Q(vir)-.4 E .625
@@ -814,13 +1187,13 @@ Q 2.5(yo)-.15 G(f:)-2.5 E F3(NONE)2.5 E F0(,)A F3(ERR)2.5 E(OR)-.3 E F0
 (,)A F3 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F3(INFO)2.5 E F0(,)A F3(DEB)2.5
 E(UG)-.1 E F0(,)A F3(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E
 F3 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F3 .625(TPM selection)87 348 R F0
-.621(The library)108 360 R F1(libtss2-tcti-default.so)3.121 E F0 .621
-(can be link)3.121 F .621(ed to an)-.1 F 3.122(yo)-.15 G 3.122(ft)-3.122
-G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
-(li-)3.122 E .781(braries to select the def)108 372 R .781
-(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4
-(/dev/tpm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4(localhost:2321)3.28 E F0
-(will be tried, in order \(see)108 384 Q F4(ESYS_CONTEXT)2.5 E F0
+.622(The library)108 360 R F1(libtss2-tcti-default.so)3.122 E F0 .622
+(can be link)3.122 F .621(ed to an)-.1 F 3.121(yo)-.15 G 3.121(ft)-3.121
+G(he)-3.121 E F4(libtss2-tcti-)3.121 E/F5 10/Symbol SF(*)A F4(.so)A F0
+(li-)3.121 E .78(braries to select the def)108 372 R .78
+(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.281 E F0 3.281(,t)C(hen)-3.281 E
+F4(/dev/tpm0)3.281 E F0 3.281(,t)C(hen)-3.281 E F4(localhost:2321)3.281
+E F0(will be tried, in order \(see)108 384 Q F4(ESYS_CONTEXT)2.5 E F0
 (\(3\)\).)A F3 .625(See also)87 400.8 R F0 2.247
 (The tpm2-tss git repository at https://github)108 412.8 R
 (.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1 F
@@ -837,7 +1210,7 @@ G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
 F3<83>128 542.4 Q F0(EvModder)7.5 E F3(REPOR)72 559.2 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 571.2 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 588 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 600 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E F3 1.666(SEE ALSO)72 616.8 R F4(tpm2_unseal)108 628.8 Q F0(\(1\))A
 (PCR allocations: https://wiki.archlinux.or)108 645.6 Q(g/title/T)-.18 E
@@ -847,7 +1220,7 @@ E F3 1.666(SEE ALSO)72 616.8 R F4(tpm2_unseal)108 628.8 Q F0(\(1\))A
 r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 669.6 Q
 (able)-.8 E(1.)108 681.6 Q(tzpfms 0.3.4-28-g7e4ea2c)72 817.889 Q
 (February 28, 2024)84.698 E(2)183.837 E 0 Cg EP
-%%Page: 1 9
+%%Page: 1 14
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -857,13 +1230,13 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm2-clear-key)108 96 Q F0 2.5<8a72>2.5 G -.25(ew)-2.5 G
 (rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G(asssw)-2.5 E
 (ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72 112.8 Q F2
-(zfs-tpm-list)108 124.8 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1
-(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q(erifying)-.15 E F3
+(zfs-fido2-add-backup)108 124.8 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5
+E F1(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q(erifying)-.15 E F3
 (dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2
 (tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 5
-(1. performs)118 165.6 R 5.641(the equi)8.141 F -.25(va)-.25 G 5.641
-(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.308 E/F4 10
-/Courier@0 SF(keylocation=prompt)11.642 E F2<ad6f>13.308 E F4
+(1. performs)118 165.6 R 5.642(the equi)8.142 F -.25(va)-.25 G 5.642
+(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.307 E/F4 10
+/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E F4
 (keyformat=passphrase)133 177.6 Q F3(dataset)6 E F0(,)A 5(2. frees)118
 189.6 R(the sealed k)2.5 E .3 -.15(ey p)-.1 H(re).15 E
 (viously used to encrypt)-.25 E F3(dataset)2.5 E F0(,)A 5(3. remo)118
@@ -872,12 +1245,12 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
 213.6 Q F0(.)A(See)108 230.4 Q F4(zfs-tpm2-change-key)2.5 E F0
 (\(8\) for a detailed description.)A F1(ENVIR)72 247.2 Q 1.666(ONMENT V)
--.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 259.2 Q F0 .045
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 259.2 Q F0 .046
 (By def)133 271.2 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.046 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F0 1.596(is set and nonempty)4.096
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
-(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 295.2 Q
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 295.2 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 312 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -889,10 +1262,10 @@ F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
 2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 360 Q F0("ne)160 360 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
 -2.5 E F4($4)143 372 Q F0("ag)160 372 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 388.8 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F1(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 388.8 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 400.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM2 back-end con\214guration)72 417.6 R(En)87 429.6 Q(vir)-.4 E .625
@@ -901,13 +1274,13 @@ Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0
 (,)A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5
 E(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E
 F1 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)87 458.4 R F0
-.621(The library)108 470.4 R F2(libtss2-tcti-default.so)3.121 E F0 .621
-(can be link)3.121 F .621(ed to an)-.1 F 3.122(yo)-.15 G 3.122(ft)-3.122
-G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
-(li-)3.122 E .781(braries to select the def)108 482.4 R .781
-(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4
-(/dev/tpm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4(localhost:2321)3.28 E F0
-(will be tried, in order \(see)108 494.4 Q F4(ESYS_CONTEXT)2.5 E F0
+.622(The library)108 470.4 R F2(libtss2-tcti-default.so)3.122 E F0 .622
+(can be link)3.122 F .621(ed to an)-.1 F 3.121(yo)-.15 G 3.121(ft)-3.121
+G(he)-3.121 E F4(libtss2-tcti-)3.121 E/F5 10/Symbol SF(*)A F4(.so)A F0
+(li-)3.121 E .78(braries to select the def)108 482.4 R .78
+(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.281 E F0 3.281(,t)C(hen)-3.281 E
+F4(/dev/tpm0)3.281 E F0 3.281(,t)C(hen)-3.281 E F4(localhost:2321)3.281
+E F0(will be tried, in order \(see)108 494.4 Q F4(ESYS_CONTEXT)2.5 E F0
 (\(3\)\).)A F1 .625(See also)87 511.2 R F0 2.247
 (The tpm2-tss git repository at https://github)108 523.2 R
 (.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1 F
@@ -924,11 +1297,11 @@ G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
 F1<83>128 652.8 Q F0(EvModder)7.5 E F1(REPOR)72 669.6 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 681.6 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 698.4 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 710.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
 -.25 E(tzpfms 0.3.4-28-g7e4ea2c)72 817.889 Q(December 4, 2022)84.703 E
 (1)183.842 E 0 Cg EP
-%%Page: 1 10
+%%Page: 1 15
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -937,28 +1310,28 @@ BP
 (AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
 /Courier-Bold@0 SF(zfs-tpm2-load-key)108 96 Q F0 2.5<8a6c>2.5 G
 (oad TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E F0(])A/F3
-10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 .864
-(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.364 E F0 -.1(wa)3.364
-G 3.364(se).1 G .864(ncrypted with)-3.364 F F2(tzpfms)3.365 E F0(back)
-3.365 E(end)-.1 E F1(TPM2)3.365 E F0 3.365(,u)C .865(nseals the k)-3.365
-F 1.165 -.15(ey a)-.1 H .865(nd loads it).15 F(into)108 165.6 Q F3
-(dataset)2.5 E F0(.)A(The user is prompted for the additional passphras\
-e, set when creating the k)108 182.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5
-(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q/F4 10/Courier@0 SF
-(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
-(OPTIONS)72 216 Q F2<ad6e>109.666 228 Q F0 3.208
-(Do a no-op/dry run, can be used e)131 228 R -.15(ve)-.25 G 5.708(ni).15
-G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)-.1 H 5.708(sa)
-.15 G 3.208(lready loaded.)-5.708 F(Equi)8.207 E -.25(va)-.25 G 3.207
-(lent to).25 F F2(zfs)5.707 E(load-key)131 240 Q F0 -.55('s)C F2<ad6e>
-4.716 E F0(option.)2.5 E F1(ENVIR)72 256.8 Q 1.666(ONMENT V)-.3 F
-(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 268.8 Q F0 .045
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 .865(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.365 E F0 -.1
+(wa)3.365 G 3.365(se).1 G .865(ncrypted with)-3.365 F F2(tzpfms)3.365 E
+F0(back)3.365 E(end)-.1 E F1(TPM2)3.365 E F0 3.365(,u)C .864
+(nseals the k)-3.365 F 1.164 -.15(ey a)-.1 H .864(nd loads it).15 F
+(into)108 165.6 Q F3(dataset)2.5 E F0(.)A(The user is prompted for the \
+additional passphrase, set when creating the k)108 182.4 Q -.15(ey)-.1 G
+2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q/F4
+10/Courier@0 SF(zfs-tpm2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(OPTIONS)72 216 Q F2<ad6e>109.666
+228 Q F0 3.208(Do a no-op/dry run, can be used e)131 228 R -.15(ve)-.25
+G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)
+-.1 H 5.708(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.208 E -.25(va)
+-.25 G 3.208(lent to).25 F F2(zfs)5.708 E(load-key)131 240 Q F0 -.55('s)
+C F2<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 256.8 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 268.8 Q F0 .046
 (By def)133 280.8 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.046 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F0 1.596(is set and nonempty)4.096
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
-(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 304.8 Q
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 304.8 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 321.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -971,23 +1344,23 @@ F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
 369.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
 (assphrase, otherwise blank)-2.5 E F4($4)143 381.6 Q F0("ag)160 381.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 398.4 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F1(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 398.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 410.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM1.X back-end con\214guration)72 427.2 R .625(TPM selection)87 439.2
-R F0(The)108 451.2 Q F2(tzpfms)2.729 E F0 .229
-(suite connects to a local)2.729 F F4(tcsd)2.73 E F0 .23
-(\(8\) process \(at)B F4(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
--2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 463.2 Q
-(vironment v)-.4 E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .111(The T)108 480 R(rouSerS)
--.35 E F4(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F4(/dev/tpm0)2.61
-E F0 2.61(,t)C(hen)-2.61 E F4(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
-F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
-492 S(ing one of the earlier ones with, for e).1 E
+R F0(The)108 451.2 Q F2(tzpfms)2.73 E F0 .23(suite connects to a local)
+2.73 F F4(tcsd)2.73 E F0 .23(\(8\) process \(at)B F4(localhost:30003)
+2.729 E F0 2.729(\)b)C 2.729(yd)-2.729 G(ef)-2.729 E 2.729(ault. Use)-.1
+F(the)2.729 E(en)108 463.2 Q(vironment v)-.4 E(ariable)-.25 E F4
+(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .11
+(The T)108 480 R(rouSerS)-.35 E F4(tcsd)2.61 E F0 .11
+(\(8\) daemon will try)B F4(/dev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E F4
+(/udev/tpm0)2.611 E F0 2.611(,t)C(hen)-2.611 E F4(/dev/tpm)2.611 E F0
+2.611(;b)C 2.611(yo)-2.611 G(ccu-)-2.611 E -.1(py)108 492 S
+(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F1 .625
 (See also)87 508.8 R F0(The T)108 520.8 Q
 (rouSerS project page at https://sourcefor)-.35 E
@@ -1002,7 +1375,7 @@ F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
 F1<83>128 626.4 Q F0(EvModder)7.5 E F1(REPOR)72 643.2 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 655.2 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 672 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 684 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-28-g7e4ea2c)72 817.889 Q(December 4, 2022)84.703 E(1)
 183.842 E 0 Cg EP
diff --git a/zfs-fido2-add-backup.8 b/zfs-fido2-add-backup.8
new file mode 100644
index 0000000..08a80cb
--- /dev/null
+++ b/zfs-fido2-add-backup.8
@@ -0,0 +1,125 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 29, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-ADD-BACKUP 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-add-backup
+.Nd allow another FIDO2 device to unlock ZFS dataset
+.Sh SYNOPSIS
+.Nm
+.Ar dataset
+.
+.Sh DESCRIPTION
+After
+.Xr zfs-fido2-change-key 8
+derives the key for a dataset from a FIDO2 device,
+.Nm
+may be executed to extend this to any number of additional devices.
+.Pp
+First, the wrapping key is extracted as normally during
+.Xr zfs-fido2-load-key 8 ,
+then a credential is made as-if during
+.Xr zfs-fido2-change-key 8
+(except the "primary" device and all the ones holding backups are excluded from the search);
+however, the
+.Ql hmac-secret
+is instead used as a symmetric AES-256-GCM
+.Pq Xr EVP_CIPHER-AES 7ssl
+key to encrypt the wrapping key directly with a random IV.
+.Pp
+This turns the
+.Li xyz.nabijaczleweli:tzpfms.key
+variable into
+.br
+.Ar salt Ns Cm :\:\& Ns Ar credential-ID Ns Cm :\:\& Ns Ar credential-public-key Ns Oo Cm \&. Ns Ar backup-salt Ns Cm :\:\& Ns Ar backup-credential-ID Ns Cm :\:\& Ns Ar backup-credential-public-key Ns Cm :\:\& Ns Ar IV Ns Cm :\:\& Ns Ar encrypted-key Oc Ns …
+.Pp
+.Li tzpfms.key
+is actually a dot-separated list of device bundles.
+The first one is as-described in
+.Xr zfs-fido2-change-key 8 .
+Subsequent ones also include (identically-encoded) IVs and encrypted blobs.
+.Pp
+.Xr zfs-fido2-load-key 8
+shops assertions around devices in a device-major order \(em
+depending on device numbering, a backup may be loaded even if the primary device is present.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-add-backup.8.html b/zfs-fido2-add-backup.8.html
new file mode 100644
index 0000000..e6d3444
--- /dev/null
+++ b/zfs-fido2-add-backup.8.html
@@ -0,0 +1,153 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-ADD-BACKUP(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-ADD-BACKUP(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-ADD-BACKUP(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-add-backup</code> &#x2014;
+    <span class="Nd">allow another FIDO2 device to unlock ZFS dataset</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-add-backup</code></td>
+    <td><var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    derives the key for a dataset from a FIDO2 device,
+    <code class="Nm">zfs-fido2-add-backup</code> may be executed to extend this
+    to any number of additional devices.</p>
+<p class="Pp">First, the wrapping key is extracted as normally during
+    <a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>,
+    then a credential is made as-if during
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    (except the &quot;primary&quot; device and all the ones holding backups are
+    excluded from the search); however, the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; is instead used as a
+    symmetric AES-256-GCM
+    (<a class="Xr" href="https://manpages.debian.org/bookworm/EVP_CIPHER-AES.7ssl">EVP_CIPHER-AES(7ssl)</a>)
+    key to encrypt the wrapping key directly with a random IV.</p>
+<p class="Pp">This turns the
+    <code class="Li">xyz.nabijaczleweli:tzpfms.key</code> variable into
+  <br/>
+  <var class="Ar">salt</var><code class="Cm">:</code><var class="Ar">credential-ID</var><code class="Cm">:</code><var class="Ar">credential-public-key</var>[<code class="Cm">.</code><var class="Ar">backup-salt</var><code class="Cm">:</code><var class="Ar">backup-credential-ID</var><code class="Cm">:</code><var class="Ar">backup-credential-public-key</var><code class="Cm">:</code><var class="Ar">IV</var><code class="Cm">:</code><var class="Ar">encrypted-key</var>]&#x2026;</p>
+<p class="Pp"><code class="Li">tzpfms.key</code> is actually a dot-separated
+    list of device bundles. The first one is as-described in
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>.
+    Subsequent ones also include (identically-encoded) IVs and encrypted
+  blobs.</p>
+<p class="Pp"><a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>
+    shops assertions around devices in a device-major order &#x2014; depending
+    on device numbering, a backup may be loaded even if the primary device is
+    present.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 29, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-change-key.8 b/zfs-fido2-change-key.8
new file mode 100644
index 0000000..8238eba
--- /dev/null
+++ b/zfs-fido2-change-key.8
@@ -0,0 +1,188 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd March  4, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-CHANGE-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-change-key
+.Nd change ZFS dataset key to one authenticated by a FIDO2 device
+.Sh SYNOPSIS
+.Nm
+.Op Fl b Ar backup-file
+.Ar dataset
+.
+.Sh DESCRIPTION
+To normalise the
+.Ar dataset ,
+.Nm
+will open its encryption root in its stead.
+.Nm
+will
+.Em never
+create or destroy encryption roots; use
+.Xr zfs-change-key 8
+for that.
+.Pp
+First, a connection is made to the FIDO2 device, which
+.Em must
+support the
+.Ql hmac-secret
+extension.
+.Pp
+If
+.Ar dataset
+was previously encrypted with
+.Nm fzifdso
+and the
+.Sy FIDO2
+back-end was used, previous credentials will be deleted from their devices (as-if via
+.Xr zfs-fido2-clear-key 8 ) ,
+if available.
+Otherwise, or in case of an error, data required for manual intervention will be written to the standard error stream.
+.Pp
+Next, a new credential of type ES256 is generated on the device (with relying party ID
+.Li fzifdso
+and name equal to the dataset name)
+with the
+.Ql hmac-secret
+extension requested; the device PIN, if any, is prompted for here.
+This mimicks a WebAuthn registration step.
+.Pp
+Then, the credential is asserted with a 32-byte random salt,
+which hashes it with device-private data, and thus generates the wrapping key
+.Pq which is optionally backed up Pq see Sx OPTIONS .
+This mimicks a WebAuthn login step.
+.Pp
+The following properties are set on
+.Ar dataset :
+.Bl -bullet -compact -offset 4n -width "@"
+.It
+.Li xyz.nabijaczleweli:tzpfms.backend Ns = Ns Sy FIDO2
+.It
+.Li xyz.nabijaczleweli:tzpfms.key Ns = Ns Ar salt Ns Cm :\:\& Ns Ar credential-ID Ns Cm :\:\& Ns Ar credential-public-key Ns Oo Cm \&. Ns … Oc Ns …
+.El
+.Pp
+.Li tzpfms.backend
+identifies this dataset for work with
+.Sy FIDO2 Ns -back-ended
+.Nm tzpfms
+tools
+.Pq i.e. Nm fzifdso Xr zfs-fido2-change-key 8 , Xr zfs-fido2-load-key 8 , Xr zfs-fido2-add-backup 8 , and Xr zfs-fido2-clear-key 8 .
+.Pp
+.Li tzpfms.key
+is a colon-separated tuple of unpadded URL-safe base64 blobs;
+the first one is the random salt;
+the second represents the ID of created credential,
+and the third \(en its public key.
+There exists no other user-land tool for deciphering this; perhaps there should be.
+.\"" TODO: make an LD_PRELOADable for extracting the key maybe?
+.Pp
+Finally, the equivalent of
+.Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=raw Ar dataset
+is performed with the new key.
+If an error occurred, best effort is made to clean up the properties,
+or to issue a note for manual intervention into the standard error stream.
+.Pp
+A final verification should be made by running
+.Nm zfs-fido2-load-key Fl n Ar dataset .
+If that command succeeds, all is well,
+but otherwise the dataset can be manually rolled back to a passphrase with
+.Nm zfs-fido2-clear-key Ar dataset
+.Pq or, if that fails to work, Nm zfs Cm change-key Fl o Li keyformat=passphrase Ar dataset ,
+and you are hereby asked to report a bug, please.
+.Pp
+.Nm zfs-fido2-clear-key Ar dataset
+can be used to clear the properties and go back to using a passphrase.
+.
+.Sh OPTIONS
+.Bl -tag -compact -width ".Fl b Ar backup-file"
+.It Fl b Ar backup-file
+Save a back-up of the key to
+.Ar backup-file ,
+which must not exist beforehand.
+This back-up
+.Em must
+be stored securely, off-site.
+In case of a catastrophic event, the key can be loaded by running
+.Dl Nm zfs Cm load-key Ar dataset Li < Ar backup-file
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-change-key.8.html b/zfs-fido2-change-key.8.html
new file mode 100644
index 0000000..8cd7f1a
--- /dev/null
+++ b/zfs-fido2-change-key.8.html
@@ -0,0 +1,207 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-CHANGE-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-CHANGE-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-CHANGE-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-change-key</code> &#x2014;
+    <span class="Nd">change ZFS dataset key to one authenticated by a FIDO2
+    device</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-change-key</code></td>
+    <td>[<code class="Fl">-b</code> <var class="Ar">backup-file</var>]
+      <var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">To normalise the <var class="Ar">dataset</var>,
+    <code class="Nm">zfs-fido2-change-key</code> will open its encryption root
+    in its stead. <code class="Nm">zfs-fido2-change-key</code> will
+    <a class="permalink" href="#never"><i class="Em" id="never">never</i></a>
+    create or destroy encryption roots; use
+    <a class="Xr" href="https://manpages.debian.org/bookworm/zfs-change-key.8">zfs-change-key(8)</a>
+    for that.</p>
+<p class="Pp">First, a connection is made to the FIDO2 device, which
+    <i class="Em">must</i> support the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension.</p>
+<p class="Pp">If <var class="Ar">dataset</var> was previously encrypted with
+    <code class="Nm">fzifdso</code> and the <b class="Sy">FIDO2</b> back-end was
+    used, previous credentials will be deleted from their devices (as-if via
+    <a class="Xr" href="zfs-fido2-clear-key.8.html">zfs-fido2-clear-key(8)</a>),
+    if available. Otherwise, or in case of an error, data required for manual
+    intervention will be written to the standard error stream.</p>
+<p class="Pp">Next, a new credential of type ES256 is generated on the device
+    (with relying party ID <code class="Li">fzifdso</code> and name equal to the
+    dataset name) with the &#x2018;<code class="Li">hmac-secret</code>&#x2019;
+    extension requested; the device PIN, if any, is prompted for here. This
+    mimicks a WebAuthn registration step.</p>
+<p class="Pp">Then, the credential is asserted with a 32-byte random salt, which
+    hashes it with device-private data, and thus generates the wrapping key
+    (which is optionally backed up (see
+    <a class="Sx" href="#OPTIONS">OPTIONS</a>)). This mimicks a WebAuthn login
+    step.</p>
+<p class="Pp">The following properties are set on
+  <var class="Ar">dataset</var>:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li id="xyz.nabijaczleweli:tzpfms.backend"><a class="permalink" href="#xyz.nabijaczleweli:tzpfms.backend"><code class="Li">xyz.nabijaczleweli:tzpfms.backend</code></a>=<b class="Sy">FIDO2</b></li>
+  <li id="xyz.nabijaczleweli:tzpfms.key"><a class="permalink" href="#xyz.nabijaczleweli:tzpfms.key"><code class="Li">xyz.nabijaczleweli:tzpfms.key</code></a>=<var class="Ar">salt</var><code class="Cm">:</code><var class="Ar">credential-ID</var><code class="Cm">:</code><var class="Ar">credential-public-key</var>[<code class="Cm">.</code>&#x2026;]&#x2026;</li>
+</ul>
+<p class="Pp"><code class="Li">tzpfms.backend</code> identifies this dataset for
+    work with <b class="Sy">FIDO2</b>-back-ended <code class="Nm">tzpfms</code>
+    tools (i.e. <code class="Nm">fzifdso</code>
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>,
+    <a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>,
+    <a class="Xr" href="zfs-fido2-add-backup.8.html">zfs-fido2-add-backup(8)</a>,
+    and
+    <a class="Xr" href="zfs-fido2-clear-key.8.html">zfs-fido2-clear-key(8)</a>).</p>
+<p class="Pp"><code class="Li">tzpfms.key</code> is a colon-separated tuple of
+    unpadded URL-safe base64 blobs; the first one is the random salt; the second
+    represents the ID of created credential, and the third &#x2013; its public
+    key. There exists no other user-land tool for deciphering this; perhaps
+    there should be.</p>
+<p class="Pp">Finally, the equivalent of <code class="Nm">zfs</code>
+    <code class="Cm">change-key</code> <code class="Fl">-o</code>
+    <code class="Li">keylocation=prompt</code> <code class="Fl">-o</code>
+    <code class="Li">keyformat=raw</code> <var class="Ar">dataset</var> is
+    performed with the new key. If an error occurred, best effort is made to
+    clean up the properties, or to issue a note for manual intervention into the
+    standard error stream.</p>
+<p class="Pp">A final verification should be made by running
+    <code class="Nm">zfs-fido2-load-key</code> <code class="Fl">-n</code>
+    <var class="Ar">dataset</var>. If that command succeeds, all is well, but
+    otherwise the dataset can be manually rolled back to a passphrase with
+    <code class="Nm">zfs-fido2-clear-key</code> <var class="Ar">dataset</var>
+    (or, if that fails to work, <code class="Nm">zfs</code>
+    <code class="Cm">change-key</code> <code class="Fl">-o</code>
+    <code class="Li">keyformat=passphrase</code> <var class="Ar">dataset</var>),
+    and you are hereby asked to report a bug, please.</p>
+<p class="Pp"><code class="Nm">zfs-fido2-clear-key</code>
+    <var class="Ar">dataset</var> can be used to clear the properties and go
+    back to using a passphrase.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="b"><a class="permalink" href="#b"><code class="Fl">-b</code></a>
+    <var class="Ar">backup-file</var></dt>
+  <dd>Save a back-up of the key to <var class="Ar">backup-file</var>, which must
+      not exist beforehand. This back-up <i class="Em">must</i> be stored
+      securely, off-site. In case of a catastrophic event, the key can be loaded
+      by running
+    <div class="Bd Bd-indent"><code class="Li"><code class="Nm">zfs</code>
+      <code class="Cm">load-key</code> <var class="Ar">dataset</var>
+      <code class="Li">&lt;</code>
+      <var class="Ar">backup-file</var></code></div>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">March 4, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-clear-key.8 b/zfs-fido2-clear-key.8
new file mode 100644
index 0000000..f7ab9d5
--- /dev/null
+++ b/zfs-fido2-clear-key.8
@@ -0,0 +1,121 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd March  4, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-CLEAR-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-clear-key
+.Nd rewrap ZFS dataset key in passsword and clear tzpfms FIDO2 metadata
+.Sh SYNOPSIS
+.Nm
+.Ar dataset
+.
+.Sh DESCRIPTION
+After verifying
+.Ar dataset
+was encrypted with
+.Nm tzpfms
+backend
+.Sy FIDO2 :
+.Bl -enum -compact -offset 2n -width 2n
+.It
+performs the equivalent of
+.Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=passphrase Ar dataset ,
+.It
+loads the primary and every backup credential, and for each success, if the device containing it supports the
+.Ql credMgmt  \" or credentialMgmtPreview
+feature and has a PIN set, tries to delete the credential from the device,
+.It
+removes the
+.Li xyz.nabijaczleweli:tzpfms.\& Ns Brq Li backend , key
+properties from
+.Ar dataset .
+.El
+.Pp
+For every removal failure and missing device or PIN an instruction for manual removal with
+.Xr fido2-token 1
+is issued.
+.Pp
+See
+.Xr zfs-fido2-change-key 8
+for a detailed description.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-clear-key.8.html b/zfs-fido2-clear-key.8.html
new file mode 100644
index 0000000..97e05e7
--- /dev/null
+++ b/zfs-fido2-clear-key.8.html
@@ -0,0 +1,151 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-CLEAR-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-CLEAR-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-CLEAR-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-clear-key</code> &#x2014;
+    <span class="Nd">rewrap ZFS dataset key in passsword and clear tzpfms FIDO2
+    metadata</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-clear-key</code></td>
+    <td><var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
+    <code class="Nm">tzpfms</code> backend
+    <a class="permalink" href="#FIDO2"><b class="Sy" id="FIDO2">FIDO2</b></a>:</p>
+<ol class="Bl-enum Bd-indent Bl-compact">
+  <li>performs the equivalent of <code class="Nm">zfs</code>
+      <code class="Cm">change-key</code> <code class="Fl">-o</code>
+      <code class="Li">keylocation=prompt</code> <code class="Fl">-o</code>
+      <code class="Li">keyformat=passphrase</code>
+      <var class="Ar">dataset</var>,</li>
+  <li>loads the primary and every backup credential, and for each success, if
+      the device containing it supports the
+      &#x2018;<code class="Li">credMgmt</code>&#x2019; feature and has a PIN
+      set, tries to delete the credential from the device,</li>
+  <li>removes the
+      <code class="Li">xyz.nabijaczleweli:tzpfms.</code>{<code class="Li">backend</code>,
+      <code class="Li">key</code>} properties from
+      <var class="Ar">dataset</var>.</li>
+</ol>
+<p class="Pp">For every removal failure and missing device or PIN an instruction
+    for manual removal with
+    <a class="Xr" href="https://manpages.debian.org/bookworm/fido2-token.1">fido2-token(1)</a>
+    is issued.</p>
+<p class="Pp">See
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    for a detailed description.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">March 4, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-load-key.8 b/zfs-fido2-load-key.8
new file mode 100644
index 0000000..247ca04
--- /dev/null
+++ b/zfs-fido2-load-key.8
@@ -0,0 +1,98 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 28, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-LOAD-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-load-key
+.Nd load FIDO2-encrypted ZFS dataset key
+.Sh SYNOPSIS
+.Nm
+.Op Fl n
+.Ar dataset
+.
+.Sh DESCRIPTION
+After verifying
+.Ar dataset
+was encrypted with
+.Nm tzpfms
+backend
+.Sy FIDO2 ,
+asserts the preserved challenge, HMACking the salt with the on-device secret, and loads the resulting key into
+.Ar dataset .
+.Pp
+See
+.Xr zfs-fido2-change-key 8
+for a detailed description.
+.
+.Sh OPTIONS
+.Bl -tag -compact -width ".Fl n"
+.It Fl n
+Do a no-op/dry run, can be used even if the key is already loaded.
+Equivalent to
+.Nm zfs Cm load-key Ns 's
+.Fl n
+option.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-load-key.8.html b/zfs-fido2-load-key.8.html
new file mode 100644
index 0000000..ffc6446
--- /dev/null
+++ b/zfs-fido2-load-key.8.html
@@ -0,0 +1,117 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-LOAD-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-LOAD-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-LOAD-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-load-key</code> &#x2014;
+    <span class="Nd">load FIDO2-encrypted ZFS dataset key</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-load-key</code></td>
+    <td>[<code class="Fl">-n</code>] <var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
+    <code class="Nm">tzpfms</code> backend
+    <a class="permalink" href="#FIDO2"><b class="Sy" id="FIDO2">FIDO2</b></a>,
+    asserts the preserved challenge, HMACking the salt with the on-device
+    secret, and loads the resulting key into <var class="Ar">dataset</var>.</p>
+<p class="Pp">See
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    for a detailed description.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="n"><a class="permalink" href="#n"><code class="Fl">-n</code></a></dt>
+  <dd>Do a no-op/dry run, can be used even if the key is already loaded.
+      Equivalent to <code class="Nm">zfs</code>
+      <code class="Cm">load-key</code>'s <code class="Fl">-n</code> option.</dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 28, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>