From 42fb83596610949ded6a338a29a3aab0f704d254 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1=20autouploader?=
 <nabijaczleweli/autouploader@nabijaczleweli.xyz>
Date: Mon, 4 Mar 2024 15:15:02 +0000
Subject: [PATCH] Manpage update by job 1161639

---
 tzpfms.pdf                  | Bin 65601 -> 81693 bytes
 tzpfms.ps                   | 951 +++++++++++++++++++++++++-----------
 zfs-fido2-add-backup.8      | 125 +++++
 zfs-fido2-add-backup.8.html | 153 ++++++
 zfs-fido2-change-key.8      | 188 +++++++
 zfs-fido2-change-key.8.html | 207 ++++++++
 zfs-fido2-clear-key.8       | 121 +++++
 zfs-fido2-clear-key.8.html  | 151 ++++++
 zfs-fido2-load-key.8        |  98 ++++
 zfs-fido2-load-key.8.html   | 117 +++++
 10 files changed, 1822 insertions(+), 289 deletions(-)
 create mode 100644 zfs-fido2-add-backup.8
 create mode 100644 zfs-fido2-add-backup.8.html
 create mode 100644 zfs-fido2-change-key.8
 create mode 100644 zfs-fido2-change-key.8.html
 create mode 100644 zfs-fido2-clear-key.8
 create mode 100644 zfs-fido2-clear-key.8.html
 create mode 100644 zfs-fido2-load-key.8
 create mode 100644 zfs-fido2-load-key.8.html

diff --git a/tzpfms.pdf b/tzpfms.pdf
index 29f6b8bf28c82c75aa441db9bd63f3d4311d2b50..aa40f7584ca5ee2b4f96b0776bf90ff8c2bf4f65 100644
GIT binary patch
delta 60359
zcmZU)W0NjWmu;E0ZQJHa+qP}%B%icx+qP}nK55(Rx9WD??uh!dcdQ?<*O(*b9`Fat
z`2nkk1qP&OZ8>j=qttX?(3a{}u(Xp$GX-_Mnwdqlrf4>*n|8M(wCWOZp&<tV1x1m4
zxa}$bq<oKE=ML<P)3{GoILjKEdvz-0@$bClXeJ}W{;~navPh%0@xT3skLrrwX?Nq-
z9*dG}2m$GJvCC7@Z`p4JazXLaoD!pT4i+a{kASAQ?LU0HtOg1vefSv|ZsULWVQeop
zF&MHK<D!>1-=+s4r%UCLAT9!isGDqA0DoBgevU6zq3kJ5TWM(<23|AJ6=$!^<D#gd
zZba`<@*FP?^xXyRFhXZwkHtK~Wjym0+C(n2bO}(*+>#Ron6tR~kBNUnH)<MYlw%#T
zbpc^9O|oGF3De}I*Ar`u3SGW<lh^KfQPlig9p=?qli1G-nn_OYgK273wTWi4GnO4}
zm`Xkd4&Df7;Ngb~)@uTVH(YU{J5E-auNbVb-4^Fv{Nld28D)f;XYIJ8Q&lZg;jXw^
zk<cC$X78={@xy_t+!al1akmRCrr2sq)PTwfz=^<f4oE;DaZr{gTRi3LkMH}vwL3p<
z2awN8&DPM?OMv%f&@t{#hdq#k>sYRwg+uLJ-N`8-<4V@g&p=s~G}??*ErOgN-`qm@
zjcnAKk~`(JcLT2dSbNDXxPoVFa308;GMW@9Ua8@gV%ipuBq9jm$MUnS4;Dz`5TJhn
zt1eXXK*%F>vZ#gVHE0J|xxkF|J9np>(%p3BX5`<oA)v0CC;@>|3;iA9XM+R?6|Hf^
zyyhQJ$e|LG9PbmA$*f246Hp@gOSD`wDXh@&yafZi+jgF)cS1m$eRO;6Fv>q_iv3!q
zquzVf2sl4&O7b59Gn7&}aU$WKRDgoJ*6HPHF>cW=9TD;adH^h$TB1ci6%X;CpjSb$
zvj!>`6jb#P!Pk^Vu5T8anH!ur)PttzmR;gb%peBWvUA{Q8-|;&L>Rpi_thu7$wI%C
zk(PU{{}X~9?=tS4c~Dtpxbc&;Y9bvYhf?Ovcq2o9Ao4!8qyD~^x4*)pCBPHtCUrDG
zw4+-G;%@|O1DaNfXhnCf9q177G3Q@H!I?>h@G%N)7^W#%^)PrCBG8VpUoVJVwhRv&
zAOt4)ZRT9#h8j~KecLEgRP-)PEb(YulYT5A7pG>$5m{wDuzldPi4ac;X*X&FwV;;j
zn295rP2JOT6q71{{ls!4cmM`ySOC0LPq5<n@*utpGWz|8`-4a0EIJc?)@Cfk#~~9W
zR*}5KKH^6~QyP>%m|47%pza40w6MgGFa79!*unJk!lfKqR*Ao*x(KB=QgZ*wi0~fX
zP==}EcoBJpOh{{Za#u_R9)!}}4gy$hmAaj%8W}Tp&aCW>*GU&ACIG3aK?`G<-uL{x
ztZL3-wr*FUPEM1pxte@NXNYm?$sGi$eUDUs%8X}T$OQZ-y_?K5|B^$k`B8LNh8YRG
z2DD4Z)TzOy{#n*J3{TPRZr`kpI~>;n@K}uG1Wx^#u4;oq?a)cwGPIf_H^Kl^2~_o{
zfC^CpTW?6Eu59}B4=|oCgHRn+EviDv_$lxH-CD_i-8)aGP1YxNpQidJlFd`iccYer
z+ztf+d|or=O~31h_@aUJa;1?Z0;2*bUG=@ZJZrmw8g{EtN!*GZL)t4%qo^gbj%Sy7
zZcaSvd;b&D;ZiJfIBZ<3&xaL*X}Pr~75<!6f=ZkTQFrDs7tkPI8nfeEwtFyVzp1?6
zq_MMS>T_t%daL6HS|2m_I|@^fDAtS){)U0aB&dR0`>QCe!}L5KNmEpI7kYQ4lp^B0
z<-iiDlB~<3LIj^rw%UjixH~~h)M=+Gs!6_7TwT9@34@p-vKkOFS>mr0#qKe%a~vz4
zL$87aY+B2;0s#N;$Ge_|Kh`mT-R22`qiVRI7sJM!0GX9-L_W@#mol1bVJz$w@d=E{
zc`G(mXOzD8hHpq^L4A--qIOh%q`}}QcQ!*P9Y+DD%a;5*d`5;Em@2XZ!q4}sI+;kt
zB6dZmiu+PAZb>4GVbx1@er6vQJTfKHIarv=qM-5U49GDNqnA<2hZ{P`3_3L{$7!G(
z!O{g8+FW)gjLbdt(0OQW&B{9CRP6Qy2FdvXhHcG9OXzaJMojt)(B&!KfWVrDM`vQG
zKs4H5#;Z(>VuQiBg|t@;bydR?HQu7CBB?z-Q=B%3-iAf9w#21f(L3is4%P<W&i`?E
ziXNqN0sJw;*|*gRM>&ujo5A+L6Km%QD^1Irty{pDw=vo>;hca*`26e1+>?!(am#?W
zc(BFQ!!O|bErfZ9FvM`7)CPM0wN}-J*)*q7*0izmdAYRl^!RxmR(1Z2G~P{XlOMLS
zQFm|M==smke!mrG%~>@j`T}kE86&?z4|Beo3b4}xo<i=_KG+N4ubj^V?0A%cVu1dI
zg)Wo0w$fUAL@O2gtD$~(AuhBQYWt$Y?AW_0v(g{BoA*6p!$O&#YHyjp9##`MxC%=@
zK}0?9rAI0&T$j=4?{3KRGBz>XAUt2&s>J6G^^Zu!$KE50mXm_W1UN-3Cn1asX9tul
z1TeSRdSIGhN_oh##uP25lyn$+ocYB_@Vq=v)JYGh5=LY=D9;j)0Q+Z^)eLEfOH%lE
z2lk)=BN?U};~B4F>J-ogOx;AtkIr^v4|k(otRrco`X|B~n$!^7(RvH%io;Vcv94nA
zO}QC_Be9Z9(kI`$fGastgzJJ*hA?*P6)<!4oY^=Q??^iDPEOq@wQ6=;1l_kkqTY!N
zu70Pwh7et+gP&E|*ccSKI3YslwXzTo0T&So%@1v7zrBK6uWS6PmUN3R+c7K^wMe)D
z6$dYZqY=WSu}-0$&W(*kr}SzIX1N4Ip5X=k7mKN6RCY&?OPT~;U`3XX;B^%73{dAc
zhKK<ATa_zhcFi@#<%n>bJRkRk{a6-(r&AE&6`LT2Yq_)RK!Sco3ZMAC0<J|_*iTVC
zHiW0R4U@5R(68E$gtfsxaD{#4i8Z%s_*p-|IT}@sTg%rgXgRJ0{#E9f95FB)C<1MB
z>K(V$EAws7wkcAUeaJ_#zbl4g26#2$#U7?PTfdYz)#5GcieO2?RZ5hSNxCrG<DydU
z=FGjuQ8)wbuFq+l?B$##K2HWc7OQeog>Ss@-!TVr#&X!ht!LUxL*gMU{${~6Ta}IF
z^C5*$g0`Wz(_JAXevid$e)SOs{!5$G9lWEw7>z{qM?n%H9iqq@2V(j517JP+oq+i4
z3LC8!5p#&5NG0W(c1#{lM*^z9y3RRelwv8)-eb#@Ks?9*NvFr;+C{$vJK4F?7z_uS
zI>wfg#3`-%?yR^L{Lfz+1!^c*E3(YL1LqBX)Qlmh8Op8l`avXucnLAQeVUd1MwzqU
zRcNDY999yG2WP`M^l*-$8jy3PxFo^0JIqXwe{!j(C%Kz2BT|K7A8p0aphWKkaa^qE
zzV#g?%-<QaokDg;<O@7wyXA(PaG^BilxpY=L*6Ba%69p<@$}4iD~=z=>qz5|f(1n*
zO5qW5VtkJt%vhc=608HG`iy@z+{NpPgjNy2fGh^gtmtN^FaZ9I063G4u_#z=dn~x=
zREA9z^lfn0v2dj7b9ODkE{?6U{l$!Z%$JF#sjypM+USqQEgEwJG3%;s(}AkVq>Hvj
zY;){>nKrCQ8R4S@iE%X%xOe@#9#!f!xh!o;j!{T~eKzdsD`<*UE|U*8#(RcMAKx_+
zY8BjOgA2P2=^aCV0!XoDJ`(k0igelcF9_e`ydMQp(qG*tIA=Sr>)~Qya_hI`v1KJT
zRp3}0Bb`!$ZmFL%p$1mfg5cNFSZVcfb8f`LzWtY$?||h{%*|va<?&1s;evCTm2{Gw
z)brG$>&4`4p|QkyT1Ghj^?iOk*EAYxh;@BK3s<e8F)4Ms1xQwS-@gQ6dN|}+^Czw9
zj8A6mG!8GKy!5^aM-Zui9)T<*T(eT`#sMe=e!lC`|K5i0K2sw_Ry}Y0rT;wXJU2&1
ze>GKKnIdESefYpVEGr)_eAV9G0}a7NYT=9b4MRu7e0Q$s3v8h^`>nD%@$!0BVvj($
z9zB+;KRr#m1%!XKTYD#m<?g<vc@%NiKv#kK>?*g7TBR_$Xk(zZS=FC+^1K&hiA{0{
zIO2nbB~n%~PFQQ5n6z4r<p{uqrBhl<KOy4XB|Ac0@p(qTr`+BXlXR5)bK1r=1KDdX
z@`#TbV)WuF!!?w<@!t2|ZEPcDQ@-}#5lJW*s#kG-1@INs<hILI-Ivu`K^RBgF%A5I
z@O2sYDyg_9XrQ2QX&8f#ZZlR|=91X|$NW$5?vASeWtB61+nPt<gYxTLpzFif+sxk7
z#nsu&$PVT|HwR;D7!D#PqW?NsS=iYAXU5F^{|^8BVU#tqw{W#2Vqqd;O7fQ=1!&79
zZH*%L+}5S*jH3Y?LF~EvXzEn`MYSrqVsYO{oB~fABBw*i2X>^s$W&4Op#6yR<O{;~
zaU|c8Iwyh!GcWBj==0k-G{`u0K3T|nxjnuaG<n7B(|3GMZUNAHTwT78ByFV=Os`>n
zn9Ujw94vbzCC_+Z0(*RqTRa|)0FK5iJZ76N%NRo*XWG&@0X@z?e$PW$QV-^nH}Y<z
z9!u|xn1ir-|2{P>dOOp*$0M)w)d9+V?ZjD(j9<ggo|&zT%Zz7~aen)6O!w_Szz*aI
zie2U-#9NIDH*$NtxwMuMlx<cvk)*=a{w`d8#T=a-R~#^ogKW$a-Gzj?fNkepKbm%2
ziCjYj%!`oM%T2A*DrK%IIrVLs)0#ieSLYoH^Q1i&fYcrLgsjc$KW2&AVY0?m)f3hm
z^=&oSx-}VhxwL;YybW?Sm$op~gA<-jwA?>8RLW=c6<{VBMVb=Ck{FxBYu68kSxU1f
z)SYRB*B%#5AL1F0pUU3%01*1JKAiIZBFE*H`8@=-yM5d|d^sPmvwd!AZCji%HXg2x
z>h}Dm73w5l!R<4}a~m!W3%@rw^D@iN-5M6u5isKlUt;pa^FsZDPBU(G`Yt`Z^6&Kw
zMESh)^mlw+yuYpez8^|s6j|WBEINRUP0%YmCn6c}DlSJFb}@|X00z`mdaW}y6G&<I
zLZE47z<{fK^CiLNzFF~`sCr<dwa=XbL7$kZGuH&39p*iIt&TMCsjSQiW38MQIem<3
znyJv^4`vpAosJ?<E)pocy~kfDys!S4!F)beyBYu{hVHn%J)W>*ZXnGc0?{N$t(NfX
z!GELMoHrQbWrAAGfNHY*xk;Gtx-4lk*fL+YUSPa{fKjQ<^@#rGMWX8(jLMZzgo-}X
zuuV~Bw%9vv4-sSpJZ7@^n`Nna3rM*No9vbi)0l_)AWk|e1BKjUwVmns;i*QdBjp^j
zx(x;$U`2AH%Cud{3NkoVueo)nBu37fx#}QrMI`M0YlLSgfE|&jK!cAK;mc>EwO2no
z1tjx<DYjM9RH{7vzc=%KyB<|JI{0yq)l=$nMs|b@w#IU!9QQy%?{IHM-numtKSf1P
zvI(ote>eSBSfQgACgKk7Pm<*H#%sq)J-10VNLZq>G{=GK@J6jnQb#TE-s4juJ$xBY
zz_$dC=B$%x05*t!j!nBCzP<V@$5b2V`MsXxwCXvR@J{c^Bcs;n@BdJG_jC?gNE9TD
z3l5W$B$gZ#SAzeoL|@bDfh~?7XSYQZ+buBrGlh5e_v2(E!|ItMoujX$+v>225y3)#
z*^z7Y)=uK%^VZRk^(YE8nmg2YB-L$*<hJxThokU&0G7D;ikgnq%~w2eoCq{2qP`i@
zc4aN#a81Q&Eb&2drG=YbL{>qGZh@Kh%%f^-@6)_sh-$9iBq~L|QA*V$=HH{SAimnc
zZZsq4VJWIAtJ&JSmo=~+z?tkh(rb7e7b1HrKA!R>8w8oFj_Sg?NfeBOa#BS-7sfA)
zCM(QG0Sm!Chy+Zv0_vVYSIj<&oPzS|HOW!<1o_$pG}toD{rO1;Vv5J|*wv3$+`~!P
zKT^kFoZSC9go^C|W#Q%V+L^^qXu}zWo16Xk-o{Ybv|qy~3Q<@OYA%~H?rxNW;q6!Y
z7>&x-;2a6Sv@M_t#(3Qx;q@~uC1CMX1N)WN0BXjY4gRW3)Gj|BW9nG67tyzkXxQ=C
z;wdil?|zZ{*C2)u;C6YnAX`f815j3N3tTmcKL5#;hS~Q-)EsObKSG02tHdt|vtEwu
z3Z@`qN(}=XNEj8)3B9^n2Ul%09MoJ~tD7jt>hb<Zwx+Fq&<I>t@|u)1s8xdV8m!oP
zK!mDbFIT~-+zD=_^gDw=Zw+wbZJASLRD!OqaKa)oy3hH7FT#--%plj}u3Fdw64Va(
zbb*1zWNfSj6s4Bl)MPyE%UwtlSHYqN6fRfUY^$8k^EyQp=YCfA!fh?oGXDhnrOHE8
zQ{4lx64BK^hk39Z6;%16B7vn~U?b#kKyeTp<dd6%2%X=Vp+4<WtXk_Hs(aWqP*|mu
zNYuMK{1d1HMbHg(v|O4IhZo;M>5x(h3f%?<dc+$bQnHvtn!<6%C@#gCTm5%l*WOsB
zUxqyJcGfz{f?KFPp>Bm<sdkF$Bk~QzveDl|Vu?{p_bG(k`j53%y!OVEZ`mjp0IT^j
zav6s{y7k!C-cTeegVQ?^`VE+;ZA+O_C_RuaoQ!6CyK(~AzZyh_#A<3VnYfB3u-53k
zo8Z@YS@8}^FSF&?z(RG|@8#xcm%dT#N2b-MFGZqbrq6QscCBl(L{Umku!qNDWL;zE
zTUa!oR!<#@E6|ej4KVAZZ*yn}_#3KUv?2gTzTZB85W3rFkhxkj<v6z3_P#Fob!GBY
z>9jY#OY%8noW)4E06TcaWiPS-@scT~2e%X6S;S8~_B5XV`#kKnLmfwgcJucE^;?8F
z{ipa6_Ai=B+?Gm19;_RP{i|`3K|`4erADf+Vs*eW$8qTTYx(S?&@u!W;7MzdBgerT
zXW5@3pPwAXWd3QnXzk|&>mQW{DIi336%~}!Zk|ev3)}e5X7X`rvcb({6T)I#LVm&u
z#SqGl(P~gQig}O1jO9lIhdPxM7cPC6ayA*WfR4S6d6fi4)BImoW;AJpXS|<+jBt-t
z5Md2$uJw|Fqav3qfCvIE0R1X<j@o}jBK~iyGFiE}M<wlo2?$M}rBIt0@IR1_k|S-G
zb%&G}J~VI5D9Yb%-<#zP?ZTU76ztCR)F^G6M8q=_q4q==v~OIsEv0BP_vRE8M|fYA
z<>%LV8FFbW@`cvrap<1OXO&HZwy&yOeMJN{2O_&l^v||T6H9k2K#HzF@q<I6@F(eV
zn5I4%XsFBSH%v<Sdb^b4H3f>O?B$^#pX~%j;MkKY8wuWJWuYngGx~D6nu`1+^**Xa
zm95}UxvRm1S?`#P>Qp#vuPK#9mTeuL5V)NRK`ZSOXl4w>oHIGF<g5sU_oO;7lI!<(
z_4%}rh{I5BX8~p_;3a+&KY|QNe(f)yF>8|qDSYPdSr|n-?l{PrZTbjajFPFjWm238
zP5-+S+mh{mmR*Oc@B?j)j6|0c6p+2y>xQ+YKH;^AhGhMI=BV3@hMGGbdJdUmN5QFr
zBq&pn1@QoUz#1B*_9~TzaEVnRi2`~iT1erVXbc;%sM^>j03u%(zzuTtY^cSBYS=X7
z@5X_y_+@mkWIB^dN1U%4vWNd?v0RnUxI>qqGIA6gmJLg`_8Ey=lF|kTzNLt2M|~b@
zBd!R!eSr$u2ECYX;z>TN0s}|j)Xg`3St~Whr~1-PC!_UpWXULRDs+bqpWKm;Zzn_7
zPY~qqwIlyMK!mpodd43SmyfD0U|g<AQb5A4EE}NN+7l_o#OJG%t?5PuQ+$Z!rsS{)
z;}5;FnyrEJ(tw57Vp)zYz_J|q6ab+@&kV(rf!E?vwcBj6GvzeAIy=p&wba_#`!V0>
zK)2{Vu5#lpD)?;Fk?b5|86Z!!j}*1PHlq5MhapTH(6rWo@2r#1C_10gMwMwPP806j
znIx!GTyJr<b?Mbtan~4$ga7Y6#QGY!xi?xg;*4cKX{FwUls`Q1tZ4$Li;K5SO$E_j
z*lS%LTukA1=D|v`jcFW@t9c5KYNXgEB9OyrU#C@FFOBj`DplmSf4k^|L3Y4FonNRl
z=JewZV2v}jli2_~7fxLf@9Hw8;H2{e)%M)Y@4j`aXRaF1+Nef<rAnYGA|@7In|0A<
zy?i#p&z{YMN1jzqaw&4+H=2)MA7;bDL<{4Y{Ny@$3(ax+_Z5{gj^}2Tu__7#UI8bx
zF}1i7S%ez&Rt9!ML~cc+t)cj4;Yu6Q!`@8-P*bpnsULLGc`2+KWVH4{Xg@?$;=8vT
z&}FMAq`W2%8xFjJC0FUceu-!R-@TdE{X%{L+`q}z5Tp~T1|2fY2~wuBx~=Qw4q{2U
zdpu5-{1Bg|HMY*+`mX?MW*CmkV(cecf7m?iX4@J`xD8iTxtSoU9rk*pi}M*SEE!u6
z;6EKd&fq(C9M0r=*jy%A<o;F_stbFKZWq&|2~C>Zd&J5~J8#%3%UJ$5h3zn;l5ZYO
zMIpwsQoOR^tSUf@JKjJSf6TU7U&lZ+-i)BlEUeAK{h~X8p-a6av{c63OncmcwIIhR
zs4;;b{tgk-dd!U|kV>2@=H@b#eaI#oP-q2dOn_|2l+Bwr1ZB+G$SKwHc{@<jc^B41
zl+&&%{*3;5=(Y}RmAPg!y<R_Z8UJ>s=H#(q=Jzv&{pdqO-DPvq3@Gt)d)#@hi3Igf
zv2o+I&z}m(!qnh&dC8#>Q{+?cl4EeFW9;+ubK~U64B91!AF>bS_`P3g!t@XT^mTT3
zc|TuYAMdQp?dkIY+}wCUOm2;bV1;K+4f5uV%Ns*ZK+P@%50_(?pO$Tzer8k!Qftm|
zit%@J<kSf=`GSFa5;30)v~yQ7Z@+_UiQ!YPcJw`pHh+G`riC>QyefJQ5LC9h5^)NO
z&@2U=epG1FmFWuxeBE;^t$l$2SIRXGu|3+iT|&0155+y6z<0}Lt9NhZ_sp0St_m2Q
z_olM1xoTniWIU!lMucfaMsQvw^CbDyTimS6UOe_h$QZudWCs%>2u?JtOoo`<*n#u<
z2ebt%yD$F0ASq6d0+$WvTs}OOr9iev7;Z}JcOA7ElEZNPYA8FX14qpOT158G`jpA7
z%EptEUpmVNX^vt<FYP(jtg6N>-rDAqZk@@VTo1GA3Zl|-5X>F$v4sKD_p|5FyLj!v
zzuJhS@(h>k_f85TEw#f!EKmDv9gibNKlLh25Qe|7OGk>3BiUHA6x0s9w0!NxyJ!=!
z5R-BgjEykFQ0B7z%zv}xoI5*n99t$=z77cA9u1;}W>NlEr2Vg~`hPMlC)5AUv@GoZ
zJJWI`%|ep{H1r&{IM7D)ziGpb1<m>k#V)!OY;f9SwwkpLjMo#5^2s-qNuz2d$K(uN
zHwk-WloQP;?Kq1C6%)E&w_R>JO!<isQIF2^UOZX}JT2Kj*ho%jtpR2>t}KLdj3(bk
zy?7flU?XTF6>&*uGiycuh5`=@KAg@!KAy+De|UWX3Oks6{D4>MlirMPr$aJM6IVAz
zbc484LWyNq=4an<);Wn;?y8MQPK6m5goQu2@6az&nXR}-9r_PXAOS%U5?3Hs(j?Z6
zjb2kUPcz#eUr&j_cJK^R#@RqXYjLunc@aAcnAlrzxzK(KjvmyR>?)C`<rrHyc9Ee{
zvF;@R8l)<kVwl*;O?w)#7>sTdp5n`Y<Eo++ab1xCbf_MjLQ}qG!17^IVnMC(0aC;B
zrO1~tJPd)MnPNvM);9TZYx~ncWDan{+0_0uiZiQt(4R3HJ~K8U!;4=YeonEGiJa9F
zkpU#jam-|m$hVl@>s~v4$7Vg&1t4<$BcS~NrC^~tg8E;seVbFMnK8EET+Gke8)zE#
zMrD#WNTmQo%^#be&Y)D~D{`yF!gagQ<k3$CV`c3X3Q0?0ck=nJa!udQd|tt-;43GH
zz2OOU6WAo4>T38!Wj_2sSY=troN6yeY6_)H_h^v&M2o^%9T2&KN<$dC-ncC};j2r)
zg&xYk;bue%Cu8liX&UW2YtWC=z^P7ltzr+;A}rffFnX{N$n^uFdmcT3H01(ZiLgYZ
zDq(XI(fs;+x58QMtn54)@)&wL3#%z?SA}&85;lJ0W*IluT>oy*3H6rv%ISC|J^O+@
zEXN|^<xP{7eiVjhD0y!}&DVZzM}=CzwFw;t*m_iVsvT(z0gl=+gQk1bLdH(<sT7av
zzZR81G?N3PI51>O-4=RHM0NydP15TtcSZu%um;1S47BIrWh2=6RN!h`VjL!TezKVo
zFw3ZyMHD=-gaG?eyv2Pzgkix`A3Zx<R&Q50qUMsr&5RWjfsuLZ;SO5ds4YSO225_V
zPxvNWAn#B}m=)5~u9b9adHWxC>3tL7z~Z*Z(C63ltD~VRk$|E*e^pD_bYawC8&q_)
z;{zK8s>yd_S-#89YZx`-mPIgXBdjDCFMoFK136F}NpRQN25QTGEtdT$ZuS~!C<H0W
zpWf{*mZjRNzpD$akl6=7vgl6$xeyZ^t*buFZgK45)lDtxJ`TfpJaP4Wt5~~zJtcGS
z#H|^K;uJ4~sAh{eFKC3r*aPDk7EE)&AvJF&q$OQY6r<$%+NrnG0G*0~3pYuVDAjxI
zi>~r#5P~ivStF876q*5Ny#S$O<#wbVHXgQwTKG~#2UT2g4CAJSTI+oP!gLG67Z5FU
z{=cn+{q6fPWPRQlzB`a3%Sqv(RZw(jBEEF197_#6CN*WeNwEpy2X3O<ENN4nowXO^
z&<Jg+mV~*|r7tL-qk*DB$o(AYe!7%5zb-1)0M>@wR?kwzY1p`Ii5_n^W^bpLFZ#?O
z+~XOwC}QsA&D#=xmsT=Bz`9@ka5@70alh&=dZ7(x^EQY1K3+=tV98QnZm&)eg)Imp
zPP?Drx2;aY$%c|I*hSQ9+q-}SY0nghvMyTLn8gI*+{`NM>UJS*%Zv>1@9VqGDSOh#
zChxztHl}`j#cQFYZ%8zcQ<6DPmt=uRNRbm~_xm4Zhda>uNnSL7_kXewIuCOda;eoa
z_|M(N1yc!Z8EVfi;!UkW$~buH3|6i;0kjGvru7G^?Cb;SRIjT06`9fg)n7IFG=oVq
zgcq(%c8sg71XeD~mnz1rW9=X10enVc=wSi@d~*KSXBWTqgyqXklg8U2w9%NgEC~JR
z<ARcXJLh>@3MOB`y3;#Rahw%r6+SNvXuCuZo6opxm=|7a(ref9y7G1T0wRFZ->mZ2
z|D3TjmG3A<NdExX>TV4>IV2DoL>1UaJ_1pUYdJV$Mxt+EuJ4J&&FOz{g#WRe%xqjN
z|6@5>{*UEEu!i~nG$$+5f3E~hJBMu!6!E?f4J5GuOV}ukidP`;Su2j3t@V4)HooTB
zf_-V-I_sL|gyvmagxB+4{0EH>LWfYaXY;ZS67WO@G3S#EPxIV=ya$Tncwb9DIkpOT
z&K?gp!4(ElpBjzijH#3soWwu%x_M`D*wEb2CTZf#TJ{P)Va{{pQ$v7==gX>)?~8+D
zTzkN$m!F@>FW2vJ4SG*b!bpStk$daccQ7yiaV_i^-4g1hGTMQ>`rI<i^8^dG6X``G
zm%TtaqtnCyI0P<f*f}_3alzP1N#S}_w$Fw2wtY~@-@y&JZ60G6fkNbTqppC?(~IuD
zF;LLMaZRqVkS5&G%^E=V0+S<G1GWaCkLKD7kBp2xWd~Y{FJoN$P>CPfg$(bLX1U)o
z<Zl~GDRrBcpb13#g_!5rjM1`*d{=*YP+8zw%6h>Z8G1~)naIu7QaTU4YsD!~!^Tl-
z)=`2f=^@ZkKPLuy*N^hESX2x7MW;H16J|a$@tGZURdP59ISc@3(PzD;ja_MgNM{2|
zCu3AZyoi9KS%-9M1Wecn6fQyA;LG{>#LKB6J-@Cu1B7vLSwG^)ug|8>9sU3>Y4V%_
zET6)IWgHaXcs=!gu$2{cc|4Lu`)&4iW(?`u+cLWrQ$0Qu{hnIg_{>auWB#lA!_>{c
z&vquv$p&=DHVc5CyM*Hl2gW7(@SDe1n&KBmII4pVQ6pP%S{qNsYcyvKn1-wb!!K}k
zrRWtqdC-A%${t~h^+eKYl+?+CGptn@%FUq}O=`+^zwU_j0z1dWJ@ZLnh)&F@UNtMZ
zzB4H&>~=$bXee=ON)YYcvLH=uCw9{d8Vx#|52ubg7zfy3I%}~N>nf;FhFboGU>+w(
zv=w!tgf}5pW_yXY0VH3$@7?W!FHPI8C#FSMHa5PQYou)Hv35iYWjN;Csf2CVV<{1Q
z=&=k1K!scOZUAq&XGx!F#wBw9rAg_6W2w)k8P+_CRXR;RDv?A#0uqZ#5gBR^^42iZ
zQNl-0I|j7pI+hdbwepPv-}wOjxmx){CPl6iE==*D;)cg1Q7p+(yh|BTeW{XI1HGG3
z*~Ep0hw)6oY_=qlDw&upM%oB+CdML1V2PNHAi|^l?AJzHRXWN_sreb*m>Xibe!Sxj
zLhw`{3v5H3=}VrnfvbcnRLfWkweKsPNt5I#1`SX@ZA_R9*i~r^m1UB5%Hxs8qb8I`
zkFbSMqcA)yZ%<Zr)`{(hi1j2b4!8t<*`(ffTS@~Z3UzRPMFzu*4UM^e_&kKv4p)2W
zlH@;nAbPy&sD*KbgL#x2{I+q<m5}oub~H(OOH#$V5&<gwD_Gdz5mYtv{(Iw%!u8KB
zixfcCZ68dImIQGac&ET+(uD;1WU}tgFNe<)8H67kG<zovK2erH*!JA!Fs0633Tw)W
z^yddoPZyo#c*rRo+^!-hcHX4KM$hB3c(*3Zni!^2k7P=Y!l9{C9Kou0BtFLp$-^Ct
zZ_mFx{kD)uONn!Ze}JUyt!qX4GNA-c{t{q&4hNrG?~-qQ7lqK<Yvl&M=<?@`O&^nM
z=R6Cg(GIUWUrt#Ma#tJf$XtC0@T_0TlRqG-IZn;1==B`vkbf$EZ4{rq{lrCYkBkf4
zFPt%10AAK8UuhdwzfiFW)i44Voni3p<5Wb$0{V{W5l9c^D!QwyH(Qr_WD!C=Tn#vV
zd!HG3k6L>iLE|hpZMgNoU(^2a`o3_!-+F#GcKZIFc{l#qdVO45d(3K(338UkSJ?YL
zfT}H@J}|U5wI4-vy+--Ovo_wV%U4xj7p=#a)_Y)nq@h+GCkN3AZfUUJmjI4z*yil=
zE#jYm`NA~KLbF46{`L>umMn~VUIxf<2D(qL8@MKUA|LfQD886nLlwhHTQ(O{!9t%@
zg?o=9%c{52KKPpB3|nzLW@D|NYtIO!xa;K!x`b_CBd#%-d&;XPs(uFkF*V-IGM04~
zS!+^L&z4h*GLf7FrH{UVe<#fdXQ=)unAjIzT8iP4WON|WA^yXf?kKny(hqo5y{O%W
zyjNWy5Ef6d;88IUSq9}hr0?r(NmU3|f<#nJgLx1?QA|k)Q_N7gN>@|>^M`fD{vdg+
zK5X4yJ2I)QTIx-ukzhI7Uzerb@Q15tf!4(~WY7>cGpxPZ_RJgCTWV~m@Q>EKh1rSB
zz|@4q^-GZU3>R)Qb(~u30S9o6!7nBZzDrIxuNxfJ>bEEc5*KFvlfH7kwC@9-LWj)F
z63Um+sC_7zTCH0rV~kPkt}U){BVsA1BDQMIlU_#!?g;*|2>F4ceUv^a#cS&oB<a+{
zxfu9zl!o8~xx-nN1%kVyl)i`_wsq)@6Y+N7{|$b3VL}<KB~#>0!vGjpc||5Zc5GW)
z)&6*R`bu$RREwtALXaYc*_xNK;%W43eA7`fHx3Cuj_(uo|8<AxQo!}G@!dEHL+xDs
zCqpl-_G<YEmCBr2W5pbn(RPUzwu7`dpvg8qivrAT3Uo_@Ir6<M577|$LGzOGD#bgp
zBbzl*P=z_USnbL2pZ6EkiTN+rc?&U{QTi`j;kX`jA&(ufYAgrtLbT>{@Q(Y@5E7Dv
z?<YtH>IJ5M6!P_w@~YTpDQfUV0q`h37Evd$Yk9aZV>pk%o`svpE=}T^qjv0*{m>&p
zR8XeF7^xNBK>z%VU38cVy3Gd$EPKP=tbBuk#X&9AC54PvM?SzBc~_69=K&bkwi?N4
z4tR_WL9N4|CsLnjgjX*`(P)4p<MhHU5M^gHA5v`R&u(fW+#nOERK*3FYAwfiq>+zP
z?7xPB%?6)HtVln_@XJOna<5_$#N|7%C;fr&<;cQ+I#|6j@MOx20#CRII1VyCd(=^J
z9-q=H_$AxCD~<r0nW&7aTzIVJ6zQ#N1blFQ>pzpi=mC%+;Jx_n4XA1q>K)aDRzg?^
z1#TW}LQQ_&+<^Nf4^-;2IKhx&Rh2Bd<qEPnbwZ)FfJ&_y!*oTdmcF2hw;KfDKnnIn
z%En3}h|anNso9MMMdjXQ6`ZFpdy=yqwZhKO#WbvSuONU)wq;?jSkMu4%k}U2IEaKy
zK*LhOmnJa#v?(;cD!$LUsdYJlY+usuP!5!KoK*abIvK}Z-vwde*Zmo~Aof3@SETo!
z^9^u0_~wcjI%``|dhE057on36rcWBmy9Hq1dH6I5#ch0!Qe-d47RWI!U-=$t58fj+
zaD2syunB<A@c?+9cTD?8L**{$9~icfwIZ%U5<)dLR1PfE{GHWfQA!0m3G(F<wG1lg
z{4JK{CAp=mi&G1W^WnGtf*XrGWoJAa8?WuU#^PeB4nCV(Zf{Y8u`-254=29gmxC{M
zEkA(Y^I>5NF^)tRU^UoxlYHJ<WMe3-xG|rEkONR6#nrg0QF$b*8|`%S`Q?KA7Vckg
z6np}@pzzXBo~sZ>amRS&{SKfw-q{8zXy5J5zA?+&;oPegbyL8Y;h&lOV7%>X@k3(g
z=)rvWA&_ndSMp9a{rykDAk8du(%Sj=4E(^{?^_%(iU7Ve>EPkug7-nV1|oSZfcvfN
z76WidYqyR+^398Ow$7oD#X@hTH{&>O>Swzk=kg-<tH^ekk4w7ObT@Kl`%SD<CKxBx
z!u%NcJn|NDF5AcSO&|87KSb{Ma)phcZqz@9J%OJ@P!{y6SI+ruBGWiA8VzE^GRf{%
z`^oihaUg<8ksBZ0jrj>nUiQbtG<t=#4<Eq(gNE~%UJ8>-f~6ATH=n8f6wVrS#{wzX
z#GnL$dYkM>b#v!3t$R0Ue3AbCaCCcj3NSsRHuzuM&H6tkhJ}m$|8h4g>;Ez_tZe@o
zDKm;&*}9rJ6EP-jL1O_l^&Ad4Fh+X+o52$>kx3Ijvdd;%|Kv0$4dZ&lHfIzX(($O1
z$`C}vjy-ldM19kK$9YRdqSTnWw@LbwVTk2=-*TVopP<4p2?cyy_|>*10rAQ5%Z2}-
zxe2K2JehNI_sK0oPCXCPQBW07O<>8hHgC&!8|>15d89cw0Lp*=nRkBqqDZ6<Hk$EA
zkl;bW(IcYX9@P9EUY*A2e>g>AjHyS~XiE<QK}Kh+?4sAb1zGA>P@+j#c4XG0u_l`B
z1inb~!7PJ<gcSpy&l;tJspbt;@i8u7p+Hk393rGdiSa#w_QUGr?wRXl`(Yu;HbK49
ztvcu$z(Izk0~+aC;w>%)-sy>Vs*?A~An5oDyav+TF6*MYOZ~JSw*hDplsuG8Wd3o}
zxxX|9u`KhzgAC)r6qRZ&+foTtj!LuS4k4m(dXi);mZW%_UztroO4W3dOyodZqZRtC
zZ|@)Gz3sZuBtfcw5F<}J0CO5~pE+7PV<J|Bb32wr03-`7y!Ff<rI@`dg0Ib<(N0KY
zc`c;%VUK^A?7nnl<mn6R&?ncn_dD0eKAxT~zFxCP2m^wMB8x3(@Lr4Pla9$sQDST(
zADXI&q>^-lboq106;FAqn3G6h-|mpL>dbGFjHF-^PJIfrp%19p<i)gofl_SKy*FXP
z_Tm#U03pSM9cjOfnzn1I8(G3C%x%v~_a!(O;lpKAHU4k6_n;(22rE445-X3u?G27I
zjGTL5en*}bhdoa_TAU4%4rI$UsJBBam@kAtrbnXGmC&?a{#^?sPJFgvPrzwPp%;?H
z+4stbY6nCF%WaoLdBkr0amn)eJYXf|Kb3YhfM`*~t7^4jfF`?eF0uZxB=y2R5Z0%1
zr5wS`f;uN$eG@~>U6y<oSK(kw0M$)QMdEWf4&@}Dnav!u4n;NhkaDEd!G&VD{nEHS
z&Y|sHu24uk?|2M5riM&_4gRR_np+UpWXO>iwC9{ymvv+g-33hCO0r^h2tpxlO_9YY
zAby{VVA_bz(ou9&I4DR+PbKEq4xXrTv(Dqx(?xWqmq&zFzrZ`-g}xu9j01z53s^6!
zKksP>iqg7ng)B(c!phQ09es%k+EF^ZEw!_<(@@oly%9WUGY^LxTsove4BL&$ZsM~E
zYF|=WXEn9U2TC(BW{3`V;IYU&d)&<raEJ!k5M%mcWw4H63L@w9NA=BWU0}!*O4&-N
zFxSPGSXj0(9qx&#TRPu_+{%Ek4RN4jp&WIC>~EcRna-1iKZ7!c?@IU3?(=0D^$1n{
z0Q=d-vqD<irfUDyhq?k=i7JFcZJqg=%u^Br==zA`+sO5QG8$sjh$NXG+CE(%K#gPn
znDNm=BWmviGiv1P`+CIqW$SYz?ET7JbgBFm*D#R#a|ZdSVf7klzx2hlg@|PdqJ0c|
z^S*V*4oC5C)Ze1*nq6zasxs)15}BYFc(3WS^k7)`gi=phSI@Fcr1bZyv}UKB+o~oS
z=&2nK<JuvU77T~%cph9*aDN{ipiwK91yyo^g#8Z{nVKH7f89H9@vQL(5EpGsVXs{_
z`u@N?vC7FrP!V(JP;jG>OVVf|T}rLc;aSE0f0h*-<uC`??N@L4>{v5`m)c0FLL2VW
znDz21%5>qd^O~fHj&(Wyv>lmZF7>&$2t)jSRgB6oD-{G>Io?wx39IZk07xxPWCto0
z(DRten7n|7xMHJs6hq~~Br9la2CN#t?}6^KmSW|__7uD2wO0s86E4&1B5*AB$AG?I
z$k)L~c7O+~1YRF<gLK=E<j<a?ZAi))nu37SZ)t_mCdQK*T<3kei-2*2x7duu^nifM
zEaF%i?TN*rhYXW(Tveb3=+OW}Ih0;Vjh4UG?}0ei1gz~4G0&%1_deNvr$+zHa4pH=
z91H_$)ujPfV~-ylw%X){WT<$Hnxq4X1GZ0bJ2ls%6BJ!tns>b&!q)Dx&*{iPMuB(_
za~0W*_8PM;+UM)PBH;gq`NH-OZln!&C#ieG5J!2;pbD8xAfIps_=RwUSpIF=<az~x
zvAsFnKl}#r#;OddthQmB0~%|nv_MSnfqR?%EIpKnXS%(MDGc2PviY}l2Sre&?LN;E
z8Px2c7?zW@Xxd)EeO0X{i~wHz+IzHeh(#HoT@n=Ki|dC@2}s9DUp^EoNx*nWfn^9*
z>hGYJZu1_jH)rhxEF2ob7qUVx2Ta1JQC4~Zx8)5Y6%^iXVMZfL6;iu;l6-b!*sbW9
znzR_ROYPHa{U`IIA+(c4FY(XLiP0`d&_7_f)24KHJ@}}f<cIw%G4shdC5E`$2q!5a
zkZ!d}8V7$nd6k;?2MVaV(MF*!f;+qlk{^p*TuDz<xi0SmXv4-K;K5p*EKfnsEj>f#
zS-jHb&6MmK>7MD4NtgaZo+aOR+geh<X6cFjZ)jW^5`B|34qzTcnOYV2mubNT$B^RN
zt4vCnU7?YJ6X5j^pPdOiWGB(&XmoVWrHMvgn$s40dip+sQ?Hn70t`H9QW747r!-c(
z+JReLqgGph_6h9er}_$|uDxp@c<ozUcpiZqPgeGaXU=fSG{$9o@XH)$w3TN6UU)PY
zgNKvnzc(<3!T8(zd8C2sD)}`toDO5RiNEi=w%&7D63y|S-Q`;X-#<C8pbjavyWwLJ
zM8Ml^TgW57jA#lPZn;tBu6|egmG%~oxUBY}Tm*A~%&Do%+XdWjwozBClHdF9gC|MC
zUHO$q1Qb_cYLDy7M;EPAcKfUf9JLj6bcdsN0~$YruUQQPX%}j_qIur%MlJ&Y^{S^%
zoOekM*Pm0dp55)!U-dwd=KpG6`j&_{k(rl87YCGtx!})%w2v_1qPk`u1UneATm{>D
znS21UojRJxmoT5@J-xc(%QI-ba<QYlaNLF_0dg_W=pMgFKmouYSOctM%$-*Sh8Iba
za#Izr^4px=2(MC^xx|7PgGH+FlMxb6>P^T0A*5$Q1xwAr|4m5$MLz%4zhq%y<NO~p
z$;wH@g#6#r|DT!U`j43;1I%dt_ZKwZQw`Y?Wiu*r!Sn$>hsYUv8`6o`@fzvWmmwsq
z$Z)3uU`05!PjH6c$X{kY&}l=UL~Wgonw`ZUGQ-l(r)yVEev+-h@e_faTdutIGrtF?
zz!8<@??{)YB_C%e%sa@(m14eVB|$|bZgs2zPyPUbKYK!tJHu~)(>?Q(uj?33U-qm%
z)<F*o%ho#F)Vvu$9@17*_+kIICkwN^rO>U`vv7CAAGSD3c}s4t$WG8_c!1d>CKf{|
zhrNO5dZRB%^MbJqt80GJ9;;o{T@|K>666k<zGX=Mo~uv6{!63AK1d@~@_gyn$O!)E
zj#^+%e;YIlGcqKAK%-^D)|pl2QhaEyi`wy@6z$bg=^Dy-S*yQ6iC7TI=6oi5x#xEE
z1I}@E!Ix5$pwSo^*mW;DOh(h5{a$yD-i$cY00aI%8aZj>MKb0zwx9Z)<}x)hXeBI6
zQlVOOv0i%6`{QRNTp^XupKoEU@`?UdbQFW!cjcHC55^w=d+Wf1@6E-H_F|9w5g&F@
zuwCY}l5Xrbef!y?BfY}EgIW%)1iX-w&^-{l&p(zM5jMACT1a@>O8e!aTG4P$bYl&6
z5iTj_)#~8eu+P`X7@m4G-c(I?vu`rf3o#@|GLorgR<UQaE2m7&!2tH0p6)I$-aaoE
zUa-ZoufcXesCBhclewjuxt6CmQH%&CZdY@=L{{Z?eWjFE%p^zyN$pD(MTkIEqwNLZ
z-0s}(?DbtSe(Qsx5U<Goo(+9JBO6w3HTpb%B!VNR`t%~k`#2aud_5`WmUEC|e9&^x
zF7|Y1Td2?eRw`<_Ebs#<X+~?QtD5^rSv6?qV~!xe_+~vi{XP@pb^5FSr3h`%-lMt1
zm0F>YI2XOcZ@Fk-wN3<@B7!8mye!)b4fUp}eJJ>s3qEq4Ck@8*c6JsR@53HyF5u7E
zaON1c$lQC#y&g;js?g2f(MqHU;)f*1JQ{zq0Y&Yib~^q&2inx=>HzZ~dPdb3kgv{y
znb!Yo!wKBdZdsxvK>>`KYha}wzW2ncrDz6Ljwf(1qN}Ynu0Pr8cpH2%c0#;x?KU+9
zbzV0jb*#$rOYAQY#$#>yVv?YT&NDRXY@JskkI{TfXk7kU=BwpY`48VjSM~wG!3sG0
zsjeZKFk<QjW*ZNEq0~=wSztN+0xxmuLTTrKTQ<Mx^;om>IJ;-9?na)_Rb43QWMM2i
z1dxk<BqVEWAMGEbN{FBO`=v-=;s%_rkw<ogOB}8XA1sda$}9eIG44cYhfinf4jFeV
z`fk`q_;~xd+yeCWYgc!*ai)oeB60N3b~#{$%u_lkt05#x=}jPpO*Tg~$p^ga{_{n^
zW46(GD5~|yT-=*{YVE#+1kRy!u|Ra}R5Qn6^uk5`v~T(}8t)+1Y6GcdU!7%bd3hS7
z(bIRX*gW-5xb4(S_mDsBE<{^J?JRf+I96UH7-qUSD&fK~eYC=Ph71Vpa6p4K8v-=l
z+Ouh7Afdpx7qSl!k8cI)5qLm-%Jl-Eu`CeD{94c}30jy{50^ql=eQJJ;*S$MgNx<g
zEfQL*!9<tk7Rp>+VI#?Es4BY6+fdXt2~(Aazp$srX=XG=L;zx`a?8T1%ISnN&8-+q
zHLSC_kwx6P0&Eex%>a|D^t(`&450VQh26h~IRe|M#Q9g`B8F4vf~tlRh-e}Jx-Zat
zoBb0nJ^LmwblZKCxHuWp^7zjofq6^SlG@P-A5YrYwv~MX#+Kc<)2$zU*orD6tkO-0
zeNlq28W0MmHKc0unXnZ6x_LJ(wR4uOB0aSSi*69l^NEmxJWK7kDC<55LQ%WBQvtf@
zDs-C3-c|0~Wn7H1JWm!yD06v0mS#Dgg6IL=o`Yr}f59;Uxvd+->iYUKeCG^KuB_RN
zAjsY!3Kxk5m736X|MJYAkM?4S{sm1F2vOXR-Ehxa!wKkNL29dZJ^5yyr~I1o<oiK)
zrR)(kn9+b7&kQD}a$`?!IzC)^8QuP;oe{{;Rj+Gq;8?GJ^i?e7H86Mph$ihBj^+cr
zj|?-ZnH_QDvX|(BP=)~E{ya9JW9hR|tjubBgeIbsBo`rYO(>6Dh~C}#cG%_<*ruk|
z*Nwk(i#tZ!%;P#x*wr~D;eLY`SUkk^M7zh*C85&kOCRHFwHBMvcz6NAxZ#prqBh1p
z29zPBjd(3x3~(ts&?bTa{!)vr(JH0J$#?x{^*I>Z6`gD3c_ZhSRaDJOQWi%}-@zRp
zLS%b_wN-B8qV2<=DgT5{Y`1ZVkWq>62YsL+OtT`)10>G)Kj#zYXD|nOEE@q8Yxm9J
zfRzJplCwc#GvH+RevZf;Q-s(qC!_%{$KhZ<C-@YJSP`YE*MbB9L%ca#_~pyq$a64u
zAc}<CPDH-kcxaCR_KtSeD<mo}l9NDlTNG$@t3Ki4z;Y~m!u63~`j{USb^$p1=WnCC
zC9Pj*&377D`IF+WE64Zq!^!otsyljJ9ng8q?N~+GZSh!Ng_Taiha^@r{L#yUd8A*b
z&wCShkMGLMxjX^Do^m6vtZ(Kd?GZ3NKgC&B=CQQpxrOUPK4B%18LAG?PB`#bZqP8c
zcm`^RAMjF50E^;`k(nRG9*rmI!|z`L{1^4XmdL+}0*S!ka4!nMZ$IVcarUO&dmb}$
zz07x5jPN<(YkyzhypTTx^Gil;RHqagz8_o$;reea_|yV`<J#*WkniKEaN`tSJo#6b
z<PW3YTuWD>N#$$3xo6x#zu(^b?fS0(L$G`9h$+~C@w*YI)$73)5nQvtk;2inL3Q61
zqvG<?@fz-7i`(|venC8C&b?Z|Hw<@~@nengU;`F%eqDT_@BPu9fn1uVAC?jO4rAvA
z_<*We2ZfXDjCY(OC)`~IG+(?XLUb+jR9dz04L1o#K=5z@Y9|JBy=2(A&jak&7c_es
zLdyTf9j^b2J4~EOA)G>h6xAu^Ehe-a`)~A3;yFVxL;*7OkVIum;U&!-v`(hheh6NU
zR#27J?|bP;5du2xQCLscn~vA*Gy-68FvCZ93vF(!ZSFXPhBia4MVM?!3%0oFkZw2i
zQ7}<7(LiDb|7yH%)L^)A3&@`@Ja1=?XNuE??$EDI@cY|ZjTBnIEq)}ZDE5+12Df7-
zT_W!afhHKZU@5|3I5IIrki9jLEl^<uUJ^PH)F5%oLgEMu^*~m7C}(DrP@@EBY<uiw
z!~7jI%+UPe;l|t2`#sn=<5-%3$<PDS0mVLr(ab#*{@+w`n|Rw~v2X}lz4byf=-fvf
z*QwHqErM-^Eq)CE{rK{J?z(J<;1N6VTe1E(bWZvH4^Xn3N`)8zDiYi>v6XSrETdV%
z`yE+NV<%3C;;SjpfVVZ4#D#rI;kDx^uiMEjsTq;zCQVDp<Mza0Agb8L6<U6IC`g7$
z)$a5s5%X5<o~@=yw#EB?NRm}#iOr6caISYI2Kdpf?#>?2bo_pd&DCHTUJkVu3&<Yn
zBIcVpfgmK)8|c2xy0K)txU3e}yMzE9Btt^_f5^J0;6S2w4b<Vpwr$(CCbo@<?T*cf
z&53PW6Wf_&VjB~m{JZvl&Z*kBece^>>hD|6+XwH*gQV>=mr3`()EFNUcLI^})U{(?
z(hgg6EGs$%_f4C><F^fOuzqS`>TjQ5uQ&VbIEIlnYHfha+<5aMa+y*yM=|S`E|z%J
zv)OwCtJ785!07!&pSdn0PGLIYQ@7g@T9hwJ7sI4ZGu|;QH14~ic>+W1nhevTdch$L
zPU<mijr{%IP{Nh+b|;+G?p;J1p=CPhH%0Y|3OoVz50Y8d@-vj_ws`8|<tr`T?T05U
zbwv)_|MM2I|91k($qdSqWGp3;R0j_Md~N)@&ouLWVJv@0qwRP!@JLTvT`1W8_*Jfk
zO4BScC5*a<<1FgTpIYl9_guR#bonCyM2MV6=E9sVoLmgm%C*=3y`#V|<I3r9L1?R2
zbAv2zi}2lhXsNd9b;V}ld#cpT4BCsamrJqXAw3HHZ!o5*Rc9acA%hX{7JhslKq$wc
zZK84I4eDulVvp-nt8JUnzsq^P5~s7xL8m>30pLOP-;X5j<DGa&yyIoM)71tFay?OW
zYvO_y;XG5_nAmGi5*3lS1?Bx}h#(5EoD1BiCj5Gg|KplEd#J1;kB+oG&^5)&(*_W^
zB9<f_;$CA#wbFl$3_%Kb`cDI1PvtuXsINioO+p6$JQvz7>?efUDm%NnQZD(tgt%w=
z{DS=FD?eIJTZ6$b+<SPxU{l=CvR4*YgZWj5sbjOnI8@EGz=faJ%zA$hw*<PbkcN71
zUbCo!hU{{aI>Sm8t+o#p&SqKsCLbL_7x`eMDU<qy{@cI9i?!j(=t$tl&P0KxeUux;
zrf;`<?cGx6`}f}WbUsEZxKM-C;U1Qcr?X2ZBSDV-xigcZSl`71r_JtvcfSNajqomg
z$|FM84$sT&rVX+cZ58vF`LBceo~9O_&H6pN2%k)_xkn<N?=5HU!e$jE#;1yYS9o%-
zHi}J>2Z=yW7?~3dIA8);Ow)!r42Io)3&wN=S@Te;o-}JPRrGWkj~eE=dDvH=iCcW?
z-BVl=WH557a$@n8qWl)+YaHlk+c+~LO@R)%A2^<%jhr9hCXL2R-&3os@F*wL{d#}E
zf%Mc=q++~SI;!<NQoeSO#v~X6pes8i+)>}~&W;95AZ&*Q84ZB6v0j|rvpZ(@KNH@M
zcei;(#Ga9USQ!&VN<3cb6J04)6>B=2cGV483q1w9P{ISg`<rrjEGXXon7H_{IkUdQ
zkFhXXW=@0cSdnI~Z!A*}EhT>wG}v#p`vx8v9a1#)yXL^Jo654>r=43W##L&PNhAha
zo^fZ(;nAkn{?-6mTMBw(3qx=S0=7?65aRjA#Le*j)tJuhPr;oPEuCEqHC!rq<i2Ww
zu11TMSukd7<eJH$NF;J*{NJ&6LN<II5qY{XW)*3*cSZ?&rtGChdqS<N!4f=CX!Dux
z38{GN|6ncktZm}m2h|}-_;3aO!1Qs9b5eM9@@TXhnT7!x3NpOfFVU7}C6Gbl2X;cn
zE1m|)6`Z^Y@t{?4+feBUEO62{umY2~AW9$fhMnj(Hr2=6B_ydiJa4<@%LesnS6EX@
zA~eB8nRK(=niF|slek=p<ULv9vs<<51Op5YL;TGyVNr~i5GLd(&pPID&^-&3{IQhb
z>9IejSGs}ir9aCEt6izRmv9xq5bM>c7!qsaFWuve$(8h+!U1l5l>;IPBzb6Aq`2>g
z#Ni!Qx^>^7j!Qy&@4TxShCfMTTVbPc1GhyY#@4W488%y?0~Qu5h}3$L^{eGrQ_e}n
zXtAq^5Z^)3#;{Eta<1GZy!hr&W_3v6tK%X%?D7Hfs5wldRQ8sxxy?tP{E)RKE(?PJ
zzJ}?I#6saF^p$-)@sw*(X_+Eo=j(O<(VA?@@whj5crVF%HWKejo26lh@S$wZ>Kcn{
zB%{?aU$PZmUY2ANMI&yr^%R;P>zb!R0n3^HEH#74))685l3B7YZcEm-mO?ni(Q2EC
z86JR>p>p!NHaFQ!$&vElRkQu`N!}hGsFNzBd~4N)=sSl88Zf2ayjW)UlY7i5oXDX;
z0uly5DzL_)kd77#qNttD-9=-w4t42rO~jt_vJ<s7VHy?2z$*-dnEkw{if&DBiXS8D
zV4E?AVzRBAGt0i88oZ@maJo0iO?NDeL<CrR9D^e0H4qN%9(wg{{&X(X<Q}ll9(bN9
zrgs7#MtUOZX6<G4|E)>Hg?dEWvzUB@GSnxXG;e#ie|F=ah$R*jjs!h}p{6$YIh+7x
z{*&tOYD8cHo=$zR;Y8|ql}~qhO)39Xyug#N=_$Tr<(VPK!e3ZFyC+jWPSrQTqYeOF
zlzh*x#06oM1LZGOKz_H_Wx9RnPG#S8dCxcSAmkizU#>EJ?OL~8gB*Shw;<!n{kD?x
zv4<g^#DIZ@hqF1-^j&U^$QJcx>jY5qo|LRtDE}y9FZ?&-L9WGIN?uvWsnW83kx>;5
zrq=S?2eRnrqCZNt()29a7!rK`b;UqMUVN4HKN%*eXF&n>@#+YopuK(-r+^Pbvl6)D
zj$1h>M`G*Na@p3zzJ>~@&aSd@jqSukH$makYFJk|Mp%->@f20hdDEGJ1#*}-OIWFy
zKZI|VN<Tw(B$b;nQ7sJR&aJblq5OiXAh2W>@AMh)K$?{Gy#1Z{jcsgD8khmrk~@1)
z<_F<iiUhhyiaT!gTB}>CBx`e4g**2-cZv`~53tzZLFCciE@P{qKQkGTl*OR-LiDK)
z3-Ilt73~rD5ZWk}&Bq5POuye|m`U(K;vkNil0g{K4`7u#{VbMoMP>LtPaj-yuq{5i
zc0*(6OE$2#!>tgc^+SVW7DpD)MZpyYmULExJ&0wM9SU>B5+)PrG*=i-#Y2vR(S<Wl
zPdjr*q|h)ILL^FU?h4r%1^F3`#1r!Wa%PwvG8O~naJX|P{6yHfx04nip%)^PA7h<0
z5u_3kl(tlBCW+U_SxFL}qyszm|F{pLO@$zSGrn<4w-FWhlSWt(D3t>{iae{jh#Mco
z*LF7L@zl)$l)n>13g*|R!wUo9CZg0~Ey>N)qKxF2SoY=e=w>?cD4zR0lMQ%fQFxyN
zsWq=iIMjX0z?6vZlrFDsbD}UX-a2i1wZ(R64~5xElL=%r@7a0~5midB1`aQnOT}^B
zl!H-k$-wbdb}Wo6(QN>$SHq)s<}m(?V7V<YPjg-gQb#Rt;V4`A)ofLll=K@#j!2gC
zaBIro>!}i*1M+XZ%eYPrcvy>{k);|gVj*JW-Kl*+T<mn#y)}1(#Sx_>`?)OVP6rVB
zySfI2Y3c&@)bdT|$YUkO5q?Xk<}ejyb|^?_-{C=%J+qa$(>?&_Y~??da}A41kR$qO
z(+YxUEHWDbl=vZ17+kK(1;`=}o+}^a{$)DVk8TPO9t<M8x02T1g(mUw%Q+STYZB$b
z>ty&7hm;Q0Ze?v~(EsXWRLC?AkWLw>V1@bu#S3gj*jqbuwRsntW6863WCwgl|IkqT
zuEIL3k=NF=(5-<8Ric6pnLuZ<!jJk(88dy~dE~P@IVAC#EA4KkNW{{zXed)g5cy+z
zfSPvo>cF*2X7Ja3V!Lq_0`3&&5cRR^ep{A7z#c-X{WqSt)%E%j{TeCCWU%`J2B^p}
z*G-Kj_e$Q@cN>ZW+_^$~2+&dkNXK*-!%_2Xn@m1eG)bV6M-#f^7E=OEz#=vmQbrgz
zaUd7Trq)8LVBL;FtQULgY1onZx;XiCD*|bk`NOt>lF*jR`+j_`3vVu7AB&-iu*>yu
zn7;5tfE5byf-T(p;*z4fi18cGy}OV*4Y8TiX7CGQ7a^6qJ^YdYLB&9228pl^8_P}x
zGX?HVl_pU2Wr^OPTM@bh-Tq^V!iZjyOB#D?A1k(taYM4lvOL&`r=F4m4xzcZ#UYg?
z1Vbh-vM-RkB)v;Sng{g>kxBu8a<%Jdi;6zp=RcSzusV!tYDh~;<sqbC5!8VWZp}|@
zm}`ZW<+~N~W~KO<h6C>jQPktyWN~k?^x`lOtbL|vSbJ|NFP)Lj>zEi%3%!`qogT%G
z*PTX7><&)=pC#Js6Pd|V$Jr4a&W3^h^Q&Uw)qE;8Z5yLT%h6|>g9laCYpC(~#s!8S
zT~QBz3Q7#mRUBrf#C^dta}HhyL31&P<td2%@I6ZhCrJq$IspfDt@%=NR#qC3+<6mF
z_?x<@Z1|&Aeq@_{;r#9;@tKP~onc|+(I2V7*U$rjF%w*1LvBb3VX`vuZTF*&qPM-i
zCxT?c*M0)=%GN!rPy+l(HU)R7nrhk53DY%WcIt=7nsgrKzi_zbJ#S=*eDRI`-m6+>
zR_RfLpyUfZI;}itW_-HUaOT||F`rg|zm1DPe<Z5!PnG-AMDiCUD$nLu57%esopTiL
z8`<)WACh7^rBBhRetm+Pyi-#_tf_$Z>~}1_`}8TrLAHYu;04>#&O?6@H9>7h*4JOP
zRKqkQ`vw9QJo%Ow(9KnoX?*zt^1V0f!#}OISZ+Y+B;H?%#SOP#j(jg^U4RJ4y`Q)C
zr?UVp?M;l3lE^-6%eWYS=#JL6in(}Qnth>`xzJS0IBH>V=fmxXfoerI!2aPWw9Fwz
z{h$#<RX-Ix7l1p}?KNB_k%lYoJQn`uU39pkwjjIJapnWR1o=P|6*rMTIXmU>q^oh+
zx}u^GxHBdhzvdPzC(L)EH8%*Xu@{D;;-|Gcl1qzo=k%`C-=!2iiCr3ePaPX0cwqqE
z{MbjlIiIy57GQFem2?h1eL3z{%Wow)|B=D>X8ASPNnqvKn8>O&C=}_&*nI@zvojo%
z78rOWEJSl{_s&D_8(5rF$?>0GKTe$uXHmQwSj#uDwa~c4%@`8o`L+UW>5g%DBt?Z|
z)AQK}ik79dOdo#kzD`b$w{QPUZm!azuck5429Se)@C(H>De<*i{wTk<!gW5Ld;cbN
zu@u$AkiJ<zOHFOKpl{$oW13ZMvwfNWZ^^2<_;cP*vnW(A0F$|e%+tqhV}`l&2)NMV
zmlqI<wsS}wE@>{|43-CIDpdwPUTe_CT^(Y~;!)*5kZ(w|g2jD(up|C~c$u#omUfbh
zOBi28`<e(2`ItaePT!ps`U+B5Y`6H;=Z<oDoIfp@&F2U+X+t!rbES#l<w`8P7I(~x
zQ6!d$kR|aHPgz-Ly8~neyk(c;^P09n7?W;u>|fMMa&7DP)OWzJS>&FUB?dNYu(aao
zQQ~;hq0(<qFwkghLzWfm5Q%HOFqHx3Qv~fOYpRq?!#e)Xn8M@5fYj11mN8PRKKY#@
zBie9L3Df5kG+6Oz5uKH&oFb;wEv4gW)kr=KzHN+)j2FaDQn5jpyY;mi*9Gj=F!Ka5
zRx&-yXgHZs6`F_5duW<izH1hvzy~jqUmi`+Mb!$mO#DdAVCA)|$C5OM4b*T-FBf$Z
zExa-mYoZAFoA(LU-zavIG^>IO!N$$SmUO8inq-ZS0)YCLGAZa$WNmqBHYaCXtP>!K
z51^Vx?W5*nT>UV-EAj!omTPKU`#zdm&j5x6^_1%~{R@ylq#RQ=yqMYNcA52mJc~J2
zRDLDnDdgH%yQNhlvc0mfU=bmaFh1X<mfYBzL~xYXYZ92MGW=tIe)012&DPNO>1EV|
z?lpX=7qG87wus}57rou{eYKV(AW~fk<=$|$&~FI3@OoDf>K9z6WaAoOjNEe%Y*UNJ
ze+cLs86!CiJTs10@}s50O)aX;t$t*xjoALvPpKS124d71DEOCYsOp#rCld{yz*pbp
zwWcawUN*O|&=yvWz=o2W*Zej>E0@e`hnjA(5U8S`jXU}UYt6?!%T>5IycG+>S<cHa
zyXDA+G`c4?fy?0th89s!!5E*CZ4mTA8$G5$qvVl4v)!))DsAv1f+h(>w=jr+hjz-6
z|47O}TJ6t?5D9RcaFe<8+gJ_dGz=S&6@|zH-1cG9cf8SLTQrnigfSNc5e$D8wC<IE
z2l#O&(SNi!8uxV@^8|7ny+NM%UszcJlIPpi#S=kOx(QWO5$13?ZYevy)=&tux^BJ-
z#eTAgw+9d1WnLY)4Mrkp>63c4tq>P;`EY|M+0_073pdk<>yX)6a5M|dZrcPkxxsZY
z{XA#jOW|!Fd4)ewE5Y-sdTXmp0GR@jJTM@wdfZ)p9C(DWD8$fCy-o?Y7-fbjnk8WX
zCvuC@G8>&;Q<KL=G8g+x6ec2ttectGk)`%R+|8nF<}F*MU}IpP-rnWg`ORw*Gy)aQ
zMO;S)Q+}8A$fE>}St_x<+Z;$9_P(SDwOaf^QEFYenB(SC;0fU>)K*f(;~c}G7qAMG
z&AHLRF3Wzq`KNxLu;|G`Ii!e~(Bp4&iU`f&P(R`gSeerwl{)N|RjOHBrxpA71DB}+
z-MT~h<gZ4+K|SGScq8-9hOm<UBbi2;z$QpBYZ$~JVKGhGa6l5ady0fjIEU%AWO=tJ
zNLaG-Ylr^4MM$hYon$|!1j1YA2l(vR2_@9<qLdgfDr<dcY!M7UyC<9_xYOawTUQ~W
zD^RuvY4l}){YJIPN`sl8LckJZ688s$N#|jBYvXN07XHDQG5-|>;aF3{10Q7%jVznt
z2PrUUkK1c2ffUtLx8f#u@2Kg?xH@Dn=8n@lV_6DykAc`_zT`G@QpiB21?D~KVJae)
z_EC%CMJ?yagme9~*iV`TMu+3Ba_S$~cZWAs_3lj1NGc~p;qC^rgSf;A>$P&~_3eio
zTy>e*ShMTi&EFrLT`K*q`Qr<?X6wZZcV*n4pgGE)>qA8Cm^h`)Wio;-NUssGrKXD^
zwF=scvqh=qhgm49;kDe>09()Q3^j0HUgsQ#mDcJX;~<Klq=mlC{@D=G_~-3SbQi1#
zNOIZ)IT|ZtUdr!`w<gF2j{f;!D{u}hJRsgRX+7q5uQ%XFpE28EfM5rfTk;zoGpiCm
zY;so&_S%Td&k_4k1cE{LJ!pv9(yx<k+>l?PBe95iKi}t3)pY*{up}iphNW}!FS{x1
zErXyEe{#%IWNM*`^Jif(pXL0y1dOVx5*@efI=r=yoeM!9i-|_53Lc`EBI9^1j9T<M
z@~j<R(Lv775JgA)^h3fzY1f1X)Y?=zWlpz&C26p=@Sevifl<h`3HM+vS!fbZ2Kevb
zXM^$x=^w(L$V!d^fGb2T*To$L%btNovG0d-Nr}+~G`XvzL;gxagBLQ|`7rtmK%FOd
zT~{JOd-knlpB>c2Dw*#bR5KLgTKbnz!{bC|)*1EgDr|JMm<>_Po58<omVxrdwwaD`
zi|!83&lm9Zf%~_?5(+if@3P%VEwA!6!Yfb{UtDz5h2C)=a0O|$u7Kr7+~R0%8A$f<
z<zUNh2(YhdB^)V&CU8?V(2zyNN^mT5LO>HuYJ6GRcZM)v8Ze%In=xBG{vP<V2I({X
zl45(amG@H1FP^hOrcvc>=C!u^Dnki;4bLAyDhh?H%HkX)61j2IE}^NVI)eJEq;+P~
z{Ba`75FiKxba=%3hj@PO@!d-bAuz`VGhUB+WZjY3{n~b#73*l}X!&WbW1>9sS3=we
zQ*i7c54L4OuzsKGn&v{c$1=w=mtmvdcvpYf>fLH>+Xb5!awsfeRtrVTftkhj^nO=x
zmdV}mxUHLjBK$nYBH#EDXVlf`CE4nPx;Xm8XnUj!Fs{2Z`Lq`0U34L`CtSFWH`^~~
zjq_euuhKYv2%l0+3ZzRP`}?vh+Z~=-vN2p~@cezvFKnq(FBfCVl8ii`gf)rB5EoRP
zJN9(5Mx=L1?wrA~^7nI|A(hPl7*0nhxc%8Ogh>Pl)`e$ffN#3pr?*`>&il0j$r-w*
zSA{J$fJni9-%x)0^Os3`53@;0p?&}ohO?=fZ9q%S1QSnh==M^KiyYn2@|&f|reGhr
z!7mTECYHDmYWMnZgR*m9^c@%`Oe0)nt|^bAWC><R`J*jJUD(A>_9pVP7h);M`f|%F
zzws_=au>W29I(Osht#Xnu%-A2NjM1ln?ue>COrw-=+oKCi}Sqe2SX*@v~T}s1kS<o
zzl#_a9(L9wDnpSZEOG<@w{JILaZ4hQH}b2uj?Z8Q-Rg`UvuWstdRZEFxSmb>zT6@D
zBjsb1FsjhLoJ)Vde=LGO?aKFvFZ>FnA06er_BHDg3u24u50lj^-RVcM&%H^b)|U87
z_>{XbqAEHIIt5`ITGJZS8^|CqduaXl?e=1QOV4mVZ!@iSX2u@aB$@{N&xRb*to&?~
zSDCo3Fk>Lny$I9S%;1iGro9=AF>Nq$3un3h9bPSxnJ2Jfe4r{6Qfk9Svl0A9XaVyh
z=k~S_?mqj6-xfu>HC$y@vD}ckNQ^1;;KRW3%+lJ<XgEmHs-$O)P?bIPMGb3IQ3CV6
z$}-`<Hak7_s}m@Iivc3-GMM`mkC2j_^SjTz6@-vv&fia2Je@2~g!&^1PP-fS5V3m2
ze#6(m9bw(jDvDaSY3jWwF42PUX<WN%3H0zt#fx8Uo#b)Uc@R+PKdCRLdCUbom!wGH
zz#KA5Vk1D$2@CFwXfsF*EXpK6%Htp0w~6%;-q6<JhPOBYZcIrK{aLb7F|M6Q^FW)n
z0P#(K!%yEY>h^WQ#Q3VnGU}abjB4kf*yPI<#6P`kvJ|n*)GYRZ)|&EF$rojIem(Vl
zzdhXbcDXqm&yEpvl6PHhonF&`i6l&8cMO?q9qsBe{P=PAzUnvTxT@)ZAHcYjOxUvx
z^)e)d015#>5Bw1)3&RyLel_7Xr;Tq$#ql0rvj3)?A9&?6zG#`MYn!vpi#uu_loS$L
zPc~jP@f++=q!$Unrh*>|mP!mNCv$g{<xv36Xm&o#L=CRJx;T<jn)yyU%_=}_`@VG@
zhWroFtxTsUN>lXke&SO)dHRUVxd#!fGVRx@3PKjhr)=S24_E5gJLs;fhI<%@bU=G6
zI<0}y0O5z8`V&Sck>Z@9d9c!4_1K)rQ<RTouzjD0?b1y>LXVpX25%$W_R<knQ|a+D
zD@u`?;N$BcOQ@~&U1!LOUo6L%e7Gm`7;<sZ<dGWw8~5UE4T?FLI3C9=k}R@Tvb#wf
zYI+zDy>)~%8sE0>@ywU&Pd}7IeXBYs${(BajkEc4^89)AR%Su9@fIK#=zy|Ah>RKM
zn6lqrU;lJd5|JLbVj9iVk@TU<uO9!B@=CYbZhG;MT1PCY?MKmzU^`)RT2Djx^1Rk%
zb3+-|?#XauIpVE1nK<xGqWI>-qh6q_iID(hidS_;^idS{$v14$AY;_9>R;a%++g$y
zAbV+nUZJtnPlh^yL{MYQRlYKmQ0a>TlJAl}$(#bgFVm4ycON`+QIZQ085G4l`?AMl
zvW{!S>LSY>QqeeNk#n#=gzPMmO;Yc^2_9dnu_Jh&IdU|jqn;z+|M0u0kj(K8L7oAq
zy@o7Y<swoxS|>Uw79#kh$eP2v3FCH+iL5y2gLngIv$lD&yg_-<VT*`jzyEXPZ%Ywb
zdVra{BTk=UQfBlEf<Zt%Vo6hPUvYkJGZPF8D@9D>>7@%Hu;$$09&p9B&N8g&?biG3
z)bB3&Co#w$jLY6EZ7eRz(DY9@kdp~mkuFlZ?PgXG79++bu!4dWMF=(mv+Z~w!;y@y
zLi|Cp(rDuO;YsV?QiT)lD2tsb5tz(B9WzV}5?rrNNvJvNHMGc{jd0zkBZwo;I&dQ`
z;8B?E!C4go+H6#V=z_$CMe;0%^;;=^rsJ5Of3Gi|fuR>nLsUc>tgDK$i@Y0XWEW`L
zGarFW958FzT^gM;`!1R3de+wvQlZl4DR~ic)G%h86_l6h9?D}4DM$YhB}+Q<-1p>0
z@?EJBO^KGKK@V4kXYPF}r9E23ppb74CT{H7*2_r%%qfQ2LLF8d>!z?g7p;uZMogmi
zEFmsX2k%cHpW2}5H>Xf{*`+Dq#AZniDg$=R6h=bYWX9tXk}*`r4J$JR3@tVxHgX~4
z0XHm1F*xvrI3L}B*(W!xB;KD34{Cfup1xPF&z0FUThe>w3acH-7l-oNR~j3-Ur7|H
zVm<GKRQ(o&sfj)m;V?g+{Rvq!)@{eBl4|;07B(r)BEHhpNjHg+41E*`ZsFd8K1wq0
z+D1|}_w)O>-96`6f7?4h4R@0&TidhN>iL@+_$|b*E2hqf|1N+`kuM=fOkY!_;6em!
zf?U4)_n(F7fSz8W;fU(J>e4cs>R2ie?nP`#z?-^_KPO(nb6s+9@Va$PzQrKFc%@VG
zuJgX}Y5K`SPcXlk*USr8dfR^bT8;1|OBQ17{xz0?;n&Xea(T<4CS<ClM{_;|8u~V~
z4SU<Iw=)DUAKT|(otz#ByyyH8{vr_R3<~+T=61L?|D-Y|ny)t9kX6?X#cPKLW9z#9
zUfqMeEXURdwms)_SfPt=AvXDJ(h=uA+Cy_I$zg;iFKRl>93lpAQjn5$PsZmGKuC4d
zj=QEQYJEdJRG?m7e-J#-=4^mwvfF(yos@SP&(8=}1g%$Q0yh-eDC`Z6P|j{46Y#tk
z^=`c|ukjfeGzj)fd%pDRYa^0!JsGeyUv)8vR6D;4Q22l`390|(Z#g7rfoOM;>wx(g
z0svrLE`|4B5uKD{g9X9D!@`x+7mW_{zs;K*JW2ji6o8hl!-gd0NYAMzd=OXxtP4Aq
z!9toFZnM)@PRlW@uS>8{N_~A|tBoaM9Jp;`{*Q*S2;*XzZW$&8MU8Ob`JbG=BSeu$
znFBI`q>GUJhyC}EOhe^6#Rdtcw4^nKGC-?_(w#+uM9g^73BBmRefRBlYCzxMKlu!B
zIh0O#BoU7UBAun443(z8;D2eDqqmgT_qQWHs*bF};d%|{$`zGMQ=wh=W)~XR`qU+t
z_fTUZh9sDH=2E9k`ZA{fNo%6U2&LEl=p9*$OO#=QeJfkE2kb|%Wqh_e3BVP`;$`eh
zr*ofrhnQf#jvWN9Il28YJU1Qz_R2WCYJ?{3sqI==qXq-Ma@zvaS8u6i-R=a6i%H^C
zaBQ!yQ^bm<Utu=;b6?R%CMMVscE09so}Ts>+b%V$c$X+wDolkHU>8*0&h2A%sBTV6
zN^Hc}D+JZT-x;IVee->I{1WBZ?IXcxwHn$wteVB;K1@Hu-=}LX@lAj#mt%L=gz!CX
zVmp;j>Jh#yq+ZSq&%6Fn6sqEfUrsAEC%y$J!`TQqUL1zLelAYkU0<UnZ^bLbA=(nm
zUvw07_f{$p>9<yRZM3=sjV1yO5kBd!Io;sVuKyI#&b_!JHuew)f`mT{UBv5aSr!8H
z9#2Zsnb$8*8~nx=EzkiKp&(z6)Ux=_r53_=xDRm#dk2D?Mr-&;Ba!_v(wvWuH+y91
zvWaweO6{)L>0s6)0(O!h%7AeCnYo@a3iN{YF%;}zkURHaORh08)b3u;#}1pTX?m67
zAEVhrWJGuQGuhe+G|3nh_!Qxg>5q#}U}=mr)xoRygyQZ}P=o;SHw6%=h!xcAwH1)K
zD#>2WX3@@y%}m>>@$t5fwr9c%as4Y!j7`@tR|Z1P24Pu#5LYE0b3sZatm%RT_3q#9
zmejfhg=)uZB8Tm-N~;v)aYnz{T#q97xxD74d#tnHsVh~MJr-*3e@S@oEgF|JGz7E>
zS&OU46g1&*(#-&`#dUq7BAx@t2m+uc0ViFUtd?uZUbw8A+9@N9S?pTNA_vPf<h)i!
z5`s?z%0J-hw9gyT|E42&Nsd!m`s==e#`!p3w6m>6m@w!*;yXiHFRxD*7Lh2?ri?jD
zE6|=5kGu0Sddj1dVDBNsc>SQ>MVp3mnjO4As{v~{>Vg4~N8!h0N{`iHB+-BAURqeY
zi7)kVi$zk;b_Xg&?MD=d;e(lL3lUC95rw~0nW2JzBB>~usS1&E7cOd-3ql6qet*L}
z%}XXAOZQa%@oQTPCM7LrQ=&hP*=DVTF!@(F4ANeG7LPEkK<0XKc_b4$GR%5b_VcUX
z@}p+2glrzLHTn^Rz3@lQPsEBTAyiafe<9b^dXt6CXb4pd+K=bHQy!s{0edI@#m;j7
z&U+TMlP@1nYV*@J{I+9RLlA)xQ6UYfbN20YG#alvN|ksyHKhzR&HdqG>EO*K(w`j$
z6!DlzsJERPc(&-lR*yPE!+-VP<mq}lc*&X=c31(9qK6;OvhIf8T37D4zSuX4(R<Gc
z%1rC#<1KVb1FOWD@@0fy&Ga{V6*A@Dsy%3Zzj<H#I?L$cOBZ4N(bc2IyVoyLw0~l}
z0L?+aHr5+J;<;xfvbv*}R;wRhw_T!xz{s6uC70su)Y!y?Mv@EZ$yXh&cQTqYcZ7#t
zjM)KV?)V{{1m08TGRC;>gl1B8E^cZwYMcA?$i!#=7_ss7#i`3i6HZB{6D2~eDP@OQ
zqTgk$Vfl2t5Ua2OV*z2Y?@7xZXTmxqYH+leyz$z!iRix%iy_S*%j^=@uXTk*nLwRP
zL!NKtHa1318fC-|#>qX%?s6{tXu+YWiQ53MkJRDh)39Owqc(=8SsWMZLOUzOy2Nr^
z5fsZ5wb`RHC$@#Ov%T=c@#!3-$j$Pwd3DH`nhi}7JG=+5qn!b!d3I&xRZOw_V`FS2
z+32rd#kjf+S*@w+MC^Tc<|tUyZ^}GnVzHd|{sP_zkB02KWl}V3%qPMxkOckpcBQ~d
zifeyhwNi(36soZ4J3B6-2*CAs3bqrv45BV24Z)hD2jqj>p}?-R{7c&)obV8G?+W)3
ze<0gOWL2*_C9>pWgSc7>zQ%kpZxtQCx$jt^tFnt$h#7JOMVRFIsB@G_DP=#Wge91T
zT}tKSpT2~50I{1zIK*9Ke?ES&KT!4(BxHA8eOJ{F1=H^0SyE8I8KCp;hZ97e8zbI=
za6-a&G`{dH=3?Vo0;pqpH(^AakS9T`;lb7Ku<cRaw=V;)RXHXC%@(XuW})@$sx#pu
zfr}==bD9X9<{*&s9<Mr-6zDk!Mn%w}yyX>C=kCqP%YTse84>KN^|F)wV1b}UtCCw{
zb{&$C_Aa~CxS!w~qD-WA20~`U$yf4`D~=lWDT*MC91kzQNt(7kf+?f@n<9M}?>n=o
z;iORPYCE!Wtq;;7-ISMU<r02-cSG@8i_TM`cZ}SM$h2irnh4@j+DsTI36=~QIg$~m
zrY|0AeoHv>4jLG9XSNbjMg~TyT)|X-+rWwrIAYXkg7=%Go4yMV?6z#i9jFc)%Oa1p
zF^Wjywy+}}{{+<?_R}tx^hZF42FJaF0xQ<Ubx##r_r^LDgqVHy>#l`=PA~l#C<>jv
zeF>Uyz-o<!fZ@1Z!R5SoE__|jeEPDwplUr<XuoSZ8Rz>TsH&2s(Ff!-pK#@~p(Vz{
zGA@tTJ0#2G#8usOBr!Oxvw)JOk991gEvMswn?wh()1qE(g5(=GibA(iAm6Go;3TzF
zT$MbjmO#NNA&=gRi-b6FDae822xz&g+afLXfn9{oAw44W1>f`%4WuB{o}t7=Ud6fw
z&<l6=ISYNmQA!CVIRvDzS7XXt#8V<)_2TffAr|?u@2Zzskt|D{;C+VS+RHpxe{0On
zf~IbuqBg&I2f8M^y3`f1hms;4!!#?=c{Hsu`(X#6KE>myw;PVxR5^>BNoBuz`Db;N
zfSuDMc!ek}Ik{?y*Ntjtt!vW~Su*SY3|o=B;_&ym)mH2xi346(AR}6_6>CW@%N$xh
zw~wIqKlyukK28?8zc2VhM!>VjfhjP7i*p{4|NcYJqt(uwe?n4Id8+?ufxU+^c%q4r
z{*?8>B#|Qax+0`aD#R8;RV^73_9kNM(e9tj+@1fE=2%pWCbPq(;QWufT1yBS-d|qd
z+K}It5ml+bFi`<<MT4|FGV1x>efrWanwW1MnW%sI-DcTW9HT_>ez`wHuT?QVsgpL7
z&kZo|<~F9bCD<(6mRZ8am6@yO!P+AEEM9>kLBQ%G*%hp8+&&A`J2TO#@c0SB7|}Md
zH4t8H&~J;5m59iTJh7F13i>fiJpRCyQ*VYU$fKOaf9wGGs`_gPmcyiY-x3>h)#p2k
z0{3imHxJFfy%_C34c^TTI9dKxbWa(6csq-}<Fa~wc{_cT053a6Pks-kJ8vwY36BQ~
z{3)@Iwfe@4!EGD2FY-qVmU>vLzgjy5Ss3#D!fkUE$EXyk`u6!0BE9j0@HO+1zp%SO
z43x*Nm=JKfdwrF-YUL1^Y~WxJ`!p}~#ohlzpMo+h{)f9eT=ly3pfzKfF&zwoOT$4a
zaWTgAnhfumXOuMHZV`n9KSgCdKj^+1{QYZRbxA%nywrO9>lxPw6Y8R0$hVWbdw%JS
z04hg@*|gb+VF7hzNv+rII5(8b<}qG$)ACCE7C?DPKGE$t!Z*vE!u`v9sy}V?ZnP%k
zf}F#VjUXjz+#f;ottf0tTIw>Gi#kYbpwm6swgD|2H2elFCL?&QR9Fs5>a?_~#&6?L
zK{4!~AaV7QYHx=Br>J<Qhq|t&8dp5%)EWi!KK!HJVf&9f7$(@0#n8BMW)Fkk;`Udd
z3Tl6Fz}VInf1y};PvYB5=P*%y1_^yaN>d9h|KHgf&wnpD^KdZ#*K~2R{_n&8k92V+
z6>w1j3Q3!sKf9l5g{>?H)EgDjL3*nn`u7qon>$;YRSYe3qhQ=IDzh{&v?;Y|)2I%c
zT46ph-bejlkU=6VQrY=R-E5EZk4e*|_eUqvU_Qn~8MUN8M?N(>D-*U1-#sZ7Yi-{g
znoWCq+h5+yC51L^Ywk_@S${W>?t1mxyK6cDlM?9lS$j*ny**wSn_d4jz8QX=X>PyY
zXkTB=eB65{_8K&3mim{uPh=6*n58>L9wfB(==kb#9{4T!mE>NBY*p11W=j=Pk3hb+
z-cuJtfiWEx%p#feFGyD?OdKlNubJvDoQaH4$ozXVXCWj{kePNVLlG}uKkBUA6l6gM
z=$(uHvUy)W%aM#|{@T&TmBoZE$9(HL2{!Ic>OU>8y{z1^bIZ)OFyTwwrDC{uplj6~
zhwIcWLoD8(4P5QOAMe3k-MB#){XIE6giNwhQv2OD{XANXyu8_DqvO4JPSjypt%_*9
zMyIjGcu;KENZilFvXXvJI}p5-Uvt+0ct7d9GVJpH7;l7^=iwMHF=%C_UOC&T(d!mC
zf3W$1XpN!0=^bQZfNpJ-3;<k$ag&uJTsn-L>l#=Jxg~o8T&<69Np|96E*Y|oQ_-U>
zG_6l|nn*}|ic{o-SiXO|ty}zV9^|fOpUJ4=Jkdi7yu9Cyy`cTFZ3*=bm$<S47oTO}
zsG!ow=p`hF*O_?RSK#IiBwFv#G!BB?AQ)1>601nWBrzr?`^oV6uMMZ?9*w4BV%R_#
zw?$Q&h;j)1%szSO$MyNr3R7Nho7cy?hpGM19a_6t6bw?zEf>R&s#Dhe$Vs~}k4|UZ
zr<77X@ed}(6N|^lUzV<>Nc&v?b%@hVDLMPKc8rfquC))**+pveYlZQ{Y-5GCTj{$J
zxJ^e3fmSsjX-B=XxgnIGJP`WU$xIRDq!&!v)a=h_mtKGz;dy_<Q0EZI4I`1w_(y%~
zc51433LgYKy;)cx(6JP)x}yT0cG=xl|3R!YL4CHTe!yZV$IIHOBD)nZA;i4Fj*o7~
zc_}?N5=dK3M*%~ewiwMz!!G?ns7Rupwu!)wPdF~J#?c3h<-5J8FQnJ_vwFRxTthao
z!?M#^zrKJ&eJ7KE=yWOAQZ&($pA)5-@7{pBfLF4eA=g7ziP#IfYJIB*|FqNY7sgK#
zSVuwS)8|9_dZW*4Q4?i=B%4YOo{2JX?o?~O0$PYBErFoiC_cpGO15A}!q#t|2FZ*c
z^f{rVg|cX2d+DNJJ69g0NQV$K!e9t9gePnbUg(Oe)88K7%ru>R07g*~tdTNnhJ{QN
zwjJ#I<VaGe(ljdC?_>lKNS@JO&{*b*pv^rRxtn`N=xe0(ZJ}_0TW&c+Ftjft0vevZ
zL*-lqtTm|fbp>ef!VN3UV4@1|+(l3W;q<mEhJ5qMdJYV25ByJZecyPYPO|IMOjH==
zx*!+rPGj@Iikcs8tUux4as*&nMclgGJCji0EEN%wBG8xBg$Qj-IFi5dDWIHLly!K}
z8lsdq8H-lhfSE@D+z`Qzl(WB!f9`ST9!0QngG`K&pFp+MoG<H`zrk3op4=7{z6kZv
zRUTN<f=O5f%VP4D`K$1(#%xm1sWpv*Wo8r+QiV<T$;N_rIQQ0O`NU%d@yOxLFpst&
zq#FxtfLW!Ka$df^T8kEA%En~2)+sKf491WQ*unOWGyDt!f*iE_L}Zfb>(1*eYq9*)
zV*_kRb<k<*`uG1nRXldzMxhkcD=e+ZtwOPEX&$twe23DF_c|9w37>?kCf8GG@LPJ|
zsE}c+d%T1q-Vir;w^~*&{jf<ZQ#VeRh$f30A+*V^1)opsLCpzeBSDUm_w*h=Md)5v
zhe%#6JAZu##H2*z-h4MDR)Qej69g#j@;R8ORq-(zvuuz`)`PDT1%$FuPD#BxmN)+(
z|Ko0`M~{`O<5TG&yLgo5f>cI-dAL?9w;)X2uwI696_LoDab)8kolK%am$BItYKG7Y
zFbAKkK_OgCz%<}gUZ(cIg+hs|NN#`Ly4d{|&voGrR1%Q?1e3rwMl8QRSJIsAWy2&Y
znwWc7<v=I0;5GC-mnSa6zkYAkj0lxU&igKOSJG7pP-_Y~RGKzd_s$Z}(13#U5aQHp
zza97rX;C<9*(4Agf<;DrqHs)G1&-~u!!B#N5a_K#tkd=12~AQ!lG2r|`=$2^y<>2o
zmW;Op_PZ<F5?iMW(d>|57B5KSoaWKcOqAsXJPuvV2!+gh?X-nqtA5ln!jx>fQ4ne6
zjM@*l^;(}nzC?r|Iu`Jvt3|Yh$cskBmmC7%)}5_r1{N7=aYl-SmMW}8J;VG+@F^9`
zJw>DgZl+sO|MXL3$*iq5?BZotlRIsEcpFs#mHYvJ*BJI3q6}f>w~zJFaP*I+2)kc)
z8_s?rsT5>2#!Ai0Xt;rBFQ}Ru73YkRlclHK2Dgo9mMoeV*;v??g&?EU(<OIc6blmR
z6`DoT*(N1rdfK#Gg^5s`MbmB=(hiCwA-hf*&K8@)>REMTSW@&Id<8vEOJBWOx{GcA
zE9|g8NY)K$Ji!BTjiNV69=6U^V4(Zct4(NI_bMSY`Vw=NLYCD&aW{U`d)tqPrF>bf
z+$=esu+Gcp6*aFbS_eLIhtm>WNBw*-XL}ns!BY~^T6@ZzOcMbFYW@e*2aunCj#VI|
zk|KOfqSQQC^T&puk|mGU_TEBe1*S~_>f#Syt1*%D_i;F!CUSe^*R0-uH@lJ;hsnL~
z)p;0)zqNiA4uB7Cdof{uyIE<^fhAOEI16(5wa?Q5yQdE@2O6v(lI3~olCHaiuUnD!
z{F^ewuY5Vfrn1zsYxZKryBu+{;nM*MQQ>TG87Ml7Ee^*w!yh(lrDvq{O|mKh;Drz2
zbFs0jP7SM~Ji*IZAw$x-I&(xn5>fmqaq%wpUgMO8JC>}9_6ol@=b@3DSGBOUFXo53
zg&Ia(>||9gy3tlf^E}l9i|;wp+{SQHQ>1D4#T^1)Gt{Hf^hSF!F6TzH+1{=P#@{47
zdI@QX*71nN0In+}3SzeJa8%3y*ZW`VKNc3DXr(K{eB?rOnw1q-7;WWi^JJ2WMq6)W
zlA0|RA-tyXTy>q8Cb~<O4@)8UXpdH#k)RwI>CNb^-a~CX>_W<=h{S7l1!S=Hne^;-
z+P<oEb*10+z>d`^3r<VzmD~g-=@alel=AC}OZs{FXl#_|1u^ws@-IdJxdiULL?_*X
z5yU3A3i>QGkicvOw#MJD%W`=5;8&SOLwp<V>MCxpDjv4}2&CI)yDZkwbJDRXo9M?)
z1*~koYbjFkiigK8gYocbrkONrR;Wb`<ucX0sQenTDN`26KjX+sW3b$JoU)}@b$(4Q
zaoUxMM;q!NH2w(_%99BNIN;>IIbdZu)2N=_k>P&Rje}#4|Aljq_$LFAgX7Rzvr=qD
zS*EK}>7jB;Wj<7$8jE|*=v#Rv`xySL0FLI^@3x=_HL*cdj$eFPdP*AdE&(I$48>1S
zU;*F!9z)kK;Z^r#x`;0qXdCt^)dLB^Wi#ch|9BX?Kj37@j_gep1G&b24{-j7qk_;V
zyKgk3FenIMlvy4ROuW$ApR<H5KX7x(|FX8JdsyMlvMzLQ^i5h(t7G$~VGQgKW{);J
z#bSkl(J1M400kT1SE93VAhv2T387_m!E3`KfuOJ^$=H7jFw4F=0m9aE2=Txe17(NJ
zD1Qx_*Q@rqgIH+%0JxEn#rp%}{Gw;)+H-EXxmM~iZ4e_s*@)Etu)QOR)Ui^u<L@_v
zdr^!;=?ve$O(2*uIwtp>d;D>k<mqm#24P?0tB<D14Z%k-mVd%6PR>2L-{Y44naaJz
zSaW8M81Z{fePEn%o0YJ1j}xX;rU#ae^)8GuI#m8nLc1tu0APtf?PfnxHd$rI75aRE
zbwjx^yYC37%)isd|71#-#d)SjW%>j5($AI3z_wL9uBgg@%cycS*Q-y8zvQa&RjSMu
zLPudD8TQh0>Ih6dUTYgV2_?=NC^)DK_7Cs4-I`Kg+T)5f>*$A^Sn<aoKu^6~R6Vd}
zZ?$r2Aa#F<(oA7W8NobMl?_e=i%W#_LTfA@G9!ERpXE1U<{f!22!VWVsn=u6d73UZ
zVIi&HtKz&m?p(jjz097?xfyX~ejRcX@`>R@;m>2&A2!B0()*NOfMZpAkTVC0qyIi|
zDcF<k`o6$PzLKQ-Ei&IDr(`bc5)?=OQF+T))~F)A8E~X?V|zp681TSQ`6b#>J=)nr
z4q7M|o^ayH;Uu<@lW23cu<A2Hp3`s+hZSq&+%mSk7O(XJJM4wuDz0}77Z0D)NzojA
z=KftXg%|UcYZ<do)|ly0N_&>)_^e>}yuCuqwN|KL!Wt#EoaK)NXhWhB_&B$G8NyKz
zH7NUfDsYq2NyivLx!PDjHfK&rP8>6HbVA5M>uFP}ofIEzVTk{G%wR2+D<S!}n&|_`
z5W01(Ke?{~|Eh1tKIx6guw!ho*Bg^1$cvWB_a4~%zUY$HwcY_Fj}PF_c^fExtl%QT
zABeK{>7nhFm)*??kmO3O)e~dNJ)8u|F6<LKQQ*YPcC#Z+XO?<&s(8x&)ma^KXh7u6
z-F#N_wV_CNuF)G7daCGo&06)-MVRk8L%$>(;?3Q1iu3P~jz05p6OT^3|2F3tix4=C
zl8C7X$DPt65~IgOxG+jb;Xf6td{(Pqd2WKY9l_8SUAt6?qMwNupoe-qv3j$DYK^Uj
z>41A?e&SAOP6k?g#3on53wYSx!Nz5_;10blXjE}%N2CZGw%TEjBQCZQ3HV`($HsW9
zA~=rJDOt%}`f0SN$$o4uv5UJHyTX#ti~LfY=lC=ps&e=#;lwJD&6Lo9czV8w6=G*+
zRMhH)p2oLr9_@nB-lH{5Poasi4W1^?JwQU5_%>*d395=PXq5m?YFSxp!PnOP`*?1w
zeYX|l0jb$R&6Z&EM2J7^-mnEn!KYQ@COIeuS()+mx6qbc%ND|_^eFn#YLV_-tu#eF
zVNjDw|4${@8FX%`U823;96q~VtP&fRgSaMUKfTq=7|Z_U=SK=E6AIBnU!7Gj?Er5B
z>iUW$Tzvl2Xn(iuc`_DrrQ&JQTu|^9Pd(=HX1?Q0)%+G@B;igASY~`4dNR&|qn$jz
zQwGIiAM>>6)p#K%nD#|~-xG`qaw%6G9vJmSpDQhKuK1JDDS%d>=OsFuj&6Th-o%5o
zn-!VKCGi<)MfA8BZ&PU1d#bXNK?aB`MI0Z}l!7Au>gpje0<j_lHwb<ePj$+TG*1W)
zDP+*{Ro!w6Z{TCeFl564qXU&tCcLpFL6_w3Y=2RFdnLkDMQZpzBLL3-3R8AwW}g3d
z1n}P$>i^#efa`0yCk>#J*Oy4A5?8kwzFtrQ6rVSkAR;PF3r!177Uv}W!<Qy`mU$BX
z5}1@@s6ta$|Ck$Q?eEVb#!AbcF^Fa-maM!FqM<4;q!}p3O2?4w@I$QJuz3(ETVgdv
z6L0R$ezog#l^(8btPN+iKfk|~;*quC6di!qt{Qi}n2R%DsRCMvkDO$Ce#sJi8iHvK
zb<r9(V~BMM19jSc+tHe-o+3MgeWa(MVs)0P?bgXl%27Q{&HsG8C8W^;WoY_`?h>ti
zoP%fB>Ia(Y$R3YHL$7T&th@fPoOBU$A8%GZg1?5CY`|r<=3&v+B+RSsg>ceQD*xaf
z3Y3yTBWx2hcLi1?$6eHtp9{)nIhmA0q9X203?;Mw)}QdAC-re?yoQkd`|1)ZG{SRz
z4dArp`?xyg8}p3Nr#ptPY>YZ>5^bfAvzb<Ewq!+EbgMu6HU@!oU^C-!aB8o*DlshY
zHdzBz4(m3Xrg`dyS1DaA$O*2;N4aER8-Z!5SvIynjtLO0rvJNr6N7^i`El_VP|qTv
zg{^Le_!eibhAz`0<}rnXYTb`ex2LTJh0jS+_tm97di;0RdBgUMxd>h*=rpF0+B{1n
zoAQC)w!LOLuAdlHBR5RWPhMsfn{pKso9DOTIQNya5@n|!1uKg@t&`|Ew*i{1;40+!
zq(ePOXBnWNQ@Lf2hHj4MNm(go5eYHih!;Z9Tg78U?I)~lAOkL=QC~G+v!FDpXbYC-
z#hoBH#pKVOW@(3p-;w~L=bhW+<#prlUoR>YL7}9PdSSCTSu<_Pv^|xE;I3!49XjZ2
zoHBiNdNh3YH1S~4qR05hU@G<QVdJ@T*jLG@DH?#(jaz^HMGFK9I&#hOMMK)_z9$*v
za!1K7@4(xrks_dKHdulG7WSfC7@+gSPQgoFQCHS<miZak>j^1`q-QbtP59qV3hbjV
zAN&HM?K#RV)*$)!fa=*LZFez@h(3PRTr;nczIUjb9Pl3k%Ext@JEx+(oRq&;QGAhC
zCEbAJ`}}-!)6r6QOTAw#GOB^$4b!uJs0h1`V&`a5gHGOAW(%M=>#5$>rl&MDhd%c_
zg0T~i^%pO=SL%$>i-^?jqDRHjwFum~EKZKtD%)*}obdJ3fAY|Mev0Hpa%xGI&_3h@
zw36{SJX~-fAMBZ`g@@l(^Y07D!D+y<R-*#cp|s)q1HJrsVo(kAr`Sm0U5Cf2<7VrD
zLgumL7*Zga#b!(3QEkqFvQYPjVzv#O+3_qtV0vha$T6By>sdk>BKL5l&~hU{TI)*L
z5nPXCI*Krj;!fqESZ9#1t9fhgoK|lNWGT2&Q%r9to674ek#^dL`rxd)3~L&ICI+DY
zUl{!9yhEJ5GAkMww|I)MQmWV-JAv3O>b0C0gN^b}xEh7Ku#T_tkz-7TY8s8Kd^;?-
z{Yoro<f1X5VqJF0$Uh|O;&Q>`_FJWfjsW9ty^glX3h4maXhisfQ=IFTu|!7H1YE1U
zI#${}KgBMkvcr~kp-p%D=qCjzbShwjDpLy4CzpF>+4$8uyf)TS!B4Bl4nHq)-paG5
zob2oGslCn&#jB?;r}f9Bi&y9hwY)Bg38r8t-3mqL_QzC#jj&(YKk{6dH)mh9SuB}s
zHos8p{l^0_li(t<r{*Y}co~FPf98mO8q`%lLhYjH6hd9`pWU|_t6`Cq9$|p~Uk`o3
z9onjc^GKs)ytj!2|E);kHx0UHtr?!}n;_2Vc$nJRSO^}dALRiaF8oB0JkZ$e$MXyv
z@O4DI>+A&|#NjoUx<i_MJvd@gQd#8d<~+4Ov44XfaU}n=xra}Hx|a2^Vuln8A^1kW
z#ZB%4>Pp@vJfh1WH)e`r$EpBKZBX|NN;k6{iv(hYQK|jxV~L6U<q4Z!Nz+>e^e{%)
z<Jy!7>??wb4Io9NAFYZ1KYYCfP+ZNnHjKNw1q<%(?(Xiv-Q5OvA2hhTySqamxI==w
zYk>SD?>*<9bHA#;YG(G#uBX@P>21Aw$y1Jl8yEopgtvJ>4q{FvO{J86>NdJIj?9ce
z{G)T6m|2M}*WHcUN-~|e+Omz~V08rv5)u7~rr3G?VieX<?RboJ9Q2U|6RSkQ$5lB)
z4A4q^9!BgWv@CLX;r-?;y?n{Aot4vAd6=)g^cj6Dc9G{gw8+jdi-HWq><cPAJ|hF;
z0eC&e-QxY;or$LA&FhJ^90_^gDGYzDb&K5!L*G_`A38<<bO<Yx*(=wntbOI+)8g>+
zFfshYc+pjp!^rdS>7?Y#WqhF*JAga2AFxt${bPF9vg6B-XbKI@#`@E;kgVxq*hkl*
z#!qLKl2?_b<M(SuaMT(&Qjis2&v(!IQBdFC5RmGB_Swu0Mg_p2flF5@f0v~>o({0a
zNSULSx6eQ1M+hOD4cc8>W7bl2QkaH2`${}0UX*?)%1uipe8{g6jBQCEy^J(V(F_Pi
z@)whLjK#A#5Wi+4TxEi5SEIyHGKSv>8EH8g*G-?;tcgSrqS@KgR`jmbSmOz;mV0wA
z3w4_a{}Qzx=3W84K38z8#l!+_kY+r5u^c944>kxBQjR2XjH=HuE4{EY*V2}+^O@=O
z<=lTBu`^d=IG<08#)6Hw)a=x%A|2q$&zW%SxaMj$==;pH#kaOA%iH#Cdy`~(mugeA
z(?{5jM=7@iah~!XdiSgzSC2;Oz?>Ai%^7@ie`M$E`>}4&OcRXWdy`(SzCqQ&Z|!XR
zz0;d^=CjP}>8J0u2-SSVet!9xBT0b*@<iBS?inIP*SZ116!{NalDtQi<g@_i95pXk
zaPiOwb@eOkdFrm!Wfk2dp%`ep>*41wG`)w<SS7q#JHjQrHBerHcIP(jb>k-G?<u75
zc*8quE9X!)q7K!)BgRZ&wLeVafO-_7@wyBTex<RJjtD!b*FnSMrCJvQlt&;UO#G1*
zG&bp*94O#1rn7e*W(L?ed)EM$0Inl!#k5I#9hRJBGrC}Ad<m7lIa>VQ$hK-5iuWGy
z`SIme%tbm^)yb32<9a4x$%xEEEBzv`rXQ*>wX5ygK0NgXfg;#;gP>MlMDV7>X<-W+
zSR%QDpGnF=j@acCQ`;B^hRu1c7>MSireMUIObC#Z3)^~qMegaaZyN!(tGrF#yq!<}
zt5X{NdFstW;M?WFU>fJ~(H+G!Y@n%eKEy>GR6@b|cKR~qEng^G?MbBWA7m!lE-Ovp
zq6V${^&+f+d340k(t4%J&&ClHAjR9$LcPe|;aiY!w)Ft^*Hqv8&gUN-G?%jt6`a!F
ze&0MUk9eSB4-Uw>dq4xGZ0nMc;}2&%oqh{!+ulJM|0-_Fve&&^^v!2b6E^f5#Bafb
z0l8D@xo1M;w|g4Q+)p6?L=f><ePA~!xV@L2W}=BEZMoye{w9gFNzp5I?O>(aP3#><
zCttGYF#OOLPCt57eM$dI6K)p;dff<(iC|^r5o&p7!P-akl8^w<@nupA>=UIr)KR^n
zjNDo?(ei4E1!_l<+36ltkV{0Hkuwpcm=FDaPFuz^I_|TmE#Bla!SohABeY+sXg-OS
zTQx(r;!O4VH%=(!-zi_b`R5VGBYa$O7H-1y44XFG<u1_Z?5Tt_7l|Ot6G1GiWGa&7
zHBCArm6&(DL2W++YRs3EQrsrqxuZ=+xRrk5acHGYGr>=|K~v9R)-tpWZKfJk)h1Q6
zIl|c<S~2KnWz3b-xu;TGS(kHly4Wcn<f^oU^)B~y+30B5+#AaJ`XRHH6n!h6Yn*kn
zJ<GEo<t5@$I%<T~i3R5`9jK$=WQ7SkQKO_#BD**h=Pv^S#8a7!RYo`3*_^?0W2S|a
zx{2^=SM9V#4~5y%iLI3_Y?FjG&R?KXN)9W(_x?Ei4JrNk>HnQ`e^gEUr<5WW*S~4M
zIR90F`hVx#oPR>!|F_t*gzXn#oFq2jquTTb<IBMx#+Qju@#rE0aE!LInpXMF%styy
z4?AZqCM>(kL~`|{-Fw1|c|YE}+B?Cm1dRJsTSFzXK6CoSEHCqe42z@O#9&zGJ;mEg
zZ@@v``Ra^?m|xUaz|u!3yc>ru#7*$xfn2Ygl8`bAGl7I<v*0a`JB(=MZU*3f_q4dX
z!%Ox&&EWtW{@405vWJG}2l<w&di0y={XDK4pB!$mzQ%RNeX4~o?ZnI?`dR+sOH62b
zB9*m4+17+)oUf44mm`$7K9@SlG9I7>bWTBh7M<ogQi*f$Dyj8GUHM1lt*W|=+PL<P
zqd2Gj9x67dZ~MWkK?&y6<XnKOPf@mBJY82`R9D^VOCNYJyPAlG$`56cxxk<}eco%?
zG`wOBNm%{0f39eY)XDBp-S;W?q;@6b6r?YAp|N{gx|3R$g1lcLx*{!+pi(B^$$>p~
zJ$$02?U*lPR{G>-b6rsp2ZWJCy%(irG#P5dq2^S6%U?O8B?Fc8QFZ}X&FmRgIzZtB
za|aa4`w~<PrV8rmZ__cReHJ5u@MGeX&Qi@Bt@oQ*Mh-9V%ETqMvMF86%iFe`AxF`z
z^*F11zS;kIWA5hVSG<joL*Q$pZ)>ewFbaE3r%aKlnq-F$SOfY+y>Sq{HIly%T6Wso
z>?S_;Q-b(+ij(tPW%~n=Oiypr7Dy#Vi?(8CZ@|WSIsAE$KDUavJXMpE*osm$cw&4$
z_>ou1jywHBgRQU0$G;}4SQsW6!8vDwIY^mgLf*hyw+lu!jl<r1#ltOsi8pX)CfqdP
zjjk^SSB%grS}H^uC)ECy7*jj;W}3@|G$O)ADR@u#^wUhsfEo!v3|_K^`S)^{_66=G
zPWlJ0M-rRiEzfu(V>HV)_WcnPSjtS+j!EV!f@6N*@&Su273h!qG)Og-dfN85N8+@%
zLzebwQt(MN5(yCwv25ce>QJQwRw79|FmC#dlpX55?+FweAiy|Hp07tvf$_n!jz*%;
z#pz1Oyb66)qhx{rwPV;%G%KCo5@%s~8E}3InZUe<gfHAXvfU+qQH$~us3U4v+8ZvM
zbsFih6=$)rWVEU1xP_UUV$G;S-<1of{_^Ga>FpT&+mqi7x*<SnSh;Aty@r*qDaVt-
z_c!7Bq4B(+Dd<GUFT_@#QxFfwqO>H@OK-`{x8L)Sh*^&7fZ=>PqD>ZOs%ainOfuOX
zBD1_{;*vRJU~}&$3dn$SXg?Kf6Q)SH;g&%6Hz%d9Z{Lm{8Z}NK%Ls;)5wgh>pYfxu
z^(jK>6!^@2h~iv)pr&hkdiBbZh`FrCqm8y77eSXb9S${V@4888q>dQq8L-l@8Mmg=
zb|;{!QN0W@0qIL8qnXPNX_xj4sgs$t*w~ZLowbJ!_6O0Z9xZA+Mx%=sy<CB`QNvW}
z_}+Gv?t0l5uL(=43#byIp415kpZkRS!Q|U8_#~vmZV<|8YJZ3#eU!{y7|z$ICChlN
ztoX4=;gkWbE-!D`vB5`Dhw_w=Ab3pSBzh*6BfJ{j1o$i+S|pH|YU)MN=Zoo%y>)Na
zFrb}(h&o?dGCt%+dKNlW5g#S#D#LmPmF$*jg9Bs}e*{YjN8qRM-GgS!&9i}P{6&@-
zyB=0Z#3JXnnNjiS#f|@@Ac+YKINWSbjHPl`VOz*=9&#loq#+DM48Sw7boT8&g>-`J
z2YH?}0aWqLXS_faTy#eHXc}(lR9Xy_1w-2@LV8iEP?<vXi7?Zy?c=^4;96qknVsmA
z^3SrokYmERi+@Y_EUgbJyev(9g8nmwBajAs>WA~Mp7sK_!#5oaH`Q1-*kPCs7_$y^
zl;zeq4qwtw8+{qpHbz$4^R5u=l8AHp1J5DfD*%e)iGm5Ot$kAoSLn}V#tUnN4@T`3
zfiClUYp%sKhHJKOF)=rDY&n@KD;=nla1+i_c;}@mnh~N5(!YUny$~4S?I~a5=AXbK
z$JW>u5O2A}Gv8-X?zIs>z+XY_`|R>4cy9T*q1_JV<I@G9Ka-rziG6-y?ZKv6&ix3@
zZU%6u{Dy=LcaNm<YTvqdr3|&D2pdv-oU!zm9UFUyJc#TUYVzlN^c~6Jd|G;8J53(A
zR?Wb>M{2<GcO&dK!JQmwiZCus!CR_75?z}w={}nxCmw~^=~nc5U}^yhRSm=q3%Cec
zQ*J9XWi0%ZE}@e@nfW!+u59@GVNa|GiXISLhNg2$5TyWKMo{h1MX0vO>b{;IuDwE(
zBoqM=D3d=aygJ%m)?hC8u#eAl{t=YNb52I=Jpx%n)Z*WxSb?``#SPP0+|ZSI)s?oF
z7Z&qF4<&HuGK4k1U+XEoM;uIl#RFJ=whX&%?xjv?Qv_!4DTEMje>H=ywn-DQ#S{=x
zR{4kMWLQs$r=rU!*;yx5=}Y2=akS_fk!Wu+8$4itwWyXPghP>+jiCtY!hW3g@x(%<
ziXKZ|qXyJ4sXc?DYI<>~$5|qqwg*(d3NYpyjZ}nyg;J|8hBO0-tW8r})<qQNy&fhX
zlxWtJb!JW_=Daw*Si63nRhO~j0G$4U-7otw#ySid4+n=+wZY-qCHLe<Q{j}@h9Cjb
zYBICvEWO>`{%(z9F{3xHXZl8hMbnZglnZU=A^<^_T*%7o{Cx6aEr2GA(iaC=GB|wB
z#%oANfk6z*zuaNK#=XvAi#)M~8!NXPO=Pky=>5nqP$YHw?dQpjbqE-61F-$=U}oK1
z-=Mq4zu>q3dZy+rHu^roZPjIu_etz2@0~}B7Ci$+P9>-px2A5)MRt0$z6p%~Jzx8l
zj)-OydZ<j`iTN)KemKA9+Rt1ynAn6sgX%FfPyzYjH8pW$wYf;^T<dF!V%4u3qBFd)
ze@vrOW)qw)RZYxho0VlK04@Xnu)08MV-gy|g$=_n$XU%X-iT^=LmjPPf#jh?EOjDc
z<)Rr%A=gzIC{9Jlct>QF{3fs!gUx(dY{Ug4B~5%rr*_*EYCxmJpLuBj>ZU$Z&0AWk
zvvuve`zIousBPh@)wiXjoe5a9jfKGP-a|!*u4w#iP4xCvOMBURfY}_*=;2+2umR^w
z%PC8)4xw8_b-B(Qd>XC|tQy-GO_1GbAgh3T(Bb<c`ktF|N3gqx0`8}B#mxS@)lS5@
z?(-D{2KE44#YGU!ky-tVs*_`kb14B<Qpe}Po6X77%Ei~*${)gk(z(3RoAMVFiX$eL
z`!a~lF9U3dI2*#R00DUf6P8c`v?j<B2~R1ZrqCXpDAL*_9>y<uW#4ORqECD|f+;(L
z=Tga%cZD;3PkjYdPb+;@D^Kl+5-!^C_TH*Cx5q-c3~BFcF}WQuf=BC?5tmZA*Q!RG
znZg$9+6JU+`j~c8!-M<m-VzDG?;|Qis(^-f-G=PqJ}5!QfWFEOzP>Z8U}UBw;rZ><
z=lnk6c)@Tq=(nGluB+c<l=s7(tF!9yCFVlSwrtNRLU!sho_;}1mGlCtrp(JTbu_lW
z#f2jB6hPIPhm%fw=}q@_AM71${ut^231wIhgP$9K!a2*-K)Y#ZiSz@#6;%<<Co=L5
zqSuOu_GGnV01&A#ScC*Qh=-20zMp9?Hg;w7c6E6MYZw~p`E}ZwS2`|K===<H<5B9X
zcymg8=>1?HO^xFvE)rD^fD+9VEiclcgGvic?2@wgnK3aWf2@U@?@CxLiE02rNV+H4
z-+ylVnnx9E5A|~SL@}vXbU8GAvFJ(vyy<rP#?MGJ3uq7+k~VldzHeRP>`EFOfWN*1
znX-*+zzaW&*Sdb<h!0GaI7GI8!@AA1@f$xd2KWxPfPn@Wu(i&y-As>c`!y3Z7DbCb
zcP)0=y&O8lRXYEqCXJ-)s<g;;^=RPn5xyInT-ClMA1m9}%0;+z%v^p?9pF;y->M^D
za2#{o0nC3PRVh73?7sY*hu;!IUTKnGro?ZXU~Fypz&7)9D{eN0z`XA}#37nj{~kZ&
zkXH3xPFKb=c*N1#0_HKqjdPnM=rpG%lKDz=xs3z=#3mClI<G0x5!z{rR`eUcDUeru
zA>Wm>HvmRoj=ta_yY|~VlHhM>w*I!&zm^1tv)LEBf34L2H4*+)WoKn#<NEi`f0b(g
z4^x8uAG%20KU6g%|E8*;PwM#AV_UM@Vr9Xyx<bEZ9u<^msT)hzo<y+xhpOiJ4^@q4
zq8K%9lQ<Yz0@aOP&#m9#73bcUAiigl_mW>3;Vq5Z=3@Nf2Z|k%wM&h|c4S0VoUGmH
zc@YIvU$_)zy#-zTU!3=A9JW**rvaVMFU#6e^)r0!uG!N;IE@kc_f`jbJ?_2w?@wEi
z+cV!!HkynXHPLf_u9$c?-=?Pd(w<=7AP$4-l(ItcCXg|IEY9DgP#PwH%(n?r_AzUb
z&-~a=#I`g}<{LpSUma!<?{Vdq+mDN0AL2TBA?#;^O_&t9AHLsrtcj<V{R#N?v)H%3
zjeN*g1~yJ4o-|FVd1tW1X?-xKLwuO^Q8<f!yK2l^fNxIsz1DL}Qn4MnlXyR!YW~I7
zQk=q19M{3?v(B9n0cl`M%1<V?Unhm#k)>>r^_RizByo!ki}A~s_8OX%k%lNR>&5ap
z>I?hY2V1vyKRjnEeLSenH`@W3wtKr|u-y##faH0`>FC^Pi>a;v2-ca?0sD<b8*f7?
zIi|w={i)Oalj!xz%=^X8(`)WvUc$IRq0g@KQF#0n5aa<oy}a@Z&j(p)>ygrQeT0ZP
zI%I=_3bjN=SP$#jZF<8yi3(`_fnqVjZ8!~zj_FVOMK7+oH}0H~RtbQ+ANGO-9KXze
z+8TcX9FE0Iqf3D!nn)(Ez8>ClYT#%`1alpoC2HYk@Y>3LmJ6Tj;zA1h$kaJ3|E=yj
zDREUGe6Ap8bTSHZJ7z1!#C$r8d;Mhw#wSuS=PZLnTMKc*?MPcJ0Jeaz(rZ-%*p!Il
zBibb?b#lAdJ#0NcJ8uZMYnv->gOZFx6rymL&98Z&;mxejAQZ9MvolEP6Nlbn3)e>+
z)g#s}EX}4;)`8ywE6IU{mPgyb>}Dm6!3h`Q_fH#(_Eqr9kg`xMCp(eqr<r^9I7|l1
zHf`ArfJAcmsPI7Vp09RQrlTQ}t_7)IC6a|;y6mF;k*BNSYHJQqXJl^S{(5M}#5Ex{
zc?)I?jHIZ(4Mu>^NwtTeTxGjcz&uCCiVB#4qWIbXoxo@^0ue?%8#*<A3Kv5~+sZ@N
z@Dg)k;uZLjGU=1jgAmDV0fic8Dfu=2#4O-*yC#n;NSOxMgfF2Oh=fR%Jg;ehNV|`)
zCXV7QyyHnl@Q*%#7Odrrqy^~DLaGbLS*_xas^D(>EN$8#1r3cf(23<wVQ9zMl#|<W
zUZw8B;Xsns_`!ErieR7u$pqHD_yXm?C>iWH2!g5~ah&qT;ph?{7iT(()Jy~;p6u5b
zR<hW-9iR*|mH9ni5e_8V%9DWs0N_?R7PC`i!B9X<{`m=T@p69S9owU61>#JE)Z5kF
z;d^i1{xvxq-;)d0Nd55Yr8JXqyT-r0U9Z}{r>9$w9`Nk_d|>Xy8)(H85r25vXqcVP
z$5FA=ztP64%`kg16ff@c#YsBYlYXRYFc6U(M#-R{LTzfU=_+9vw<7NR$4Ujc7xnLt
z)s_wiwFNBz3fMuXqk&zCeM35EX+rNY1q_v=`>Z&(RMY47pTuU;+9_aDnol4~l=-CG
zM|8mfT4aYlc@E4jYe01qgkPv;g9kh@Udm$~VR(}9+__JnEVzjZqFKX!1`H*24=)vP
zZoI2!vqZ;Y3ZJKf$_8r~5MfYV)1&$=Yf(IqiYycWrlX>t51D5m(D*iEAxIeWF%L3I
zOk)=~6Ygg<^>1HtJ!H&3xP`|>7bVEOD5HW?^EsfYn)*D*Up4j#@T6u6dtA0ON1^=a
zLf|@$`TL}{IAAJxYsKMJ)-BP?Sn_!F>>V;`y*>ODhx6GHwwHviRHkH@p>J*@h<GTm
zbEH1f_8m*G2plI-h!+UXNvl^+W4^Cp{VGbcM3*Tqzt`)L#&K&I<=6V)dM-XTglba>
zO(U$%1;R3X26klXwC(iev^E4yzzG$;sqtg|3?M%S7@UarF$Yu^u-KaWf)Y0nhIub=
z>*vKzFGcQ0fP)4<iMEm0cX*dBN(B0Vtad*G?$8ey`=#<bV{6_RpACrT10zJnaNLLk
zC6LaYm2Y`Awdo-t*&gK|pZ%G9j&?$)s^r-e5umP-!V?c&9=iHHzF9yK84P93TcF{c
zBPqf6;z?fV9L%MsDxD2?3uPm@OBLo{H_d8~2V^<JT>AA-hL>kUIAbEyJ+%Lp=6!Yt
z)Jzv4&B&TrZS~Z}2KP)_`)4j`%%H%TqWqR9!o<i%$~#8(;;pE#ICD3#BrSRrosWcN
zYe5syENqye`JQZUinJf)iq$_$@W`q`OSelZ7~>-dn90QI))e3Bvk#?n0Oo9ybC)Tb
z@O|oQ!$A~<&HqjoCS0mZHW&Kl?@!_b=*x1LtgyPpC=cP33`p7|^>U}4tgNf(PeDjT
zVBc{Y$WMotkxWUu)Q#<uiB29bQ2I<Qp)(>B{F6yqLM=%Y?_gG+DhKR<<%;(F6^bc*
zwurXb<zDYg*$p_UJ<SmnrYg-pHbqZ`?tJ7bIH!`9ksG<_FHlUGD`Y7hWWc;%7zhVZ
z>!=QDe8*7TT37<qCMQUpNYN%~CobWgHzkFLr17cwkLP?;w9V~Z&!mK80>WDjsYw~G
z24xlSPZkr=($(Z0k!KHznYP9oo=O3I#RXO%(Y`X_OuoXOTvIC=-9d`drf&I4l!?BZ
zZfH>$gkL@0{^E|MQpj@Qum%to`0u#7u9H(n_t;P8l$;M7@$#qs62p?@D>4jRe8hPO
zG9rB|2<d?&{z$cYbyKHd@DB+@lwi)~>iYKVM^dte36B3bsJm<-ZS=|%XUOK-n-F|J
zJm(9Jhh({-nUHsnO-oitb}uwjM+T9Xh?<$;AEiD4FO2)uxU?pYRvDm(Z(#Y$gro0Z
zX6~yKQz-;qqKr;1W#({>o9YoA%XM48@f@ohN4p4YM>Zo=MQoljArxkMMd`c^gxB$~
zol{m06F2Ey4nHaG&2_0{I=X;UpCjZgqYydSQ1JIRy;#TN`|#r9@6EM9J)EV0EAK4s
z@W$a&^e}L^pskL1|9-$JSdpQ?T#<i1&Wy27k08d4w@A4VJ<Aa+X0g--gJ)&$d5O6^
z*8p2JRx2}3xNU?RT{GJ36^8shbr6e&4Hb(j2~=PbzJKVh5L0WNY_z+bkEH<vmb_b)
zD#<$PD#pl^M+;b5fqpvjS8;e<wgUT+>E?JpG=y1bF!J;Q{v$wFO<{bw{rwFK`Ym=N
zN`=VGr1RWkkOA*ApB&8H>jE=rISXjve%*-H+LEN@O(Vw8530p4@a~`L*!VPjf7)U<
z&t6D<JVUWGTc=cDb^~<@)(6TP>MYdF+!|j$>_bEyfS=df`2+|JA-GE$V(6u-WySTT
zE+>ICIaExRyAXhPbP$vc$u6!rX~5POSiqK7dnwropZ@?U>XxuUB}p>ogh)S7zjHr%
z%ytRcH||I9&fD#Ig5yGI?_OKFoh0~X-`;z853bWZN>}@}_w6nF7SX|!^+AS@Psrv6
z$VtiYwPuy4udZ1}8RcPkqFba>XO~wgBeO4of&<f%<}$!AU-QH+;@I(nqDQmxI<dy|
zhU`o}=(z&iCPlri{O|@$EDC$8IU11sD)2j{lt`#9IRLW91x>t%DRxk7h`^@1`D`1q
zDHHJwQTHR0CW|Q4)w%fWp3PxX(u?av8?_|OH-sgRi6ba|EscLz+x(o$VOopPL}xgX
zU?;c~^cYZ;18siu29J7duVtpsOkp-rz}*cYZ1|A_|8l{Rw-NuD#Y0$^+WebMV$>Ud
z-gvLjLZRzLQu?q!36k<JhULcJeKWs7jVAET|DQE|PWFGV>2v-&mF7R@;c8xvW{kjD
zYh6%IAf3%;AifhkaMIe4g5^*AjS8HA034&JgT1Sny{ii`^PjYwzxzJa{F&Ud0Q;=1
zDOvuw4gL?5<&WC`f^q@-t*t0o|GEzTTkKyN`TxYSviyVnw~YVo!e8pk|H5+o!2+M{
zFhMyRk?j@1z}Pwew&wWbxA;H3V*f*)@Sm+YnEzn$IsUR|{&%nbrW>ii0b{)JKZZw#
zlH=cP|F<_Bf8vq;OCI-M-JE|?mHv<JzkZbe#C}x!`_PTa`EMEjE0+_f;K*tFk3yDz
z`o{9lFV=q~v;NbF?Vr(P`)8oo{y9AC{~S5?e~t>rKM;<8ARPZdIRAm@6Mv|5vv(zC
z{;<Lvd7-)f(E$|j#scy>^P&Ac2mT!A4|`38g&B^88CdTm493C<WOgP3#yO#au`+*r
zl>lR9|JbNPvU0<*a{qw<dz}%1e9jnuFu+ePND%*O3v_fL1(vy(0C5Kp{;2r$cjW)2
z;&1yuBljQLKK&i{{~rYYhdg|=za#!%s6YMqIH#GMCBZ&ACF9Ki$^{hi`1J8<;2{cJ
z^Tq@F_&bQMoS-Z~W*<DDq3alwin6MrtSFG)Z4LO_4d(9~-Q66VlZ6H7?Osj5&csB_
z%=GcWM9j|4p%2F>Zg1jXYGrRh%*6&2_8<WJ*cf^k!f-NvTpnLsEP=fq3{Vovn%X)t
zjkg|{puj#)2w=7!-T!QnfEhmUKzBdNkKfq9crPI^F7|)Kumdl>bb$BX7*I;8vg&fu
zKxCf=V1y?|<Gha-7#J7FKPZk5WulF>{tKXBT%7;x;{3A<co0AUB$}oI(gaSTasE9E
zKCa^bxnemvf%pS#jl4l&(Es|oqmjd)8o=l%YfyXOWfTjzmAx5|=^G}HEm{J|Q6YlH
z`S+~&4-s5{L;yJ1xwr%bTwMQJ{hnFbo?d#Y%N-AKBt8zhHkf$weH3d;);6Ci)hpeG
za48Rjg_RGykVr^i6NDO)Ku9295}0OKVSb8zawN3Qo^4U#UHg%>)KY3QKivMPi|=FK
zd%1Pn3Gfws3Z7o`L7e&3_3?@p<&q=iBKU?e6Oj%`C<?uBVh%T1J#59rMq;%=yQT4f
zXL%*TSG~shjsYh3BZwMFz3~8nn}vG*!_V{Ogl!;jP`iDy)U+q9b4C{)tE-WlL4co`
zl#b8qp@CdBZ3amp_w8`Zb~&LaqHbl?;isUAXu<AJ6A@$Jqu3BcDcN+6mPd<^l$Olh
zkD=dyUx1HT<=>ow!YDcTCVrg5&vtQ-9`Y+mZR}RMHxJ35%6aFJE|VZSi-}h0`8z00
z9gceH93NrgrDmvVEiZ9$Qz{K~-(G&%2&8lVt_FGIg~qnVhNL%0s#l}br2wQg`VRXv
z!v178W~~3}nY|*}rPw8WM!AII0_*Wpejqp<AnA#A3(NSEejw8`^NIuurDurZ=cj@A
z6*)SxS6EGBR8%2b5-fDxNb(^LW9s_s72z(~GqP0l&Irs9{A<GcOfBg%5)D)^5h+Jl
zi-AB#5_442APNd}MiiS!oS)>zpO{l3J{wSQpv*@c4}lIO&Z0rXQj#WkhQg3O4Ivm)
z0QyO~9DT13NrwCsHpoh)g@G52t&WU52}smPhPSU?qvPDB@b?VGMgGNaN2D+D<268{
zZepLrN8{^g6IH!Zgx<Ro*^#swg^$qK{rz#qO2c>KucLRIC273hTw`3EUFUdXyU<=H
zV74QP*ay8N-eT5SJ!aUZUloO8@`T4Q0pCzx;LitYvr2h6xdq*Rbaw4GObjoR4~QS%
zm@Z9dOE)%{V}5&iSahp3!1zw8`5pIK<QmN~iw6ttY_>H%!{ji=YyBxuLfz?!-_)oE
zeoo5ORj(etyL=307LI&&TLQ8ug)IeV5>93~*pUTUXS@fJ{JI2!7&}PJs--n970^d&
z&4-S4O9F{c5{u`hn!#se@pQ<Q8zZu;Y`>3yV^97TgIk;j3_D*K-(4iP3lLDp?-q>_
zp*mL(4+9X=2TN8b0|FbwJfgym7d(UyISFG@FV-l$#rAQ0$xvm8GL&R8V$8cCXJgGX
zdU1}aHwDZ}3<>$23hJewxIXSXfLrC%5WY(K8PIW|5}9~dQ9d#>f}XZR={aU4dI)zL
z<;)&s#=3kLv=eWG;xh*+1a8ZA5PETg$pcGgKbPzAeGY5Go+g+Dkjmy78<ZZHL--!a
z#&tj1f&e*~IaW2)4!yhuYAq0jb*f7d?d$w6d$9NrSMqJQFQPu<&AvYt0QJLp(O%{r
zAzc<qw`YD*)2`k+%p5?$iu$rU{G)5XWP8yPV>iN_J$P$~jq(%gOWS55Xv+S8Ce8}#
z5|SQMi)SS(btgN_^E(&)=H}aUR#z>a7>)=feAu_|ny*Ctc^#?}y!_n>8z^1txSqv?
z{7D2UgjwC-v+o~8HE|wz07BHowci-4W|5B|6$C|Vt~)MSEb5jXufRUV78ZZ_O4yyh
z_Jo-ky5uKv4@t77F$j^eogVWY!F&QdAx7mJU3(m1I++sy?tX&Z(U5|-I&k6XtY^~1
z;ZL+73Y7E`bvaAk83qQl<~WV=tr!hSkCEt$b4Y<z=!MFJ8Az6c0oaHrXeJji`$!>L
z8VWQ-1*o8~`0YgP&`ye4<lfQ0f?JR(g06`jZ%t3=Bt>7hTNb9`ve0*+;(4n&3dnW8
zn)%&lz{c!@Pce2A$O&BF^gmrS8o@E9sFj*i%?V*8;F>|cWBQ9j_gUA`c()#=ZjwZU
zeibVeRf;h02O0Zi1-P1*Ex4PIuUR+I0L{n0sv|mi;KO`l4?tquxW<@sya>%-DC{m+
zqO!@dqm0Ih3S_R(Fh3z5{Z+`cKQ31~2Zk{i{#C{~*g(0eQ(~|<8A#U9DB(5*+4F?x
z8sPGy>4V1Q95s0lmy9rf0jhT4N=~tyDVXIH{`&aX9e5Jp3E;~D+mcxnU_W;yU@+Es
znm*)(zRcE%r-;t-{Z959F%!AXgCn|x1;v#$zLR@ubT);Em6wzdwVjQI0$1~Zi0{-B
zF(qv2_GCONmp7Bxtmq3EcaO;{5g)EgMnz~1ABUX&)S-TsVJ<V-p5vrN9|PLlPHPM8
zVXfiW3*0MA4<OF($jN?PGGac`0FtdDF(KYLs^NFh8AYgZa9G&I6uZBy)AxGD8Z)sh
z4F0<lT~HLzS@?e1ZNVM<PQ!YFSxJoa0J=d2)_HvHW<{eBD(pB`qAT!IlPSrop}0$8
zhOf~j+gcBsSM4uAaO04}N2!^WBw5+~hL{_gab~NJ@ju{|DL=FmiGL=h=2T5dNg^zd
zfcj3{!!?bynB|SQQS<|zXzT4&Ms_a_*7NL2g^10=<^4To(id8AXEYJi1q}WBDGyJM
z?`GM2Fd-gTTLj)>DvgZhJiAh=9L-i5t%kK#6AVSt%faibgpeq9O!N{1qoKrdqSuw%
zmS<r|7od`QoXyrean}A@vct%pX-8T46)aY_y8E|aW&3`FbQAJce3pqOY^!vUW<uUg
zEz6}cI?~E2F;%!D9UE~I-3tDnj(QX3g4eCdBRh#`6pvD)u2h3?nqWsfE)oeixYX70
zI_D)r$-l0CbE}|D?d;O4PBg1LTX*fZqw8|u;REj3vhI6rz2J*|6pQt0`=1xg3zzWs
z%{n^SVnSWYXI%Ghk{+)`MAVxHzEzbu@wq_O^zfsjUt@KR&xF?ABo|TW0!yK+^H`|h
zlcJO0lR&zcHZ2+@PZMXrhXxZrSz$^O>)>Eu9(J;K{nBor0;i`YmmhwH@+GA-gs1wx
zR0mkl;9NLd(<e0e)Z@ofZs$;ngSz~a#<V$4cx8Ex$upnZ*$R=C{Knwm(LjNgEMryB
zdGvMX(pN26L15t{PJC(ph@ZyV;gzDvnUL&9&Lv(iE*JTUpj-0~EG}dP*^a@lCX?tV
z53}s190<F`2`5c=Q)+o&xFfErdG|uf#0LNa5UfJ4qgh=<{BM`&+bb_7Fj){iAdWhc
z4$z3fRD))+<DtIZG`7l!%&I!vt;}xGI1cZb2^7)I60w%QC(<Ld%2_0*MUqOF@tW_#
zkLcPPo@a+uH=9N63gl#EL?kreP{JngYNEc(%q-ll`8b2PuW|PZ1|Q}+*|8c$$8G?W
z%Ba3?=6_-0i}!VmX-FojW45kW2E;M_qI%o>`4bf#Ya9!fy?{aEm~(CnKYP^r$w7jG
zl%E+s({C`QF#GnJYJ(@L+~sR6$r~cKcn3P$D=0lsMe{~RtuI~z4sOV5&)LjZrim14
zR<dv{KJv%syOJ!PKz3~+p+Ye0bLnkBr#}BaB4WY2{}v66q0icu6}KuyR^IQB8`YVW
zD8QOT4aeAI)8k4u{zY0UAIHzP>{O-P-|Ejxw8^x$D{tfHQ#!oi(tSIm^)a^7jTHe9
zWla@&i@s{4>G0Dh4P7ioSV1z;<%3eXiM25&OJCK39r~!tG>w$-U1C<BC`Zcx%zFnm
zv3V%zGS&K5n4XHWu9dS3wx*Hvm*(%_4zrkt$m6Lc2C&cNYb=3Fs5DB6Ux_ub7xyF7
zKH=`e2E-{!#|ds=vm!)JdhEC|i~cl8pU%Z<u-~0Q+#bMBRX*n)<`#l8Js~rDRY|7O
zf&~@_g9NCMl(nQQq+huQo2qF7>>~#*^ocnsv1HQnK>B^PQgy57p@v12%&1SsMjh<Z
zl-buv)tebzg}32l3Zhxyg+ZxksIB_$KTBRAs_2L!;Gv^@6$)(c!j9V6hD;fafpqVJ
zU{6^s?bs2Rg0cQIBN%ooI2<{7*502sfr*Ek2XvW$8k!9U6a7k|Z6|XGAXyg>V%#{o
zOtqD*tgdd*JUoSSrKn%3q6MSq$Zzg=R1>XAvqTQXx{#jX!AMG?hzCjJ3g3hZVnDuA
zN7TpSPVvT8E4goP3a&_sv*!!JGI5LhPNj+&dGmCpCKNu}{1|;p{Z<@k&((g(m<Cn)
z1BPyx;Yh_mnSld}dYm~2&|?X&LlO{9{q|;zWr}|?p!Y!oA0|K3UgevE`ia9@KX9O+
zQ*y9d&2LfA0AKs@heiS!M1!1Ll>&IO(Lf^NIu+4Jfw%E^DWq7iBc#X84g&+%N+C;8
zI<+c6zvYQQde$9bT3p1ri9+aE+F8vj9EEyzHtlr;5n3IJ!mrK40Bd4sIB^-{CW&gP
z8M#RY)G_M@ndaxD)GTMc*6QNWX>Wqg&n&Eq2otQjNWS4)D8y*haj+WuVh6Bhjx{M!
z>R8EN;bbQ(hT?Z7xARt?t%ITVjPNsn_~qGSvl<7(m09r;U)Iv}+8ocodqz;`;%DH-
zFh<O8S;|DZQ87R}0Lxi!T6_iy;_(vxaF8=QWKTR<E$_!&{J#d@=ESy;_$hh9@lMr}
zXq0VS?>Xu+BsK!{EB(MKPbsa9k#B+7)r40Nlkaf=-7%grpd&hCBHz_oKE%*WaVzi?
zVO2u^gLp(Kth2Zn`Ihob@r=p^mr{rzvz~#=WU`UP+3lnYKybZY2CH1Bq@SugqS85M
zeZpzv8MLqFXCK-i1t(pEo;-Bw23aA|d!s}QjyvvC^u1w7Es~(p5{rTExa95?L5NbC
zEHaTk@~stWroa7gXa%WTb<LW(h8<43V*87yd{zf4!!4fP0P+f2>K@Y3uzjx3$+AnU
z;5nUoC`L3qKsCykws=uU%h0TnyLW#`2C&^!XH;*fw82pqCh;m6P5kKT;3ZpHmOrwz
z;+vTBGAau|OJ?m;GY0=f8?6cwi8g{r70i5<&>Qkfw_Lzx^yZy8_ia46#+<vnFKa4I
z-3su*W`;3EB-l^;IX|O)8vikq_+m|P^8Da+isd{6kc@wkoV-QfCv^cn9pl0p?uFcO
zHGeygJ%I^-6Cx!xV0}QJgZU=5pO5XCV)}j5Y>5^MFG|W39{~TWElmq;w_$H%%*qpN
zzOITk>^XyneQek&%?uZVb-AvbD*-isqu+aq)DM&iykoKo4y%w{P0FS#l-+QFbOXOT
z%%Hs$K;S&%v98z@?V<ea<+z1{Oy4#H&CLy$qVhF0FADNbrdDx>?a1+DE4Yyo*)!US
zf%aURPAiU1>k?_oH7Vw~&XJmIkMgTZxf4=sPszx0Oi1{W?3lk&>ZVTs;r5$@a;A8_
zai~+Jk+sxrZ82uN934kRypb(!5fAqiuOp@)!003NQ@`&Mfpt`O!dCWtMYqV{r0Ij3
zx~j2_++jZr(GE0HQMecZOq>T~r4?C6Bbdteb}vk%3F#e5&tNN`?PUi7L-1PL+&((#
z*7&O=W$CB&Xt#vD0YF^!&(Fwg@R>n<q1Dkd9ns;NJv=Yu4*~v;SoQ&6zX^X0-4?8z
z0}4~J;XytfFu_30^A>)4X{CcW60cLNXJ4eGRsNcuML<ZHeu0P-)HhLwwcS6K3%VC%
z5i3Z@EBttuTOj~_bf|INtl`;~cni;gskuVujoTR&-EweoqM~kFT*j9#rXJ{LY-T2J
zq4Z|JnfufS;Ur?@o^FrW&2z%)3S6*P0#NI(wzMzERCCbK?+73|43saplxi))D|$Hj
zdqc5m`NS7L7_@N9{w_^EFs+{P`Zm_wCf2CZ0jyZoI6CS7eD%c%a9+IhZE^>Si{diQ
zfrq88%Za2!29iU&<`oK94%(r|eKoTF>lG!1Vi`Y49NpOw)Sx;zksmTPYh<0t1W=Tp
zI4Q;g=0C$jgE<y!Rgz39EaIdG%1{~2(ZS$eiQJA$tso^MuS#|699m9oP0o-<jkRCj
zG%Wy|NSypY2>bHmeelIZwBRB&N@EtWhTv#DJ^m>aj8QZRHyPYVS5j2jB1hf^L_cqN
zZEkkS@*Jd87+4~)B~zH?Wa01g4Ip}tD+Jg~#cct+DG%u$Y_Tbsv^?ZsVE2{2M#p{%
zroW#{cTS|=K!b^!C3N}$?E!80TllVvZ;ETOofqzLXKJGErh5txcwvGErPK?VtKWU;
zIJXr{>KQnPGl&_vnu9ywsZn%$4|T?S^j>f#`tzEKuKcU*BLP94C2eyrF<`x5c)POP
zBzPLL`@^=yZV``prLML~ozo9CgezU?1mnG}ioQL=of=Zc&$QSL$C-~ZSyyJF!w@R%
zXe{k-%@b^-&8IGMFnc2<NTGoBV(fhC1<Nd6%Nq%_%PC7FuWEcO{DyCY)iD)JJ9Z6n
z0NeXrWdXhvnMmg-&HG~+2*8t$Qe%*3#?N5j^OUhWXmJ_)&GiL_GlYh=y^wfxN&&1~
z@3YR?IPl9SYUbpl=)gMn0{%qhwOH*6JFlks!`Uykuz~{I+zc%|#r5qS9p%*RJXjw7
zL=(KKX9y?Jb-ezs5EFo$<2$6?Kvwz`*RLr_m1<J@YC>Nb=?k*gCIBL$(WLrF!NgXk
zww|spUv|Kk5Ilv#{XF83K9$2WTVNFhiFt=__sh$A<OZw0iH)1G!X2su73?|uq%#(W
z!DyWAxIHPfJq+FB;fs2G?@ldpmJ@d3o|@sqq5HUBHtK6=N8_ajc*N+H&0zO`IfjSC
z#~H8ZuMb`KW^=u(9s!04_H1H0fg&vYTF-PJ(@>3v6?Sv#xbsO2t=zOSIn~O&RcF0^
zH3}<r@7Rr)XbtBMHu4I}=M5nTZT;Z3#^x6+Pch!NGv1c>?ZDu5wS!R;0?PsavE>oN
z>|E`j#zbl!*&j$XGCHwbuJq+$r=GiM((F2;mE<<Wr4?W*P=J>+Pr`ED#A2Osnd56g
z`e{<$!$##AE2ycaB&(M}i8EkF$ZTv-<M%D!SY?wbbgc3i>%9ENh6T7pF({L2(*))<
z_a_7$m~KdUL`NQ1ORC<I;fKS7tdsBB&cYO96BEf61)AU0KpUeb*a_5!%-bhJnCT8>
z@6GvryuN%xKmo*;s_<NP@oDadv>`FYWZ#~$KFxq$q+{#in4&q0naHzt2^ZqQ*{X(1
znfwHI7k2=u>Fecq7xT7Jz;2Tn>_p$3qO|3lr_LvQTRqe(ogGos9CS-?>D|?cFMCM$
zLW!BJi(z>+r~b9@n$?%p8|z$YE>xW2%1RUMcDSk=tOp2okSLqOl&nu^IFh|v5pTwt
zM2;9mr^-&#>)}nyp)xaJT;(?DT(u)iO*nL>RVPL=-5a7cp6zm~0ih4r7TcPvfzlwU
zOUuwjgzPI|G`p;{MLWT`h<!;D-h9gIlNk^*Z#z#Mc1G(=X2wT~G>W)2#ptN-J!6+G
zNV!|I&;q!2vz_Gy<d?0OR#YC>9)a8mxp8TP;K-cTsCd_P<k%MT1$628#D+ntxd3eT
zVTBCKVhqV8z9hTn@>ulZ^<r2Qqai3m%FrI64j94pINr^5y!F8T>J~f3CdKO#B955R
zYmV+w+{fu6N0o7SKx*E5{$$<F{aGjmj=Ea1WCMVXT`Z`VJ9srpg9UZw`puFig_y9Y
zd{^DclIKMu0OG1MYod$Pu7{~o#ts}yNmtc3HME~0pW!H~ac#M&8f!}8(-ES%jDp$4
z(3^pq_KytT*C-8<?C)Chome8Z*X~&5;!}8SzP^YvG6I1bs+fBN$abPwx8cK8{ZlQh
z9+v<ooK&t|vUcR@%CU=1D_Z_q>;W9K=Xk+=eabISD>i5Pja^Q*)`h#z(7G4>ZSj0W
zQ?7V{ZwSM`k8OR3+QbFjyPqh2cJ=y=E9jm%M2jmJl6<RJSgHQzz`ubc&1JSX!uT1L
z^1JMI#N77I_I)`bIN{y5zP{{JzwlhW+LKOzr^+6ivvo+XEtf4yR%v+rqki`yQInhE
zK%!k>n^G6+1C)ET=#+U+{hX3DQ<@-?A(*^ta}f)-bW#o-y{^u43(R!xb#Kg1a3OWU
z-Ptj#_f#L|P~=ZCGpqL5FZcasT!=#0cr^xKl!drQ!)6Yo*lhRTekE{uRCQg7Dl_Q-
zBHJ3j^TM)q!Hhl;({svZVCE8#B7@((1pK-hhTl)CI2p!#;E_eo>*eYJtHx9ugSg{|
z&YtPdUg?$W*LmlgL(2B*&GyN(4GZjgGev;gBOzI3xki~5=-Pp$Oe`PE2)CTs9+$$H
z#-~^}VngQHb$ZAT_1j61f_S{0UwO;|jMMN@D#(x{RT4UL=ZY|3e=`nxVvdYdu6K)+
zr@wEWriZ;}HVz?pAN_q5ZtXKts|4L1_arMmBUgIfTgd$yzxInUQ1&k4>Y}f1FBv9L
z)xfm5Xwr1<6kc56M;I9YY$pb0MPuPlk#3RU%_-3y)mKB{GCO~6Ry#uJM!+{t0GAv*
zYp`I=cK?y|-r3bF^4WBHy#Icm9sdS^N%x6!J<f21HV5ev7C})aE}|mUH4|=i9}WQo
z2V}Yi3l}>~bC9UPl<PSJUh(Hk%XdKv=DWPpn=3C6d8nh5n%3T|b!??v77TS21}zu%
z8rFA%Ir)9RE7qs#JEy_@5!&f&fJfM|AY~w^V%w%A{O_&ugN~a1_}-%@*uHU)9<-O;
z&Y2)Z3bkKNG%OIgZR{bO_GO#)s~}qtwPrPO+vvT#Jg&F??r2R#_EUPJ&o`jhNU`#V
z%lUNxgOD$7v}G{e8&R3<_4~;^i^f*-g1uU%2TlEjZdtwY1KouiSmuzw0a)Hb)*fXT
zIXqR&*IE&dhe4B+uV=9LpP8)h4OUQ8I;v03HopS8^Jo_JOY>8}$onc<kHaC_M?P~a
zd-V%Nq&@&UYF=}KZsy*%4tDcU)o4xz?5>Ne2CExVm+yYDSLyZ&_6y1ppjRQN*XFnW
zWWv#g;u;|5dI%@nUHRQA1&GM1D0q*0%m0`V_A&(!@$Iw}X1t2waJZv}k_+UoxtX!}
z;k?c4Co{;D$1Kzb2wzra5ti*f^cnZyFX)@W)9`slfyW}f%WYA^T|%p7xMUVz-{rnj
zMr)(faZP`5P7DBe>z#)SS|+ZKigBfOrz5UQC%?~Bcj=PRYTlc~0q(Qbh>VVr^(+U1
zb9NjhELZ&FQ9e>&%~bFU6g^!bv!(H%EQA2!7Nb|~_EO+aXo$#+fiAOh$_8M7JFbgO
z5hbbFGfdhb|8U7KLrz@Buv=0$E52PP7e0DV@H(U08aZ<XK0<@d$rmotn<EoG9J<~9
z$$m?MW%ljr3c6Hm07Qb=g`fU*w8iU5Ic=Zc!irdwdqX93sdmpUr07KNLhNJY2X7^e
z{Ck<eIkd;!gsi`37iAEY+k&t4goK|5H7|v9PSG^d$;9XyR%fd95ElLlKQokiCoxIn
zbG(Imq+q#ncqQ5F2LmHyVt?ei%B0kzK<b&8p@Z41o#M_z2Nc+%)r8g<@}GNw5W)ex
z0efzWxyhgN3(8=$lNXw0J|Dg5N}k#Y0sOc8_Sb@=H5t$gt1Sf;`?*wqi;#d8GMU&?
z|2CJ9Z}R7ly(-^sB;S(Vrb;9`(rB3JxF7$%&T2^>8oxSk{sfKKs`9d);>KyqOEZ7!
z+G^DnIuR@;1)%jt0=LKOZQp|t^v7_9{$<*RB5+^`!M^sjs&agj(1`XeXS62P$*N>c
zN!hk|fowQVi9!+aQnCGQN7-*%`Z}_w<BKCYf*Ha{bCHIu4AN?yM~_=U&1u!Gh5aGc
zGo*CkfEcq=!_Y$alAiEo_inW&sGrHsYz>pPr*RM$6ad*ycHq}h*!yzqGItDg*SI3z
z*O~~>a^hwoYyZcPA&d~8nUyAR-Wdt_6K@(B9U;s*8=A%*gfcZE=-|BX{x>hT0Rvvk
z>Bx@YfY%=#sAt|8mg)VulV`}J->0wNy7cQlRp)2<69(GkBwGGr7nmUVg7o^OV9%Wy
zo6w2aB@+Pe!IXQI&!`O=<87k+s2M~Dq@$P34w@GT5hEy?vkFAA3_bC+Q?^l5IABIC
z5($3@@VX1?#$PHiORq2yQ*Nd{Fclgd$BZNimPRJrw&HS;@O|}MguDXTNJMzaMZ$Be
z6=qbE-`O7HLU3No9eAy6kNLF%B|xhFi#*d8wcggAh!oTrY7&3z{P7ftC({+O^<qB9
z7g;=^_Zgjyn~I)tNPYtZTL@aJulSw~PJ;iHQNeCx%Y5!TzwXxk3lf8X>Vjo!RON*3
z)F<0q`z#tpldkA5M!2hQ1H0Irv8p9}6S+5N!mmUv_?B_Nz%t(d@ni!B%4j~^>gQ!b
z;LIPy3XJ6%K<6zSU`F{i8t32Og8y(7bN_V|vvY8B|EHr^8(K|mxkKRd6!)klT?{nn
zG(n*RIR~9EIVx<PaXz&?3L+R@ISoShXJXp~mciLdM9|@gPua={{e(ibn-KEGUG+n0
zd;5agnVF9d2xBqY?H=9tOU~^^=4rjYzaQUzONikj<%^M`+F&!R*RwkU!VeBJ2DlQL
z{3EV%gbCcS-d{~hv=Wd?ox`JN9l_Z)>iqe7$D|zb5wRsj&Zs7o$aHp&RGFv!VoRUz
zj#<wJT8A%II`(hJU|r}BrgH13-3R(O(a*p?x7fpGGKIdPVB(<l(6ceo%~{zTQD_fA
zj9%4U!7|uTR>5wN!e6fgt{+M}(0>CwlrZ+MtkTo$o_IR#wjN|X=%Td<kBN0rG0$6R
z%;!(E0HbXnr9y|(47vh_jc#@cx^+Ggl1D+I(Nz?H*Ky;_j7E-cEfKk_oK88G?~<wL
zRMw>XAA$H3$_&Yv>>19*0wn@@B}z8s<;nQ$vCgGa)W|2I6Tq8~8$~(p0?$O;S7|TR
zhXuNca2=WHl2m1^1!rrdeWB{S17+Is=LMRR&(`c_(%dTWRFo4TEX7l0PRZ$birtdZ
z<&Wj43sMtdc;c}oOR5sdA!|ah`5Y<)W^%E`VheCd0uu>I%ES|d0|-ty&Lc)S{mkI~
zvx9ZAw)FP-{7097^!+JBcY(|?cjRUq?~_lN9^PTx2()+)hgUm4wtIQ^^`AR?<F%Lz
zyo*dthsFdYhGSp+?&iMN#-7DSk((z$j2|;krN5bYb0c5GU0d!-noN(_<906Zp`#lD
zA%HZ%$`W|_O8MM$dQKZc3-%i0jmm5M(Z{&o3ZBd&o`Grrql%zln#4LB4Hp_)8UqE%
z;-cYE>UnFgx;z_Mj1)|2I9wvJUAG{Sm^UkJ8E-wk$O9X2y!D6Y$iZJ8$wiA-O!}>Z
zIReln#!{M2Tv_j!NKyN)zeBexVt9nl%EMIdwWJw+Y3O#UEVXI4)m_T>?7=UVHVXKY
zHjG7<X__Sg64&nu!iF8)t*>a-!i%_W^*#l%q~AHPO2b$??nygJOpW|-&I&H+&$H-L
z?s)R)>j`bNt09AOWgxm8W59VMFw!jLYvd9qJ#B^baO-xNVkv*9d$Lraaaz$6(-wI0
zi5=R)B0g}T)sB?^gy=?zSq$y_{|fu+uqeB(UrD7q73q+igrP-3Lb|&_x{)45I)$OT
z5l~uMI;4@1mXro5={VzazVp71_+8i8f8De0wf2g=X5Y2<Z@mplUc{&>PxMI7cn<gC
zAii%x`~g)lo(Na9!`O`-tKR|eqRVqTKL>HMp1#+k$(OD_*D8nZw(_0Pa<Ez7*{zr~
zal=+buB3wXeg+_Vvte<4Z>zzID4KQI8sFa-G!~iyqBhm;b>LF|)TTSAC+w3b*SmYb
zex}XbkR5cZ{IE5#T?Ic?p0|fsXbV1BWQ5z@(uB%L$$t(_*rzg>D<iNikiVVs>LV>_
z<ni-z{7JSzI}%4t1bMehko^u#myKw0bRxftjI1~8rM%L8`Z4JhEZ9B8fO`jTS_r(k
z@Z_9ADIJpfHqv-T#EjTKLbavULIuV#pS@RVKY#4@Q9tm}yD@je%*bYAxfl|-P1oXq
zQNVLl`0nBNvGu(BC-G`o#5J6sVDwxrnqCd#^It7{oI6drub9hyDA0}(v|`6+QMER2
zAUskT8gHg#17r1s1B&E1qQd3mLceulm#MW~vTvx_X;7*AKWW>Si~V4^Pv5prDvS$<
z*YNbGCJ2qyFDgtvx$n&FDe#a1zBy(yQ@iktlk&3%W`{>86>jDYY4kaA(R{BQ`vK;*
z_*{vg9M>9mMdr;?YzA#}qsvid6MoYNYMqeNFO(W2mvPjWIeAm0hDM9ci!9Aym*vbP
z`O-z>FnSEMci=OF1)T#~i~R^q>$+TCkNoBKW2KsO%#}35HUI@n#qJAy_=^<upea~z
z*Q^_rb=HKhU)th*m9@g0@BA23uRobqvid^$8KSQ_k_N|zC+L};`Ie(Uz#c^1c==Je
ztCLN^((@iKW0tUOw&h`G^N$GpNnby&Pju&!S_BEzLk?&@6$?BY8g>j64orORZ_-xL
zTjZWI7k2d|=6yTVubcJ1N`R+~7zWJiq_8P+vpo0|cu&U!SvqvBfn>#6Nqr{c!THeq
zG<IhKM?6^<Rala<pYG=uME*iwFLsZ}w=bV;ost9*pS3uFWMhh*a@QQvn$Btv+iq;|
zSsCfk7<As<``7Ex{X%OSywDxVDQ~9_W>B98KOM=Q^r7!!Xv`ouAg6HI6!B&lE!^r+
z)6s6%CD+&Bw>IZl4TG{h?Ver9^_8Pq=Cb_krqLM=b)MUEHS*|(6^GS_C|}@%(%mGv
zD<rC_B$d4~mo@fmZnS(|-Lv%X*;kD?7YJv|k7xyF!6)WBa#N{l^y11NPPe!c!XM$&
z&}Na?kd0gSsb)Qp+HQkKt8Sbxe;vl`s}^|tq9V?HmZ)+pTy0sR{}PbU(wlX1ov2X#
znBONShelXRKNZKvId@^)6z>*IHPztJ!^8w?=J_sLTh}rz`5J}xAgu_|#a&7v3JD~#
z_r;IC1RJz&Ar`8Xr_L)<i}!*Wth<rhV#MSc%3}?j&FA~U6!GeCyHQ4Svi$dHTyn}R
z78XCu@?_A=`j_Vk8%@UAz(Q<vAw{bAN|U-zJv8xTmn&$*Q1DN_BJ!{VZm%&~sD=5d
zN>{phcS7SArwe+*JKWSY$JPsZ!n{~7p6=5L8Js5S2hNamnlhubgI0nCw&FSiu!8a!
z7*y|n9?EAf{8rZp4=Q`KPBQh(rx6fH#Z*z{!Dr|8b>(4E=MDRXv*IPc@WGrSs+XY>
zVfnVUx11$c(yw!4urOp{RQz?a#u21DY%v+Ag%z~S=+!eYa`2K>e!N6C?ZpZ~mhRP$
z1)dB4AjJ#ZuD6!hHW9QjjQyVibd%Ym$Js|xCs;St&(5An!^s*)!X3A;Vca6u350mu
zoP{mSg?^HvLHdgO+)nTS_5GMIwkjg!eqLhJv5HulcD<EJFQCFcCWdeS&DC*hybREO
zv~wVRlPy_ZtsstkXK0Wo-Va%u?t8%0Ud;$z6XS|rv*{_OztPJ1kc+2G$}ed2y8f=)
zIuD}qvd=LeUS+uo>J&JG*0{OW-uP5<fj?_2q6JxDSw4Jq+8v$Uqwio$J4WkDy&^N)
zR{V5gN8<siB?9C{SniQjdXw@}FUYi$aI9<NnUVbM!x;=4ef-3)4rdzZqEBJ>UE1{0
z$|w%#8=l5WS(6qVIA+N(=C_y-2A@L)y4F0XZY0u5ktN}hxAt5Ljfs=mB}Oy7wmt&B
zew>nN=^d$^!QC96j(mSKERoJ^Ab{Z{IGZScJng-Yn5?zxrRu2(Hx^zoS}mCbP)nt@
zbmn^WhUS0aH+zeN^X+*k9S<<m-cC3@F)hVd{vuQG^cd=i(fgdCD74V)M|vL4+L(wa
zjy?dx5I!Y6c`S#vltWdQw&}nV!0D_ePG9?|g|$2PI4ASH+@22gVIZedg@H!!2DgCx
zN^%{^aFD_Qmhek(16lrYYE5)VuWzIlb}B~Hk;CzOS9&9#VINE@=DPJN<GIM~39j|?
zx6mKz65O(?aWb39(^giaZp{iY?jgPl1(&}ZYT;gfa92i0efmraE=3;NJgd+^jkD2E
zZoHZhzHxsPtWiFrt~VG>q^G_$5nq{)#P!JnKTF0UUJB8Owt<&IJu12B0th=cYTXI^
zRj1ygjN??`=LV3R5?e%#SEJviND;6*K4b#c;VqEBSsX=4tdzU0<HsK+f*kSpLKnK#
zg5lJ~5GY)OZG=IVb>0K~IeV=BYleiwYIPC%&s+ofH$=jTsm%g1Y;9{$@J0$>WbTqK
zDs!q;Q=azQ0)oUj--D~6`OLhxN?t{n@(!sEoNUyTG)W@kR+5^TT#>`rpbEd`;hW%)
zsZqxo#cw|e1~l6|+7Z7NdwY`^FuPw|W5H965d;>?$a=;hBKK}EaBVK1<-)17r>Qno
zZj}U+!6^achVni`#kd@_^G*AVUSY@wT&;??yJuF&l7H!R_Rb#I%4YcR2#Pn94?8aN
zJn(usjWKY_>645Mz%uu)Nmb8;Z7tpeznj1$2cUPq*;F0<5O&6w%-B)%z-)E=tv{Up
ze#tL(8#h7U3yHCKM!d#R!8}R+b2fqsvcBcRQCG=jdy%@A+S#HemV$M&`}W}%@md{_
zXvb4qVY1y(RpwL_*(y~rXHgS;8!X;1G)C$vT8G<X#eQ9_&Xoux_OL^(Eur~?UO;HQ
z_q5AIpZOlnS<3(cy8P({bhWws(G5I&c510UdPMlKfGH-+?JWc?=rC5-F!$(E(ZH-C
zr1zDRew9FC*N3&6DUaPq+-ulTZ?67Ad2Fx$w6+weq9)VOTxhBBm&cODo;Cp$!_F=j
z=gt>Gr=zvgt5mAAdpg_Z$=&@et@S*YJZNV|r>NS;H*e!70x|HsPblDTqH^HWgOrcO
zyZ0SIL6_Tuwhp^9GNL-)_&YpRtAiCq2V`0#8dyG}1XmjmeGNE2S?~GW+;cQt=IUMh
z^_$V7nTCR2P90Qa4Sgp%-x<IT-*4sf=z8A0XjV<$D>1OqC-)wH)Hy*w$LpW7=Qgvn
z+Z;qjzKI@gRP%87o8Xb+=cb_oICEK5U|D^>*4%Z$F0r%BEHsa1s2W)}o%m6p&d_bS
zLzhmhT%Yy%TqN`+nBiP%I%aimH6t!1LKy3End6x<pmCtB-{ku!I1!xB58Vv&=(Mg2
zW=&?1{S}neN7?)2*3_`CH1e(T!mlQ^=V`|a9l>hB{S=7;WDbeX)g<Cr;k%M}JMmGf
z1op3Nb#&<lBQ<bq4$G2L{D}R)O~h_r8*b!YHFUeR`NyeeQX#6GJEY_pg{8{));9{L
zg@vaTwcChlL2q@qJn^)ZARB(7#xd?+p5ax=Fwnk-AeMH>UPOQ@a#RfTcmlJ1b@!E|
zzWr2AKNiqBK9?V}iF&o21254$k)okSnas1~;#`lSLFKSLPqa)B6F$zZ;PH58{4(z>
z&Y&2U&L_!aBSFS&a^@0-pBrm=ZP#k^S<!%?iN{tmG~;y4@$uJVOt13t2Y3V~WjG7D
zqRv_eG5H<8dQ|Er^PhiPYv?C<r=E0f|G2!>@0JFDCXp#T_55~V2?Ksi_xz2R;R*b8
zX3a2}%9l0S6%L3kIqCAXSLEvqH(`kTo^Es^&UTmK_Q#}BT_>X~l3P`CwFf~4>`8^^
zg`RQV!Q-7hUIf(ocy)pi3CGqS7{**bttCflsVf)xj(AYwJ2(8eYP%2*u@fS^;*W0e
z%R)2(b`$Y_4Tji>5H`T$dxQxnKeILnALqNRr||}MpP$JwDqv1t&})otN4GDFqe7Qs
zRT*DquqI+ZhY7XtunID=;+QAL1~q*6P+nfFgpCux;Ph%CDcX(D=Cyc=J-Zmj`8r+D
zI7|M?SQD>3gNGM=QY&;%)@8+NyiG*k!*ZrNP>xeC)u#+yhPee<9^rmN87~-qb@21{
z`mC*=17(+kIzN`eCF|Yg^Wb&t9;ir7jm-?V;WlhxP|mL{GANqcb81$wRR1b;r7NRU
zZuiysjqYdlkr#(x4Lq)O+<>QNG5zwAR%|%@U4p^q=Tq7a<zf|V#;>f!ti?3!F-?&7
zY{ZPZ%R~B&&8Nq3jGL4A1Os$VoSFmxYIIV=6mdAqLe<r#R}TeWl=Q3b%M915%f!p#
zHJDNk^x{RcKV}Jd^!Dm~yDgVdKB7R|y`c;*-zujWI=+1RRP~FKfefvKwU8I&EQ>Z1
z)$;qzl~KuwOQj2botWaFDPVN!CYSo9{}7tQ5JiCiKfNv~T<LQ?(86%8ZM>w{kTu?X
zf_Z{9UW)MhE4KsPmo3HhP}LOuP$dg7i<_Z&DjnYNH45;|ecJj;sg&WJP$61hNNQJ*
zmm*!zfX$Cj_^!0+5ms2mIA!0tYq?yMr6@Y%B%UC)M;@PC1(Hk(atGX}kbTudy6e+n
zYiRWyWtn(v6i)m~remvy0~LEpwV{xFIUEqv*-C5Sd;;TPl?zW!It)m0_B6H&B^}7t
zXnIh5qfaNWM98YO(&?`s$dB<wEov3xT+*{q{_xP{NLfV1j69!oIdRbhwX9WATT3Z`
zw17>N6|U(wWRG~^=_Mv0<8I;J&5ifEP39LGiX&8L5iU)1qWK~-yr6ldnt{7+@w8ry
zd;7Ma<*?VH&;_8&jH?;yr*T?rOq!j`4~P+z-H<j=uT+g`N)4u7OZGkG9MCaA6A}+w
z2YxA?IS82~8dfDrB=Y`ge?&i8$7*I~VQGFi%jmDt6hnYrJm<%BEa4+~5r%<-8Nm&|
zU7bn(1?R}W8OYOjA9{&mGrM^rUG!y;1Cara7#@-+3UR}+74TiUs>slb)K_|{*N6P@
z&{5cA?$N#=rbJ;p5PKaB=*K%$S%|DX!8w3aI%9Ozd%l0oC9lE4@^j$D)RQiP+fPg!
z>1N<DND)*1hrIV$P140&0>-pOFxgr82Sxih$#7{3G|6rS3*aVbU3QR4=;z~t*C-c{
zl>mxiw6|Zf`_(6@6()G0>W{@gzJF56TW2gjA-noz$nu@)PFOjfa+{bF%9qRlj^Zaf
zYCCSOGO0?ta<%WevkSHwy00$g51*;^CKQtPG+bQ3WDZO)?c#g=D|4&HMwK6hY35Cu
z@mazrdq*@9eAZoO3Uk9C#qpbgF^&237{E{OLoq4~q4gpkYO-t02&{MERzz(mkvZ6K
z$EiVn7Dh%iX5uo0++o;}^HDzF;(Z+tS?cDKO|E%#=>C@+;y9)u-qj>0_PzGaenY>b
zdl5z+@@O(wRrLggu!f*ZblKcjOo2I+yvcA!>!POj42C+>2NM-GA=f<<P!7@Xd7uq`
z%RU0R?Lr_wKNa?1jlj)~yf|BX>Uq>cVrTXurM9%jYUwd9X%7pVYKeeCt$wVvkf568
zLYgL`<Xx_;S`16{5KbRrBG)2vGSO#N&s0@~WO<e9S7TnJ_5^5@(u!fjka(Jqj2s^S
z=*`tM9~Lk1PIXzY{s=nUQTa*H!3?TbhVLZRbh&$t!qGP`b()iy0y2xWT?tziSy>ey
zD-}7;GJH`)-ZRdoqpQ@(Ngo~_yH)1TiPZS%^)FAZSq&9W_QME%B}#R(bZ49KhN6oZ
z)HRkrof-A|P>Dca$|-Ykw3XJvrHz3Trc=GHe(*qvhSf<vfK`vUuP+QCiQc<x&i2@R
z-K(ZlIGK*%S!V7oR_0|t!zhVz@rjb8v0sIr*P;KjW{P;5j3m=iuW@F+TnpFo;vXJv
zcFI^PFQs-m-(V)wQvlEhaFY{&re%C=!y~t76k}PUybp(Sob(nbEAFFtt3ASp=NqH>
zuyPk(x@{I?TM((qYls77k`o;h-jeE51V%3j2sFd;o670R%GJCoOFz|-RS?YTa}}2A
ziI{%0oX4USkuQz3HIbDyd8XZNOjU+0fV``ba9>5xK1Hqmm3t~WoAP)?m@Z(Dnv2QA
zS>b3BTMO%lo&r!M3w2!k>$GDNe0ObLwN{yoeVBWQb7)}riG;0oMP;?0Oa5senV`?S
zXX=D5C(+}+Wkv6U2b2d#pA87FE9+i$V<$ch<{D+tEp1lU*4FsydKSJ#-f7_Qs=C7Y
zRdwxw)uml(_iLg9vi9d>MtaU!aT+bT)b7uKK4)0x`>&pC!BHIa<QkCMo)Dd_u>bC(
zB12HL;iK^Z!3efCB@|xd`)esgOB*(F1Jsu`F(TMMdj|je1{;Q;ZbyD;<o);SYfUR9
zHBE9qyzA1B#HKq!JNN~L_o3FE5iC(GIz+hab@U-2Ql_Z>VU>aMS#3c<7MnN^K9@7H
z*@uQTI<-B2iy7HXG`9lMK@1MSoMb@j`P`<1yY}U?YV4u~XX5%p!ap0=eHLEf6H9G%
zOEbl`-C)6sWPo2~R>&o~yM1D*?F1jPddYMe+b@^wQJJ+l(B7<dhp`hBbc*{6&s7Aw
zj+Ki=iZ2eyjT|$q;#%Yp_pW-<jz{6^Qi@pYXwlvVbVlSQP1vZ6J49vzlxdQ)_pZae
zq+Fc`wmg1qA179COa*k-ZJfnrCDnZyH~V!JaE1<dbA0dRE-PU>(6>&Ij&<9j2*Aw^
zQ`}cfi-}8%6%gcN0GXOws2vwCPS}ulf6%9BgxNpp;5712CVKGz9E)X64m2JxS;J#V
z^UOT36fv>@^d}_`aI(BkZbb)GCD$hN59nDu24^M@pab7hW_*i@LB4%fmx);Qt_9SN
z?d8Kq=|@eh_yp60{iU)Zuj~9uF7*-e@icp7I}VQl)~zQfikKI8LL!7h79Lku?fuJd
z#g@@HTlK{lwr1zE719PihsW}*nwcdZ@f`?`aE=a2<*eFXiZK#kSJ&4RXKQFyWJF8Z
zy@MZJoXogrP5VDQ#-sW)-Tk8J@wQ`(7_9=_HOynS>)7^E64P$8F-e+-JRwE)#Z=x7
zzTk!ZNMD4ci#lnD)azjXRn3yA;VtfF_Mz1;lsOEKl)V>@(Xh^1OZGucC)?hdp>dO3
zOE+JsE=p4Xj97xkVm&m}twR1cO~TPhT+)8oGWOx|dgE>71)i{b!#7N>o>Pa>mUa)|
zeMvcNeeB<iA|pJI%PtJ+T+J;nJtv|p5Ez>M>~1V}_F~Ez3S=<2vdX=L$b*)vpDCj$
zl{(EeB~*mS#gT90d-f|nteL4AsB&_1Mrmx6xD|MX=U3=W;M(U~L>x$&#}8H0gZW<h
zzS*@ii@H~a<tU}aj7ucy@Q}TQ;JkVY&ZsPFXcx`ceoR^^XUAHTW4BBnLH^Mh@%iP7
zGDqGXmeuttwnqDd#a1+fr5|BEH*m(iF^WRYq>@;kH`9%EjfEY)&!Z^|GwPJ;Zjd{J
z9M^Yg$QfS-M_1Rsl~`Q9Xnr~y8`4VBLFhP((NQ8m`Xe%5zRm#i+Sh@oD2z#f5nh{X
zE=)8h4)n($t6ZL+)}6EuEs1L9a8ht`uh3X2lcp{`NmgQUAuQGnAr1QSasPF54DOcq
zD$7kyx-wj>NPA|0Q_c^KV4hcMVsedo%yT(7>KQ4A<}Jx;aB8#%bUCG|o7B`my8^3!
z%f@DFpkZr3$In;10Z0_Qvd{GM6mE9nUS<_g_zd?`P?l;Izp$Ff&&2sOF$cCz$;wAw
zg+nG*?3(e%h@S?vmvw7t6dod57w$GEQPlz>*;exEN`bU?S}9NF<Me}V%!8Y)>zhxj
ze0Evl`CI7I-T4$^4D-R0nmQ@G#nwDCsk#Mm1i6+oJ86262Fweext3N^0B{}#Uz;}$
zvTiD-ye&{u@0)m^62B5Z7k6I;b%7r`XVuZ&mqB}Th8ijcCTj6<OCUY=k^!jAljoz@
zYQ6-XOt^1Czhxi#jy$uO#N9g~NKoNT_MVP=q2*qnil9(ts~}ycK6H!%)d_F?WcMs5
zGyG_0H>0j<mHo3~X`F%z+ZnEY=vzeOmz-@7{>^q;S4>%Lzp%BvT_6~8#6IewNobAD
zpq#ep*~5KKo&L38PB$km|JtWuJDe@TNTZpD$x)%*w(Lu%-F@B!N~>j@k+vw;nrn1C
z4z5vZXEv!vhBPhwpT(-64m={!!_Z8Jc>X8UY$^Qv&ZrEUdaGFyxn6Jvt>quiu3h9h
zhJ{su?C-du@tV;6_R-M-8y1)m(Ig723^r_dpT1BuOb>~MS*@PtIC$rM$fZMlL2QJq
za{iEGu28*~nAJnXoicm(oAWpd%a)~uUiKAebw6*TVsqL?P5a_X??b%RU_;-bik?A9
z!`JGMJ_HHrg72D&?@>_0!_Ic<<*ZHmHI1056ewGOO-)SYc0WFs4h`BRKFPNpa#nr&
zO!cb5c4>wyxVd2#dz3L4+m*|QHm?yCH_yO11XTyMu`_sX+kKxJ(L5;^Mq{w-aVW0#
zDl(oHZ)S{q@&`u85}DHLQ<9ecvO(+!Jnb(XP1kdi={UZjowKRZ@b6fgby$0%qL`h6
zALKampx5JHB3alIaNR8eZL9Nx1k@h8y$7I6aGG&(|8RAY@{5v2-Sl}VFg>h~`VP^p
z{@wv~Dqt?NxmZq!-C1wIl6L&QDHWAsoP<KRhauj*akrw1e1vFuelyCXatE)?5q7v6
ze{t3i7nK6j=>VmrZ}5tsZ}a!hJHCMhxtGMxp4ub2V<*$3yP9;e%SN?rH9jj(oavXT
z_V<i2J%sSrTLl)2+{T7b*na<I7{}YKWW?4gDccyYHp8uvVYb=tP3g>d%BZnAvX<$k
zpRJjvHpDNdtr95ls;*6Bq5S@_`E$5;=!uP)VN1%(7L9ikCBty8`Ax;?MS0R=%d_{}
zW0`sawMRSJ1{oRr>7PhSn};+u%|jvr8|Tth!wdEg)2$t3Gi9=OYum1S8I8Q}Z%Uv9
zVZ~<7bfWk-dOU9DUuhntw%!$$|16Q$8BFd%xD<LE#p7{>E3Wvsx>3ToLPYbI@m%#d
z9p_Q<QP*c@<i}=sXZSTnl#nD>?N7I>*DY-n<mAn_13$!MLg~X)@Ye(}#MZL<-20u3
zCp|yRg^O}n4}+;}-C0Y@ib`uYB4<D%H4LqkfeW2u<Th8;*<rm3^Yb-|Ax=YR8_uQp
zofQ1dJ3OxwYF=he&=Au_qVebW?42?K_|O#2_n8(Zyle~LOF8IMBeflQvqHJ?28F#^
zlyA7JOZ9g6fR3EEjh@%<YIcHN2K4CdY?{wnDucX~*_)+<qM9K`#*-AY3hB#;i3SYt
zv$c5k(1AS#ZHwY(Pd5zOcwSlWeOb-@8EUX2V;L&NcusuyoqaFJEp*{MP=v8CAhYRa
z1G%2*(D#xOo*yPLP&iz5lU<p)(Cf90uvqBDR(RY|H}hd`?5fC|RwU#hHgEpe;0tlS
zs%PQ`PB+92$&w9m;!B(kq{MV(11cs?wiXC+5k1<+b0r~;DBqN&FE{aHa4~hecsh5m
z9au@sE%h`T%@>m!;M3W+)oJ|UWxb^s8GgEwvNs<d!pG8T(cZ;dh~RH)QARck)jMz6
zW-c!I&`va?X)q{MTRDgIyA`E#n>F>n@Yrfk<Rii*=5Yoq6Vs&3ZzQKqBdne{u%5C(
zUC2Ks$+?|Y_8W9&{|x)-#^-a(1C$oSuP41^qO{_jeX#dzIFt?zwT{I5sTfN|GWS`K
zK$`^JA)Gv*jgxZVv0DUJqn1$mSF#Xv;`7P<IJeC+ED5HTQ|F#m&Vp+#sZFu(PL4xs
zOp9v|ZV_Qqg?UNhz)8=H=Z=!d{q{;#9o<hd_%33hhx#FpHnc_5^%UgRaVfXQ*J{4U
zT*fh26%K^t>?R*x-qJ4Xy@TE0ZRoQIw0h+D{)8t8Yt?@OGB=M{RQcT7G;#Qv{p{^w
z28P?t^qhbE#FUB}@)`oQ#(n5mkv)=?Dap-Y&;O0&`94K?GQJ58O{ZPS30IU}e6vYC
z`?j>nSPu-lY(k=}@|;{vsa)gzqHW_R8kynkp&^3N@lg0jwBcf!3290r8jsG^r8dAV
z+D9~Wl=sL5AS6|^gYGEAuz&C*{&kBC{0C5Ac1Vbj81@f1#lOyh{yC?=U`~bttLiwW
zL%k0b073--AjH-Q&wq~TPFq=EP%{A7*c{3Q1VMSZfItglE+o<dfXfv5lb0U?hVVl{
ztUL((6P7B@vsM%gC=iP5<=~v=e~w5l_>jmBau*N9AYi`V&=<cOojo1)KL>pLya1$a
zf6yRcC_i$+%AYhK1Oh}9UNFJIP!JMg<Ij^&@NZ0!KWI<@<aeQ>KWGp>-rqnPf6(|q
z5YS%+@Bv_V4d8`={xKAel>U$P5MDmuU144%7{y<Tc>ypaSjZoWp)lmL&K(*A4Ex&{
zAQbj5zTf(h4Ge|cjRJrV{I@U^z<-wy0t5XW88D3hu7MCB-*5bw-|asR1Nh)z$iJ-l
z=PUpQ<G;%Y0rUR`xcEaD0z|rehlUI^@a~WRfiTG3s6rrs|7#4=|NmG60RezW^pro8
zAcg<(4v5tJzjXL_l7Wy5r|$NLRPt|!|A{}47a7Dmj1UO_Z$Owoj6vq?Umin1;6FP2
zEdWF&&A*lWL*qk+;jjKcaOht|5Cn2J)X1R&+~orSfxmHRez*Td5Q0Pjy-Nc@`R@)B
zQua4W4zj`jD+~hvZx(`Kca4F7_`r9E2?PcK{-QyFe<vXX0{J69e#ajIg8g36_PhPZ
z6A%<Rcz0<q5cn@+AW+cVxdIu4-+(%Q_6Gy~#w7ZK1_pt_@Vkm35Gem&xc~<8-c^hg
z{%eu~Ly?Sklt3W7u)k<vFz|nd1pXh7k-~p@2ZllZnqraJ@f%#|4^NQOHuP?^kg~r4
zW&Y#?BGdm58Z!RK5rO{YF_LsQgis&=@~1EWfQ;2|tg1hh@FE?#n{d1^DF5C5_&_iq
zKm3j`1UcRQWek-6?|%s|FX*lkWMGgP^rtZp*xy6P2LnU@A0Hff<#Kg4wz4&MMuIQV
z@u*sPnbRS!7Cb5r4oJAB-xx`BJTmqc4s=MXkVsQJG7@yULLi8wxP+uQKnx7w1xiVZ
z^8ulJeB%62aUevB7bXD~`Tuk1{|3QwaV0f&cJ**Jx4`D(=Y#TNGc!vnN@4#WBumvG

delta 45025
zcmZU)V{o9++AJE|wmGqF+sVYq#GcrBW81cEbCOJK+vdd1-RIoz?0c)uueGZGuCD5*
z`{|YQ1u@_cQ4bFaO#R$&+89OkJ<*c4vr8#RX3oUjd{(ewGqa#vL(Qn%n)Sm06GOGp
zvjo9NtMmz&=-UV6XF!7RWh7J+Wyg_QVdbCCt{2L@Zy{0TQ4@g7zCjn!*{#Eg;7UW4
zd#&`sypyCTU8OH(LxuA++B=*(F!*=S%rf+sumc^--Ygsd_`aXa2HH96wx^DX5x);`
zGp{COi!JVVsH3^lwXw4Eq|gsCEj|=6>K4&2^F6s6d~D}PEDdPtj>yS~mAOyRb%bDO
zs2J6@Jz9@od2eZFG9cJIANDyd^Rp)ZH6VW}OlTn4Gx9-mlEC{Q+WjEb+f-dAFvIX>
zG#)LM@3{r)e@s~?Wy<Jj3Vi5i^5gqe#Q1Kx81R46soX|!S1AwC8AQTqAZKal6soK1
zeW{aMHmDs3xnsYNA78d*JrkSXn3JcYtk4Ea6);Gi*bzW5&b@wrJy}}r=KFnF%|R_U
ziNHQ(RPDSPAmp@#eY1qd>T8*|^I&nrG59K`QK11@*1i~N61hQ9eF!Ue7`2qhLRn-{
zv7$|%C&C-O2s%#ttJF(~(Qn+h)v3f$DkNB~^rGz38rk8ER~ysia*{tE9Iq|~m0By}
zkt@WxD&wn2jibFIPVq3_^qwpx?ztA$E;ihWk8iej5CUA}4RN%D|DkEv1Za9D9$Fw+
zUTy%3tHW!A>lm++7#j4l$rjS4#tl2_EFVpy_mv-KmkS?EtVmKLBI^id-LMc}-b-}1
zRYV9<&u|{Z8qlHz0d?p)T+cL6+Ngb~9D#N-T7~(91#zMM?jGgfj034Fs*vJwF}7%D
z8d@w4opp%FrqeC_h@EpV=AkyZTd?;{t8oCg_|@@}&UlMJOeha`z5aSZ!OKbkWD+E3
z@}gCf7Y6#3<)%>~kPS5~Z77D>7-w+;g7nE8Yypaj*L3VScADg8{DA`Q4n`7ZQq4My
zAfZg<ybd<W7O;;N;`wxCuN!WOfrx+`N!S;Iy_<$v*IJS*GaY}QDMA&*Q!TkJun&AT
z99lQTqW8)VF=H!(^x^9s+)3*<JS?)e;yN(Tnis#>^V!_+<%wi9_l__MTX*1?2O}|0
zt`wqZFSYsN<ThXnKw}v#PvUVvHuqk<PSL{nk0FB3qt(TS7fir4PhNn|4j%HQGuN@a
zjC_Gw_~3p|4~B_filcq2yA!A8ECJFkOd-3)t}yV!A|ebpUw&}|Wmm+iOU_~7dDvhW
zGRg5wV=L^8awrw|#%o4dWcn&iKBnloZdZvD$(Q@8X4p@7%3F$pzL#r{noo=iX7d-4
z5pe&^@WFGr6(lh3Wl1WMyTSCjD|a=N$DEskiZ3SRB98DY%0qkr3Xe|L6hL_1?ZK)T
z!0V~CvI~va9X8JDs!#A#P%wVC9zxCD!Q{6~DQAP$aM@B6pQU|;fuV|Z{&}O>Mrw1V
zo))@~@GB0pkCFmtK5fYD2>Hh$*pw0GdyZRGNli-BYA3~pG5@077L^EoduE+yR2QLf
zIoGHLMyzRzC`ZG?W(W380W@&1!FKOeCK>1c>E1AxnI=cgDKh7kIWAAQWFt^64KeP+
zzg|;Z`IebLBVk|;s+#NgafeaC(y~?lDlT$wTj_j@CCSWA@sHkwS{-R!7?;MrYXtwf
za4b-N0_>qP6*97hDiv(k{e?zdIIfRzn*+wFW4cWyn3ZL;nmmny6L6tf*d_2_kL<qr
z3ul`X%Djmc<lNY2xe<7>ah)B!$morGsoZj@8$j;Z7NVLjN2A)3$~Ug~bi~UP>5*|c
zS37#-(0F4ycy=MuHo8cwCEy1s14BWxc0iYWr0*?PLCZxJ-6sR}o5pOsO8FJvLF8QD
zQw0U}Ei%;`BLdT<0icA=BNCcd%CYTL_#so#jbWs^y+_8)c21^7yj<z&0y_W6tK%de
z_vqIDZ2igCe(qu2w|IQfC0oaEM7HKM_Rj`4J46D(Q4DUL9}UHZblzt*0%E)M;bp+j
z`PLxcwGWeF25$pv)*7-H4XaJn)`JxCF-y8ol`5IM;yywc6EF<S7cTV-zDsdZup;Sl
zl#W%tp2OAp831WD73MTJSo-y;$2H(ai@($Pw#IA^d5dce?LMRTj||NW#w5X_KiFp}
zv9x5~3b?FDYuWyLNf_{ljwZaftkqnvjR{N2R$E?aC1mbS5DiRx%ms#J8ziQH61GKu
zSf}TzEogaw2(W@?zy&3AYKqDofaEm_a=Dk9XK<kYF?CSOC-qBQpko*zxl;RQ7;nm>
zOQnK;Lcp$tr)wv<$h|hTj*``gF`KSp-M&&MR31&ItaNU`JmIM_omXbi!P+Gx$qy;f
z)7l2Vtb_w)9alkwd8in8DA%p8s?J;(F{=a1AzjdDWI&+rnYv2%DfN5c4GC?_?)H%Z
zjImQuYkmMu$(!ne<12oo7CHJ9ljHR}(hY~sSEPE&9rDzr@B7pC?c(S$tg3?OhvEt-
zFTPN01y^VOlVJ5@tz=E4_v7<e*2D$v+w0vU)A7Txf<P-iU-R}qzl<-=EW_z<PO-Y3
zzMO4E2jKWo{<p52rhqG*f%>M8e{|7xu0ZSG8_yh&X6&QY_{OGF+|HkaP=SkF5bZqv
z24H<qP{lfdvtxC{Ld&|J-1t*cxm(N(r+jgvXPeSVQqDzvob7R?rA3#ber2+U;p`%}
zcHz4y-_8k4Qtl02QzS(*3_bPIvxeed&aQxV2at<zKQJPzSZy$r^BmN^S9xm~@eWKr
zzu6F*k)vQw%-|cXRh@|7c=Ra|7o5Rw(7$qFoc?3H2>gBScBOMQJ6a^;p(>JRbfT`1
zYx9>lOC`iJFlAdy;WcKd8Q1O8zg6zNP+JCtUT&2$!)}`=dZSlrMjpowLAO33luSPo
zOnvPn92H8uxc6uy9anwMh&S&8^Xmis-yx{GnZ2pAi<6nL9o&Cz4!^A7I7ygE{@2OM
z!p-%6FjnUO0r~lv<jw3YTr5dgS(4(pD1a1o1+@)klpKRkIv26rfk?p*QpX?3$)f0)
zf6q&1gBl<?R~s4#)19t}>x#J#gTy9YjN-O?x7xat{2*{p{ioQv7sdy6r#)T51t16M
zYWgEwB=1KFMs+PP<%PvXC~)?{M#txfMMnL7+;(SX8mKMQ9Gr+IY)0$!QNFLeG=Pq~
z?E-G$WR|J44DhlsvJSPY010If({tun9MoShr=?JTphz-DS+qd|NeEPR8MNt>(7G$E
zJc>GSD7@Ks!!J6C;1ToknGqNSa$|&Yh?V?5oP1t6IO&ne?cwb4mI>l!11z)~p~fV&
zgDvalLl|^YcX{eW+H5mBuLiCfuK?$zKzYQoh%0p%aRdB7rE`wF*%-KMWMOTt6rG2#
z{Ga|*R_|o`sWRTpE5vioOYb<Qe}w2>Tum;1uxd4Zxa7%wjp1u?$-IN?`(<FdKHGm`
zc1w3k#_fs=@V7&VExBDYdHyrNR9fJjQ18+bie_hHms?=D|982u3Bhc50|(qN>gF2e
z2B1fUhDZL+c^T2})}3FlwZ9da$DDlcJ&Tnr>YcV;Y_Ufnkp}}+*^U#WPt4jElrfY&
zQYD5Zdb!n387>E`?5kYMye`CqG%tn%bh~SA<ILtBb7~9Jx}cFPXjnCOI4Op0+zIS$
zX_zCK38y#MncOx@>yS4ZGJ&ay?Kg&v@lljvTY=*3<9k?%UYKnp^O|+U2MCCmFALVu
z*uR@HOp9s-$6Bm<g>>z3b3)XiK5=i``oidWQbUj2gBUCxm8u$BmRhf2{=a1P<9`43
z6(?=+9GQQu&Fj+&;IRF_D9Xz6KXl|IW?}v>N7?^xj&l5mqm+P-g7bzXTF-@+d`Ih#
zLo84esGYH65}w8Ntkq@NYIQW)7RW?$SQc1j5KEojYlfq~#P9Yx3+5nX+3n(|#uPC$
zu=KMtzt1<<I6t%8i43Xl=5GT#C4M*ey9-#YzQ!lRDh58?Z2rFJv#{Z-2)~S`pY`02
zTNGwdR}sV=w9mlW{%_XTvyX9Yz3yWnZYG1=-q-idSGTW&DT<Da#;UN+gpITPH1xfY
z+FRf1rk{E81{M--)KyH2=v<~zOA&ePf=UZdA#WT4cc-8uVG$#b;6lH_85e7{8)i5!
z$9m4ZN1P!U{(Z38#qEbPJEE`dy(FxkPFc07fWR*drE>#i&@)Ut4nmllG2}|jVNWCQ
z#11xPYj&^D7Or`i?(?41#9k+79ZIuGUQ0WgTW-Jex2DykR4--|R(Wk2bvQ5ey%B1c
z<vnIFbE|roh<`3@V3)y=UyL+fJ~e5cPQi_xmsTHUra;<UQwHHbCh%EM_TrauJ04P5
zcT^GYboT)5UalNYh(0`bkxgS4l6_{IDA3FBD@8ZpTngkfs~_);zL)sWnd$UROI@GS
z9aCI)DoRo+@B1?=Ppdt4?I%=ZXy#c_Wvv|^jy&vJg1GqCUA;G+$7i<9M(lcVU8o2I
zqJutfO&6WML)2t@$8(k%{Fhg2U}gmE?BbmN3=V<b48xvwAJ+zt$0r5&3R6p2Y%w3S
zVK}m=M9k$MdtC+u7j_AWS9E4AQz$kvFnGj<?fi%@CZU-M;4Du1OzM9m@7dC26OvRc
z)QW9+53>;I+#8KN)!4MFE5r1Yz>hSvIq6q~g3=pX_|}(E`Q3bHzMX%Uem;nyuJv~k
zC4>N8dw3n363PNZ;z`eqnP1&6QVx^>DSt>&tAAv0B&J~MPIOj`6Rne9hZ4#Oj3RM#
zk5DJ=6<pM<_HzD%-SABsfOeTDO>o7c5_wNFf7D%F+O&wd%RLA~)m|K2_cU0ViZ-*=
zzzWf$rMt_tYvM3c#jDL|81(J!6mrtLgbD><Ti+X2ME>~wvNNa*A-Mk9tscK(w7ENy
zw5|$<&Q<b~?CB&NV3QyUvHFdmRJdVm4^c2-B1aGwy?u99wtQ27_*lIC2)ojRQ=9y3
z!X+Mq9@<~@6a2~7;QC@JDBuUpYdqI8xov3z{0YtqJF$D)hSw>9&{b9j<^>}yBHIff
z{fkjvQFYG+z$u|noFNC-`=uxKt7MQJQpWpFo+*d1m4KS#<~WrzM(zMl0DcISGd~yR
z`R|qS7WpHJeT|^5C@2ekJJZnp1H~L>O#7k1F<ttfg#DCkV1n~5A>s9Rsb-K#8XD)_
z|F(o_`rvn`m7)QQi|HF{hYKiMgE2$knMZ?H^jZ@>tlQG`(cmBJxicOvNk8wd200%j
ze8Amg0<Y762$IG&dwx3BtSdNRv81CL`7HtEfQi8Y))%xGzrci{({6zZQdXfMRPIB&
z-iWnO$88*`&iqq|pcDKr%8$R>KQ^xJ_U(%?@=L{0ewLuLZV1yI1~KGgC5}1)F1{-k
zNu$L*9QSzJ2^z}??BInZ;Zz$WmBHAevS@F65Or7Xm*%Q+YpS^cq)N1IRN@XA+MRfN
z@h|hGOH&wMpa?b@c85Ar)PYzS`YxNyb8CwkPbqK6`7LB$YZ|-Zr4pdbW|QV!)wS-=
zm<5P)LpF%ga=yGyKV)d^a}p_l0!M2mPFfzmmRN@!5#9@M%j@LJ^E+K%IAV=?IcS`&
zTo<e<oU#5v0a6BUsQ|{ZLIz4`h@##Zced1>MzE5rH4%Hx=`OIk_+m5`1J6(p686iY
zYFX_ad40^tVZ%CV_;g2Id(NvsV>nwA-)w-oiYkpmEU@w_0h!k?M-vX<Rd|0L|2mS+
zybXsdtEl@XTB5Mef7#nB(lwp<NV9!(BzLU+kW=tv6hVk)SGD9+>Lt3y?nJfL`z`KK
z{*Yg_3$PrP%inS1;LR=A`qH`G+RQ0uxTa<~@f>?PoOY1&R5<t3ruBi8equ&n#okD~
z*_OWePP@uLu<q)YIwJzB9H@KL{`nnJ*Xe%2yH)+u6}@i)fhaWuJ}XuFt>^vOim-y3
zt{;AE?2htl2^R^@qI;3GegZlW=mb(Y4;*G46$zjcttnYy<U$e@Y;lX*Dsn3~NAfPo
z7@09DK|yXh`MUOM<`+^}_fUmOb<*@KI+zlCygI5&Gg8Zk;5C5ctDqqJcujchfMc`z
zVbLHqLyF^qyP*;YbfQ~U<8NzN`YNybiMvSaM*-TcF=*)?jo9ga5mE}(j*P=vm$jx{
z{#f6ej6ZWtZO}KkhZLmkn(8$n!D}mMT~<<pBAS6w6z8wCi5wt0bc{XSyo4+qQca0a
z1uQvj@ctFvcl1E0UIasiRD_pAl2C>`U6NI1+kGhm=|elFrTj64_F|Ur-|3V^7Y~2D
zb$p!5=GYVE*wzT@HmDjXy`*y1qrD?q>R0*3LfjyPu!98DK&In?sC$~&ByN8A6APJ4
z(WN_wKMM~J*)x5p0~J8#kY6!J72euINev7_exG%<O+LVfQc};RqJ$@XJepE;p((0R
zc^Y^qmU({OMKmIXj<pahQD)uP&CDps&uA1JCppQLVM;|;3|Jwt<}YY3v+?g$Oo6~{
zs7!ukxf7y>MxrRJPS3ycAMbHl-0#Xme7&Ao{W&Q!07=a8P9S!kQTpg0p6AV19msR4
z?>cpV=>=}q7FCH=tU(nLNrS*jTBwO<U6;!*tJS&5NsCk=bUPbJ4d3)Ux7TRKkpC7v
zSbH~N2uO3Q*Gnrb;a7qjj`AnJzuT7ml7Rf~-E>%vZ;#}eouoCBn#cT%E(;1;JnO92
zUYMax2)0|y5AL1?3Bzc|9m5TQJI&(Qel{6RVg%Y38T_^Wf|G+u^|_jf{W;FgtXh@#
z8dr%n7LsSf4R+u>`a#a}(y|<WU>uzPrNrNoiB3X5cHInt)m_pdeeaq=C@H}YOY$6T
z97jieiZ*kH)>D1%s9;=Z_AbncD0WzpN)w|ZVHf3r<M<0CUwkn7Psc;rV6>AVVrog~
zI2Ul;nY(GOhMLg)XjLoXq3$S#jR~{o9@=)5cOEvrWNoM+{#y<fEv-$~*-M0XAOVk!
z&=P-a2s%rgTn52Rk+Lp7RTQ;0r6QAEj$ZYK(p6>jS&CPH&3_J&=<{uDIz}E=k4e2Z
zE89;L%;Rd6^B>~S+++ye{-RX5y=wkucs<}<?Tw~=l*c~Q`7sZka0FiU1Ua{d<60i%
z)(+_pn{zZ$82D)rO`Q?1Rt_^l6V)sdv=)j3krPYMvH<_Pdtly<X#`c5Z@GQuVKi9P
zU$FUz1gj!;qjJ+;<D}KFrdW?$XEBCkcd-ftNp0_}{SsfnIm|87lH&wUL~FayvJe=l
zo^2w5l_pnRZ8Er8x};I>sxdvq4ub7HMTW{vR?WfxCxRiKr?9*lawQqJEzf=v`e3pl
z5w(r;J5@<6bB5e`cb3t)e8t{yp6~ouyoiIlNg9DD)`&p)P5*_8t<;e6)&b~`?o2$e
zVh$7VTvW9}R3*OQH;gukxZk=n7bZZP@3xuwOM#LV?|Yb2-J3$C$Y?~h9~b02Khu*{
ztbdT0I*Nv=@95^#D$+nzi4C4Q-`J4~@b)YfIK{W^`{%Cw!2Yu_bIICcUOu{oLL&x8
zmhiT=Ieu$J-G{9Pt!OpIQ;VOst+Qx)?I!AJV6wO?E_{hFNc#eLr}*LTdNCj`PuM;V
zg$Z#!ZXghn8M7^i8NW>^Qb+r+o>ra#Zd1g^om-I~|6;zm%3yQd+}-+HB5(u0W-dW_
zTr4*<E>CW^z+*qwav6U;pFGl&w>9hULbUm;b$cOJbo)ga>dp4zczQ6Nu>WNIXss(>
zpr&XebwZIFTw8vuS49si9sn%JH%(kf9q-H<waPPHArhIs_FCiX<=N|>syCcg1!(ic
z8*W~-9k#VCW22g8jM%O1)l4boa9QpeRHznpKCZse$$oO8uX{4k;GZpkeE%+R(}O1K
zENdYAc)$K43vs!mke-`t4txv;2`UH_2t|b^Uf(#_o;uy_)OdNiZU%ZpN{32VWseRk
zcrWwkVBg8XI4_U+C<MKzEh-kRxB3WKX4GWXy3)vYUq2J3zi%E(l$x*HPj6i<d{Zyr
zBUBE-TwF!cR4Ve2a6n)l)b1@no+8_;-#acqxwq`!-t}7(kzmD2ggQlrSFIqJP?43a
zpZNvP9*e&i^4_w)-~ci_49Coa(pI{aXGXUI(pF+k--|)+216CI+_lzKD=YExC@nd1
zk>b72pDP4~i@LBxQk=+8;MVNV$Cyo6`qn68q{NL!l2Zc}rI?+rE6+HU@aKXU3~3@6
z1z9`SZPlv|X{rhVyQ4aBYpyX-B79@YbAxN_g<)s}sU1cn(ttQ~Zr@tN{gn7k*k%tA
zLqa0ogYNe2`|t2amxrd?5p>?7{O0lRSM&2m=cAbBXA3L?zIW4&L`K1-q2yB2ES)x-
zjZ1JIOTAeM`5t?wvJ;11pagYvYjIvX%VTx#Dr@DQ3;wBRKHbv7R*jRV$H&#{Y3sv!
zh(|Fz8cvK)4#=YS>*NM}AM2tPs;Z*W(#o{%fu3x@orM@R^i==AQ=~j(eGOb!u0$%y
zUo7sLi`%+P^TBT5G&V$1WG(ahZe0#{!#3sJ9D2A;(gyM~?YhgF;n1hqKY?&yqiVxG
zbWQNvd1PN?-^<F>yNR8(hNA`7R8|EG?MbLPN4e4)Fro0q(FOAlNAAa?*v}GE8hRh4
zTli93mlIXTcoLkEJQnL7ajWO`?467{G5PgmyMcY?>Ek=&XBb1Z#qy9SA*|Nw%+tJQ
z#oen^DJ!6k)_}*(n(?2o-aJ*}9U8SV$hwYRV3_LXfF5?tU|EoP@>b90<%0&kcpchc
zc|EQVQ0e8M1d$YG*HO1dje_8*D|5X0ks_I-)kwOxW3$iS^y)G6<H}L6`cQF4&a}E>
zmJ*c?tFep1`8En~{Fjn|(d}t&rsy$gOYpzuT2*Ami<q;0B5Y4{ap-)dGnw<Ku`R!<
zzuEm?X{C^7R1t7gSjE5|Irn;_nv4{eMlz2C06W{fl3+b6_Q{$f#PlG?F8*^oX3qIa
z8v@fA+)m*<4EMr?@YQBW^Hyk60kJv9i>H?)XDAy7N#>L>oTSbH2FE1@pPTIWwP*sQ
z%w(A&m<(hBA5YqZb)E*YJOvvS%6Y{g`uM!ZpA^I6s3c%N?;FH3%)#WpuATM24xQtF
z96B2h8_WLz+5YcniS2(!OGy{1XaI;`8Iyt@W!9F5R!efm)jA=f_#ZTr$V0Sz%o`iS
z`yy}9_`)HItSgtx2tu@W?)K+R=h_cCvUIY-zRtWeW6@dryNlq=vhw!?qS>lPQ$O@G
z=!^FVeR-83<zx?T#o0IJf1=sS$Te~3Cuu8m?mgY5LS0%rJs<z3{(Kt$s{{C`d$S6c
zlGOK^^?`I|G^1lr6pI{%Y#W2S9LwA+E^grqm;K?@BAI!H_?0)zIVKw0XxJ7ee&YA!
z3^mWSJ22lz+aADAEa)1EF@~G~9ApK43KlSS8$L@+5C}-$jncc42-+o1b{sBIE<c10
z`0*}}u}>l!Qt5qf2;%?L0a$t@UC-1Gb;E%F^e!s9`c3}1Er{vaA?B(^XidrLV#r~#
zN{`?;8ehd!qvCBS>3hLXH=GQa9zW_FJEL5iaD+C%B`!fQZ~@fy-4swFBymUZVT^e7
zA0JrKfTuNXbN&9rt#lEM?ZB|qy}jFOdSE4iBK-YkI6UUA2A{;k4=^Fl>j?-!pHQdg
zsEFkBQ>KT?%v)ffF-hp8Xr~D~tF)ZJE%n81#DHI(ZFI2@HPG^ws@TGPFKfCmMdF?3
zX^5s0%8B)m<%st$tlp5&IEFIZnar;|nlNH^I=j%oHo%!;g<>!syQ?o-NFGndbtIm`
zL^tusb!LNl2QJ7Y0}@5iPf}Y77RuZ7CtZz+Ka>(GI&A}#2%L&YlQo?E4H~RiagBoa
zhb|_}c#z+9D%?TM9>{h^C@Az>6|7uVFhjbI&cG!dt_pERj1B3~PnO3DFw|t33;bX>
z7<u7RPdJchnkCU5r&N3^c;w+Z11Bo8GrU*fPg6mweRMfy0rnSGE5@Su*55P?!^Svx
zr#e)(Gtx!wkfu=O_f{*MdPf=+LBf*nKEe}_pF||ur1O4r${?KezCGCbLbJWREaobk
zYCk_UcZd&<+-AGNAL(Gs=~<x1IkiN^==S6z)FE3KDwDB`Lgn(Y_jg@{e>9=;eq*df
zHe;HO8vQ7S0IZ!jB5}|*FgOc&oRNdQ_E1InH^36g=-3Go<9n-aN;hbua1?*dc#g{#
zM5G84Pzr<*7}KDONGR&t23h}V3Hfu{!=CX#8-LQQu=da?_>UR(1Acj%w=nxH(?(>U
z|5!l-&)6@UmAL<9aZh2oEd;Z#X(JGSb}#smX<}ui3W#AzoZy%I5*~pY(<y%aL|-gM
z4TFPg>D3|4p|nE^jp*kyBIt?7G78yCbc0KhMy8H-W8G!f=t7&aR!3y+TqWPBb<kRg
z2G2zkhbWfhP%1KF8R#8(o1bR;$F21k;L<6{6ovPYU=eg1=nBU1k#w6{1fGAQIM3w(
z2>D5W0W&Z9FHBO;2f2v=xMXOiR6%MQo1~lLe6y><@B=#plO9uq$gSdo(|H-2BQY(3
zw6aFz_BW&hTs`nP3imomlbb$29WQhzrtgod&15N_%B88=?1HVg)<bhdxgM$bySZ6=
zKDT*_-2Wh2yGOPrShzcWX$7KE%ntU{HD>M~peXkTnj1;p8CnHnolau{`@W-koeI;7
zBH&WY@O@fwSGC-;O=KD~IKD6et1RTvzL2`vh=d=8rk#k_e`Vw8H5qSM!ZRb{>^_2s
zJcfKWd^agzTXekCShOLJ`SiQMhiG^(6RE;l2ZyZ*W3piBx*lAQW4YfX=WBIs3g5U6
zD2h0+rmuyy@?l0&{Bx5{PQVxSETN^%fUV_V*ehm(BLw_(4US}zv2ts)&r?7=eKYbz
zH6M6=fF<C$7O`9Jgo+b;wlk?_Mi(%=LMUU%Cyve;xmO9!aaB`U(m}I`|6T3~jxMTu
zdpvyVgmHXtna=jjhR6A)mR~&aDfHJHIOBR|K+@gj&rh*#>Q4N=|I$72W_%QWlI7>`
zx7-7{_&fDaN}1n4OPeZl?$wwbW4S|{9_XBd&sP%dy0H!Rct5~@81F`8k^3Wf`_5H0
zL9So3BjXY1a`9kSQd#|{F#{^#k-l5&UMR&U3)nq#*j4-62DZZ!NtWjxG&tG?WH&up
zOne#i&(e}|1_%F*9Pk=UFlKW?dk*k}9YFo3=$3qa51$zj>WNLj7O-|AJ~1uom5%si
zH-!(yCj={~Bpv64*FS}h^_dXuQyXp3b5@N7|8Tc;UN+Z{8GHEK(-pk30-A8^>TX!(
zHTG33_R*q)jA<iIQ(9O|y%vrIXalQs)LB}i7wHqBM8@CM)D0KvlYb0`WNi)r=Txu&
zgBACWdg@*h-d0!!dR!l(d%sKLAL00gmKhPk;PAY*mnDYTcnl4+Sr+DM`@>{g8h>yK
z>vArYiQ4YE3mn+~RN#Cn>e%G}Lt$X?%+}l(8;tW*AD4S}*`2lvJ7aDH;5iCSJr^a5
zvHYGq+`1nKeI$mArpS6DDGX|#baw|m@FSS3fImP8F`o5gXjPcVq8{4E1xtNVd$GN?
zQstQpHmIil4zBwKJKivX{;weaS9<?XjQ*cZ5Bq<?|9^}Q^Z)L8*#1|JPLZ^&g9xA*
zIZB^jO9Z&0wYlQ+8O%UPU(jPU4`rxSCt%2$Sg1Z!I7EG=e8zdxM0R%A>l_Y@hV!T0
z_?+;C5u*-Zpgz{UXI)}L*kKc6H-BQf0*L}%4F>cMqK|`KO|xONaJX<L*itMyH`uvx
zdqS3<?e%_NZb#L1OlN#2M;G@^_`u1?ecrb2oHu?=tSkA`)7xMmDlyv%B-@3HvHo44
zL&!(xXP|GhB9?uyKHkVyz?-Ts**SPf6l%d+(8({Xre#_tBz~!x4$T$9z>LQF?uagN
zf@3M}KxP6i%TK)=L_dBQ=2-dQlk>s5(D~~hMcfE5Vn}9J0W(?aR+R#uhX6&#?tBNf
zl<VMdu=u)F91-H)NIlz!p_Qo3LMf=*)@(5YQP^*qCz=-<A(TtHs`!?}lyTgW?!6Yv
zSzn8o)@9Mipw*&d)kS?YsbqyfaCsRV*OTf(yzWZ!0?>dJ*Dc8*5Vy2hPv#PNR3_C$
zGXKn(C38b^4a5(mD~Z7zPJkOL7$j$hyi9au_sJ~4n%iG|(a-SH<?-0dwILHTUx003
zd#tJROtE9DViue?VH;VP-C2TmNa*hA+~@J`c;CzS-?3~SLf#Ack2T#3+Xa{iBHMFa
zQS&SlP1`G=4#4q7#zA^3i~(21%xwIF59WJVB<SDyF5*y#C1#bM3-}^dlO>E)qSAUz
zW^N(S8t!eiB{ELXw~cc5wOo5RIgD_}YNKcuN_S-=7%?`#&Zc#?JLmuAXP>U9^~5lq
z;Q)DK(4~<~iO*6!xBS3ii*t?mPwB=*my0i8Xhe+j42>(8ktLn~mM95lfhM;5T8uFg
zDkY1@;a7RY8LR|hGH~h9fLUr%V8Hz(ANWnzb<um~jV;R7wkK;q)jc-8pCz06UYWsD
zM1pR=bD<Q?V~=Buh13HAg-O!=S{i6x<(7C68OJT5eJd4w?P+SnV})8Yhu|8Tfbs4`
zhOVp@v=%grvnyQDDViLEvUF8)22FX3D9gtp1uH)|e0^Vb09feVc3pxi37+h$9IjQE
zlji<a^i5i4V)G{A^ih3Kul`6XmU_;wAx%)}C|!%u!+-BX+J~0$_&kzUk(0BBZMI`o
zDMC#4(Igx(6V&vKUb=cEYXRXF;ZEgaflgAyvu3xX>Lxt;BV9IW*X{KHR)Zo%TmCyW
zNWQpG(NvT67})P13#|kV4L1sf5V5I9a?${kqRC;3+G&GcyX%8&rDi3W^l^q>BEyd0
zVILZ^jGOPYP~PF0vz!#7*4eX!Vd?Q+468={(FmruTuw`BvsCnou=vv^q#<vSO_pWQ
z6Oq`(o$MU1r_JL(f`oF3L}254HQveN3QJn6c^5x*3Sgm=x7}RvWzi1R6s77Y2w;cJ
z)k8JoVTlq7r#w33D6~8i+(8w!=}`0Y=B~s@F8zavcHGIEVp3Tp8VG)Cc#I!wT&3&q
zsm};2*sB;e`+MVLESWjR3CBVxx&C%?;lQNzZN*hf>sK@Y&rwd7&>tSGL-Q{Htj4f5
zUbJG@8z{)~hZ1JzokhY3wuTyj`01`I#UD+iO{6JWYd-wD=b!q=FKsoXJq%{{djgI-
zZZ@m{5QM*}6&^oDPf+z2j5zy!O<qk=#!#flA2%a@ZLihCzAgH9@J|X%>OmYL>ko+u
z^qv;p-$sKou{M7|*Q3FS{@OL;*`qwmp&T2)Wdhic!ZE0drfPX(|Ffo;FV=-mrBufP
z`^#oc&7bB8wSn=W-bObmL-+HKW)>~1{ssDuRtLApqoQy{u{2u+<&pR!m&1d8@-5g_
zgyL`UNQ;T61GI1xah4)glFslG*Vk-eR~4Hdo%&%e2<q#%pqmA7+sxrymMiQUzMXo@
zM<M_f*j;@AjN_r#vgWQR`^2?qk8Qs=gK5pdqH#~C@reqMF9<^u5;l=*5prF$^Y}NQ
zkqq-`1wI|gD|$h>=H-*@IbuTup)NE%00n{4rJ(XNgK=JxXxBKEs(yd~k7f#Mzp@^V
z-}-TAov~#0jOK~^2UZ!!8MCM(yJZwd>~BC&`>)L>vxer%2@}(_LDA#0g_ck)ujtga
z{NNqpGdnxU<$+o7>p=!If#+txB|&9nGU7S`MZNr=#jHz#D}>Yccai8--fgeDM%8r>
zFn_Ta;|J=n?1_cf)nIHp?rvxxYs&NhQr4@-`|%L<ZrJ<eosaQmu9Bx%Tl@R!y$x7K
zCXgkcgLecR)WDQdy|xJe%E+(@R)vu4*F1V=u9Fo9`}LEOur6QwW>Gyo-!Ow_LvW8y
z=)bocH=1f`v8s36r(&Hg^12*mI{P~7y>(&O+Z+>hp^vJ_%sWksxgD2SVQVN&y_vN|
zTMa-Zv?*fi00p}ygc!Gx8X4>S1n_aXCh~i=s!-l-E!d32_&WGkjs7$3%zT1`hY@-k
zv58lt8r0OK5af`!-FvQAYX|^|TElH8)p<J_w`jjHq4(?*)&u2@be~-_(~cdo=w{T)
zdZ|+<PWI&9Pjv&q@+ZA!8#f^=LqfOf<YKsQcjp^au`8eMzta6*FU|IUyfh0B%m3%4
zx&N;fI2+IZu4$BLuf=XiVhwkn)4_#;s);nI!)u+Gt+%4N+qQY@$i^2FLfAG^%qd`+
zH7+)O@H&8h%YHf9YdE5B<x=3R`hz#5c4d2CccdVP8%2hHEqr9zQ$y5H6H_gIL}mi>
z3|_6-leJ=>gH9X`QU6=SV~cPY+R#r{Zm_QJ&JjO>HQ!ISP9GuIUj#4p_8AI3krgv@
zcg&8{hV6C7ecjH5?rP24%d)nQI^({VQk%7I+Z3$YQRfj~f9m5>&w{1W7r5=Q79Ad_
z3x$-4o5Gdf2cmXm&97w+1!-qjsm@t0A**@JjiSCz(Iy`fnl9QM7aw7U>7NoNz?%;4
zy8Bjv!RQecn>#%qU0-e8)(j&I)OfUHlK!Q+Qom(mKF(f+D#M#P7W@XPpag<T#Q95&
z|B{jg=?|@RS18~XB42f&7$N^2)hJHcqI_EWFXHV9BGl8SrYAc(`)C&pv40;#%6x4<
zZK6#pDr$I?gDASkDXLr3P2)oP)YWe@`pFyMjs>4TzC-rxOlVzuty%k<g)A7$O<DsV
zljf#y0(L~;%=xf4?DOyAZQt7S-_zYg?lwG(iaZ0imaO{ewkcHp;T)%dMlbKNlR#s*
zclvuy4|tTzqSF1jCwKV90aC<N&zD45=r2RDl7ZIKCPfzG=B*{l*Z8U_nqof)t802d
zCC{zOPQVHKBSNQro4ZZMiz|i{l|Gz+wCT)Yf*2|w*eTk|A~9s`l)v15n-q=A63k;X
z3hc^^A^&MnGMX6&BE1ctze|KbW&R!CsE+RLT0VnRpY@o6=rtYM_joc;uRyQTDVYGv
zXr1jZtX^kvGtw_-50o`RLJxmrmn~v|#6a%1xgj|B9iDHkb%>ir2glmaloUr-$4|Jc
z#LjKIAMIxdXK4Jk!QwwUz)$m?#(m^zOr}L5E4L53*plnw=`p=rP$c%YWx9fgQ0YB`
zw|Qh#(z`7!47sNL&@^bz-4`4lOB%Zb#v1jGN`l*kEX8#q#I4wDHFF<ij056;pxa;^
zJWa46kO5By)9E|fdv??IrXMl-oL2SKLE|yxki3>g5`xb;#miVmO{-=sgDm*-Q78)2
zAFWT|1kc&)YUZ6XhdRy0Jcn@e)h&n;Qsg2T$}$GR)~qUJ8odjS115zq12_&wle%K4
zhRXWkK}7b3zcJ(aPZa#Q&4m>KUI`{yX3<ppjx4h!R1I&>(0TDfUGM^g2vn9ZZiw+l
zzs;;TL8M3RGYY76;$q=rH6aS_!bR;0K}df*#Sg4=!(>A8bPpAqlAWKhDQS6|5(BZ!
z)@!9i$t7X1$OjEskitLsGS@LOBA75xVAr#<U&DO2TQ&M5Wb?M(zXEZ9g>5-s5lbc%
z)q>huE2U2M>vUY^UlE{hi143`YJ*hpP%lNC8@R8<L@s}>ku3k9KKHE`ye(@AA}}KL
zq#}3Ce%zHs+4MxJku0aCl!K<ZJzgDUy&j=`nxcUb%o_Un`8s}GKKig!VysYeKYg}4
zd%RvOxjSI>8RjryX))CSGuZb#hSP?IQ*~1QkME^Y{5wt?P2}q1;}|tk9Z8q)uAD{*
zc$6vJM_mxy+7`qf*eUbBWovdvipP~Zw7Pm&<(w+Mt2FCfbak<IQK366o7@}lx|aOD
zz3o*{{3wvt%ikJetnE)n(#hm#`~8BTXR4PVpx2j>i$DiFDVBMGMU^lSSI5hc>ZQ`o
z0TEI$m7;fk+>DzM?&4~NtxL|dCKfN5u)BWiSg)WjX{jC#2>m(IeoYW@sA8MTyyjkf
z=y}!>9p#4Ejv2N9@kDz?9brZhQ|b)FK1hlOG!!n$IHtaa9=mM8EOzx;c_*&I)wS(1
zCx3siz@*!@WVK2FAL~B*pmkHsf<8E+wScEzvep_xB3nyTB(H8{O5U(GjyRK!*Ilsm
zR~eqH7AAA2y`kzV=Q-pwsCpSjX#~}LD^4Lb(x8X3PIXLkNfo)|MDDyOfqP;VY{_-u
zk~$E<<GlRN@YBBjyBSqVKsF;l26}$P1!AN%$3Wu`By=kfF`q&%2NLtRV95>fxfRTn
z=7y>aYg9#pKX2^=`r)`Ox`Ct;#@38C@67*uD8OIjgLD&xOSk2K%tV+4<aFBS3G@EM
zsJQ;Ekno3TBWC#=K_LpSB!jdtWuXFNWw9(5IOYJzR1T}a_LF&2tVGE4WxP=@GfuL}
z?2KyM>mU@c!ySj`6CckPCWVJ*4PGA7hb48ZebUH+2myP>-r&57D2Dg6?&v?Q3Vj$a
z=HU<}z8!N_9A8yVT{p6=btS*7W<%wisD~%#{Ag-PAkDy;?y*#_3#Clr+g2x`BRaPR
z!Wqe|Lap)Wzg3$$zy2PuSyE7w5|z|ABm8^Z90wT?Ey5JV8QBQEqG73Lcp#fUek7L<
zAu&<#_HTl#@&UuCs8~@#D!6(g=Fom9QrL7Z*x3@-=8m-VUg|o_(Dd_cOf{>y!^o&!
z@$OHeqOc2G<j_Qr{j<c5dOydkqWcth$3h7egnyR)r&v;m(O+)`9YeA;NaQ^tkXx_-
zJzW;iR6{`vt@7`|gBdrDee8mX+Hm4aMaB%H6(Kq3guu00o#)P%gR)hypOEFav&k36
znN1f$A?cZ~Zz7mq?qYr>^`Aa@>}5SPF_4CWBQ^5tf)>^cZ`Nm5@As|R4p(Uc9~k*l
zeqn;FR6-in84<_AcenJe2WyuZ%xAOUAZ!7Y%CP)s|4BE}t5WL9**JZn*g9l20ugTX
z<6KASr-?m6I0M{#xpccTxWCspEa_&d@TgLYsr-7SA6L(RUiGJcAh$U+99eXil@8A6
z=|ExCFYj_FEK8<nzh(yzqUi5Wlv-Pl|1|gHeH@CxgCVZKCO&aYg*9ZwCZCz>aaB$L
z3XR-NtY4d>WckMf=?*Qao=orOCP;^c+Y#)BB4W@#?d7Bw?_R;qXwHs}q^#g1h-T5P
z3pB4S8;swWAt<kjxhkFdP?mlk1un;NzutdvdQPF$OOf5f6jUCZ)`uI#HF35y$#2dW
zby6VK#cbPrJRLUWdWaD`n!usd5h&FGq}SyRt=~H*(1+jreLP=#3q6Vpe(>Q4?6F`9
zOyJ_2C&g#mguOpInDfs_Ypc%nztwRLPzTSn5YwNtzL*j#{h#W9MsYuL9HpNzFo>@v
zja!&+Dt{gVWli(p5lbx38PUw1TZ<Yg3Fcr{_Sh)p1;tET=vz=oydpb4@I(@TFG>rZ
zBL!pj_J!nIqS~O+j!-p>b()r{ylHdSjylx>$_T7b)aUG$e${gArh;5r?m{dL-yih?
zmnwbG{3tXo0?i=?4ihKN)<*`6Y%IR4utq<c*&2y%Ht2VRM@vQIMV{HpzXg4nC7x{X
z<TP5K3-U^437$Inst0NbmqVoh-j9T)T#Y}SMF9uax|_#lP;W+u&x7}~e;h6Lklj*-
zmp)#HUu~LwJpEp+=Rkh&LYjT=!oAyCj_(~9mgm7j@nSJMt%7V^y7QenTDH{5(@iSo
zDapfI?vQ4kpx+HIz%suosudE2k&Ix{1p6kaD~$y4{VO1Lb$of2wry?$gk|eEnf`j8
z<y~hvI3%4TF)RvBOuRYV^f~%TTQiL2Ms)GTV<F|+>k$CMk?&k)sS(yL01DDJUG0gM
z!<BbPSXV=55(;+OPLaj2jlVWQGxYb%=l+AN*1bD{3)MjMQeexZte%$I=W>BJ)^_=t
zkf~EvpVGY2Y?=Jdoxlk|66v!H6Q*+G1a$#D@m2AyC5~t@n4tWVc|UBR+?Z`X;e8h|
zayS0Amaru21H!!D_yfY^*yxFJws9cgjkd~Wr`2;IiL@74+U9Z5p>(GYCE-|qX&G~A
z%0$@N4Hk?iNFdGgdfg%dJH+K&RLU%!k4gMTYnwmS4MISM?fE<l47-3i635AOS`sjj
z_YEe7EP(ajnf|}Y8_)kt@2ouRtVs^SBEXf-RN`hUYVVC&K1SK3V=6P~7pSJsZvq|_
zw2jDSY>N_EM+@ezX7f>&u{n?IJ6f(ZLy4Podw&q=$xGSV?0wm@{B_b*%ZHg2L#`J>
z85(lfFZ^#qdnPm|?|)m63w??I`i@dR_RjYYPAI>AxAZbc;nMQZn#qPxXl+E%7XkDN
zV@rEvZzI@D`&AZ(cQ5xsz|&G*?hxR6H#H&Mtrw3y;-|bZywrxxKSmpNMB?Cz>Z{GM
zRC6x4sAQ>Fn~GhLPn+bVHw#3>q51UhN+dAflbAG1cWgIXKP`oBwsG_lQ70D#$K_4@
zBVn0=#LSn>#`4Om6TE*n&Ckcs1O};Jb`MUXW9pnFC&>0F%=MUFjJHMx?I#Y7^p`d(
zUs`w-71<gH>2|5fAIeI0YVzl=QcuCHcsxiND?=-_z&!<W1FbRw6%Z1XO}tzw22BmQ
z#SOUWT5ERVbQvbiW5_;d-K-_nLlN8~{ZXePdTPcKQ_+z0lnaJ?UXH8kfV>`$H?n$!
zbXI2B?uz$;>PB-KHj9vp-Op%QZ3@kkHm-w%MZDS0!&05z?VEkq9u*4)eT;)YS}WJ9
zNp?R)A(`5@j@NuQ)U!5PtHQeM^38K&;00l~n>PgCKVCm36-_<%lS{1<SIg3nCxXJm
zlBP_?d*32e&!_R6sjL#-0Tf@4jh(HgtMC0+P;v-t6YC+GZ6gRlYKx+PL9$$(|8#oc
z+1rfo&NcG0i>sy6H5}y^nH_`k8xNBvUk{S7^Mru6%k#4p!x&nIW9mB|h!F<(nhy;*
zyu3b2OfvU~EjzkV7EGG7)CZ!iOF>-Z=<9B|q(-Bomxn!mMmsD@;3aYSQQ3jBc&j3G
zQA|m_=`yyf0Lt=g-HoK>71vs%rEuVHHI3!iAs<)l0)0uhyuQmpsyQr^p5813i_SzR
zRJ5+J5e0qP9R3o6f&Ql%S=^w=9S;Z-p9W%NGof~c-|0H+I7akwFE>HTGkn&r2fL8_
zclu>c+?}H#i#O;Dz{f;lAZCm{y*STt%CV^t#7Q!QQzpYJal&+7OUx)Ek!rV4Ub0+x
zJ=Us2%i4@}z%;g3Yp|VzQ(K(zIN(OSPGoKPBYT=lM;YOLWWuehD)h~~NU{cvrtVka
z;=-fMS2Ddbb=D9~YKNzy>24Q4aS|`Ddi#&zJjt$;=_QpuAd82>+2XAERW1{}<+n&y
z5zOs#R_E4pRuQ6Bc?fiW4~Zb9XcU9~Aad7ZYaTvziW*0ic}Qt4x#)NRUwdV=3nfZ|
zktuwgVd$IwMI<&|yvI-BN7?krqRNqU9er!yde;MIi9W%|E$ij&r&`iq+W1zoG5zyy
z&E-_IJn+&0z`aH(HVpUiN63Shj2+jcD@>qkS-<H;?biA(>(9w}(&KANa1_JA#A}dv
z*N9h0|9Xg#BsYc1(DGWFE*0{a2Ly!UiNW!UB>5bq1~J~ptzJp2ptS~$<a&FkrJlJ;
z;a#1T3aVw!F*NBjil$cPjJl*F=G+UAB?k}+{G?K1pubF`jn(>3o<Ewdvnt^c0FG6G
zMSLD^8UfGBs1Wa4=iG=(D@V)550j=?H#oFO$vis=KdXY`x@51#)dq?S(K*>PnK0m^
zhu~75dj%1!jNzugxTAPqjIw9GVnns1F&K>%IKp14fj^3gFcwm*dT2#7(D)hK9qm;j
z>C%D<%$S148w)(P)cP<5ss_(qX1_Xtng>eXXtb!T9|+H}WjdbmOE~*uUDaUGcdF?l
zONerSTRHSXc4t}2KTXNHzA+*0%OA2o){cd+hY9o>kLe>)UxT0}gx!gXkBk%>98Bbh
zf`rsm_U>%C;?$3hkNE2Nn&#%SR5OX>s_6d$7WOmJHwN45nHeFddBFX-&<0QA(n9BS
z*K<oYNx_Lk+u-0-^2HwA;sLxaX7Ka9hUF>2YECr*quCE>Qgi>z?7%Y?6gXUKa3gED
zTQGY3{yV5QP<ptr!0taEb3`qQqQOgJ&X04hE|766SLO?hFF(tWan4Avy7?C2kY=@k
ztT@o)SFdB<On2oRB`~kQaF-I*HeZB`7Us@J?+3`u753*2RY%D9uF6?&=-}TN&LGM>
z`O%DUf;l(P<}w1EI=9f?X3e8t_#BEb;B-wLaMM4X34P9o{?h$h5P~v|N^z>(8ie@z
zS67}??>f_l-uK0MzMf5#;lU_-4{e?Wv`WA+9fuHZcEkN)S46jzXK$%bzA2yp&4ir_
zYK|X)2lsr0`_=G;d*|B@zSwwx43QU9fB}+{{k|gKVAHjN{`Yt^)!&HehFX`PvYMEE
zIMt*=<Fp*ZGQo9OV5sh)#MN>`0lB5VqSe}&pGA$a;BTY5LR_gy5$<~*!d?Lg;Lbbb
zHqU9-!b?7pB521+j#6bu!VZ~=BdcexzLbMbTYBE3H=BemRyG>7(9VqtX_-yINO5Oc
zJ@vB(Z|VrkKUp=ItTUu=nU<tSAQT=WGU<-B=tplOg{nC8PZ#H4>+LGL9$PNu;W;pz
zlYixb<amKutnd|L_2`uSo$on1fM|H`6)FzK>`+YJq$TVLJpU-yijUHp*JezJ?<ZW<
zMGRbPzz6*Y1pJ06p^LNgaqI%DeWP4mAa_-kOkXLFA~*z*cZ3%R?{<1)vY4ak+7MO<
z>8)^d!;8(5BAY}i7GuGWxIygbJm4DN1;w)qVIQ0qZ3hy#tz+iSzMLllp4<8m)%pb+
zj>-`HZ;EyyC$Rjo@#W`T5@jvACwMStWq#gVi@GdRu_6;g>Wb>Y#?8+1`rHll@rS%Q
zMkkRG;PTlKO+mG<71trUM6-no6i4kjTc>vWFmbrcsoxvKNqevEe28`lAtB5VkV;K4
z|02@=Rcfqxas69Yq|X=+khHy*{4t^M?O=}9di1F0wmeyAxxi)%!pi6>G3S4?o~nHo
zKgMLIbGoV~>k_M!Nzc|LsGnrgMeV-S?M|1^N2hnA85^}jBTns(k}FDv<(80QIcvWS
z@09<T0W&N@=aJo(T7pm#U?2Zdti!0WV`I8NUg}Ms8)P-i$B=6Vlr(XRoZ`NB25dHy
z^exqB)KSqBgO2(uL3yZQH4*KvPhzdSAA8%*gDSM*D`UypCP;;ri5o8B{cC_d@jv`a
zL;28#WXu?rK`SoUiSl+!(Z;YemJlFoO7FdrFeS6$8c(ea`(Vp^N`9|1Lt+v&UwXK~
zIf^$cq_o+Oy}i~9Ou*S}l$G+p%b|FU1RO=M!>DBEnkS*oI>s!Szcg1NfjVR0n*Hay
zt&am_Pn3Sb>2T)X$JLag)du-<_12=eKa*~zG9_geVV)FXB}~2{Y;J+h8C=8F5d}&X
zzXsA-TaG(pmzM&uSI^40A>B-|^7#+=A0x4;h8|4I^ckP^fw0G0Ns%cnn?XWW+<^or
zJ~@u)0QmkZnPO3C8NMvx@x@&u@wijPzZmI=3#%gy_VDxX0>=P2;p3~ZW@g}ANLH0&
z6ESOn<~@Z_4Qmi%m)~-H9<gZvrb53|-Y0@ga<qVQ>LF4w&P+_jZ@62@nWZGw7<H|0
z+dqj9?pJ<Iz#q^|A|CLS^Ctyx_9?e(M)d$(xQ$BI?qA|lirn;`8xW3TB-9jqY<!_8
zd)mzW$Hv*|m^jp))`JdL#-Qg#N-IM!i)oGj4_oH|99j3S``ETMv5kp2v29FjJ005{
z+s?$cZEIpXnK+r;eBb|^Tj!p-RlRHX>VEgrwQ8^GTJPHL?^(Su>z5YuXvbAHtO@m?
zjY~K!&;)99H#B*u!|*QW_~9jxKyGc?LVk#V>>w-qHF;=ZO?)I@q{Sux_*tY6rZgtY
z0;8b&90CP9&5H9VTh+%vI;b!z;JG0^o64iwaBO;F6u~T{+nO0jCeUWoR)r1bFD|qK
zQ}V}BeZC4uF8!RaDPcC{JcMAxMh)=;jo>P8n+`(GIf`d?HRMS}5m9{i&-b7b*v4?J
zSEToenVnp&OR3hb6}5GMX7L3G`Z>RRwS!Oihs3A$%#~}sg*GxFLcbKGW1nMLF6P|d
z$Ha?X)2@Pi^L#+Y@6yecR5@LQpRs}`#vs>OZ{>chWMeo%Z*_0Ir`?&QIX~()mc>uH
zxo`u&4fA0;&-SU?;`OuRj216&I!biBmlZDV!;jc)KYa@r8!|-#9IhIVMDdUYRk@)r
z^F92$Fq0k*reiW}@Og(CQj{971XG7Pq<VN~Al$Cqwk9`eqobTMaG)ds;c398G4J*p
z4SJk+B~1m=K_V&5h;)%+o*xqSMG4Sz4>qo{?#?}}UjC+*M1(wTV%^1IOFy-n+SMnG
zN&e-a%Z6rE*wvv7n1rW~#|oL*q}jua%eBGYha8T1V=UHCj2%&umQHV*rhZA{*KKwV
ztr*gb)~w0Kgv)chGWJOdiE%VQj!Z0VpDr2_t6v$>QvsC_WkghL?Q;{G+NXk6by>0h
z>!eA>;1CUohoT~WGcI&g3cT}&m(p(KSvqjeUE>ntb0vlV#1M-cA(_B(>?7#}2HCNc
z=HOT`XCue@z(hI=?Y&97JwH*+dK!H9BJ}8Uk$7GF#PkE+e@fMxL+)6dAcdR@<2X1j
zcz@(`wj2pV3FVLLLV+j|Xz0Mml@r_xg!woXCM>tiB2aO0N`AO?Sd|+eYzbX7t8G^5
zE$wC>OVND&5xcDM5)pAtUETT!cJL_7Pukn`LS$*4PYmEah3Xe>H%(bh&ZM!GWvAby
zhN=OMomYJKfqU5T=IG#7V6pEd?VxbS&D(9Ueiiw}eWDROdNNd9DlVmF^+z~vS$W8X
z^HX;T5=DRMB<?-?ci)$qdKH+9KVuVkEizXX0zZ5Ju98)t0U9QKV9}L!oZ|{oCb0(4
zEF&m?%z1ADaRn<dDKsQU9cWnP1pCX|4WWV=$^erM4rUym(P#x=Cw>jvzp1OVR-Cmc
zp2sJo!AkgNIC0-67YvUFcV$peS<n;fUBHS!javyRW}Qxt8ta)wN!ZN3nSo?kAH|Mo
z$O>=+I$~ol$wqP$>9v`t^1*F^xynKj;nuYt;2}*prS<7)t8kO>Tz6gvJ_5I(65*A1
zA9_PzI=#YoH#l*OV}-rRkd2N=KEenyQU1Xm!q@kHwDn=Xxt6j67JOafz|#A~o_~#N
zc?cew?sfg}+TMjQ{k47Caw@2Rlse7W{+odmAdn0)wE=#V-i5r(Q`kT7hzOZAmseE$
zcJ$Ka!hNgsy8T8Sqfji5DRXtN6loB3SMEi1g(M51MuQS~asi#LovA{apI*zq@Q3K-
zk6##JDQWNmQ<E_xiC7*{Dwuik<j;28cXSZ54A83K7M>bbrFwCCf17z_34^jsI|J7r
z1pPx4yZ%$~{&}iJjnQeLp;Q{!fH1%(C`{MiZ6LBJ9t0Z?Cl`=jR2Z1=M-Ct-uPc#E
zVN&0$`EUb%F{B>w{yUl3CE4<<=y9<0ZrE>pZ}fL`tjxktp9}B!L{w1g3Vzurw>pdO
z=tOf9Q$PI<?+k3*(A&~TQpr}h>W&Mi9F4Wo(kR!nDA#9dR$k2>a?Z@{v9aw_UY{m%
z?bxr)BA1a(hhi6|n9!|O(*XTWwb*ivPr`T?TDQ7BeVpsT=nDgsw;yK0FF63#XJ{~d
z{-9B0tiD*Op?qO&XxP{JIiI)p$aqSyY~{d+eX=c=LC{=mpAb94sNA^_xZU)UC68N^
zO;6$4l{O7RiAUI>l6@|Dt6U9M=G+X?^I%RoGhyqsksQ&kVb*6+ae&8)wz3&DQ@x3P
zzMgs>$f2;-Q5YFDZq8Y=ILob#t#h~x1Yn|rdqykRj#zQfO~u%7pw@?>3<$SX&s-)G
zS^=K<*ZqD=tcAd472|X#mV3d`Hevn>f|=%9k^Fx9rI4{t&F$x%w4WXLzNJcPQ2=pi
z>-QV*xw8wnLoKv0A3#t<1fAUmSM71rGSOd+rqjI6Ds36V9aRWVqEc^{l}#K}EE{B<
zSYfsGcS?vy|Ng6af(v|3C2Q3*VK^FLSM7Qdqd98%?C<fs8|rIwIAZ;gMy-oOjnz<r
za)6}n;AGR(K(gP&v^n99@)3t76Lum~66QiuZMItjxH)`9O@Q@mPEldJzH2dxaB@@y
z9Cd7Z&Si=n3Qr+R^@tBg?YhSPJ4FL=1zE5Sf(zK(6l}q)s7y}SM{iKx*l#xa`ke;)
zHnYe+5w<1+jhG@>8plzo*D2>vRL%AF18Qrv(x&eB_h%1p4{lAGH5&FcSm%e2mv>uM
zJhV*fLxG4BDF6^p8kwz;ZgW(Xq}Qs{WHd-fYZM4b8fFMfT1^z;3u+m0tZ_I$TnyCl
zGuj%uI&%3J1ye|wI0~$I7JhVIF}1@NJA#zgzbpM@DPf4)N?J|6>1s&klzLJPNdce8
zKDiXjB3c7lIhUL}ZOdl2i>y92-X-eU!7XT#l+C&oH~=nrH2pu~*#&RhIBoWCs}!nw
zTko9m$KU+e5MSm77fJia?)(M91{`FuGu?DR)hMOs{!ll+8!_lxJ20pi8*P{VawGnM
zP)EXtApKoF-xVT3wugSyonRovf+y3yCg7FGAh(k}>2mOpNHeh^aKQvq6jl}Y0OPOO
zDMm)5ks?6Go7>DaLV!Z{C%&ZeqJ(ZTOf4#Qm6wn(jb2_qsOvLMKo#P#$*A`DuSgPk
zZuepv>0L=<o^`3P?Hdqxhmr#m7#Rn=FN#jpbRFH(uh(J$H6!XH_Rmk+zJ$EAJEm@_
zCSPBO8S%>=l;JluY4P+%@mECL<iZWztqQ~M5DowY+Sn}ipaRSFKttlZgizsw0`C3b
zjGu^tTy=`S(X<~EH#tN*7_mk*m{4{Ea{!WD_O4(}Ch<y{*5T8>uaHlvfpsBKN{WyK
zGL{ZMsewJ<Zbv-I;$UZ>gvRO+;vOfbsBlZ0&F5ho)3$%RES=xY-XQKrjYf8#*1p>a
zT;2eh9;?cc2RND**!1xbGr3%o#)r3Bk5p`2rtXuTRL<PUiZ!xv6-H@7|NN#D_TqX3
z_Ud^Odit99&dnGKCfg}9gsbdY>hfRnLNmlXy6CQ~`pz1F#Q&;GrJn?G;g3-v47BpE
zpn6~C&wLW8Iakhu(TzyH2fZkaPPY8ULf8!;%W5TI<uAUXUA~`c;uGCEA8D<cjq&$@
zZAK%<`VIlspv@wztC97R0E7%1s!b4iSiO`AZZC|kD6}h??Nq{meq*Pr<QCgop1?bk
zdUS!h0gtBOmpsX$^l@I@GRie%@{jY!DRV9~g>&T4eI}3a!w+`H8AF1)9C7vm2vGr8
zbVK6fvc4X&WT45ux!VM#lynDfh(2O)LqG&XPta#eb&-MX#Df|HZB&8GMlV4_;x%Mn
zS@9P4aR}^npCjCXh1^>jU<Z1&!p=XYTHB_}%jK%D1WYSSwoLhDfk>st(qr;DFew`u
zT4^!3L~^%6qH;k+LV{ssxUC$mShoXw-CxW+I-0H8qZ)ru$Kw~e?!ilKbm34Af-4!t
zOORM#r(#beFy6hgdU0;r&@D37{3=PBAm7;Q*K-SLw%h>m4SJM2Q9O0B!%d&})BV%b
zG`IVHw)bwF1nJC-#&?<N=6Cygm$3M@Z=ug%05@fx+5EUWwQtd0z7s{ssSyPzw;c=4
zVhDlt<}OQDr<%O2EQNj4RtZYEhJB#HzuLd(Yux$#K!~j~?lYesfD41!EBsNWI447U
zis-Eh$IY0V_>A@XdqDC6ltHt3oRq$NJn;-OZAsYvUdS;$CWPJ`qTmi~92VYXI=cu>
znxnX<C@XY{OzKyZ-il2zeO^BRf?H9fNpA^Q&#bpmGQJoPV>kwSP___;#6_2!E6r}b
z9gA5jeaFp83wE!w(O+PP%Z%vVl|T3pUZjvSgJXsquJ$`5iBzr_C6(P-dSh*vET-4+
zy!pe3sP4@(nK-JD^w|6i5q?SOfcgA;HT3C;=6>(IWA|patl|%!U62jHYX>yB77jVI
zg*{W5)Q?0JE~EOQD+^VAjs<DR@@O+-Z8|awDlY9YBE9ZDSXr8$2Zi&?wZkE^m)xlv
z5{;$%7_;B9_9byg`rAOXGEB@0nJV1y`2$Bi>ePH)h8A%Qax`h=l23m2`M^UhTn#Ny
z6|oQ`wd7Q$Bj;zQvXDFgIZ-a``Z|2WzU~E61EH*wuCq`HuM?D<p#3GCCyHr){JU}}
zbc{%?oQ=C^LrJW92TN|C5tj|4V^+k^GTaF$F>PDEEY&>6d{%R#cN&b+BsLd_hg5`u
ziby=DW*B3C9)$My?$I-XAWA=h0G+Tp@ufLG{aV(_C`E`uE(~&jW3f7?ANt=j$`Rk{
z>t3J72NO>g=j_G#XFtDjR}`f8B@_K)DJ-!=f_`gxyJe)2MY{OI6c2;hD_6;&?nL0X
z(LZ@*E(J`67U6XMo`~OoeFl~eM3-h$GNNcVeI&?_Rh|+jm{~7HlUg+?=EqU)7WZzB
zw;%1eWfI{Syp|0B1$_(@Yk-6*ziI(&t;=^1!X;0n0{F`_5sQX!#NP`(v&WatK)3Cc
zVGQ!nr9htJB}$=mQKY?E`M|v)961o_7JMH+Vpn)qIE>Y^8>`M#AJ^?W4}1)F3%w<!
ztYm=aXVase;vMWRMaMp(w23%RcaGrx(8n8n<l=&12T%~e+QR>0)t0DGOhUcxo}<1X
zGV+6INCR4BTPakqQ!7quzMtsxcjRXCdjs`=DN7S%!ZV(L>OG*S&-Psg<!=i65<Knk
zV4{cqN6K~VVe76%*F%@-r?ep)Z69YE1cEoETlSnaC&&8lS?}pkGmA7@45T>WbWop3
z;TYI~KaTkTaem-zvNl>0gn2?=rE)6DVbiSpJI|5A&jaMT^6FHXMvs<mf`@FR5Ipmx
zY9D!`-#Qyv_UvSzG9vC?CHRTEOb5*Arig9b7HyXp+e2xBGXC)uf=<fch-Ni0HDELC
zOU%&ofA(I&t%mlD*yPim2Y)!DhE~xBptU&kHX9}a+Jq{uNX0Am4lA($vwP7GYRZQ-
zvN@LgQ^l2RdaDP^(}_3&)fDFLzp5iIRQj85?y=I`Wt>guKBLMue-9|qlsPj%(z_6%
z>zv@uOoyRS|5-z@Ey=-?HTsSoW(gtcI*z|jy;pP4Npvtp7KA@nUVLqfr<o&D(mqoD
z`=M!t<f6GO|DNP*3S}{sV<}=}+fgqDZee2TVEg9ylQ;l}02r-|2f@nC$quYg76E8&
z#cpt7N!TCLgp&y!^cRRL_kd%pO6`#^Q08cDT-xzAz;JWgRwhuWC5|{^c{jO7bxUtM
zB1<U&*rYP`CPC6QF+Bac@3XIGd&r>C4@Prex0n7-3U4$R%!I#UEPYlzo~+&3up%Eo
zPfVrj%PI;fp|B80ShNY=<G8_yP5}1PAMPhYx;p)2E|2X?u$|xDP8C|zJ$OZ;RJ0;K
zEM6vXUHN2jgY;6)+0GdhUeqxZme4Qq56_}Q(h{gEu#@Z$zx@y(xiLOL`RH}7{ZaNE
zSPGq!r;tUz-ApKZ2nF<1?J!bd8YI;;VlyCQ>#&G(?CYjxhmt=G8q11*RRc&n?C@f&
z-MMJqII66xb(cQUqITA9N2!dY%J0D7=w83%_G=z4`GrhAn?{&e!}c)-6fT1Qc+tMm
z^@?2X+$%1dee<F!aD&@H-VUDb`%bYJyca9Ale1D)H{Z!0g9pB(#D&E)amO9$fT1MV
zSZ^HT(JnDAr|LV&^@cX)UkK<bYi%_D6L;v|g%iYs@+0$^TQ!WqFGEj{i4i*}Tm%lP
zuMyZ<b*5IOkJ&2sZgu<+c*IS(``C!RFm(TN_;7b;RiXifJl#>p$eBz%`w{MuLcKRd
zBj3`5Kh-BN<OdA7T4TNVAn&M-`SCl3Cm@YWC#fK&Z9&eromSqHVi|CPqtPK8-w9&4
zQY04!*ipAY>Z!YWKJx|gB>aLdHzGn>M*~V-*o%Y9ZX6$vYvBdoBt~SF=7}?pi`R|8
z*+yX-on^cZ3cS-`t9{ju*Mzl(d14t36FB$t+moRgp-JTH2ug}+=i9JB$U@-eD|yEs
zfr21wUwX7-mcWtPasya#U-&CqZlhCWyRGWMYRK0jH5^m?GO^bLYM@Hd%6yK3bJwTL
zP)P7R5L1jqadGv1Ges#5I|9!K-SfoDK5>fhxp6m!Y2C<we%z=;bB3VMK2DA(1(BD+
z`p|q8ww^5n;~UQ3Nz0%UGTu0%;2~9==AnE$Ga7+Sb0szpV+HW!i^6(q;G*HR4UCf_
zv4`%!^A-IHE9{O#C=|J9$oT*<0FU?1zmN7^izN54fELIQYy1JiJ+os=6{_f8y*u=J
z8@BKx>#pM&yZbdQyijt_S<j)>p8r<%^)Jur%n%e+J(?+~-|*$MH;TJMaAW+1_X^MY
z#b*tt<xcQMCjnsm`#i(9AiQd0B{0qU50C)Ppe$)Y1S`Q@N=%Rq<n|)Q&^~gsNI7uZ
zH<KFnj_kS10`+sqGJ?T5yzesfw;foA72(cWSss#a0tCly2pQ9UomrKMB-~b-(T3Yk
zOQ0GJEemUCA7wc3AY1)=#(ti+7gH`QRW`GD3CA40jVS;@gC3s_4|m@>P2HXx1NxF{
zeT8jZg=26u+p^xi*z;2|FE=m)&cqDSROTq+M5}0RKWbDai1|O@c9qmZGYk+0g<oa-
zk*Z1>H>6>HS%ekuisclJw4bzenzW9zbO|9s4uk%uPWS$`XU7IdSdO9>V%-rH*r#Q~
z6p3D98HoV1a*#K*4810-URd)GeUuC+j@Tc+(2baWs=KN#TfwkhKrMz3a7)c*3k{Kq
zKd}&}Ax}|SWcYKmMJ<fg%5lGv4lJ%zmu=>6YXtqG@yr(%Dvk&Z!RS!R6wKz8oPb$G
zXI}!raX{3Isd39bh#`f|b9&JZGXTFs{JHIpIm8I)X{$?#D^j3BT+foek|$TJf!TxQ
zs9a4hy~!-jQ}XvMx6Xd-?LKJ{E3=?Og0dM@gXPm53MrEhPhE$oKwu7=xa>HJ9L`3j
zOVDtgQ-fS2I3Y>0>Zkf;Pbi#FJl}_yRo)E6`p7@^T~T{c?7OO?fKlTGtNp=~>IEVS
zGl(yMJXb7Qdt-ozUSm~|i@!*iMvd80=rtH&$KrLumDFa--t@2t*I(kTd=X>MpW+md
zbtc|R?q5B~p0bYJn~N(axrH5P(s()zrIcDlVu%8O;To)_!qdLz=ecS;T2M$6g#1Q&
zIWJatsnU&2y^tFrcF}~T{0TW0>Q+bXQMV3ob)kf0M;}-!?f6mDMe)<D1LD5da7U$w
z&_1Vj1hKoWTV6-l;ayv#a2?cYS7RTBXhL_nL>z-Rrl2;~ldFi3VO`jq65J`8w9_3{
zVH^39JifA)qK4{<>hfSCffK0BC!bvG_|Rybh41=c_k%;sDu)$S&C4oTc<vO0_D3av
zu*OU6A$-g2#0bmHoOBjH;8*g5{#p&2Qpp4R#RMkvVjtfob%wNy4gBUTi{}RjI(qw3
z2J)kHy!HvY!=$8>r&-?gJIPo9A!|VjeAf}VNKpQIdG2QHa6Q+EPo|kEW=;IKmnVvs
zP!eTP{cxhZ)M_Fn*|Lf18XJbU@Jks0E$DX4GEJmdLjFn0SOzsD;mUB<uitHW$puZ6
zR)PeGp#kc>gd*F)^9Yk9@pJq#iC>+d;@?DukWR1>y#8mex?d`$BD*N4NWgHCe}&2h
zEg}b@%!Vx~^fCR1tv5Bs1GUz1lgSDDmm$nA)D!v;&P>;j;Kaq<QRN}<Cjc!5vs{~<
z%6IX}YcwS!_#xB0$E_6M)F?>br=v49!Hyiuc5F*`hmZ=}(&>?)W}a(k@}zxMmT?a^
zj!YyMRPtKWK*!HRv%u`><8QR4iO1R+_w97-avMSO?obPJH?bqDPc73+vB)Tvo9Q!*
z=0ViVW1mxee_L&r4=)avzyak?p7#2(xinM9EHkgWOQQC=+xdXnAtyhUJ6*!~W0j_%
zoydr`RgTad>^Ss`7z&qSZl$utQoB~<!XH6yPJg$*aaUnt69MI`N6|p#<p#%9#i`1Q
zmSzN&z~skE$-9HP-SNWt^B`B)Sb{0kw3IsnZEa^a=9P5KL`msz0|05QRjn8hwY-YW
z1!&R?g*}a5*$l0uuz!$0hcZ@0pfHc3NVVKjLOn(>#oNIk4g4rq=@a5F4Lsf$i{@@z
zT0``Md~?+=hhgtZLfe(w`~;WKL=y500aLz1ADHelT?<_0Zy^vxIVu^`oEVmaKzGsM
zoH6Z91;Ycn$5^}pLjd_T_!8FvvmLK3wf!jG@@j+&PE8&i`Xp*Dcdzs3Hu!;>Vtvq~
zn>;R|q<m)I&$YJGxv2|H1v<=NCw}z>?YdAmC+lQns-Hj5(v<w7a<Q&+45m^RdYImz
zA)#hkusR60Vu_-=mC7g-ztPI3`sWj1T#M@B06~A*&8jBh%>Y0F7Vt5RD4y!WYU;fh
zO8I(fhleje!4%w}DX68W%>$vlD{Taou2a`alr>fa#M&v$Xa4}r0N;?8*QBNV7zRA6
zQTRf;+$@?W=Z<XYOAS5n^}jNia>F#-iJ(Xqd;od5(7uQ%qx!A=t9%VXA%9s<(XpBu
zfuW&J5HfR^Fd%gsYmIayFCsTbc-hE?g?n8dPRT6HxHzlM8gAazRDIbEUBsbm#JAGA
z_vib_h%~cI_Tucbo71E%3KAxSwbLjtx@H2lRU=oo<}$9_IsWihyFu-hEliMaHPw&!
z)6Oy*V}ssV6b;2AXq<FIc&t62F5DF^MA+0I;pvuwZh*uINGw0CGuFz&aVoa`?A^oA
z#hW<4A|h>lmvh*YOM$;;2OHU?-;1Fz1EIUnk1#&yxe(4U5zB_A6FmrtyXIC)&L=(F
z%`Pa}dfkFAZUTuVTq7(P`*^@AumEAb?|6Gaht^rA8-1k%d%%5+xSMNh`*x3CTQ$rz
zE7{=vFCgZDkm)e^Mz%8*aU4yYM|LK+Ztt&cGn6)7)^^8Srb124AIOZTOz#|te-fFQ
zGkkNr7qfk0eTGo_(>+B2doerkPn+!BdK}M4Niz8BiZP8#-%1IlG6K)r@8vzGIP3)H
zm482Mx-OXRybIADLmBczMMJ@J9|9z^OSoLR0WSV#C(Qei^l?O!c|MxRCRQe|C>H0_
zDYMCVXp0cXiNC9r@li~g=H2hUA1R25t(5$dq>9JxA%rXI$#!NQ_$8<3eXevB3W~c%
z>MWG1$uuZ^aSbAOg%gnOLf)ebqbJKy@R-dw^A}F=6Ea4)*6M$iy8&ah;UU<V**JmO
z+QNWhEgkzWJY~51OambjBp>T2oNd7R(KK7ac5^tjX|bSM1;fONoTWrEq^OFz=B;_u
z;1saQ#+7KCWg8WOI7kx4c6^t8?PGpN<e5gI@HY*xa5*S?KK2Hyq>%7JwN;QhF?PY3
zh@4Ux@s$aPDJ3xzP+7EPbNBc(IHYo=E&_a=`SrRpgE8JFfikIU<l!t)INC&%(=T*S
zZ!a_U+0U0446$-_%}yM*G_m|88oa5U2i8i0srJ-Jv#i<7s{!N@TC=+28aY0~V6yvH
zSs){Z$$Vj{-uih7N_RMdMP{i1G<U`4Mzro(Ta?2}D^D;bQvSMF6->XT-<*AAwE$>3
zQO9>f7bz(BG!)!${E@mMOM!8f!?x}^XIPjso6wE~&z#{^#{=KG4gry+zJHRuYvGk+
zBUr2BI@Ev8Yb4#Ka21Fn50j!<=+GdEHq;2L<9kX2aoz;d@b@$sbl!bjeH&Uequ&FC
zqIJK}6w3$NbBRT7N3Pf3BT{HyoPfBV)KX%!%nXAm^T|&CPS%-*FW%&gBO5-LWzvHC
zW_QWw_Th49>Td7#>`&Hjc;u1%nt(Pd@fadCeKe3v1)JV8AJ@r=hf#7Y!?=1X*+e5j
zxk_R~EVnnpR^6e4Z^;CK;1L)>Hgo3LJItruXY)Rz8&lL}!hs*;%_WV*?tn^LHYe_c
zk#tP=X?_Lb64;`^(7JEqU*5lW9m3RF;X&NBlu~J0Q9nG2QA>Q)axT3$)O4pj@2-W0
zT5TYh@D}X`Ve<VDU|N>Mm|4z;P;dQaV7w!8eVWZff68%CugsaFf}+8EPdhTziBbMx
zeDOdkD6Epo`i500C#nFLGXltH?4l8@ae-uZ3U{=xS3p!(XnT$}(A(cvK;W(4maN%Y
zaUUU!-SOFoMa*m8U^zU9aa$xB#${nt?MC8+^?vV`JJ1p+?v^cTs8B_7Ei%Nc`@6+c
zECii?$!!=gfNu$^9;HW(?W4>BPbymlhF^(7#XsZ9o?_?GhLti3g$a<2wv8?Ez(t5<
zoxAJwU;SAib?!qo5IAy(-!CN!)vg}$h6^e#WXca4gA3u2%3=aGfI%&KbgBj^k(8`+
zX{O~X_R!5IO2ahQC2bHoNTUaZ8e4Wa@#BHDH(`@5n;fo84{Y2APYgstBuj0>++SqK
zJAfg2<{sXmeyPvFunGXtcuZvux>rcu%xwWxykin4KDIgqhLTLE#uF|(#FZr3LdA3c
z^tS2N-V0W&aAg7z3Y5Ao<|CPh4zCy2<8h_AWjT$2BQZWh`F@ax6c&Sw03)F~kNeVz
z`=|5@L5iCG*?9W|U;cr;6$ermAwi($^>$Bv4zEvY#7HbarXAqr>&nxkT|lfR;(zuw
zFk{a&ZP1<0BoVR)MI;ZVX-cU7*Xe%haIYoverWIL;qt}!@5cE{X6DN!Os(*CB%guO
zdiMPtOme+4$2t1Zjqh9zqGXY9Cst|jKme5Kqmq6>g=*4#<4ybuZpD{f{dNU~C(Wmo
zwr0C6J8W$ls19KDLa%DrZtV#$#Q+w4MUfw46@OB86zQ8pW2y#MYp~m=VNKB$kcCj-
zA!Og3D#T_i?~S91J>Vx+tvwkfg2jr#;Wha(>SGaun$PLl@Yb0XGk5MvjU2&Rzm~VX
zp!6Bd4F4VC1kQidKSTEQ{d7}UyF_f90FNimlQMqi^axM{en2s*pL2R+Ez})w5!S6d
zI?=OT-pwkXE00&9PTPjBbm6jX>Fh5A524X-uO=@{??v>Gz2Cgfb)rJ5+K4#?%6Zo;
ztT^b&pnXyu!x=yeezEKHmfu$3d@M@qR-ON+8A>8`s}e)SkT>o*-x-8KQyN;sq2!8r
zC&h@5ngL+-t@`vVe9mcg3;2sFQ*oS9Tj4M>SjoI=JMa+hjVapjR7o0B_Itd*w{P4M
zl&)M&4t)U(Ul~FY=06#N3+BHWg8rGf5QTqr0c(-z7gNGwmR~)RF@UR$c*=vzy(iR5
z@)yM}JoDGOV}ep14v34nz(?SVGqbXVr%^G$Z>$9jcZ?K{)a0iy*f^rClhXb7Ed+K5
zNOpJWH;?U1IbJMG)&|kQmr28uWh24gd?pI`KF2<$H@o7KJU$fpb9Nw2H<gYMHKvR)
zmas$mrQq2Eb~y888X4d&>Z~MT1pVFyH+M!hQ~|m}{GR;xJr-033Qg&YyPoCrQya$s
z(S0Ec#Km7kUN$WV`9iOD+u@CY1q-0;f$=S0P)YEX9YTe$*LJ0>ESVl1HkE0vS^>?J
z2Z4k%oftF87gW+{Y^ZZEk~4J<owhWqqqc{5p=NQ2-k-EF#d{~abtx!We=-tNbljiE
z8!>Bvq2#@|ahk5`$77JHws1tFtYr^)^rw=NoDWuB)?}fE)tDFSm&Z|iL>SUn6sQ>V
z0p$HwvpQ%s!1$GA#XL`lu&zKrIR=}35Fbec13RSFs}B`;$UFjyK+Ilu=vI|Oi=-AP
zG%N?ns$5s>B$R@%I(}W*{sonA8-m9`f`iV}A(klz0z~G$(vH|5W?veAuS5cT7K?|3
zNQ2pHw?RhX64u2<AvasjVsJQkQGD1VI|LpVi*SM-V>)P}M6Ol&9dlbmGSvIiW6rqp
z*i`hR;TRLf>+F*(fiYG09oZa?XDpy(X^|zM7I!RM{U<|S(u(GGAc{<B$DUvF&`xbU
ztFgfbwGTHh!D3WM!l5h^w*ml3K~W}1NMJMpeLL-PrnF(eWB&;>f9e}V?}G30*-d-*
zNG<mBH$oEWS;ksENg=33wes*6)L{;aGXnkN_imJZ2`q4qCn}t33e>v=>>5oH>?!%8
z7dX7{y-qs91t|th@zIGkNM3;yiU*`T`B)<Dr0NewFw!Et6q*`uA!UFOTI@!@$xgxP
znlbC)z8o}3vB#xX?sfXd+L<!BOM3J;HXKI&0qa7Uq~0r^Wpw-CeLq>yJ%*71>tNoq
z%*)TGzxhvqEBj`E*VEstLt_6?#XahzKdeGUYgBSiS2uWLA)s<dj(Td>ukf7^aX3iS
zFh83vKLb}F8v!qp=r4eDW4?S2GWG*xpANc%?BFxVrcohmTIqyEy&H9a^$$}y?tYjR
z&=!_7pU~0z|8ONGuV})!l^h`HGzdYwQn1%M+!h(utHt7(&08EyW(_6lE9LQtVsHa#
zFVosP%8hLI!fe(?Q4)(&<-Lz}3V}p7LV2?fvshkTjJXPc@)YlXU23FYRPu8Y4n6D}
ze4t4)Lt#O;6!QPR{prJ4t6@oLejp0=OA&Eiow%xn>TuJ<BbvAwnf6kLzl?>5rL%Qx
zvPtn}Mta@#wAgKJsHN%{-!uFBF!X}o=;Q16@X-%KD*$N<K!n>qomDNxwqwUR)9f8J
z0=H?{z69ir<S%urS2Oc=2`Dk-b#!?VNGJ3y{R5RK7Z7|wB^+N+N#8m4e%}^+-oH@E
zbMqM5p~R+*eoW6-nfjKG_sltTqs5b!J_q3CjrW-Mx1{i+G9RCRqXUTR{@yd2I-kC}
z7UkJL9yP5st=ZeU=WlSt?k28Oq>R71#Q{u98z>9pjrgB8mwSICHSXNe+`ga^(>`re
zOuMu4&hvPFc>DFWZE3&Up8eAwCn^>8kloHG;sR{_MvEO;eXo7>fbmZf3q$)=G&p#P
zcWMF-n={t~f!3fqhl9HR%amL|{4>ku`C>{^?r6W5l6FtvKTJt@lbIJ@+Ub*m*r0yp
zc)PJIXB_C%DFw^{!lT|<$GN|gVC?8(NUSuAvwnoC%{8dpUtBP@(?tpv3olv1uSqr&
z)o0)rQ^MhgE&0DD*;a5I|BZ=%t-Esr*Yce~xq)&8-#~eQjs;eftY5&1GMs<_9FwTM
zor|fRi!;f;PXGUY_NDdjHUMn@hW<mA|L@R$oMQf;P#$1H;s00lUz4~08Op}?Z|FaJ
z4g4=vw*Rfl#s#b^@&n~=U@lew11eNd5&px;D8sR`{pa+b7TbSXU%|i%Qg}U*uO7MD
zxsb3h1NSO;!M^%#Sbz`wUWo<41;_FwSj7Ow$_m`6Vn$>AAI!WmD<>T5S4L7L493O^
zWUeFuQdbcG^Q(UVqpA>ryp_Db-&Kf^{~d(?-&%~Q|38iY`dYYJ?7!m}fO*xDU|&DL
zQil%YuO$cN0s`9cfIhXOP%6q=DoV0I>AH0|W)cqO{~SQpdJ9lyV0L{qP__XFjFSxr
z+D!1ziMUxF4UUb6$<fu`#nj2t+`<Kpg^e3{-oOYYsih(!rQJZ>hzSZ*XhQ)SHbDb>
zny|m#;{g4d0>HkWzWgh~{w1OfWUj*iCe+}Aawawtf^q_hnni&~wRk{}W=tprIcZgC
zX&|t<9;na)5A<(?Z_sOT1q0*c{6_$2;fK)h-iG+q=K7By*O#Cu(590BI9>@4q#Ysz
z)^<*ya&Y}~lfFjSe~l)NhUl&i=>P7n+|UpZW7rZHJWLO48rA}$jR>G}{5#VA#}z=M
z5l+C@@D&jFuYD>!va&raHB~e^9%D(pueF=tVkpZZ*0rmb>$ID+e`F~oc%osL<{YD-
zB?_TQs-uwv(+KtR&5(qnyY_mPxr%H^U;c6P+D?(TUJ##osLnh7^ET~SbHCrQ1D)CQ
zgm-o9_w~Yxs?8Lu)vThq+MVl*m;mUS6vhp$=A<$=Xia8GP3k_%7k#R*mh3PG(m<s3
zL#bTQ9#6tInD?9aTG#X?ody#|HQDuO+!`Zm)U>2B`kMc+(bX35u+W_ET%yycPRCB-
zygnS|E8Q8qnN9Pw-xX92EHvIP2r@}T3jG01K{cJJ>7HZlVBxe_7yS7K003qlKe+^j
zQ5ZLjJ6lFxFT(F#Be&CQ=^WkXa}K&_-jw4mu_1X%2?a?69GRaL!(}YetXp-0y^DUR
zHm<Zk!2k9D>_bOk^<0*EACJ}_2GFUO)XYn(%WRugYw^aBV4;MCBM#yR!`}+rQaYxs
zO45_-Mzp|i8KdsX(^K+=w*X)jjA3`h=_xuRE(dvok?VpqC7#jb2c7!kR;8*)+)(Kv
zwgzd9k?T@DQdfUekv^hZ!<z5$?}0eRYbxBp2=q~2gs%+}hzQLN(hdGJMn{#CrQk$g
z2ww@W9&|B=+ErLZ$J>M16@oyiK@WgPO_QqqT6-^fUNGE4rE^OhC<63KJ+1MsX<SHl
z{OqXV>CRF)@TpJtN=;PhnHO*Y{WzwRui?w4_e{RG+O0HE$tppR%jR8Tei&}#U&t`<
zKIB-kHjs7CygiC$ebaiZLwZE|9=5w8s!x3M-GOPEkD1N(=(^!|?h^Mok3HK=uEwbM
zIQCuki^2Eq-IG0!ekH)E=E>@J@3V{jhU$h5^W4mRW-8-pCg+vOn9R42O@PQiV;zcN
z$nUO6A3E#Fg?>b4YPbO+GJfZ%ROtfr{rZm+2CeqoP^Q3ctZ}BM*1A>23=J{@{~Cw9
z^b0+00`q8SWdTVPb5AQvRQkMOHbYWu<yz4BvH-T2F;MkT?*zcZ7>o;^k;Y`Ok=gu6
zygt}>i&cqi9yPU1xRVABCGQaGwD}9*S7GEVnn%Cv%h6a=leuM@gfF&-<wgSa?cc4y
z(xflzX1G*usb}MH3+B^EkS)W+XSjse`SwvZAE%QD^ccDR5l14Oe(`j&yTB4z*hGJ^
z1T4ZxZpmI=w?n|r{U9(e61nOqP+c!5)?64{e6czUZcH!%rG6HVNIQg2eMZCF+k77=
z!;mENs})2QyrHex8KfHy`@Z|f{d(ubw}4>e`FYIUbsLhEaT}1V2F0A0#Qs9jQNrc>
z9UX`5YO3YE%(iz+6FMO(HmjzvETu9cUt;A3f^G)l%pm}w5;l#C&Z#4|bO(oMGbyyf
z9V7?Bm4;ihYon$@09&5HCi)tV9<fGejZJM)eQimi+jCp<_@?7L>UuSvhz?{~a&Y$v
z-Bp~S&=P4rVRu)SDzQs1sz*^4cMe86R#Fr8Y`3yX6w2eOFiUae_!QI1!?_2NplI`M
z%9GWP+A+Y}sxm`NVX=jwI#(@TPiV10Lw*3yxOjs)gE$!b@rL*;(fa2NK8DEe$m`kj
z{%Fms(d1$aMl$e68-7&f1t3{8p==MdKuHgAtDnJ*L4d#ek2Mp!X2ZeAQDIw8EJ=t+
zn{<)D-$FEejX0E}6RL-K;mGvGkPNT7iZGEbjgWw*$TGGJ<x>R<fvk{CPYd2+UoJLh
zQ_kVz$Pn%78R~hYg;`)=l+kz-(|N_Tf+78-x!<Xg(OumL%y3jDERct$h?YVx1&%df
zkYwzh;fdx38o&3o4E%~08KMTn0xc$1L?8qFgXFk0K%oY1p0=6yGD08udAfJXt8wDP
zW)ZLgvOec<-4Y)P&xBl(b%NR`mSMv1W)q%ofm3Z^RHD}eU<U){&NxwziO%Vk{UT{O
z`x&yH$*wET6HfNM0+Y&oK%*zX&4Dzl`@WLGE+FD6px;Qk_(>9W!U6k!fd<G(oSS3E
zM*AMJZ-jA^M5n9TI6%{yWqHJ@cZTEP;Rb;B65rX0p?tC1+Pz+%BTpL^njPXhH)bIg
zrLz0edBZLCbD=E$XI9!a&(W<FEvD`6V#1-IJG;oZ(13@N&-L>)0jzUOMSwhkPTKeM
z8D6cPSXT0%brWX&@@VrrEz9Src6z7paPKhPv7UQwj!!?rmjaH!@YJG4OUDDNQj-8%
zj6hqph1uk`F<VA@?w6sdKR0ZFR773YpkyE!1dUg|fa|n@dJca9#sP>%mJ2+#!T_~<
zf|9t}UG95Ot~|zd7Xk&FPbA~Q5R2i<rENsLD&7SqF%Q3%#y{C>jX2{nG;zkoN((>O
zww0U+&3V0sAtTmsBPS0UVYD#9!5jf0<td{jNtruHh*W^*o%{1CRBx)Cy8g<p*~OvP
z73$0vB){GmijN~`@;t6a7lM~i;Y#o=b_fR^jslv5WShLoeDa8-E~ez_g;@(8SrS*d
zwl+ln&;}Mpyvjx!4n3KpUM}u^M6$bpc5cz0fzV*HAE7SLlvE2+azQh7C)I$KdZM`6
zdoz*Z^vyyArX}5cBi1FSJ6+LkscLGpG>V}!G@+HW34Cpps@)M|p!+k-r*Qd$-B`YI
z3%hKXa+Sl7|1XYWXt;!cd5?0{X(!n><j>r16#XuYzga1^$y4llb@aLGOoQ@;e+=+^
zPNcXiuRmejF<50ORAX6132Or?e1!&ZTH{}3btoD9h?xd8RL80&*R9^}S9U|a8<<hA
z`*}BQxKqDTEoq$*U@C%!=;x%W#wVr1oXGvs=iStf1zb@PL|P~?C_pH^_l{~_>lx`4
zN(H(!)(5j=9i81q5OhWf)s?JE*sA&JHM>3n@kO7eDVmASP{{VoY}x=tP>c88ndi`q
zT;f#~%~BDKVK0SYOJGuFzvC`gh@YXcF^duu79q7>8Q8tzBKa^{2&;7<q&#jqLhWB?
z;9jSHm-WCi1~?b|nk`AIe_juA;Yf!R<ryoY<zV;*NiEb)I)!8S$OO~7c|Ty>2t(-G
z;df4fy?d!A2sI$J0}lcyZFy>3V2+<Rprh^1l2HhniWD}JhCe4Nu>;*7^M#-PnLnI|
zMWByONc1g*PK{I2$ptSc^e>7Y$qENyms4}4S*=>UQW8OKPCCLfY2qus$m$2%L&0Ot
zX&9mUGI8O}JoN@EI;YNP^-I0+r7s>-pUf!y2(`-J00xOEtg}M^%)ZDe5e60#ew`#|
zRGE=lzDP@qM9vAC`T&5974<Yi%Vv#ha8*Z(IIdUkTiW;IR;zi98v5Csl3iqrrnL4P
zl`0Sc_CzHTb%x~e{lvnbbN&LTYi`Ogxdkmni<VVm-v#jwl`^M21Wzs)D{HX-JUA|^
zv}HIi#}?cdzr(%)6sQF`tSX<6=?|c~8ddLSo1H%j6Zg!aI(wYS&hC5Ywz1NE^kQuR
z%5)85<Hma|t&-HFI!=>tBw%ncWIA;?nD<yBzzX(KjI`&xg3(pGys1$g5m(FT$N;Wg
zjKzV4N(5<9tiMWli?0{DF`x(FCJ}Au-AKfDc-KexnFyQ!W0{V$&t80&{uj}8X_dI}
zcU3j^fMrKop%gSGHOxg?$jHY(^&Uba6jVcm=P^WqgH3M^q4A`*EV3mE_qKNXhoRSd
zh%#lIruk^$0b<G2aXKMr9_NOM9v~o!{m^RS!wV9fTSBl)>3Z}HUPn@LurGVbqj4=b
zDQ4JKaKfYjVpS~6#^b$~N69iPxqyOk{Ar2p`^Z8#);nP$YHG$`BM+iuZ%|`XeO^td
zH!&nLs>|SzHwK-Nz)(Iq{lJXjR%*r$B$iIRH<_88Jq5=-R%m<YA?0*!uoH4q%N`Uj
zB}2t6>T;<oZYxL7KlQfV(^4sm85z>nYQH!YtTC(rvg=@mMdvydUen7X9xzDC7HfTt
zlZAa_<?{|G0nV#!f;ZX#`@<cM0MQ6@eQ~Sn3r<C?&EFwmvv5_@b5@>_^ul<l$zUh7
ztIYyNjKv-6+mHsQ9~;Ger`%wbweam3D)BKf!cNMK9bD@X%Xd30(obcxQ1y_m#*CFw
zKVL5aOs({Q1k_6`E9aal$+!5>u(I~?ZEOVlzYf@v2jEhnv=Wt2PRzTbq4Y_q^4hI;
zKgdI%h+IM#-R+YxH>dV>;t^>x1$|d01E<(_QQ2@Il_v^b=gwy{pAh8h7P&HX9(>re
z8S*pOLug4LS+$%*lC&vgCM2h5kEANtWZ2sP1!ktWzc!8%-zf=Ww;UrPtiVihr~Yo|
zb9sh~;THs9jE56+Lol+du-tW`nfOUr7T?hLT;j7cX%uUKQ#2=xU%*U>g*G$S{5JGu
z2UF?!Ibdo+?6CAoVyRnV03}En1(ZKLN5})2<u92u>Az*AwIbhB8O09)?%+GTrr2Wx
z2>A$(fV4M_=K@<StBRE<YH->G6>dR<?8a}G+dG(wYFtX_9qGAM&1awr8>`!Y?cud}
zU7_rb$>aaR#}0q9<LnCCteRo9;I*L4m=~m`@l5130vJoAS#yIL+v4)#o7-rac{Qsi
z7h*69$AkyIRLox}<2TVw4h!&yQb|e!mP}J8;0NQywDldc<TFbxZfM{^(c*Jl6bUG#
zBvGa6BF*;t6U}5N<e*&&B$H6)vS!`gcgS=-l)^7(c_|pgLpY$iW6qv%<-b+BrA^WM
z)3y2WilXa*cJ;rYOMZCW{w^h?h};n|@^ccF4QYkDIj3b<N_ET8KR(aK!z2F#fQ{Zl
z<eU$GbK&`!dq!h@g|eujgO~AZcHwW<YhqrNUkMogs(~%{O9Hi@ZrnUBKlDrF=uCao
zfmfA*4E5AI!Yvd&m1!EVEm3-kiM=5_ux-DTr<k0b<%xS=0DW-lPyOcA=oIymtYq6?
zKgY2kzUU%&3uA&z%}H+uPA&#6fNi>JGkaJZ1bLP5@1wLi1y!Vs$#N2S0Y(mkl?6p1
zvWe%7)e*U-1e{cg5h(Q!=d?&uJ<h?Y*$N>}`Hsl~P*P{~Ot{ZK4lnwdBlNR}py+wL
za*-sY+ES1$gP3cR*i8ga67aL<$SXpR#f;~toV$LsT+obo2YJOBZ9?Tq0GflnMGtX=
zycJI$uu{>E24rFb?)__;!8ZC9v-RHkmVgJlPkQLNv{XdK^ze5vJu=S8(z%sI?o?FA
zSuE5wXz2#8_tRVOPpl@MB)KYPyF*zH%jc$|_wu>Wn7wZ}3t;6)SocV}GY=b1>}G-v
zkU#KE7)xDgbl6ucJz^%?0mT-w77<t6%BPS%{s3)<R)As_`l`^kzK^E(*S~X^l35se
zR5yfnbHL_l>m9tZ2nH=S(mldSfJ^OqZPzM-6z99O4L^2UKF=x!1iiJEW1kxL!TVAK
zQyui50A~kqjGLOY<13BeY2xa0O}G=q4p8R!WmM0;7EfHE8ZhiNz%PuNNeD*~Wo1oG
zp$sZ+Ffdw?%r0m$Kd5*_34A|3&y1@pUL9A|S*EJJKrD}{fCqR^%oSU$KX`7K8uW5{
zY7~)aaKc(Xbp-@(gOQPEvAyl0)B28}xBbulRf?AqUZMx)CrIUM74f`l>qls8O?@Ox
zU~v{6(DH@)+(Y9;0FPh5hXrccmNjqsCgcX$^!8Ncipk9apT1GKR<VsD7h<(inw8~%
z(w%|+?u<$X!j)cI2jz9l6^~AU+yJX=vXf1HR_lX=34fOF*5?!jqd>TH^4TA$Kv<qu
z1pCGQ@T*QJ^#T4g0p0ChGcp{a7H_s>u%b{^6DLrnZe~toK<d)rMwUAF3gmVK$}m+)
z(f9$++I!N^WCHBj1G1N~MMC{sRFdFF0;KodIbb_5DDc<O9o8)5ueT?=3Gq#zoG^ho
zh;jd>rmpV1ZzBbBLGrUEcE9XxnOlOK^OW=$Z1WSGHWM~Vd<woJpVa8Ei6Gna1aMdC
z;lEYN9p$j~1Nfd9o}@+Jgq*Xv+hq-5>EJ*{EL&D<zd;AueUNx45t->5^5X<RJDL?|
zwh>V_DZQ~Eew1woGTJ!sq<EZ!gXotmhB9l3q<DW9oTi*_`_BJJ=wcwethDPvo}%iS
zQi%plJuXW)JwZFabFH>G7Ep3WB$Qi?xJ4t@oit3N0=TLeW(rYi?f|1>TOY$C48i5L
zGKr$!G!(TmlEsG$eBnD$^xh?ShCZ1%iMB_$($i=m_))ARCNN3+Uejwv+g#ybm`Q2%
zvu<kbO)>QkGrHb>Z_`05@qN~YqUtQTIRc^H5zvWVm7E)mxJ0|6&QrJZaklIOIQJxB
z#^V!=4-g4S-^?s!U!x3AZ3eA&IF_u9#W;_04e>W%o6C`;o@$mIx*}NLb++JYPQ*`5
z!oXKa-keocTUt$1#SG%@K`tg7Q-^v8)wvY(Ln;=Waq<Xr97s<Q`93K%oiZ`lfGLzk
z$CyW`Eh8!dM`lJ09<UdlR$JC+(hF~M;U4712zXLJAgV#+G(9Nxhw!SINw};;(hXkl
zfsp!%4!5tGfHaMz=UDFPhDtrtOnobx`0IDo)mr@DyVIK7wr#P_w|>afxQC#qKSRLm
z6@_e!kY@OdZ!-H6x(;E%ak0khdG~|2pDd2=_W97x!Ihi@k_gid4P)jx(^Xs>v3j;>
z`+(JMi2w#3*gMr^kqn9<Oj#ogjS@8(xmF8`;t1fk4j|*>Q_}J>Jg;`eRbXl3z|3zG
zoxg<Kt#YP*d}DzU7h#<Yn}}_=L)`f3f$$htJG4V;;o>Xtw5{oEele=~Q(1WRc=fas
zq{XF7(Z})YP3e)YoHYCo^YipA^#b@t_yF^M1h(`FUb9|-av*Xx4L363xElUqD1l!<
ze;%0CcQzFY^l)<KVOc1=0{W5ZLep8`iYBtTP{(V1CY}u-R=V8IR*7>IBt0E>9)TTO
zZlC46+~xyTOSYsknAmpTCt|v&K~F!8^*wl>CTW?CYD7wa^w$T1iRs68xX&~5IDqFW
zT#%R;Qsq?nE0?9JT)-Fd<>->N{kN>T7xsC1Fk9YQ$t@6{-G_N@%E$QJ?7P_FLaOgH
z1Dx%f3-~62R^0lv8@!c#22?LIq72Q4y?AkMhCWK#!wjn1p)55Qa2m=p|1t4$nMCJ0
zn~2Q4Uum*5(q-uTMS(V4@!$Si4}kPJX)@91aAuR?iAPY?@weHvN9ztGDQ4jB_CI8{
z$cP&>c}&#oc-EC~;~St`2AH92Tp9DNv<G&aA9AcJc0$@EZBhe#73DR>d+d2k8iUo?
z1&Y%91<FL~yQ#)gs+|I?3U*LiJ~(21V^qKF1TF{xtD^C4Je|M6A^cmT9{_KsKfV@_
zXucMZ)~~)t8Em>Pr_X-`Q|HdNno4dt-aao#*%4-1nSQkW4*e>LK3>9fLV;FRbBxqv
z2mc5P^SI$P6_*d7OwH9QulFZYRMGS3bL%q0R7!0MNw>w<;kr4>cl$%hCa#sh?})6S
zmH`mJ?kPZ3I$k<zoHm^`=>)`>Q`TLt!>mNxAEb>P&)QT4+dSu+){g!$%AbNU(@KX%
z){186-6uZ{#7Z`Q_+6KzJAZ4$9^o_6bGS)nw7LqmkzLzpWTPGQQ9Qy++`k&PNj&3(
z6Y7gF^l>Vp!_+Dx=-hsXW!%+cekdR_X-@}%WI($7nv|v&YcIGKgb#S98E66EA_)eS
z_<fV~2EO%HQew2uy@7!}+TId*`Bm0GjpGIk+^iX0o#oGhIz$kCU-I6!GuZhRbUWe>
zZ72*dzmU5)gGwjV6%FYYv#0g8X@|o*rBxDFE}&+R(rvFWjsRiEdFhFk|B3Ub8-|dn
z-*@#@q95;yY#xq~rw5>?E5g|aGHt|)2kC&4Ym?&<Ue7P<76u%}I2aXfd?Wq|5xIwu
zP|X|(PI%jTnZNefOO^mabX2nb+nJp1HY;t$DY_A<UMp9G6MxzWtZfb!Hi4xHHfG9|
zLvHHUbxtJs;_t}kO&G29YmFlO+T*i~))RdgKj8lq_SI2w{#v`mik0H-Rvg9{7__)s
zky4!EPO;*HI}|Cd#fn>TDNfPiP~6?66z9_OoqN91{_a{gf6YAa&fYsu-ek?1Bu}!g
z=0D6{m-)eq&#x-Vd`5ED?R~`*#p4Uc%_nwFQJx!K3s8;>arVA8k?09>4M1y3V$un&
zZ)GaC@dUygu@oDyDDA!^nVP<MuTz&e8q+&^*iHRo3P63=@7L5c(+cKqc(0|T+sT%J
zx%V7RP9Eb!37#|Qna#k)4#Ei1Y^|2KHM1TT+&mmUoV;c2`ZO`f=IbartyJ1n00-hW
zp^x5?&gn*nUTfpyH3O@l#UAoX%6HiKN4?a(neBFr!@K3&I(EDD!s4xI$k&2q??0u_
z2b-l@@}mmfXWubB(MLG`8BM)JiN%MnzcEQCx8=2}Lp@bdW2!W&aZIEcT}gXrFz;Is
zO&M$hkIRa$G0NAPO8hWmZ*TpyjwtZn86{|{EU&})75LD<XG*y-Av;@RA)Fs(>dhvg
zGH^YOCIIQMHJx%e%KnyXS}wX-)@?x@T!WD6t>d<AHe5*UE0S~8rWZDL_{xM*`C$t)
z4DW!0EQLk+*&tuIZFHgyZ&}13I-+NF(T52a_@>KNeEj)ONID``mZ%1~X((G|a;L20
z8|O@=yG@SZH7~KiQIS)eNlAC&=l<<IPdw`JzTIzwDQ+H!(0#>B)|V=Uua}G-c%B~n
zf7^#b!c(7!eJjfv3D{CgtyRm$%zMxhv!LHNMJvSuY`ghSV%6;1YW6w@&5{!=KH22l
zgJ(q6fxWLYt7}Ll7hyzkk*@QOYpm3_B3~x>UbMCEwXZCRWmmVlygQ7A_7#wSDL0zD
zeIn;=AVyE+g!*kvOcc8bh2GMSB2Ej}Yqk`8?751=i+$bCKO4;HB0|<y2ob2o`!4kb
z8Fn%sqgp?VF4^vTHdTgoi<IHB@_9LT3+_rUV-$W;gi2Ml!etJA|Nf1`mkS^kkIL+@
zM9my4l@_~mBktUn!*}Xu3!ugj(ed_BG^|4#m&biU7U&-1w&ARJPW%?taiGDyFrRS*
zL0ST%@ssA2q>(tY4oPqWX-Igrnfay^tK5f+lJ(^=%QE0<RLK}aD8VXJWsN<-7T#`u
z&*Cffy(+8y`!A)wH_sv-(&zU1rH5PYKD(A<;T$IwdiVM*37CN^?Kyeqxz;OmcFH$$
z*zs)r6!pF4?nney9?tKN$q)7VzKJ2nti(!Js^+CkpABCmc=+7k#_lyLNNJR4bBH&M
z7)C|B%e}`BbdBg3tW=-p-<ect<bXpuK6?+x9s_Jrr3uP)%{-=TWx{6T6bD#52M;yw
zjv(_AJBR8Mi?#cu(#4aDIV*~+sCexh+bGZK+pjl^1aB`bj=lC-RzQ~#9w=&7MPNGy
z=LTQha}V2_y6${3D^cWnC7!TKk63Bdj_cSXL2s>T4@uX?Iv2Eg1pghRO85|qdiH7#
z(LVSnqwJu0`7-&edqc=~wO3ihsf2-cBO3O23EZ*T0M^T;L*YhYHM|5Iu81D7Cj1kj
z#;hZbP7b2Ar$_eqin)E+A{f$r_^FG69H6JGLL4t9;Y)$cdN%Lf-hm5{HJl|j6TJzG
zR1Ka$G>7Niah2=0Uz{P>y1<nLX9OZB>F`m;8!(eQeHj|T-br7mYd=MP>>Td2Ut<ov
zm|v%3M2|lX4y~H*)A8>28x(}j4|sM2E*irC+s{yR^-n;Nu@my@pzmh}c$Lwj#Ryti
zE5#1nC>#s@5pjspfzPOr!?*K-Yi(r}cr+w1>8xTEWPGCH`|<ox@%X8QoAlxL&Bqgk
z{R7LudM>hKLE;}rT9GeauMR@w;}Sp_fq<-!`zg2klboF&S(F?<%QJ>NAbF}Z1LLGN
z`2W2u8yB*{iohNBW#c6x3=|i0FBvDWiIdnyjzAD+yt#zO{ja6$|62Nl#YMJ2;M`CU
z=)V^~-=M0gO;3HLA8eVHo&e|}L%@=eveue@vUGSa)pA)CLdcLIuhdE0rFK6J1I~*i
zkqPKsoFsvdo8g6;LQ^#L*iV#BTfM$K=Q>JH7BL;{_t?{a(BdQ>Osg8GYqdM__W@Bz
zq9Y?t3B78xaXf~?e-4AM-XVJ50`9&1k@tHZPHyCBxuDq?5y-v0Pe@6jABbO*os}K6
z@2KDir+^61i0Ut=<<GP>jDTL(&u)4-PUfI?kB6Q+bOvB&Ox7WpfXgA|;N^m$RJs@P
zw8CA;!4kIU*ij)a3lv{P$hg}XL39p&H@oP?empXrh_x;7yTZe+hb2k^379w0iWPA~
z&*OIY&M})Pm4WO;Iit5o8a+1lQP@s0XbxB|bK75c2Gmnu2fGHj2L^I!*7v%fGG%hs
zro*i6tOvSaj&WP)n{aDx-|QE!Y$xa}@ir9SsK&8i@8a)@Sz^>Y{^jNNYMhy?-|sZv
zlUct%Dn+Ce{%OB3`6Knl%c1Ps!n_IV{+O!V1Qo}EjR_1(stxg>&l<0&Rlk2E+z@Se
zmH&~{L@_caV8V6ROIF_NWn`|TO6`RCuHdd?e-fU`UIB2zJuFAQpz@=SmL#4O>8n>5
z$ZnlUh6BNrJV|EuBR)Lm(0%+_G=6itYgAKG$H4UAO?Z`3u+;P5_os_j(;<ZP&q);^
zMZm^~vhgMlsaNzZl6oXRM+@$9wjvh!-IrSyjtq^=*1SgrMiYQJJtZVLtJV$3_)>B5
zabGKsq87L>_J4fKuio(-e*x~X&YSUe{O<XUxAUFQ+V@C(;9@cy7z_9PXpkQuD2vca
zk_LNRrG<0m7>$AO@CisG@hWo3+16{gEgT9N0(z`m8*os^#;OMc0x*6~KZVqiqv1$e
zzE?AbNE<ZT1|xal4F*IPuG=%*vF+pbn;!%&u|;}_Z0GpNPHK)KT}J4)y%`^Kawxif
zHCjqEU;b6Xk)fgcqpg~GR74E2D3RA;&-Y!&0wnmP8F%+lNNI?qwq_bt-}V&dc2HRR
zPuys^CB0dGZFcwNFle_&xhXf%F@h|DfR8`L53%YBQ6mSN6nWP6r(N+P{1>CHczU5s
zowA0hJ&09wl77KEX{A~12vSC7X`J$7nC+UnXw4Q$=wAVtHyG2~Zn<@IZh#k`WRF$I
zI?>>S`>J_y6}M06Kc;2svAXZHF73lz-*tv|bKv2YTP`#_1YG@+<5VPE!$==uGAF!P
zX+zxvdVNM}77&24$1aD~XZR~84W4J$mQ1;7oNG(T8*Q69VjtBEbgf^AGv1aE=%}=}
zsy#i%YW>)`8OKq9_Tk={HOZ%stGtawQo$P@DG|%Ae>mM#JDv}J3pNS+SxPLt&~hi6
zjb*Oo|3s_z!b7>=mr@OleCN9VG$lpNt%R>YEZQRP1eqd$Ni^F2mws?dOi*6EXvnmJ
ziPQJQZ5lxQRMH?58;T$+l2BUt@)XsvxlU*T{dB3--E?`RW|+<!tEV4OjRY_l62Bk8
z1zcV=d%TvwDl#Y@8+hE4;s^$J>v7)CCD0OqiMV{@&w($6-7)-vdF}*cy8_=;MUZt(
z^%Jh|8p<0<x`~QPYL)P5{E$JXX8!cLLB&D`(-gUrOQtHLT?)BV^&D`!7V1kOtaUEG
z<wv}bOETE7-De$=|Dkku(Veo=;C7W19uXZf*lvD}FR%%IV1BJ%*^6y`;ZSbNS(Db(
zWq2(mS0;47vRTtA=d^61J|faA^<r6mU$x*M9M=f!nc~ae{P~!Us!c;aLZDRRAb{lA
z%bw*qq~buu!4cAOHG5T)W7$55?N8QhSTC+x{R|Q0-!>(CCPC1jRmup3*X@EP;G)G(
z5qX84bPXz*U~hgjK$^<vOFchf9}vA5Hh{hsd>t5rhSi2g!wkXBHsY3y$IszS-w^qc
z=Hrr?m(hohngHa}!A9Pm^xG!BcdW>E_9kBjYqe(SH~8u_XUzXV1;ygua#F^n#3X6P
zEHdwO-X*Npoio_rURarD^VOu$z$c#jna6BkX3eHP|6ujfnUp`<crN^OJ)~5F*|Pu3
z`n$<kj-gj>B&Q;ocIkDROG>^|N+gQQ4?TS(ZjG~%L9O<ugL8`BWnx!zilSjr3>C>l
z=lak#>i!`thAK0It>j8NvrDwa70WRKnH0<tZl>viBf^?sFE7@Ud0yA88#wqq-`ih-
zP+8FwD65X_R=gRpG}{`X#biO4pncKC?9VuDC{FLU0Z<Vt?E?ornNozJyrPm)KRwgI
zY;)O|)jWZA>jtf}p~osC#|g*WLv0Jc)$6IU+;kT1R|K8cFuN+PYR{ujB7Bu9qB)HM
zZea%1q=>u?8C;86P-SC?47}}GxW%xI;hdKYqhfU<k`d!H$;91cLudNUFUqnVNo<v+
z9=r#?A3Q&Q(6|jkOcTB_8RvcraZLVMs>l7^c#pw4B=Ax!RM3CR&j6&UFQh;B&SE4f
zm_ZC*+ExIaqD}er(2tQA(yCl+wrxh@sb&FhNtJ2FMSXSE(4v_lhy>ihMbTR$h*x?y
zX*=`>A^8PGq7Q{=(u-~y=N6QJ_v%?RRCD+Q%gS&;nUt(E;b?60M@dS0N*)(O>XIj!
zoPv6gF?HR}mp)&achk4AKZzZ?mU1+a#bcv=3-fc8iu2&xCFqto4$7s=9uIEj%#x6L
z?dB%V7kP$#Nb@y4qvIJo<_EftxOV2ry&}6qeaP3DQLk72?msCJT}=_Enm^gMW|V@R
z&Zp(@M|X(x$1cUTiM`LJ!@uUQj3bDxj3nQ(#@(#<T4E_p<qu?Ycbu61#C2yBs>T@$
zJUpjM`-=D+{X<J0wHRjc&QV{X*-miu4cZn)jju|_H(9!Z9`W@?xU~6TPgw1Vqk`UE
z;EO)&^>gQ7)p7sySE~ZueKT`l71q=e>0)*kR^~DSxaxc9sh}VCWyj8V#66|%+M|4k
z0&!Qij*QvQQsowhZyHk-)0rk6rbhaPm}YS+2avRy+^_lJLSymiGi6c>^bmo{z$WJn
zi%Z%Mdq0-;D;3E+;pQHiq$Oz!=(NkGS`yeR&pwRAE09MP+o$2IUX$peS#LkIB^c!R
zhtb~!y+Ao8p@Su15_P<73Bevmi9Hw20Y*mpytw;tA4YpgFb*KrHjuh41gMrj0LK@$
zBsv)Y{-L?0=cC$&McS3=-f^FfxJk!Ci<odHGeZl)Je|9a;BIeeKJ*qXjWCtljbyKJ
z>YCA&Mft0g>veh@XLQR6XwmUC6Ep;tI-0d_J{cWlBpSD|&X*IHGW!u-yRm8G#iA>6
z8Z$W1z~ru;oQ=5|=leuX7jRWmkzqRm;`<a$TAwoNg5vocR+RTqJ7|e`b<}-SX^QbZ
zH&(Z2RD}*#F}%}>m@?-?em>kxto*ows+x2mO!iu#P7<;lrL}e$Dew)Y)_uAWAMn)<
z=<oDo{%i(t*uQZdr5Y=UHR&9%!8T67l04%^O1jEzrJHkrd*f^Ku(wpEfA{T<t=&qN
zF|e{~aF^DF@Qvj;Yg})ive|oyZt`dvFVrat%?`PhHaKxq1ZOh!P7(7ehi$6(+Ri0z
z2KtA9IA;V}0V0vs8V|IzTX*g(Jv3($Mzz{F9Ls90z6V$&72bDFX+wMBuN=32Ti!3i
zvO=cOvZ%|9ml@`XzD5>O5l$3Z-6QK~i+ogkcOvPoTdrM<6uMYop^CmJ)tZ7xU!Gyd
z?-8KvcL29C?d29G`_}ObS+;hZA=`yJMM%qGulp>u&KnO~WG4?}g2SQ`oy*S9$>3UA
z>ck7l1tQcg7kC{ie4<bHR;n`;p>T>isXX8$fGM>-I1Xs?EF$?DANnny`g_;WTU8uS
zv{+(5_MTOZwaLc1iAfkz=RuyWIi8j$@CsH8DS@}Z56)H3k#&ESRGJ1iZX2;KijH6E
zuN@Q6<x<=ub0N|~eX*ra$YOEZ$cPNY0Nr>$pFBComtXl+*}zC8sX?yU0U$v&eY}d2
zCAztfBAEq+hVk>^3Kq<Ms+fJt_WH+4E#{531K6X><f^*>r;<DDbhlsL%^`-Ndax3L
zQwjf)=rJQJKx~1cHU#<g?!j8{WN+Mx$r_bqNDsYGt80H8$NCv+52QlL?)LnB@t!74
z`<sUtnx(^PnjV~2hIo#9&BL-xQspSI!Zmlu3UxJP4#E0QA395qPG%&wsjxGFNO2GF
z6ogL3?7gLIReefW=UW8T{lm)s2A}Sd>wEa6_)z4tJHXB8-TaZ}sPW=0GJVRAf{oXO
z0mlnlt}Bv<GwNeE{Jff4vvG?Lvo+L=c9Ld@=8=i&mRt|WTfWW0LqlQ;sOuy82Zg0v
z92PSt>Q~d-Pb`&{hTj>xM=^{$W-S){oGLpw_xiR-YD@mM<*o+6Wb@p@1@d%%G5`kG
zr`#mhr#ijE9X1=@y|Ddc)5g&3sJ_*iuqNvi<7MES9#Itdz!T%=DF&)gG`Z%wE_2b}
z=W#@P{XxY1naQ0M1Uya2&Bi{4PSkEKoKgCIliJ-aT_Id=>txA6uCn4mp{|QK+SWpo
zhvJBejjzAyI8tZ%YYlg?3@6K;iQ_b!2l+5Ep<4FW=ZnvJ3Rb<dG1Y99FDL@5q6WM;
zwm1a6g|yR_qFI#0OHw=-7{<j57je`G>G{Z9kI8rP-T|(Ii@DTQq!8arckI%egtO@m
z)b(duW*4ctWD{M84v#kRxI;@gaf!S7gZYl9<^2-^mIl+rbs=RBW0{36>2(Zn6K;d=
z>-?qK<%jTZ+cgsucMM0nlg&)*M}GXtw53EXK@`m74*GJMxs+9E?bflqO|m~<@_3-&
zf0iyQjF0CDH@s|nA&?ehDQJnO|8&6D$HHCECWf=o-NbG_hsfU9U856pxU5&vqXBoP
zBpvH~LROAq2kMN#qneZ>{Ct)Vk1&ob$d*Qf%a0nWoy*TXZJxSW|GE67O(So)At4Ae
zG{0^{EKtJS70tuz5_)%XN=U8E(R!==tnTK#cUJWMm2DLUSa=YL=m$0YiD~rq8QN_t
z9c`0X7&cc{FfYclr>FOrx7A*U)Us=@0O#r*0zZX+?oIO}cV}+5P@LB+!|&0w&R=>x
zC)M7YJbJU9mZCK@(B2{)Jxclc0&*l_y>~dm#dtZ_#1|7b;yE)mANAv6VI`IEa#vUK
zh{GDy%XUa+8fyjp-gmWt{!=7E2%#XFIBuw6yCtmGZh7*^NABv5B11SjGci8X-(gT1
zQ%7B0OY1dj5Q=AV1>9he3C^cn-KOXK5SJUU8iylQ6#5FKAoC{_2f2A!VFmB~r<R{2
zyM~$U%`ltU4#os38!N7W5Q$cHY^)0hXr1e2pYZ*!m4!rNzsA?qVG>-MFIj%oQDqWx
z7T+H1YdEL3PB<22%HPya9^b?4P*D>n!-bt;jx|R*zc@lKG=v$e<KRva>LTA{kc3Dw
z98h+ckv3?i#p^<zz&%o(YniDS3G)(j6W0lhX`wJd4p<}o%6i@a|A+L1`TCKQCkO+6
z>4Xto^q)CvJN)|UO1&HB&wj?=tsYD_Y`0Yh<aSjIwO6M0o^QF`_q2>}l`rxh3csuC
z@p*cG_Y}dY-JFvKA^>MD;Mk8A7ooPa611mrQu1NIifX;P%1|8IGTx#%4k*ULZr8NA
zQ6(HfR%!};!X^LSS;B?6z}v`bzAQj+hgh{$p|IaV)<Ur`f=>Qmg{or2(8R;6mbaYf
z(|+v!>Vd=?vis0@c2fu!8whku4Cc>P>Za;7s{FL5?N58A^$uQ$x*#I8$|ssaw^!G{
zUo=lx$@q>C7&h^u+F#K5`gkK_Jmyp0YIc3qfnEJ}iTkpm^!Hxr?}Snin|Rdt3Mpqh
zvMyq8x=<0C!F39IL+_}k;CGWUSd&#_Js3dEmpS&h6L+6qo_FX))wTCAHsoC~_R0qt
zGj^K<O5_K2qjbXyNcz4EjLDwJ+4BUxUM^$iU=ecwtEK6uX{YHMr*I6g_c8Q+|31*K
zjzppp{{h`+Z-rBeS5g~@bhsNPKhn#26eYYI^h4?<vR0$dbUF^8-AB%XB3w*WU;v?w
zh5=&uU!sX?ysp&E&|>g?x|uBYz&@yDh$J8uu?6h?x@ZD#J@U@XQQ5-vxY4-L8?$6G
zG1=NMmaCNv%)O$86TE72hF`99**Ybl$UTi1ez@EoI~h*z@*T|8@!+ZUsoDG4TpmqK
zpb@G>_F~f{$EnNxX&oiM*Y5HpVvVk{s7}8>o?z$aW)s&jeGz41!@=0QU%&w@EJ~!;
zi?hQ__qM(8_>aT{*?6@e^_a9qL4J!SlBJui*fjarA?q(6!>WtIs$zFRmHFG3y1A>&
zk@sgi$C$~q#7GiPB}{=km|I~SBmzg!d>@2ss4_q)f?8-}<f>7QLyCNE))G5gaUx-a
zWVWj8J9<OK8R<G%E8SaNd2?w|91Mn)FpF?rGB_zbeVjq<EO*e%zM%ALVNHF5v__ca
z%x?9m>xY{AvbW7iBB^;}(ak@aBji8&;B6#hxgEGEysA!STxy^?J1V3vHL)?ZaEjqA
zVJO3`seF0iln<4H)Iv1&U#8Cn3n1)kSkXN22MaE&R#jCggHHHrvMZV^vNWF^QQ|z$
zHF6Y$A2gMvx>a0dWw1)8+4KR|KF;qLZM9w<a+3I~h+)dyerfoXU+*e@jT&xLmlu%3
z3yrt8%quC$*VLJFyjW)Jx<6QD{mivmH<UvE=5i-CPfiyMQb;@_`sL(IRF?ndheXs;
ze8;B|UJFe{CtFh@S%Wx&9cRIBjo(8jGY)Jl;kI1X%+UkN97TQ6-9$kIvZ*RfvwMzK
zO#-XqV{v%KZ-yFHr_$V6EKDYFpOu8zhK7d7M2h<Ery`S|U8I=J37PvZH6&G^iz^@q
z4mWKCS-<h%pLQ$u+Pk<42g`oJtfPlAa&RzKg7WC~vcm*2vc=h(&u*Kh6Q?rtXIXIt
z;k?sTzb;A7sD<xbs_N|Cx@Ph63BeHZs#qA%s>ZU%@ZL#nwa@C|1%Ry<MAtg$RvA=e
zDrZEb{e5UQXz`|vUAywK($bJE)IuOCVR$NfzDirW^fFaA=Zv!{=O$SYRxoLv)${m7
zqQrqNDa8R3ewCVQ4xYouD<LiUEu}nm;e5|0c@orV8r+!`sjMwX9T3FY2BWWtz|Y-t
z4xZh$G5|TQ{mc5;$(Wu+;JSk=#QIk3$)?(|J1n(|<%r_};aQed82vK+o>%x3xjWZX
zo;W<Cp&J&Hd5nR1@vHO-=^N=GEz<{v+>;hF5tBj+!FP<LAO+*N@v+#rqSy-=IAecw
zT<B*RV<|!RXLMOMhw$U>%|YH)5nAilR<yWral68pKKN>mR~yn%vdVS}b_1Wvtm>i`
zUpg1?l?yZpH1W0)RH|=;^>0Sjcq=|$KJzp72cKP)s4H){u!oOSM{lN`@RN3~aOy$L
z6{=>>xcb2;t3$O3jmheRo5rt5m0XEUy4IyFIuzD-P2O|aPy^$)SP$>8lGOIga@CKR
zr6>}}NhuRZTjW$8o@PJ4l8T$T<Nv>>cgXJPk)Tjm+{=6A$Ad&M_sVf=_b(BlfVkOG
zvbe++Ryc?U{Kvr>4L3DaGa|Te^Kd~#O)hp^wi}D(Brg9f-|Vbvd$u3BUx-0XElmNl
z_6#!OQ$)i)R5Wx$Ddl-B!gr;ZLWo+`T2l7q1KY{AE<J^Ea}DKNjsj<l2>616cSg@2
z?7z-?EVZ=WG_`s#Moa|8NHd7R@9<v5z0Hn$!5$G2dBwmzdkqyi{}|G#+l5<3YP@0>
z=j~`H5l^nV`l8*o?1w_5#bq?gq5YbPxjVW;5a?B?@$N15Zch*=204#+bDh5ETgg|0
zyWA|hJWPryB~gRQzwWX#NYg34@af(0-7#_SL1}@Ud_s(X7n~sOH!U=e3ezH#1lbvJ
zc(~+WPOqe-+8&PZpLIrrC>_hCC4Wqd<zwQY0~wi^s+|{QO<ECkm*^6c^Y|JPfkXzG
zUnG$Z1pva6l}*vl%w9yeWu6!b8JL0wlHLqj_hcq_Ap;zf>XI4;1x$s$_@EmH0a!8U
z=uKpk*<wlhesO-{{H!CF2R|HpYr(}ID;Od9DH5q3p%_&szJ-k+q718W7)cVDLlvaj
z=fC`6U_W>0qSY)c-uwZjo?cqq>oeO#xN5_D<<p?Fh?4$Wh1=(l)bpwsX4u@tNS8mN
zO<A#R$+&vSR*nkl`ci#u%OSf)?W&}gk)&=d5WoBzpN{cJFm5{CB78R~!^Y8gB*FWe
z_^zg=B`eS{u8QZpm*1BSOf;-IDh@#uz+q_B>OvrT{VsqvoPI4N%wGJ!xs#Y-8H;|I
z(Dh*YR~ZgVIp)^=DCKEX3Lpoa-@<U(#<EQyz_*zrDv3kd`;&-msJhOC@5tuW59;A7
z24lDF(+_5LXoE@l%<z8JDTBy}`UMZ9d#97r@82DZC^=q$%VN}b<Y(vovIWvv4cb>3
z;OyjE?{}7J@@h<+J$02ZX`<(mp0a&d&3VJom*2dpsiR3zIx@X2k7eqp+E9d|Bg+Qt
zA&;Nr8xI<spZ|$6HQTF$pohO)T_I~vEPO=rq80UuV1JZ3j~YH_6arAfn8}+WW;0K9
zMa#=lx2f`l;?{`mW-MPQaT+m3AU>a8R@W<YUH`?i%4a0g-{HpU#ydFEy#OQJ1iMTi
z|6G^os0sdX=*woeS3x4e?^)kT$bd*Z{eUu?AdXB$GT&}O98q%k>LX7)bnPkWv-1X-
zT-Mm_iutGn!BF@zRR}J7K{U$I_r*pRIUNN8y->%nFX1(0!V+WBHNSE}$?3{1qPfeQ
zb!}c+^rU0@>o4y8B30lbg>PmD*&V&<v0F4GxhFQr#@$xKqh1oQy?(%757v6_0bQAG
z&L=R^dsB)2D5q<=$L7qP?0kFO<77nlywgxd@2JoEKyMt5tQ45^;ys!GdWvf2`Wbv?
zi1a*2REJ^Ulh997N5_UDV;|37jSJr(W`gZ&hQoE*U*6|Vo}mv}6(O;CT6B)d@8s{h
z>oD<Os_)gbWNujT6tbR?k6XN7Be<Gu><?mfJd;#kK+$#__;|W<u8^7@S3Fw0-c-lv
zsYAXilWWHbKbI+#vFzWhGqoOWO|u)do3#6G+gqskSqC%qepEa&I{l_!wqGuyC>Ep>
zBxj=D5U<rAQ;nz&r^QBjpJYw?!p>hKOc%3$R!CEJMs4O>zHvv@7YeW&LLiRgyE0nr
zEoOhdocpp^)HlcRjTf7`HR`5XAGnpgVm{HlX0(%wgdYz*JJD%29azLjkwAgt4YHSf
z`CzIiL3WfDkn$pi`TJ?T4f&N;`Y2xmj|7X{&6RZ-SC+Eh8#itHw)p^9Moj43g&jL^
ztZnO4IOT!)%{xmCtz7Q)5sG)73b&i*l0#F?EteERa}H&?n_1>Qnti^X>1iEiEGRyj
z55}P-xWf4ab!$_g6MH537{-xC3VMjbu0Fo`jl(Rlb@b`B;#10GmND4pRST_V<6TD*
zOF}VKE-#Uj=-O!7@5nLda|(<@;{>Q?0!MahD4cymci%9UDSMN8n#-PFp6_!Pv3q%Q
zPW4yEHx`|~($V|exY%6kiJg$Xkl9@HgqSSsav$!tQd7CXRuLP)5OKt-r-wIEd1|Zl
zYcopj<Et98`u9j;uWl=>M`t-uTN}rpk9DGAI+c3DW#1!{$k(jXC@@pFgkslE+w@t<
zUkh=t)LMnMtfLm(v$6@})qkch`-U&sQJnRp{M*+=y;MpZ^5&4>tDE}rCgLlc&_v>x
zX3BZEGm;M68#$y-E>Tk&csJ1-$;g`U%vn6px;ig`RgFr$Kp9z_-FQgRzLA$*Sc<{d
zsTE~me@pRcugIF^L@Ppxzd*FcBs~=_jC1n~Hkn^Vggk>R9n)HK*(K6$!;gvCp`)d-
zk&wMYgV&a47~#&aqP7i3Ra1kR$1A8dM|&>d3#gZ33FG{ntNyNV+b=z7)3MUQZZ)F%
zrC{wm_ne}gCZW6prCbrHxr4(vhWgz#Bkr(v&0Z_BP1>h6WuNemP?o|fK8<t(iwz|b
z2f<(T8tWsQnb&Hc?4);ix7bZ&xbbvX_-;Hq56AnXZZALw)7$sn+~eM*G{vtobsNXw
zAFA5JnYWjEfzze}UtL|clEKXaf{stE=yk+e2zN|EB7*tn58}c<pPZ&!a>-`0(5Bb5
z{X7vfxFOmxMhL=;&E)G6@hf(H-ob06ZNU+Lk-69+o!gb_2MahBcb`L@_YN{-dj3N#
zyFxRw_!?mAZb_5iHhi~g3tQBDyV~swN0iFQp3;8b<lVNkd=`$e1kXRs%I(6DU_r&C
zKoZ%^E>b)L8cxGX=EH^Ab_c<vB@Rqh1*H~%y~tURP;JK&N#Ii3c%r#y4Q*IqR6~==
z91cDO_Q)D9We9c^d`9UBhmA^VHz6KPBoZv!lj@irz;mnQe#Wr$#=Rta1%eK*`1BAY
zQ)em3@BF!4lO*taUAfLGKg>Yjq2sIfOKlfjNC!RV#YEM?7Zy@M7D9cx&K|wApIKYs
zHcU#VeU=Ly$?a!y@#3bcpG#!<0)0jn{Pb<77ZduvEfNaO;6D%Pp>yMPvm<=JfOp7m
zn)Ykk!jP#<u=!!F-19+DvXBlJerDm8u#~>PWmhHSIcClCrad%=WLk~&SGA|5Z6~U|
zQG33Vd$Ps0iH3PE+js2GiEnc8DKJo*Riqz9k{m;4ypt8M?(Mxam6yZ=&?}<yt3NE_
z^chspc?+4o)?`X%=RfeA<v{u{;WhC5{`1dsQcrak?&S$>)>o%e3rUB^7jP*evMZ7j
zBSZG<)2{wJ$7X-Y(>t}B=bE9sGkkI5Y4dr|#^_K*{*^*}{l%96@#eN6Q5h$Ti)=GX
zQ_TFl=Jadv!sI5`ZUMgc<-7|L6xU^!wsvd39`KL|*R$|{FtthNym@Vp?QV+(YRlyR
zib`ONk-GD72_OZ+4QWRI1b~wVRY~nz4M5qcp6_9ZBZk~sx%Trp-}2JM64%T>-Un$R
zoS@<!U3ZZ7g%!R2$I!zQ+?xbX*>rvja1L|!xSqh(T3XscqQ}zx5#rj(_ZIC7gN>>D
zkC&pwpws)@;1-!*Pq_O%Oebp09N9Fc3>;M?ylbWkfYxo@L8AWN(1usJ^%kwn`#t(?
zrj7hVPVZexEVc0(SiQO()TdUuHb1;0(0i2ZGKnWE$m-L|^81p}Su3B>d}uy}qtJ3W
z?S5RasNx?WlF%NkU~BvAOt@EcCZ|pl10fUv4+{MA;5iiddoM*D(=!AC96ad1gb)6A
zqXiW7uZM*c2quIG&^l}o0u3T6kPi&u149#`5CpFOe6fZgv@yIj<OLYPpa2da2+YF)
z1ezLh03Hhm#E2L07QzdG@c?-0l(`YM5m10&$fFBE9t6sNf7Ite;L(M`Fn(9~pF#uW
z<_2@qn9}?Y2IA%AecT7~yU^JF8-s#jK)_!Zh?fWYD4+0$-Q%x$5O3lc4*~-m1cCnT
z1q6ffJhJjf4KOzd^e7SWCkBFW{~e7R%JW;p;ZHjtFZbX6xIx_i$`t-+`JeQ`KnTy@
zsX}02=%ZxApAG>~-oJxDz`)-c7Ju3S!GK4Vh(9n8FO2)Yu;1|k01yv^=WmAq5ab{H
z0>Hq3Fav@Cz>neuzsr9b0^)%J|0~G99zNEE{mlY^2M&b&Z3z1PTKwe@3<msz{>Q+)
zf7^k0cz)|5{E-ZR2L$|^82}9U`^5(U9^3!FS;K(;U;)Gf13V6bKOMq=ynkarAQ1X@
z5D*Lm{=3B>UI663yZB%HKUU`bZ}4|CAO!T7+Mj_zuty=lzcF4Q>~Firx}d)UKc)=*
z+wRdHoaY}|^MZd%i~KJCVdk+i@81qVKoIaB^uzuiqlp*7^LLj#)&>6$2LIn6APD#m
zYJO(`f^l>IP4%P11?V5x<LvQ|WFAN2KQI{daSHkE`QLGW^ACQU4E_LrW86Hvf3xry
zgZuApg215v7$w|~Z|2`@aq|E{e<uS5aC5`|0Y1|DcOQcvMN9r}F&G5?Jv;v{|LG?1
z;~V$)WCjI6|9eC@IT%`4n>b(y2+(k;TDY4a(m)e4g%D`;c*J26Vv-OMC=W~=27Mf=
xViI7$BhkDdZiqNk6e=X}|FzKlt&rpBWa!}J>R@7u0fhjdJQ$3O5=xR7{|B1H>Zbqz

diff --git a/tzpfms.ps b/tzpfms.ps
index 877aca6..7c725e6 100644
--- a/tzpfms.ps
+++ b/tzpfms.ps
@@ -1,15 +1,15 @@
 %!PS-Adobe-3.0
 %%Creator: groff version 1.23.0
-%%CreationDate: Mon Mar  4 11:34:36 2024
+%%CreationDate: Mon Mar  4 15:15:02 2024
 %%DocumentNeededResources: font Times-Roman
 %%+ font Times-Bold
 %%+ font Courier-Bold
 %%+ font Courier-Oblique
 %%+ font Courier
-%%+ font Symbol
 %%+ font Times-Italic
+%%+ font Symbol
 %%DocumentSuppliedResources: procset grops 1.23 0
-%%Pages: 10
+%%Pages: 15
 %%PageOrder: Ascend
 %%DocumentMedia: Default 595 842 0 () ()
 %%Orientation: Portrait
@@ -237,8 +237,8 @@ setpacking
 %%IncludeResource: font Courier-Bold
 %%IncludeResource: font Courier-Oblique
 %%IncludeResource: font Courier
-%%IncludeResource: font Symbol
 %%IncludeResource: font Times-Italic
+%%IncludeResource: font Symbol
 grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
 def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 /Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
@@ -276,20 +276,389 @@ def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 %%BeginPageSetup
 BP
 %%EndPageSetup
+/F0 10/Times-Roman@0 SF(ZFS-FIDO2-ADD-B)72 48 Q -.4(AC)-.35 G 42.103
+(KUP\(8\) System).4 F(Manager')2.5 E 2.5(sM)-.55 G 39.602
+(anual ZFS-FIDO2-ADD-B)-2.5 F -.4(AC)-.35 G(KUP\(8\)).4 E/F1 10
+/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
+(zfs-fido2-add-backup)108 96 Q F0 2.5<8a61>2.5 G(llo)-2.5 E 2.5(wa)-.25
+G(nother FIDO2 de)-2.5 E(vice to unlock ZFS dataset)-.25 E F1(SYNOPSIS)
+72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q/F3 10/Courier-Oblique@0
+SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0(After)108 153.6 Q/F4 10
+/Courier@0 SF(zfs-fido2-change-key)7.564 E F0 5.064(\(8\) deri)B -.15
+(ve)-.25 G 7.563(st).15 G 5.063(he k)-7.563 F 5.363 -.15(ey f)-.1 H
+5.063(or a dataset from a FIDO2 de).15 F(vice,)-.25 E F2
+(zfs-fido2-add-backup)108 165.6 Q F0(may be e)2.5 E -.15(xe)-.15 G
+(cuted to e).15 E(xtend this to an)-.15 E 2.5(yn)-.15 G
+(umber of additional de)-2.5 E(vices.)-.25 E .273(First, the wrapping k)
+108 182.4 R .574 -.15(ey i)-.1 H 2.774(se).15 G .274
+(xtracted as normally during)-2.924 F F4(zfs-fido2-load-key)2.774 E F0
+.274(\(8\), then a credential)B 1.604(is made as-if during)108 194.4 R
+F4(zfs-fido2-change-key)4.104 E F0 1.604(\(8\) \(e)B 1.604
+(xcept the "primary" de)-.15 F 1.603(vice and all the ones)-.25 F .185
+(holding backups are e)108 206.4 R .185(xcluded from the search\); ho)
+-.15 F(we)-.25 E -.15(ve)-.25 G .985 -.4(r, t).15 H(he).4 E F4
+(hmac-secret)2.685 E F0 .185(is instead used as a sym-)2.685 F 1.555
+(metric AES-256-GCM \()108 218.4 R F4(EVP_CIPHER-AES)A F0 1.555
+(\(7ssl\)\) k)B 1.855 -.15(ey t)-.1 H 4.055(oe).15 G 1.555
+(ncrypt the wrapping k)-4.055 F 1.855 -.15(ey d)-.1 H 1.555
+(irectly with a).15 F(random IV)108 230.4 Q(.)-1.29 E(This turns the)108
+247.2 Q F4(xyz.nabijaczleweli:tzpfms.key)2.5 E F0 -.25(va)2.5 G
+(riable into).25 E F3(salt)108 259.2 Q F2(:)A F3(credential-ID)A F2(:)A
+F3(credential-public-key)A F0([)A F2(.)A F3(backup-salt)A F2(:)A F3
+(backup-credential-ID)108 271.2 Q F2(:)A F3
+(backup-credential-public-key)A F2(:)A F3(IV)A F2(:)A F3(encrypted-key)A
+F0 1.666(]...)C F4(tzpfms.key)108 288 Q F0 2.238
+(is actually a dot-separated list of de)4.738 F 2.238(vice b)-.25 F
+4.738(undles. The)-.2 F 2.239(\214rst one is as-described in)4.738 F F4
+(zfs-fido2-change-key)108 300 Q F0 5.181(\(8\). Subsequent)B 2.681
+(ones also include \(identically-encoded\) IVs and en-)5.181 F
+(crypted blobs.)108 312 Q F4(zfs-fido2-load-key)108 328.8 Q F0 .081
+(\(8\) shops assertions around de)B .081(vices in a de)-.25 F .082
+(vice-major order \212 depending on)-.25 F(de)108 340.8 Q
+(vice numbering, a backup may be loaded e)-.25 E -.15(ve)-.25 G 2.5(ni)
+.15 G 2.5(ft)-2.5 G(he primary de)-2.5 E(vice is present.)-.25 E F1
+(ENVIR)72 357.6 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4
+(TZPFMS_PASSPHRASE_HELPER)108 369.6 Q F0 .046(By def)133 381.6 R .045(a\
+ult, passphrases are prompted for and read in on the standard output an\
+d input streams.)-.1 F(If)5.045 E F4(TZPFMS_PASSPHRASE_HELPER)133 393.6
+Q F0 1.595(is set and nonempty)4.095 F 4.096(,i)-.65 G 4.096(tw)-4.096 G
+1.596(ill be run via)-4.096 F F4(/bin/)4.096 E F2 3.262(sh \255c)B F0
+(to)4.096 E(pro)133 405.6 Q(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 422.4 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 434.4 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 446.4 Q F0
+(Pre-formatted noun phrase with all the information belo)160 446.4 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 458.4 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 458.4 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 470.4 Q F0("ne)160
+470.4 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 482.4 Q F0("ag)160 482.4 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 499.2 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+511.2 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
+(FIDO2 back-end con\214guration)72 528 R(En)87 540 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F4(FIDO_DEBUG)108 552 Q F0
+(If set, enables lib\214do2 deb)173 552 Q
+(ug logging to the standard error stream.)-.2 E F1(De)87 568.8 Q .625
+(vice selection)-.15 F F0 .727(When creating, the \214rst de)108 580.8 R
+.727(vice which supports the)-.25 F F4(hmac-secret)3.226 E F0 -.15(ex)
+3.226 G .726(tension is used.).15 F .726(When loading,)5.726 F
+(the assertion is shopped around to e)108 592.8 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F1 .625(See also)87 609.6 R F0
+(The lib\214do2 documentation at https://de)108 621.6 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F1 1.666(SPECIAL THANKS)72 638.4 R
+F0 1.6 -.8(To a)108 650.4 T(ll who support further de).8 E -.15(ve)-.25
+G(lopment, in particular:).15 E F1<83>128 662.4 Q F0(ThePhD)7.5 E F1<83>
+128 674.4 Q F0(Embark Studios)7.5 E F1<83>128 686.4 Q F0(Jasper Bekk)7.5
+E(ers)-.1 E F1<83>128 698.4 Q F0(EvModder)7.5 E F1(REPOR)72 715.2 Q
+1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 727.2 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 744 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 756 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 29, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 1 2
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 41.363(ZFS-FIDO2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 38.862(anual ZFS-FIDO2-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0
+SF(zfs-fido2-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)
+-2.5 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne authenticated by a FIDO2 de)
+-2.5 E(vice)-.25 E F1(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108
+124.8 Q F0([)2.5 E F2<ad62>1.666 E/F3 10/Courier-Oblique@0 SF
+(backup-file)6 E F0(])A F3(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0
+2.867 -.8(To n)108 153.6 T 1.267(ormalise the).8 F F3(dataset)3.767 E F0
+(,)A F2(zfs-fido2-add-backup)3.766 E F0 1.266
+(will open its encryption root in its stead.)3.766 F F2
+(zfs-fido2-add-backup)108 165.6 Q F0(will)14.654 E/F4 10/Times-Italic@0
+SF(ne)14.654 E(ver)-.15 E F0 12.154(create or destro)14.654 F 14.655(ye)
+-.1 G 12.155(ncryption roots; use)-14.655 F/F5 10/Courier@0 SF
+(zfs-change-key)108 177.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the FIDO2 de)108 194.4 Q(vice, which)
+-.25 E F4(must)2.5 E F0(support the)2.5 E F5(hmac-secret)2.5 E F0 -.15
+(ex)2.5 G(tension.).15 E(If)108 211.2 Q F3(dataset)3.555 E F0 -.1(wa)
+3.555 G 3.555(sp).1 G(re)-3.555 E 1.054(viously encrypted with)-.25 F F2
+(fzifdso)3.554 E F0 1.054(and the)3.554 F F1(FIDO2)3.554 E F0 1.054
+(back-end w)3.554 F 1.054(as used, pre)-.1 F(vious)-.25 E 1.272
+(credentials will be deleted from their de)108 223.2 R 1.272
+(vices \(as-if via)-.25 F F5(zfs-fido2-clear-key)3.773 E F0 1.273
+(\(8\)\), if a)B -.25(va)-.2 G(ilable.).25 E .594
+(Otherwise, or in case of an error)108 235.2 R 3.093(,d)-.4 G .593
+(ata required for manual interv)-3.093 F .593
+(ention will be written to the standard)-.15 F(error stream.)108 247.2 Q
+(Ne)108 264 Q .464(xt, a ne)-.15 F 2.964(wc)-.25 G .464
+(redential of type ES256 is generated on the de)-2.964 F .465
+(vice \(with relying party ID)-.25 F F5(fzifdso)2.965 E F0(and)2.965 E
+.499(name equal to the dataset name\) with the)108 276 R F5(hmac-secret)
+2.999 E F0 -.15(ex)2.999 G .499(tension requested; the de).15 F .499
+(vice PIN, if an)-.25 F -.65(y,)-.15 G(is prompted for here.)108 288 Q
+(This mimicks a W)5 E(ebAuthn re)-.8 E(gistration step.)-.15 E .962(The\
+n, the credential is asserted with a 32-byte random salt, which hashes \
+it with de)108 304.8 R(vice-pri)-.25 E -.25(va)-.25 G .963(te data,).25
+F .138(and thus generates the wrapping k)108 316.8 R .438 -.15(ey \()-.1
+H .138(which is optionally back).15 F .138(ed up \(see)-.1 F F1(OPTIONS)
+2.637 E F0 2.637(\)\). This)B .137(mimicks a)2.637 F -.8(We)108 328.8 S
+(bAuthn login step.).8 E(The follo)108 345.6 Q
+(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>128
+357.6 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(FIDO2)A<83>
+128 369.6 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(salt)A F2
+(:)A F3(credential-ID)A F2(:)A F3(credential-public-key)139 381.6 Q F0
+([)A F2(.)A F0 1.666(...)1.666 G 1.666(]...)-1.666 G F5(tzpfms.backend)
+108 398.4 Q F0 2.707(identi\214es this dataset for w)5.207 F 2.708
+(ork with)-.1 F F1(FIDO2)5.208 E F0(-back-ended)A F2(tzpfms)5.208 E F0
+2.708(tools \(i.e.)5.208 F F2(fzifdso)108 410.4 Q F5
+(zfs-fido2-change-key)60.228 E F0(\(8\),)A F5(zfs-fido2-load-key)56.727
+E F0(\(8\),)A F5(zfs-fido2-add-backup)108 422.4 Q F0(\(8\), and)A F5
+(zfs-fido2-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 439.2 Q F0
+.486(is a colon-separated tuple of unpadded URL-safe base64 blobs; the \
+\214rst one is the ran-)2.985 F .217(dom salt; the second represents th\
+e ID of created credential, and the third \211 its public k)108 451.2 R
+-.15(ey)-.1 G 5.217(.T)-.5 G .216(here e)-5.217 F(xists)-.15 E
+(no other user)108 463.2 Q
+(-land tool for deciphering this; perhaps there should be.)-.2 E
+(Finally)108 480 Q 12.005(,t)-.65 G 9.505(he equi)-12.005 F -.25(va)-.25
+G 9.505(lent of).25 F F2 9.505(zfs change-key)12.005 F<ad6f>17.172 E F5
+(keylocation=prompt)15.506 E F2<ad6f>17.172 E F5(keyformat=raw)108 492 Q
+F3(dataset)6.107 E F0 .107(is performed with the ne)2.607 F 2.606(wk)
+-.25 G -.15(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606
+G .106(rror occurred, best ef)-2.606 F .106(fort is made)-.25 F
+(to clean up the properties, or to issue a note for manual interv)108
+504 Q(ention into the standard error stream.)-.15 E 4.055<418c>108 520.8
+S 1.555(nal v)-4.055 F 1.556(eri\214cation should be made by running)
+-.15 F F2 3.222(zfs-fido2-load-key \255n)4.056 F F3(dataset)7.556 E F0
+6.556(.I)C 4.056(ft)-6.556 G(hat)-4.056 E .729
+(command succeeds, all is well, b)108 532.8 R .729
+(ut otherwise the dataset can be manually rolled back to a passphrase)
+-.2 F(with)108 544.8 Q F2(zfs-fido2-clear-key)5.146 E F3(dataset)8.646 E
+F0(\(or)5.146 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
+2.646(ails to w)-.1 F(ork,)-.1 E F2 2.647(zfs change-key)5.147 F<ad6f>
+10.313 E F5(keyformat=passphrase)108 556.8 Q F3(dataset)6 E F0
+(\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
+F2(zfs-fido2-clear-key)108 573.6 Q F3(dataset)7.607 E F0 1.607
+(can be used to clear the properties and go back to using a)4.107 F
+(passphrase.)108 585.6 Q F1(OPTIONS)72 602.4 Q F2<ad62>109.666 614.4 Q
+F3(backup-file)6 E F0(Sa)203 614.4 Q .352 -.15(ve a b)-.2 H .052
+(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
+F .694(This back-up)203 626.4 R F4(must)3.194 E F0 .694
+(be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 638.4 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 650.4 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F1(ENVIR)72 667.2 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35
+E F5(TZPFMS_PASSPHRASE_HELPER)108 679.2 Q F0 .045(By def)133 691.2 R
+.045(ault, passphrases are prompted for and read in on the standard out\
+put and input streams.)-.1 F(If)5.046 E F5(TZPFMS_PASSPHRASE_HELPER)133
+703.2 Q F0 1.596(is set and nonempty)4.096 F 4.096(,i)-.65 G 4.096(tw)
+-4.096 G 1.596(ill be run via)-4.096 F F5(/bin/)4.095 E F2 3.261
+(sh \255c)B F0(to)4.095 E(pro)133 715.2 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 732 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 744 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E(fzifdso 0)72 817.889 Q
+(March 4, 2024)161.068 E(1)191.337 E 0 Cg EP
+%%Page: 2 3
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 41.363(ZFS-FIDO2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 38.862(anual ZFS-FIDO2-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Courier@0 SF($1)143 84 Q F0
+(Pre-formatted noun phrase with all the information belo)160 84 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F1($2)143 96 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 96 Q 2.5
+(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 108 Q F0("ne)160 108 Q
+(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
+-2.5 E F1($4)143 120 Q F0("ag)160 120 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .178
+(If the helper doesn')133 136.8 R 2.678(te)-.18 G .178
+(xist \(the shell e)-2.828 F .177(xits with)-.15 F/F2 10/Times-Bold@0 SF
+(127)2.677 E F0 .177(\), a diagnostic is issued and the normal prompt)B
+(is used as f)133 148.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
+-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F2
+1.666(FIDO2 back-end con\214guration)72 165.6 R(En)87 177.6 Q(vir)-.4 E
+.625(onment v)-.18 F(ariables)-.1 E F1(FIDO_DEBUG)108 189.6 Q F0
+(If set, enables lib\214do2 deb)173 189.6 Q
+(ug logging to the standard error stream.)-.2 E F2(De)87 206.4 Q .625
+(vice selection)-.15 F F0 .726(When creating, the \214rst de)108 218.4 R
+.726(vice which supports the)-.25 F F1(hmac-secret)3.227 E F0 -.15(ex)
+3.227 G .727(tension is used.).15 F .727(When loading,)5.727 F
+(the assertion is shopped around to e)108 230.4 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F2 .625(See also)87 247.2 R F0
+(The lib\214do2 documentation at https://de)108 259.2 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F2 1.666(SPECIAL THANKS)72 276 R
+F0 1.6 -.8(To a)108 288 T(ll who support further de).8 E -.15(ve)-.25 G
+(lopment, in particular:).15 E F2<83>128 300 Q F0(ThePhD)7.5 E F2<83>128
+312 Q F0(Embark Studios)7.5 E F2<83>128 324 Q F0(Jasper Bekk)7.5 E(ers)
+-.1 E F2<83>128 336 Q F0(EvModder)7.5 E F2(REPOR)72 352.8 Q 1.666
+(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 364.8 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F1
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 381.6 Q F0 83.763(,a)C(rchi)
+-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E(https://lists.sr)
+108 393.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(March 4, 2024)161.068 E(2)191.337 E 0 Cg EP
+%%Page: 1 4
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 50.243(ZFS-FIDO2-CLEAR-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 47.742(anual ZFS-FIDO2-CLEAR-KEY\(8\))-2.5
+F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
+(zfs-fido2-clear-key)108 96 Q F0 3.587<8a72>3.587 G -.25(ew)-3.587 G
+1.087(rap ZFS dataset k).25 F 1.387 -.15(ey i)-.1 H 3.587(np).15 G
+(asssw)-3.587 E 1.087(ord and clear tzpfms FIDO2 meta-)-.1 F(data)108
+108 Q F1(SYNOPSIS)72 124.8 Q F2(zfs-fido2-add-backup)108 136.8 Q/F3 10
+/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0
+(After v)108 165.6 Q(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E
+F1(FIDO2)2.5 E F0(:)A 5(1. performs)118 177.6 R 5.642(the equi)8.142 F
+-.25(va)-.25 G 5.642(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>
+13.307 E/F4 10/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E
+F4(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. loads)118
+201.6 R .79(the primary and e)3.29 F -.15(ve)-.25 G .79
+(ry backup credential, and for each success, if the de).15 F .791
+(vice containing it)-.25 F(supports the)133 213.6 Q F4(credMgmt)2.5 E F0
+(feature and has a PIN set, tries to delete the credential from the de)
+2.5 E(vice,)-.25 E 5(3. remo)118 225.6 R -.15(ve)-.15 G 10.689(st).15 G
+(he)-10.689 E F4(xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A
+F0(,)A F4(key)14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3
+(dataset)133 237.6 Q F0(.)A -.15(Fo)108 254.4 S 5.859(re).15 G -.15(ve)
+-6.109 G 3.359(ry remo).15 F -.25(va)-.15 G 5.859(lf).25 G 3.359
+(ailure and missing de)-5.959 F 3.36
+(vice or PIN an instruction for manual remo)-.25 F -.25(va)-.15 G 5.86
+(lw).25 G(ith)-5.86 E F4(fido2-token)108 266.4 Q F0(\(1\) is issued.)A
+(See)108 283.2 Q F4(zfs-fido2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(ENVIR)72 300 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 312 Q F0 .046
+(By def)133 324 R .045(ault, passphrases are prompted for and read in o\
+n the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 336 Q F0 1.595(is set and nonempty)4.095 F
+4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 348 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 364.8 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 376.8 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 388.8 Q F0
+(Pre-formatted noun phrase with all the information belo)160 388.8 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 400.8 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 400.8 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 412.8 Q F0("ne)160
+412.8 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 424.8 Q F0("ag)160 424.8 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 441.6 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+453.6 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
+(FIDO2 back-end con\214guration)72 470.4 R(En)87 482.4 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F4(FIDO_DEBUG)108 494.4 Q F0
+(If set, enables lib\214do2 deb)173 494.4 Q
+(ug logging to the standard error stream.)-.2 E F1(De)87 511.2 Q .625
+(vice selection)-.15 F F0 .727(When creating, the \214rst de)108 523.2 R
+.727(vice which supports the)-.25 F F4(hmac-secret)3.226 E F0 -.15(ex)
+3.226 G .726(tension is used.).15 F .726(When loading,)5.726 F
+(the assertion is shopped around to e)108 535.2 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F1 .625(See also)87 552 R F0
+(The lib\214do2 documentation at https://de)108 564 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F1 1.666(SPECIAL THANKS)72 580.8 R
+F0 1.6 -.8(To a)108 592.8 T(ll who support further de).8 E -.15(ve)-.25
+G(lopment, in particular:).15 E F1<83>128 604.8 Q F0(ThePhD)7.5 E F1<83>
+128 616.8 Q F0(Embark Studios)7.5 E F1<83>128 628.8 Q F0(Jasper Bekk)7.5
+E(ers)-.1 E F1<83>128 640.8 Q F0(EvModder)7.5 E F1(REPOR)72 657.6 Q
+1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 669.6 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 686.4 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 698.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(March 4, 2024)161.068 E(1)191.337 E 0 Cg EP
+%%Page: 1 5
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF(ZFS-FIDO2-LO)72 48 Q 55.603(AD-KEY\(8\) System)
+-.35 F(Manager')2.5 E 2.5(sM)-.55 G 53.102(anual ZFS-FIDO2-LO)-2.5 F
+(AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
+/Courier-Bold@0 SF(zfs-fido2-load-key)108 96 Q F0 2.5<8a6c>2.5 G
+(oad FIDO2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 1.142(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.642 E F0 -.1
+(wa)3.642 G 3.641(se).1 G 1.141(ncrypted with)-3.641 F F2(tzpfms)3.641 E
+F0(back)3.641 E(end)-.1 E F1(FIDO2)3.641 E F0 3.641(,a)C 1.141
+(sserts the preserv)-3.641 F 1.141(ed chal-)-.15 F(lenge, HMA)108 165.6
+Q(Cking the salt with the on-de)-.4 E
+(vice secret, and loads the resulting k)-.25 E .3 -.15(ey i)-.1 H(nto)
+.15 E F3(dataset)2.5 E F0(.)A(See)108 182.4 Q/F4 10/Courier@0 SF
+(zfs-fido2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
+(OPTIONS)72 199.2 Q F2<ad6e>109.666 211.2 Q F0 3.208
+(Do a no-op/dry run, can be used e)131 211.2 R -.15(ve)-.25 G 5.708(ni)
+.15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)-.1 H 5.708
+(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.208 E -.25(va)-.25 G
+3.208(lent to).25 F F2(zfs)5.708 E(load-key)131 223.2 Q F0 -.55('s)C F2
+<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 240 Q 1.666(ONMENT V)-.3 F
+(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 252 Q F0 .046(By def)
+133 264 R .045(ault, passphrases are prompted for and read in on the st\
+andard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 276 Q F0 1.595(is set and nonempty)4.095 F
+4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 288 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 304.8 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 316.8 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 328.8 Q F0
+(Pre-formatted noun phrase with all the information belo)160 328.8 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 340.8 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 340.8 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 352.8 Q F0("ne)160
+352.8 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 364.8 Q F0("ag)160 364.8 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 381.6 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+393.6 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666(SPECIAL THANKS)
+72 410.4 R F0 1.6 -.8(To a)108 422.4 T(ll who support further de).8 E
+-.15(ve)-.25 G(lopment, in particular:).15 E F1<83>128 434.4 Q F0
+(ThePhD)7.5 E F1<83>128 446.4 Q F0(Embark Studios)7.5 E F1<83>128 458.4
+Q F0(Jasper Bekk)7.5 E(ers)-.1 E F1<83>128 470.4 Q F0(EvModder)7.5 E F1
+(REPOR)72 487.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+499.2 Q(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 516 Q F0 83.763(,a)C(rchi)
+-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E(https://lists.sr)
+108 528 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 28, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 1 6
+%%BeginPageSetup
+BP
+%%EndPageSetup
 /F0 10/Times-Roman@0 SF 93.563(ZFS-TPM-LIST\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 91.062(anual ZFS-TPM-LIST\(8\))-2.5 F/F1
 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm-list)108 96 Q F0 2.5<8a70>2.5 G(rint dataset tzpfms metadata)
--2.5 E F1(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2
-<ad48>1.666 E F0 2.5(][)C F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E/F3 10
-/Courier-Oblique@0 SF(depth)6 E F0 2.5(][)C F2<ad61>-.834 E F0(|)A F2
-<ad62>1.666 E F3(back-end)6 E F0 2.5(][)C F2<ad75>-.834 E F0(|)A F2
-<ad6c>1.666 E F0(])A([)186 136.8 Q F3(filesystem)A F0(|)A F3(volume)A F0
+-2.5 E F1(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)
+2.5 E F2<ad48>1.666 E F0 2.5(][)C F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E
+/F3 10/Courier-Oblique@0 SF(depth)6 E F0 2.5(][)C F2<ad61>-.834 E F0(|)A
+F2<ad62>1.666 E F3(back-end)6 E F0 2.5(][)C F2<ad75>-.834 E F0(|)A F2
+<ad6c>1.666 E F0(])A([)234 136.8 Q F3(filesystem)A F0(|)A F3(volume)A F0
 1.666(]...)C F1(DESCRIPTION)72 153.6 Q F0(Lists the follo)108 165.6 Q
 (wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)128
-177.6 Q(back-end)128 189.6 Q F0(the)187 189.6 Q F2(tzpfms)2.979 E F0
+177.6 Q(back-end)128 189.6 Q F0(the)187 189.6 Q F2(tzpfms)2.978 E F0
 .478(back-end \(e.g.)2.978 F F1(TPM2)2.978 E F0(for)2.978 E F4
-(zfs-tpm2-change-key)2.978 E F0 .478(\(8\) or)B F1(TPM1.X)2.978 E F0
+(zfs-tpm2-change-key)2.978 E F0 .478(\(8\) or)B F1(TPM1.X)2.979 E F0
 (for)187 201.6 Q F4(zfs-tpm1x-change-key)2.5 E F0(\(8\)\), or ")A F1(-)A
 F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4(keystatus)128
 213.6 Q F1 -2.1 -.25(av a)187 213.6 T(ilable).25 E F0(or)2.5 E F1(una)
@@ -300,18 +669,18 @@ F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4(keystatus)128
 2.5 E F1(no)2.5 E F0(otherwise)2.5 E 8.743(Incoherent datasets require \
 immediate operator attention, with either the appropriate)108 254.4 R F2
 (zfs-tpm)108 266.4 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 1.778
-(program or)4.277 F F2 1.778(zfs change-key)4.278 F F0(and)4.278 E F2
+(program or)4.278 F F2 1.778(zfs change-key)4.278 F F0(and)4.278 E F2
 1.778(zfs inherit)4.278 F F0 4.278<8a69>4.278 G 4.278(ft)-4.278 G 1.778
-(he k)-4.278 F 2.078 -.15(ey b)-.1 H(e-).15 E .566(comes unloaded, the)
-108 278.4 R 3.066(yw)-.15 G .566(ill require restoration from back-up.)
--3.066 F(Ho)5.566 E(we)-.25 E -.15(ve)-.25 G 1.366 -.4(r, t).15 H .566
-(his should ne).4 F -.15(ve)-.25 G 3.065(ro).15 G(ccur)-3.065 E 3.065
-(,u)-.4 G(nless)-3.065 E
+(he k)-4.278 F 2.077 -.15(ey b)-.1 H(e-).15 E .565(comes unloaded, the)
+108 278.4 R 3.065(yw)-.15 G .566(ill require restoration from back-up.)
+-3.065 F(Ho)5.566 E(we)-.25 E -.15(ve)-.25 G 1.366 -.4(r, t).15 H .566
+(his should ne).4 F -.15(ve)-.25 G 3.066(ro).15 G(ccur)-3.066 E 3.066
+(,u)-.4 G(nless)-3.066 E
 (something went horribly wrong with the dataset properties.)108 290.4 Q
 .965(If no datasets are speci\214ed, all matching encryption roots are \
-listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F2
+listed \212 by def)108 307.2 R .965(ault, those managed by)-.1 F F2
 (tzpfms)108 319.2 Q F0(.)A F1(OPTIONS)72 336 Q F2<ad48>109.666 348 Q F0
-1.583(Scripting mode \212 remo)185 348 R 1.883 -.15(ve h)-.15 H 1.583
+1.582(Scripting mode \212 remo)185 348 R 1.882 -.15(ve h)-.15 H 1.583
 (eaders and separate \214elds by a single tab instead of).15 F
 (columnating them with spaces.)185 360 Q F2<ad72>109.666 376.8 Q F0
 (Recurse into all descendants of speci\214ed datasets.)185 376.8 Q F2
@@ -326,26 +695,28 @@ listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F2
 G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2<ad6c>109.666 446.4 Q F0
 (List only encryption roots whose k)185 446.4 Q -.15(ey)-.1 G 2.5(sa).15
 G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 463.2 Q F4($)
-108 475.2 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)108 487.2 R 18
-(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
+108 475.2 Q F2(zfs-fido2-add-backup)6 E F4 72(NAME BACK-END)108 487.2 R
+18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
 (available yes)24 F 6(tarta-zoot/home TPM2)108 511.2 R 6
-(unavailable yes)36 F($)108 535.2 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4
-24(NAME BACK-END)108 547.2 R 6(KEYSTATUS COHERENT)12 F 6(filling -)108
-559.2 R 6(available yes)54 F($)108 583.2 Q F2 1.666(zfs-tpm-list \255b)6
-F F1(TPM2)6 E F4 72(NAME BACK-END)108 595.2 R 18(KEYSTATUS COHERENT)12 F
-6(tarta-zoot/home TPM2)108 607.2 R 6(unavailable yes)36 F($)108 631.2 Q
-F2 1.666(zfs-tpm-list \255ra)6 F F3(tarta-zoot)6 E F4 72(NAME BACK-END)
-108 643.2 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 655.2 R
-18(available yes)24 F 6(tarta-zoot/home TPM2)108 667.2 R 6
-(unavailable yes)36 F 12(tarta-zoot/bkp -)108 679.2 R 18(available yes)
-54 F 18(tarta-zoot/vm -)108 691.2 R 18(available yes)54 F($)108 715.2 Q
-F2 1.666(zfs-tpm-list \255al)6 F F4 72(NAME BACK-END)108 727.2 R 6
+(unavailable yes)36 F($)108 535.2 Q F2 1.666
+(zfs-fido2-add-backup \255ad0)6 F F4 24(NAME BACK-END)108 547.2 R 6
+(KEYSTATUS COHERENT)12 F 6(filling -)108 559.2 R 6(available yes)54 F($)
+108 583.2 Q F2 1.666(zfs-fido2-add-backup \255b)6 F F1(TPM2)6 E F4 72
+(NAME BACK-END)108 595.2 R 18(KEYSTATUS COHERENT)12 F 6
+(tarta-zoot/home TPM2)108 607.2 R 6(unavailable yes)36 F($)108 631.2 Q
+F2 1.666(zfs-fido2-add-backup \255ra)6 F F3(tarta-zoot)6 E F4 72
+(NAME BACK-END)108 643.2 R 18(KEYSTATUS COHERENT)12 F 36
+(tarta-zoot TPM1.X)108 655.2 R 18(available yes)24 F 6
+(tarta-zoot/home TPM2)108 667.2 R 6(unavailable yes)36 F 12
+(tarta-zoot/bkp -)108 679.2 R 18(available yes)54 F 18(tarta-zoot/vm -)
+108 691.2 R 18(available yes)54 F($)108 715.2 Q F2 1.666
+(zfs-fido2-add-backup \255al)6 F F4 72(NAME BACK-END)108 727.2 R 6
 (KEYSTATUS COHERENT)12 F 54(filling -)108 739.2 R 6(available yes)54 F
 36(tarta-zoot TPM1.X)108 751.2 R 6(available yes)24 F 12
 (tarta-zoot/bkp -)108 763.2 R 6(available yes)54 F 18(tarta-zoot/vm -)
 108 775.2 R 6(available yes)54 F F0(tzpfms 0.3.4-24-g52a4871)72 817.889
 Q(December 4, 2022)83.023 E(1)183.842 E 0 Cg EP
-%%Page: 2 2
+%%Page: 2 7
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -358,11 +729,11 @@ BP
 (EvModder)7.5 E F1(REPOR)72 160.8 Q 1.666(TING B)-.4 F(UGS)-.1 E F0
 (https://todo.sr)108 172.8 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25
 E/F2 10/Courier@0 SF(\001nabijaczleweli/tzpfms@lists.sr.ht)108 189.6 Q
-F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
+F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
 (https://lists.sr)108 201.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
 -.25 E(tzpfms 0.3.4-24-g52a4871)72 817.889 Q(December 4, 2022)83.023 E
 (2)183.842 E 0 Cg EP
-%%Page: 1 3
+%%Page: 1 8
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -371,159 +742,161 @@ BP
 -2.5 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0
 SF(zfs-tpm1x-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)
 -2.5 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne stored on the TPM)-2.5 E F1
-(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>
-1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>
--.834 E F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-1.666 E F3
-(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 6.867 -.8(To n)108 153.6 T
-5.267(ormalise the).8 F F3(dataset)7.767 E F0(,)A F2(zfs-tpm-list)7.766
-E F0 5.266(will open its encryption root in its stead.)7.766 F F2
-(zfs-tpm-list)108 165.6 Q F0(will)2.5 E/F4 10/Times-Italic@0 SF(ne)2.5 E
-(ver)-.15 E F0(create or destro)2.5 E 2.5(ye)-.1 G(ncryption roots; use)
--2.5 E/F5 10/Courier@0 SF(zfs-change-key)2.5 E F0(\(8\) for that.)A
-(First, a connection is made to the TPM, which)108 182.4 Q F4(must)2.5 E
-F0(be TPM-1.X-compatible.)2.5 E(If)108 199.2 Q F3(dataset)3.176 E F0 -.1
+(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2
+<ad62>1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2
+<ad50>-.834 E F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-1.666
+E F3(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 2.866 -.8(To n)108 153.6
+T 1.266(ormalise the).8 F F3(dataset)3.766 E F0(,)A F2
+(zfs-fido2-add-backup)3.766 E F0 1.266
+(will open its encryption root in its stead.)3.766 F F2
+(zfs-fido2-add-backup)108 165.6 Q F0(will)14.655 E/F4 10/Times-Italic@0
+SF(ne)14.655 E(ver)-.15 E F0 12.154(create or destro)14.655 F 14.654(ye)
+-.1 G 12.154(ncryption roots; use)-14.654 F/F5 10/Courier@0 SF
+(zfs-change-key)108 177.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 194.4 Q F4(must)2.5 E
+F0(be TPM-1.X-compatible.)2.5 E(If)108 211.2 Q F3(dataset)3.176 E F0 -.1
 (wa)3.176 G 3.176(sp).1 G(re)-3.176 E .676(viously encrypted with)-.25 F
 F2(tzpfms)3.176 E F0 .676(and the)3.176 F F1(TPM1.X)3.176 E F0 .676
 (back-end w)3.176 F .676(as used, the meta-)-.1 F .926
-(data will be silently cleared.)108 211.2 R .926
+(data will be silently cleared.)108 223.2 R .926
 (Otherwise, or in case of an error)5.926 F 3.426(,d)-.4 G .926
 (ata required for manual interv)-3.426 F(ention)-.15 E
-(will be written to the standard error stream.)108 223.2 Q(Ne)108 240 Q
+(will be written to the standard error stream.)108 235.2 Q(Ne)108 252 Q
 .294(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594 -.15
 (ey i)-.1 H 2.794(sg).15 G .294(enerated on the TPM, optionally back)
 -2.794 F .294(ed up \(see)-.1 F F1(OPTIONS)2.794 E F0 .294
 (\), and sealed)B .586(on the TPM; the user is prompted for an optional\
- passphrase to protect the k)108 252 R .885 -.15(ey w)-.1 H .585
-(ith, and for the SRK).15 F(passphrase, set when taking o)108 264 Q
+ passphrase to protect the k)108 264 R .885 -.15(ey w)-.1 H .585
+(ith, and for the SRK).15 F(passphrase, set when taking o)108 276 Q
 (wnership, if not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E(The follo)
-108 280.8 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
-<83>128 292.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
-(TPM1.X)A<83>128 304.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A
+108 292.8 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
+<83>128 304.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
+(TPM1.X)A<83>128 316.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A
 F3(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)
-108 321.6 Q F0 .291(identi\214es this dataset for w)2.791 F .292
+108 333.6 Q F0 .291(identi\214es this dataset for w)2.791 F .292
 (ork with)-.1 F F1(TPM1.X)2.792 E F0(-back-ended)A F2(tzpfms)2.792 E F0
-.292(tools \(namely)2.792 F F5(zfs-tpm1x-change-key)108 333.6 Q F0
+.292(tools \(namely)2.792 F F5(zfs-tpm1x-change-key)108 345.6 Q F0
 (\(8\),)A F5(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5
-(zfs-tpm1x-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 350.4 Q F0
+(zfs-tpm1x-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 362.4 Q F0
 1.412(is a colon-separated pair of he)3.913 F 1.412
 (xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the)-.15 F .867
-(\214rst one represents the RSA k)108 362.4 R 1.167 -.15(ey p)-.1 H .868
+(\214rst one represents the RSA k)108 374.4 R 1.167 -.15(ey p)-.1 H .868
 (rotecting the blob, and it is protected with either the passphrase, if)
-.15 F(pro)108 374.4 Q 1.414(vided, or the SHA1 constant)-.15 F F5
+.15 F(pro)108 386.4 Q 1.414(vided, or the SHA1 constant)-.15 F F5
 (CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)3.913 E F0 3.913(;t)C 1.413
 (he sec-)-3.913 F .379
-(ond represents the sealed object containing the wrapping k)108 386.4 R
+(ond represents the sealed object containing the wrapping k)108 398.4 R
 -.15(ey)-.1 G 2.879(,a)-.5 G .379
 (nd is protected with the SHA1 constant)-2.879 F F5
-(B9EE715DBE4B243FAA81EA04306E063710383E35)108 398.4 Q F0 6.721(.T)C
+(B9EE715DBE4B243FAA81EA04306E063710383E35)108 410.4 Q F0 6.721(.T)C
 1.721(here e)-6.721 F 1.721(xists no other user)-.15 F 1.72
 (-land tool for)-.2 F(decrypting this; perhaps there should be.)108
-410.4 Q(Finally)108 427.2 Q 12.005(,t)-.65 G 9.505(he equi)-12.005 F
+422.4 Q(Finally)108 439.2 Q 12.005(,t)-.65 G 9.505(he equi)-12.005 F
 -.25(va)-.25 G 9.505(lent of).25 F F2 9.505(zfs change-key)12.005 F
 <ad6f>17.172 E F5(keylocation=prompt)15.506 E F2<ad6f>17.172 E F5
-(keyformat=raw)108 439.2 Q F3(dataset)6.107 E F0 .107
+(keyformat=raw)108 451.2 Q F3(dataset)6.107 E F0 .107
 (is performed with the ne)2.607 F 2.606(wk)-.25 G -.15(ey)-2.706 G 5.106
 (.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .106
 (rror occurred, best ef)-2.606 F .106(fort is made)-.25 F
 (to clean up the properties, or to issue a note for manual interv)108
-451.2 Q(ention into the standard error stream.)-.15 E 4.055<418c>108 468
+463.2 Q(ention into the standard error stream.)-.15 E 4.055<418c>108 480
 S 1.555(nal v)-4.055 F 1.556(eri\214cation should be made by running)
 -.15 F F2 3.222(zfs-tpm1x-load-key \255n)4.056 F F3(dataset)7.556 E F0
 6.556(.I)C 4.056(ft)-6.556 G(hat)-4.056 E .729
-(command succeeds, all is well, b)108 480 R .729
+(command succeeds, all is well, b)108 492 R .729
 (ut otherwise the dataset can be manually rolled back to a passphrase)
--.2 F(with)108 492 Q F2(zfs-tpm1x-clear-key)5.146 E F3(dataset)8.646 E
+-.2 F(with)108 504 Q F2(zfs-tpm1x-clear-key)5.146 E F3(dataset)8.646 E
 F0(\(or)5.146 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
 2.646(ails to w)-.1 F(ork,)-.1 E F2 2.647(zfs change-key)5.147 F<ad6f>
-10.313 E F5(keyformat=passphrase)108 504 Q F3(dataset)6 E F0
+10.313 E F5(keyformat=passphrase)108 516 Q F3(dataset)6 E F0
 (\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F2(zfs-tpm1x-clear-key)108 520.8 Q F3(dataset)7.607 E F0 1.607
+F2(zfs-tpm1x-clear-key)108 532.8 Q F3(dataset)7.607 E F0 1.607
 (can be used to clear the properties and go back to using a)4.107 F
-(passphrase.)108 532.8 Q F1(OPTIONS)72 549.6 Q F2<ad62>109.666 561.6 Q
-F3(backup-file)6 E F0(Sa)203 561.6 Q .352 -.15(ve a b)-.2 H .052
+(passphrase.)108 544.8 Q F1(OPTIONS)72 561.6 Q F2<ad62>109.666 573.6 Q
+F3(backup-file)6 E F0(Sa)203 573.6 Q .352 -.15(ve a b)-.2 H .052
 (ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
 E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
-F .694(This back-up)203 573.6 R F4(must)3.194 E F0 .694
+F .694(This back-up)203 585.6 R F4(must)3.194 E F0 .694
 (be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
 (-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
-(nt,).15 E(the k)203 585.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)233 597.6 Q F3(dataset)6 E F5(<)6 E F3
-(backup-file)6 E F2<ad50>109.666 614.4 Q F3(PCR)6 E F0([)A F2(,)A F3
-(PCR)A F0 1.666(]...)C .638(Bind the k)203 614.4 R .939 -.15(ey t)-.1 H
+(nt,).15 E(the k)203 597.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 609.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 626.4 Q F3(PCR)6 E F0([)A F2(,)A F3
+(PCR)A F0 1.666(]...)C .638(Bind the k)203 626.4 R .939 -.15(ey t)-.1 H
 3.139(os).15 G .639(pace- or comma-separated)-3.139 F F3(PCR)3.139 E F0
 3.139(s\212i)C 3.139(ft)-3.139 G(he)-3.139 E 3.139(yc)-.15 G .639
-(hange, the wrap-)-3.139 F .463(ping k)203 626.4 R .763 -.15(ey w)-.1 H
+(hange, the wrap-)-3.139 F .463(ping k)203 638.4 R .763 -.15(ey w)-.1 H
 .463(ill not be able to be unsealed.).15 F .462
-(The minimum number of PCRs for a)5.462 F(PC TPM is)203 638.4 Q F1(24)
+(The minimum number of PCRs for a)5.462 F(PC TPM is)203 650.4 Q F1(24)
 2.5 E F0(\(numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0 2.5(]\). F)B
-(or most, this is also the maximum.)-.15 E F1(ENVIR)72 655.2 Q 1.666
-(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108 667.2 Q
-F0 .045(By def)133 679.2 R .045(ault, passphrases are prompted for and \
+(or most, this is also the maximum.)-.15 E F1(ENVIR)72 667.2 Q 1.666
+(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108 679.2 Q
+F0 .045(By def)133 691.2 R .045(ault, passphrases are prompted for and \
 read in on the standard output and input streams.)-.1 F(If)5.046 E F5
-(TZPFMS_PASSPHRASE_HELPER)133 691.2 Q F0 1.596(is set and nonempty)4.096
+(TZPFMS_PASSPHRASE_HELPER)133 703.2 Q F0 1.596(is set and nonempty)4.096
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F5
-(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 703.2 Q
+(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 715.2 Q
 (vide each passphrase, instead.)-.15 E .643
-(The standard output stream of the helper is tied to an anon)133 720 R
+(The standard output stream of the helper is tied to an anon)133 732 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
-133 732 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F5($1)143 744 Q F0
-(Pre-formatted noun phrase with all the information belo)160 744 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E(tzpfms 0.3.4-24-g52a4871)72
+133 744 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E(tzpfms 0.3.4-24-g52a4871)72
 817.889 Q(February 28, 2024)83.018 E(1)183.837 E 0 Cg EP
-%%Page: 2 4
+%%Page: 2 9
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF 36.913(ZFS-TPM1X-CHANGE-KEY\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 34.412(anual ZFS-TPM1X-CHANGE-KEY\(8\))
--2.5 F/F1 10/Courier@0 SF($2)143 84 Q F0
-(Either the dataset name or the element of the TPM hierarch)160 84 Q 2.5
-(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 96 Q F0("ne)160 96 Q
+-2.5 F/F1 10/Courier@0 SF($1)143 84 Q F0
+(Pre-formatted noun phrase with all the information belo)160 84 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F1($2)143 96 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 96 Q 2.5
+(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 108 Q F0("ne)160 108 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F1($4)143 108 Q F0("ag)160 108 Q(ain" if it')-.05 E 2.5(st)-.55 G
+-2.5 E F1($4)143 120 Q F0("ag)160 120 Q(ain" if it')-.05 E 2.5(st)-.55 G
 (he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 124.8 R 2.678(te)-.18 G .178
+(If the helper doesn')133 136.8 R 2.678(te)-.18 G .178
 (xist \(the shell e)-2.828 F .177(xits with)-.15 F/F2 10/Times-Bold@0 SF
 (127)2.677 E F0 .177(\), a diagnostic is issued and the normal prompt)B
-(is used as f)133 136.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
+(is used as f)133 148.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
 -.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F2
-1.666(TPM1.X back-end con\214guration)72 153.6 R .625(TPM selection)87
-165.6 R F0(The)108 177.6 Q/F3 10/Courier-Bold@0 SF(tzpfms)2.729 E F0
+1.666(TPM1.X back-end con\214guration)72 165.6 R .625(TPM selection)87
+177.6 R F0(The)108 189.6 Q/F3 10/Courier-Bold@0 SF(tzpfms)2.729 E F0
 .229(suite connects to a local)2.729 F F1(tcsd)2.73 E F0 .23
 (\(8\) process \(at)B F1(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
--2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 189.6 Q
+-2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 201.6 Q
 (vironment v)-.4 E(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .111(The T)108 206.4 R(rouSerS)
+(to specify a remote TCS hostname.)2.5 E .111(The T)108 218.4 R(rouSerS)
 -.35 E F1(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F1(/dev/tpm0)2.61
 E F0 2.61(,t)C(hen)-2.61 E F1(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
 F1(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
-218.4 S(ing one of the earlier ones with, for e).1 E
+230.4 S(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F2 .625
-(See also)87 235.2 R F0(The T)108 247.2 Q
+(See also)87 247.2 R F0(The T)108 259.2 Q
 (rouSerS project page at https://sourcefor)-.35 E
 (ge.net/projects/trousers.)-.18 E 4.415
-(The TPM 1.2 main speci\214cation inde)108 264 R 6.915(xa)-.15 G 6.915
+(The TPM 1.2 main speci\214cation inde)108 276 R 6.915(xa)-.15 G 6.915
 (th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
-(g/resource/tpm-main-)-.18 E(speci\214cation.)108 276 Q F2 1.666
-(SPECIAL THANKS)72 292.8 R F0 1.6 -.8(To a)108 304.8 T
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 288 Q F2 1.666
+(SPECIAL THANKS)72 304.8 R F0 1.6 -.8(To a)108 316.8 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F2<83>128 316.8 Q F0(ThePhD)7.5 E F2<83>128 328.8 Q F0
-(Embark Studios)7.5 E F2<83>128 340.8 Q F0(Jasper Bekk)7.5 E(ers)-.1 E
-F2<83>128 352.8 Q F0(EvModder)7.5 E F2(REPOR)72 369.6 Q 1.666(TING B)-.4
-F(UGS)-.1 E F0(https://todo.sr)108 381.6 Q(.ht/\001nabijaczle)-.55 E
-(weli/tzpfms)-.25 E F1(\001nabijaczleweli/tzpfms@lists.sr.ht)108 398.4 Q
+.15 E F2<83>128 328.8 Q F0(ThePhD)7.5 E F2<83>128 340.8 Q F0
+(Embark Studios)7.5 E F2<83>128 352.8 Q F0(Jasper Bekk)7.5 E(ers)-.1 E
+F2<83>128 364.8 Q F0(EvModder)7.5 E F2(REPOR)72 381.6 Q 1.666(TING B)-.4
+F(UGS)-.1 E F0(https://todo.sr)108 393.6 Q(.ht/\001nabijaczle)-.55 E
+(weli/tzpfms)-.25 E F1(\001nabijaczleweli/tzpfms@lists.sr.ht)108 410.4 Q
 F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
-(https://lists.sr)108 410.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
--.25 E F2 1.666(SEE ALSO)72 427.2 R F0
-(PCR allocations: https://wiki.archlinux.or)108 439.2 Q(g/title/T)-.18 E
+(https://lists.sr)108 422.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
+-.25 E F2 1.666(SEE ALSO)72 439.2 R F0
+(PCR allocations: https://wiki.archlinux.or)108 451.2 Q(g/title/T)-.18 E
 (rusted_Platform_Module#Accessing_PCR_re)-.35 E(gisters)-.15 E
-(and https://trustedcomputinggroup.or)108 451.2 Q
+(and https://trustedcomputinggroup.or)108 463.2 Q
 (g/wp-content/uploads/PC-)-.18 E(ClientSpeci\214c_Platform_Pro\214le_fo\
-r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 463.2 Q
-(able)-.8 E(1.)108 475.2 Q(tzpfms 0.3.4-24-g52a4871)72 817.889 Q
+r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 475.2 Q
+(able)-.8 E(1.)108 487.2 Q(tzpfms 0.3.4-24-g52a4871)72 817.889 Q
 (February 28, 2024)83.018 E(2)183.837 E 0 Cg EP
-%%Page: 1 5
+%%Page: 1 10
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -533,14 +906,14 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm1x-clear-key)108 96 Q F0 3.008<8a72>3.007 G -.25(ew)-3.008 G
 .508(rap ZFS dataset k).25 F .808 -.15(ey i)-.1 H 3.008(np).15 G(asssw)
 -3.008 E .508(ord and clear tzpfms TPM1.X meta-)-.1 F(data)108 108 Q F1
-(SYNOPSIS)72 124.8 Q F2(zfs-tpm-list)108 136.8 Q/F3 10/Courier-Oblique@0
-SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0(After v)108 165.6 Q
-(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G
-(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM1.X)
-2.5 E F0(:)A 5(1. performs)118 177.6 R 5.642(the equi)8.142 F -.25(va)
--.25 G 5.642(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.307 E
-/F4 10/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E F4
-(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
+(SYNOPSIS)72 124.8 Q F2(zfs-fido2-add-backup)108 136.8 Q/F3 10
+/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0
+(After v)108 165.6 Q(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E
+F1(TPM1.X)2.5 E F0(:)A 5(1. performs)118 177.6 R 5.642(the equi)8.142 F
+-.25(va)-.25 G 5.642(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>
+13.307 E/F4 10/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E
+F4(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
 201.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F4
 (xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A F0(,)A F4(key)
 14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
@@ -575,7 +948,7 @@ F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 504 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-24-g52a4871)72 817.889 Q(December 4, 2022)83.023 E(1)
 183.842 E 0 Cg EP
-%%Page: 1 6
+%%Page: 1 11
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -584,13 +957,13 @@ BP
 (AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
 /Courier-Bold@0 SF(zfs-tpm1x-load-key)108 96 Q F0 2.5<8a6c>2.5 G
 (oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E F0(])A/F3
-10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 .191
-(After v)108 153.6 R(erifying)-.15 E F3(dataset)2.691 E F0 -.1(wa)2.691
-G 2.691(se).1 G .191(ncrypted with)-2.691 F F2(tzpfms)2.69 E F0(back)
-2.69 E(end)-.1 E F1(TPM1.X)2.69 E F0 .19(will unseal the k)2.69 F .49
--.15(ey a)-.1 H .19(nd load).15 F(it into)108 165.6 Q F3(dataset)2.5 E
-F0(.)A .236
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 .191(After v)108 153.6 R(erifying)-.15 E F3(dataset)2.691 E F0 -.1
+(wa)2.691 G 2.691(se).1 G .191(ncrypted with)-2.691 F F2(tzpfms)2.69 E
+F0(back)2.69 E(end)-.1 E F1(TPM1.X)2.69 E F0 .19(will unseal the k)2.69
+F .49 -.15(ey a)-.1 H .19(nd load).15 F(it into)108 165.6 Q F3(dataset)
+2.5 E F0(.)A .236
 (The user is \214rst prompted for the SRK passphrase, set when taking o)
 108 182.4 R .236(wnership, if not "well-kno)-.25 F .236(wn" \(all)-.25 F
 (zeroes\); then for the additional passphrase, set when creating the k)
@@ -655,7 +1028,7 @@ F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
 (https://lists.sr)108 696 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-24-g52a4871)72 817.889 Q(December 4, 2022)83.023 E(1)
 183.842 E 0 Cg EP
-%%Page: 1 7
+%%Page: 1 12
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -664,132 +1037,132 @@ BP
 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm2-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5
 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne stored on the TPM)-2.5 E F1
-(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>
-1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>
--.834 E F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666
-(]...)C([)186 136.8 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)
-A F3(PCR)A F0 1.666(]...)C -3.332 1.666(]... [)-1.666 H F2<ad41>A F0(]])
-A F3(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0 1.676 -.8(To n)108 165.6
-T(ormalise).8 E F3(dataset)2.576 E F0(,)A F2(zfs-tpm-list)2.576 E F0
-.076(will open its encryption root in its stead.)2.576 F F2
-(zfs-tpm-list)5.077 E F0(will)108 177.6 Q/F4 10/Times-Italic@0 SF(ne)2.5
-E(ver)-.15 E F0(create or destro)2.5 E 2.5(ye)-.1 G
-(ncryption roots; use)-2.5 E/F5 10/Courier@0 SF(zfs-change-key)2.5 E F0
-(\(8\) for that.)A(First, a connection is made to the TPM, which)108
-194.4 Q F4(must)2.5 E F0(be TPM-2.0-compatible.)2.5 E(If)108 211.2 Q F3
-(dataset)3.055 E F0 -.1(wa)3.055 G 3.055(sp).1 G(re)-3.055 E .555
-(viously encrypted with)-.25 F F2(tzpfms)3.055 E F0 .555(and the)3.055 F
-F1(TPM2)3.055 E F0 .554(back-end w)3.054 F .554(as used, the pre)-.1 F
-(vious)-.25 E -.1(ke)108 223.2 S 3.059(yw)-.05 G .559
-(ill be freed from the TPM.)-3.059 F .56
-(Otherwise, or in case of an error)5.56 F 3.06(,d)-.4 G .56
-(ata required for manual interv)-3.06 F(en-)-.15 E
-(tion will be written to the standard error stream.)108 235.2 Q(Ne)108
-252 Q .295(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594
+(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2
+<ad62>1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2
+<ad50>-.834 E F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0
+1.666(]...)C([)234 136.8 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A
+F2(,)A F3(PCR)A F0 1.666(]...)C -3.332 1.666(]... [)-1.666 H F2<ad41>A
+F0(]])A F3(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0 4.319 -.8(To n)108
+165.6 T(ormalise).8 E F3(dataset)5.219 E F0(,)A F2(zfs-fido2-add-backup)
+5.219 E F0 2.72(will open its encryption root in its stead.)5.219 F F2
+(zfs-fido2-add-backup)108 177.6 Q F0(will)14.655 E/F4 10/Times-Italic@0
+SF(ne)14.655 E(ver)-.15 E F0 12.154(create or destro)14.655 F 14.654(ye)
+-.1 G 12.154(ncryption roots; use)-14.654 F/F5 10/Courier@0 SF
+(zfs-change-key)108 189.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 206.4 Q F4(must)2.5 E
+F0(be TPM-2.0-compatible.)2.5 E(If)108 223.2 Q F3(dataset)3.054 E F0 -.1
+(wa)3.054 G 3.054(sp).1 G(re)-3.054 E .554(viously encrypted with)-.25 F
+F2(tzpfms)3.055 E F0 .555(and the)3.055 F F1(TPM2)3.055 E F0 .555
+(back-end w)3.055 F .555(as used, the pre)-.1 F(vious)-.25 E -.1(ke)108
+235.2 S 3.06(yw)-.05 G .56(ill be freed from the TPM.)-3.06 F .56
+(Otherwise, or in case of an error)5.56 F 3.059(,d)-.4 G .559
+(ata required for manual interv)-3.059 F(en-)-.15 E
+(tion will be written to the standard error stream.)108 247.2 Q(Ne)108
+264 Q .294(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594
 -.15(ey i)-.1 H 2.794(sg).15 G .294
 (enerated on the TPM, optionally back)-2.794 F .294(ed up \(see)-.1 F F1
-(OPTIONS)2.794 E F0 .294(\), and sealed)B .588
-(to a persistent object on the TPM under the o)108 264 R .589
-(wner hierarch)-.25 F .589(y; if there is a passphrase set on the o)-.05
-F(wner)-.25 E(hierarch)108 276 Q 1.603 -.65(y, t)-.05 H .302
+(OPTIONS)2.794 E F0 .294(\), and sealed)B .589
+(to a persistent object on the TPM under the o)108 276 R .589
+(wner hierarch)-.25 F .588(y; if there is a passphrase set on the o)-.05
+F(wner)-.25 E(hierarch)108 288 Q 1.602 -.65(y, t)-.05 H .302
 (he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .302
 (ys prompted for an optional passphrase to protect).1 F
-(the sealed object with.)108 288 Q(The follo)108 304.8 Q
+(the sealed object with.)108 300 Q(The follo)108 316.8 Q
 (wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>128
-316.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>
-128 328.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
-(persistent-object-ID)A F0([)139 340.8 Q F2(;)A F3(algorithm)A F2(:)A F3
+328.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>
+128 340.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
+(persistent-object-ID)A F0([)139 352.8 Q F2(;)A F3(algorithm)A F2(:)A F3
 (PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3
 (algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C
-1.666(]...)-1.666 G(])-1.666 E F5(tzpfms.backend)108 357.6 Q F0 1.263
-(identi\214es this dataset for w)3.763 F 1.264(ork with)-.1 F F1(TPM2)
-3.764 E F0(-back-ended)A F2(tzpfms)3.764 E F0 1.264(tools \(namely)3.764
-F F5(zfs-tpm2-change-key)108 369.6 Q F0(\(8\),)A F5(zfs-tpm2-load-key)
+1.666(]...)-1.666 G(])-1.666 E F5(tzpfms.backend)108 369.6 Q F0 1.264
+(identi\214es this dataset for w)3.764 F 1.263(ork with)-.1 F F1(TPM2)
+3.763 E F0(-back-ended)A F2(tzpfms)3.763 E F0 1.263(tools \(namely)3.763
+F F5(zfs-tpm2-change-key)108 381.6 Q F0(\(8\),)A F5(zfs-tpm2-load-key)
 2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0(\(8\)\).)A F5
-(tzpfms.key)108 386.4 Q F0 1.509(is an inte)4.009 F 1.509
+(tzpfms.key)108 398.4 Q F0 1.508(is an inte)4.008 F 1.509
 (ger representing the sealed object, optionally follo)-.15 F 1.509
-(wed by a semicolon and)-.25 F .822(PCR list as speci\214ed with)108
-398.4 R F2<ad50>4.988 E F0 3.322(,n)C .822(ormalised to be)-3.322 F F2
-(tpm-tools)3.322 E F0 .823(-toolchain-compatible; if needed, it can)B
-.866(be passed to)108 410.4 R F2 2.532(tpm2_unseal \255c)3.366 F F5
+(wed by a semicolon and)-.25 F .823(PCR list as speci\214ed with)108
+410.4 R F2<ad50>4.988 E F0 3.322(,n)C .822(ormalised to be)-3.322 F F2
+(tpm-tools)3.322 E F0 .822(-toolchain-compatible; if needed, it can)B
+.865(be passed to)108 422.4 R F2 2.532(tpm2_unseal \255c)3.366 F F5
 (${tzpfms.key)6.866 E F2(%%)A F5(;)A/F6 10/Symbol SF(*)A F5(})A F0(with)
-3.366 E F2<ad70>5.032 E F0(")6.866 E F5(str:${passphrase})A F0 3.365("o)
-C(r)-3.365 E F2<ad70>109.666 422.4 Q F0(")6.727 E F5(pcr:${tzpfms.key)A
-F2(#)A F6(*)A F5(;})A F0 .727(", as the case may be, or equi)B -.25(va)
--.25 G .728(lent, for back-up \(see).25 F F1(OPTIONS)3.228 E F0(\).)A
-.448(If you ha)108 434.4 R .748 -.15(ve a s)-.2 H .448(ealed k).15 F
+3.366 E F2<ad70>5.032 E F0(")6.866 E F5(str:${passphrase})A F0 3.366("o)
+C(r)-3.366 E F2<ad70>109.666 434.4 Q F0(")6.728 E F5(pcr:${tzpfms.key)A
+F2(#)A F6(*)A F5(;})A F0 .728(", as the case may be, or equi)B -.25(va)
+-.25 G .727(lent, for back-up \(see).25 F F1(OPTIONS)3.227 E F0(\).)A
+.447(If you ha)108 446.4 R .747 -.15(ve a s)-.2 H .447(ealed k).15 F
 .748 -.15(ey y)-.1 H .448(ou can access with that or equi).15 F -.25(va)
--.25 G .447(lent tool and set both of these properties, it).25 F
-(will funxion seamlessly)108 446.4 Q(.)-.65 E(Finally)108 463.2 Q 12.005
-(,t)-.65 G 9.505(he equi)-12.005 F -.25(va)-.25 G 9.505(lent of).25 F F2
-9.505(zfs change-key)12.005 F<ad6f>17.172 E F5(keylocation=prompt)15.506
-E F2<ad6f>17.172 E F5(keyformat=raw)108 475.2 Q F3(dataset)6.107 E F0
-.107(is performed with the ne)2.607 F 2.606(wk)-.25 G -.15(ey)-2.706 G
-5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .106
-(rror occurred, best ef)-2.606 F .106(fort is made)-.25 F .289(to clean\
+-.25 G .448(lent tool and set both of these properties, it).25 F
+(will funxion seamlessly)108 458.4 Q(.)-.65 E(Finally)108 475.2 Q 12.006
+(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506(lent of).25 F F2
+9.505(zfs change-key)12.005 F<ad6f>17.171 E F5(keylocation=prompt)15.505
+E F2<ad6f>17.171 E F5(keyformat=raw)108 487.2 Q F3(dataset)6.106 E F0
+.106(is performed with the ne)2.606 F 2.606(wk)-.25 G -.15(ey)-2.706 G
+5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .107
+(rror occurred, best ef)-2.606 F .107(fort is made)-.25 F .289(to clean\
  up the persistent object and properties, or to issue a note for manual\
- interv)108 487.2 R .29(ention into the stan-)-.15 F(dard error stream.)
-108 499.2 Q 2.625<418c>108 516 S .125(nal v)-2.625 F .125
-(eri\214cation should be made by running)-.15 F F2 1.79
-(zfs-tpm2-load-key \255n)2.624 F F3(dataset)6.124 E F0 5.124(.I)C 2.624
-(ft)-5.124 G .124(hat com-)-2.624 F .506(mand succeeds, all is well, b)
-108 528 R .506(ut otherwise the dataset can be manually rolled back to \
-a passphrase with)-.2 F F2(zfs-tpm2-clear-key)108 540 Q F3(dataset)
-11.539 E F0(\(or)8.039 E 8.039(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)
+ interv)108 499.2 R .289(ention into the stan-)-.15 F
+(dard error stream.)108 511.2 Q 2.624<418c>108 528 S .124(nal v)-2.624 F
+.124(eri\214cation should be made by running)-.15 F F2 1.791
+(zfs-tpm2-load-key \255n)2.625 F F3(dataset)6.125 E F0 5.125(.I)C 2.625
+(ft)-5.125 G .125(hat com-)-2.625 F .507(mand succeeds, all is well, b)
+108 540 R .506(ut otherwise the dataset can be manually rolled back to \
+a passphrase with)-.2 F F2(zfs-tpm2-clear-key)108 552 Q F3(dataset)
+11.538 E F0(\(or)8.039 E 8.039(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)
 -8.039 F 5.539(ails to w)-.1 F(ork,)-.1 E F2 5.539(zfs change-key)8.039
-F<ad6f>13.204 E F5(keyformat=passphrase)108 552 Q F3(dataset)6 E F0
+F<ad6f>13.205 E F5(keyformat=passphrase)108 564 Q F3(dataset)6 E F0
 (\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F2(zfs-tpm2-clear-key)108 568.8 Q F3(dataset)6.029 E F0 .029
+F2(zfs-tpm2-clear-key)108 580.8 Q F3(dataset)6.029 E F0 .029
 (can be used to free the TPM persistent object and go back to us-)2.529
-F(ing a passphrase.)108 580.8 Q F1(OPTIONS)72 597.6 Q F2<ad62>109.666
-609.6 Q F3(backup-file)6 E F0(Sa)203 609.6 Q .353 -.15(ve a b)-.2 H .052
+F(ing a passphrase.)108 592.8 Q F1(OPTIONS)72 609.6 Q F2<ad62>109.666
+621.6 Q F3(backup-file)6 E F0(Sa)203 621.6 Q .352 -.15(ve a b)-.2 H .052
 (ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
-E F0 2.552(,w)C .052(hich must not e)-2.552 F .052(xist beforehand.)-.15
-F .693(This back-up)203 621.6 R F4(must)3.193 E F0 .694
-(be stored securely)3.193 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
-(-site. In).25 F .694(case of a catastrophic e)3.194 F -.15(ve)-.25 G
-(nt,).15 E(the k)203 633.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)233 645.6 Q F3(dataset)6 E F5(<)6 E F3
-(backup-file)6 E F2<ad50>109.666 662.4 Q F3(algorithm)6 E F2(:)A F3(PCR)
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
+F .694(This back-up)203 633.6 R F4(must)3.194 E F0 .694
+(be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 645.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 657.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 674.4 Q F3(algorithm)6 E F2(:)A F3(PCR)
 A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)
 A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)
--1.666 G 1.425(Bind the k)203 674.4 R 1.725 -.15(ey t)-.1 H 3.925(os).15
-G 1.425(pace- or comma-separated)-3.925 F F3(PCR)3.924 E F0 3.924(sw)C
-1.424(ithin their corresponding)-3.924 F(hashing)203 686.4 Q F3
-(algorithm)2.523 E F0 2.523<8a69>2.523 G 2.523(ft)-2.523 G(he)-2.523 E
+-1.666 G 1.424(Bind the k)203 686.4 R 1.724 -.15(ey t)-.1 H 3.924(os).15
+G 1.424(pace- or comma-separated)-3.924 F F3(PCR)3.925 E F0 3.925(sw)C
+1.425(ithin their corresponding)-3.925 F(hashing)203 698.4 Q F3
+(algorithm)2.524 E F0 2.524<8a69>2.524 G 2.523(ft)-2.524 G(he)-2.523 E
 2.523(yc)-.15 G .023(hange, the wrapping k)-2.523 F .323 -.15(ey w)-.1 H
-.024(ill not be able to be).15 F 2.5(unsealed. There)203 698.4 R(are)2.5
+.023(ill not be able to be).15 F 2.5(unsealed. There)203 710.4 R(are)2.5
 E F1(24)2.5 E F0(PCRs, numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0(].)
-A F3(algorithm)203 715.2 Q F0 2.968(may be an)5.469 F 5.468(yo)-.15 G
+A F3(algorithm)203 727.2 Q F0 2.968(may be an)5.468 F 5.468(yo)-.15 G
 5.468(fc)-5.468 G(ase-insensiti)-5.468 E 3.268 -.15(ve ")-.25 H F1(sha1)
-.15 E F0 2.968(", ")B F1(sha256)A F0 2.968(", ")B F1(sha384)A F0(",)A(")
-203 727.2 Q F1(sha512)A F0 4.983(", ")B F1(sm3_256)A F0 4.983(", ")B F1
+.15 E F0 2.968(", ")B F1(sha256)A F0 2.969(", ")B F1(sha384)A F0(",)A(")
+203 739.2 Q F1(sha512)A F0 4.983(", ")B F1(sm3_256)A F0 4.983(", ")B F1
 (sm3-256)A F0 4.983(", ")B F1(sha3_256)A F0 4.983(", ")B F1(sha3-256)A
-F0 4.983(", ")B F1(sha3_384)A F0(",)A(")203 739.2 Q F1(sha3-384)A F0
+F0 4.983(", ")B F1(sha3_384)A F0(",)A(")203 751.2 Q F1(sha3-384)A F0
 (", ")A F1(sha3_512)A F0(", or ")A F1(sha3-512)A F0
 (", and must be supported by the TPM.)A(tzpfms 0.3.4-24-g52a4871)72
 817.889 Q(February 28, 2024)83.018 E(1)183.837 E 0 Cg EP
-%%Page: 2 8
+%%Page: 2 13
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF 44.133(ZFS-TPM2-CHANGE-KEY\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 41.632(anual ZFS-TPM2-CHANGE-KEY\(8\))-2.5
 F/F1 10/Courier-Bold@0 SF<ad41>109.666 84 Q F0 -.4(Wi)203 84 S(th).4 E
-F1<ad50>4.589 E F0 2.923(,a)C .422(lso prompt for a passphrase.)-2.923 F
-.422(This is skipped by def)5.422 F .422(ault because the)-.1 F .675
+F1<ad50>4.588 E F0 2.922(,a)C .422(lso prompt for a passphrase.)-2.922 F
+.422(This is skipped by def)5.422 F .423(ault because the)-.1 F .675
 (passphrase is)203 96 R/F2 10/Times-Italic@0 SF(OR)3.175 E F0 .675
 (ed with the PCR polic)B 3.175(y\212t)-.15 G .675(he wrapping k)-3.175 F
 .975 -.15(ey c)-.1 H .675(an be unsealed).15 F F2(either)203 108 Q F0
-1.39(passphraseless with the right PCRs)3.89 F F2(or)3.89 E F0 1.389
+1.389(passphraseless with the right PCRs)3.889 F F2(or)3.89 E F0 1.39
 (with the passphrase, and this is)3.89 F(usually not the intent.)203 120
 Q/F3 10/Times-Bold@0 SF(ENVIR)72 136.8 Q 1.666(ONMENT V)-.3 F(ARIABLES)
--1.35 E/F4 10/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)108 148.8 Q F0 .045
+-1.35 E/F4 10/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)108 148.8 Q F0 .046
 (By def)133 160.8 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.046 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 172.8 Q F0 1.596(is set and nonempty)4.096
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 172.8 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
-(/bin/)4.095 E F1 3.261(sh \255c)B F0(to)4.095 E(pro)133 184.8 Q
+(/bin/)4.096 E F1 3.262(sh \255c)B F0(to)4.096 E(pro)133 184.8 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 201.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -802,10 +1175,10 @@ F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
 249.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
 (assphrase, otherwise blank)-2.5 E F4($4)143 261.6 Q F0("ag)160 261.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 278.4 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F3(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 278.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F3(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 290.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F3 1.666
 (TPM2 back-end con\214guration)72 307.2 R(En)87 319.2 Q(vir)-.4 E .625
@@ -814,13 +1187,13 @@ Q 2.5(yo)-.15 G(f:)-2.5 E F3(NONE)2.5 E F0(,)A F3(ERR)2.5 E(OR)-.3 E F0
 (,)A F3 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F3(INFO)2.5 E F0(,)A F3(DEB)2.5
 E(UG)-.1 E F0(,)A F3(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E
 F3 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F3 .625(TPM selection)87 348 R F0
-.621(The library)108 360 R F1(libtss2-tcti-default.so)3.121 E F0 .621
-(can be link)3.121 F .621(ed to an)-.1 F 3.122(yo)-.15 G 3.122(ft)-3.122
-G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
-(li-)3.122 E .781(braries to select the def)108 372 R .781
-(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4
-(/dev/tpm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4(localhost:2321)3.28 E F0
-(will be tried, in order \(see)108 384 Q F4(ESYS_CONTEXT)2.5 E F0
+.622(The library)108 360 R F1(libtss2-tcti-default.so)3.122 E F0 .622
+(can be link)3.122 F .621(ed to an)-.1 F 3.121(yo)-.15 G 3.121(ft)-3.121
+G(he)-3.121 E F4(libtss2-tcti-)3.121 E/F5 10/Symbol SF(*)A F4(.so)A F0
+(li-)3.121 E .78(braries to select the def)108 372 R .78
+(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.281 E F0 3.281(,t)C(hen)-3.281 E
+F4(/dev/tpm0)3.281 E F0 3.281(,t)C(hen)-3.281 E F4(localhost:2321)3.281
+E F0(will be tried, in order \(see)108 384 Q F4(ESYS_CONTEXT)2.5 E F0
 (\(3\)\).)A F3 .625(See also)87 400.8 R F0 2.247
 (The tpm2-tss git repository at https://github)108 412.8 R
 (.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1 F
@@ -837,7 +1210,7 @@ G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
 F3<83>128 542.4 Q F0(EvModder)7.5 E F3(REPOR)72 559.2 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 571.2 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 588 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 600 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E F3 1.666(SEE ALSO)72 616.8 R F4(tpm2_unseal)108 628.8 Q F0(\(1\))A
 (PCR allocations: https://wiki.archlinux.or)108 645.6 Q(g/title/T)-.18 E
@@ -847,7 +1220,7 @@ E F3 1.666(SEE ALSO)72 616.8 R F4(tpm2_unseal)108 628.8 Q F0(\(1\))A
 r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 669.6 Q
 (able)-.8 E(1.)108 681.6 Q(tzpfms 0.3.4-24-g52a4871)72 817.889 Q
 (February 28, 2024)83.018 E(2)183.837 E 0 Cg EP
-%%Page: 1 9
+%%Page: 1 14
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -857,13 +1230,13 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm2-clear-key)108 96 Q F0 2.5<8a72>2.5 G -.25(ew)-2.5 G
 (rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G(asssw)-2.5 E
 (ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72 112.8 Q F2
-(zfs-tpm-list)108 124.8 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1
-(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q(erifying)-.15 E F3
+(zfs-fido2-add-backup)108 124.8 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5
+E F1(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q(erifying)-.15 E F3
 (dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2
 (tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 5
-(1. performs)118 165.6 R 5.641(the equi)8.141 F -.25(va)-.25 G 5.641
-(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.308 E/F4 10
-/Courier@0 SF(keylocation=prompt)11.642 E F2<ad6f>13.308 E F4
+(1. performs)118 165.6 R 5.642(the equi)8.142 F -.25(va)-.25 G 5.642
+(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.307 E/F4 10
+/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E F4
 (keyformat=passphrase)133 177.6 Q F3(dataset)6 E F0(,)A 5(2. frees)118
 189.6 R(the sealed k)2.5 E .3 -.15(ey p)-.1 H(re).15 E
 (viously used to encrypt)-.25 E F3(dataset)2.5 E F0(,)A 5(3. remo)118
@@ -872,12 +1245,12 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
 213.6 Q F0(.)A(See)108 230.4 Q F4(zfs-tpm2-change-key)2.5 E F0
 (\(8\) for a detailed description.)A F1(ENVIR)72 247.2 Q 1.666(ONMENT V)
--.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 259.2 Q F0 .045
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 259.2 Q F0 .046
 (By def)133 271.2 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.046 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F0 1.596(is set and nonempty)4.096
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
-(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 295.2 Q
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 295.2 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 312 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -889,10 +1262,10 @@ F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
 2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 360 Q F0("ne)160 360 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
 -2.5 E F4($4)143 372 Q F0("ag)160 372 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 388.8 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F1(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 388.8 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 400.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM2 back-end con\214guration)72 417.6 R(En)87 429.6 Q(vir)-.4 E .625
@@ -901,13 +1274,13 @@ Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0
 (,)A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5
 E(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E
 F1 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)87 458.4 R F0
-.621(The library)108 470.4 R F2(libtss2-tcti-default.so)3.121 E F0 .621
-(can be link)3.121 F .621(ed to an)-.1 F 3.122(yo)-.15 G 3.122(ft)-3.122
-G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
-(li-)3.122 E .781(braries to select the def)108 482.4 R .781
-(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4
-(/dev/tpm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4(localhost:2321)3.28 E F0
-(will be tried, in order \(see)108 494.4 Q F4(ESYS_CONTEXT)2.5 E F0
+.622(The library)108 470.4 R F2(libtss2-tcti-default.so)3.122 E F0 .622
+(can be link)3.122 F .621(ed to an)-.1 F 3.121(yo)-.15 G 3.121(ft)-3.121
+G(he)-3.121 E F4(libtss2-tcti-)3.121 E/F5 10/Symbol SF(*)A F4(.so)A F0
+(li-)3.121 E .78(braries to select the def)108 482.4 R .78
+(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.281 E F0 3.281(,t)C(hen)-3.281 E
+F4(/dev/tpm0)3.281 E F0 3.281(,t)C(hen)-3.281 E F4(localhost:2321)3.281
+E F0(will be tried, in order \(see)108 494.4 Q F4(ESYS_CONTEXT)2.5 E F0
 (\(3\)\).)A F1 .625(See also)87 511.2 R F0 2.247
 (The tpm2-tss git repository at https://github)108 523.2 R
 (.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1 F
@@ -924,11 +1297,11 @@ G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
 F1<83>128 652.8 Q F0(EvModder)7.5 E F1(REPOR)72 669.6 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 681.6 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 698.4 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 710.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
 -.25 E(tzpfms 0.3.4-24-g52a4871)72 817.889 Q(December 4, 2022)83.023 E
 (1)183.842 E 0 Cg EP
-%%Page: 1 10
+%%Page: 1 15
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -937,28 +1310,28 @@ BP
 (AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
 /Courier-Bold@0 SF(zfs-tpm2-load-key)108 96 Q F0 2.5<8a6c>2.5 G
 (oad TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E F0(])A/F3
-10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 .864
-(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.364 E F0 -.1(wa)3.364
-G 3.364(se).1 G .864(ncrypted with)-3.364 F F2(tzpfms)3.365 E F0(back)
-3.365 E(end)-.1 E F1(TPM2)3.365 E F0 3.365(,u)C .865(nseals the k)-3.365
-F 1.165 -.15(ey a)-.1 H .865(nd loads it).15 F(into)108 165.6 Q F3
-(dataset)2.5 E F0(.)A(The user is prompted for the additional passphras\
-e, set when creating the k)108 182.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5
-(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q/F4 10/Courier@0 SF
-(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
-(OPTIONS)72 216 Q F2<ad6e>109.666 228 Q F0 3.208
-(Do a no-op/dry run, can be used e)131 228 R -.15(ve)-.25 G 5.708(ni).15
-G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)-.1 H 5.708(sa)
-.15 G 3.208(lready loaded.)-5.708 F(Equi)8.207 E -.25(va)-.25 G 3.207
-(lent to).25 F F2(zfs)5.707 E(load-key)131 240 Q F0 -.55('s)C F2<ad6e>
-4.716 E F0(option.)2.5 E F1(ENVIR)72 256.8 Q 1.666(ONMENT V)-.3 F
-(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 268.8 Q F0 .045
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 .865(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.365 E F0 -.1
+(wa)3.365 G 3.365(se).1 G .865(ncrypted with)-3.365 F F2(tzpfms)3.365 E
+F0(back)3.365 E(end)-.1 E F1(TPM2)3.365 E F0 3.365(,u)C .864
+(nseals the k)-3.365 F 1.164 -.15(ey a)-.1 H .864(nd loads it).15 F
+(into)108 165.6 Q F3(dataset)2.5 E F0(.)A(The user is prompted for the \
+additional passphrase, set when creating the k)108 182.4 Q -.15(ey)-.1 G
+2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q/F4
+10/Courier@0 SF(zfs-tpm2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(OPTIONS)72 216 Q F2<ad6e>109.666
+228 Q F0 3.208(Do a no-op/dry run, can be used e)131 228 R -.15(ve)-.25
+G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)
+-.1 H 5.708(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.208 E -.25(va)
+-.25 G 3.208(lent to).25 F F2(zfs)5.708 E(load-key)131 240 Q F0 -.55('s)
+C F2<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 256.8 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 268.8 Q F0 .046
 (By def)133 280.8 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.046 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F0 1.596(is set and nonempty)4.096
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
-(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 304.8 Q
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 304.8 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 321.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -971,23 +1344,23 @@ F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
 369.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
 (assphrase, otherwise blank)-2.5 E F4($4)143 381.6 Q F0("ag)160 381.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 398.4 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F1(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 398.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 410.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM1.X back-end con\214guration)72 427.2 R .625(TPM selection)87 439.2
-R F0(The)108 451.2 Q F2(tzpfms)2.729 E F0 .229
-(suite connects to a local)2.729 F F4(tcsd)2.73 E F0 .23
-(\(8\) process \(at)B F4(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
--2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 463.2 Q
-(vironment v)-.4 E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .111(The T)108 480 R(rouSerS)
--.35 E F4(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F4(/dev/tpm0)2.61
-E F0 2.61(,t)C(hen)-2.61 E F4(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
-F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
-492 S(ing one of the earlier ones with, for e).1 E
+R F0(The)108 451.2 Q F2(tzpfms)2.73 E F0 .23(suite connects to a local)
+2.73 F F4(tcsd)2.73 E F0 .23(\(8\) process \(at)B F4(localhost:30003)
+2.729 E F0 2.729(\)b)C 2.729(yd)-2.729 G(ef)-2.729 E 2.729(ault. Use)-.1
+F(the)2.729 E(en)108 463.2 Q(vironment v)-.4 E(ariable)-.25 E F4
+(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .11
+(The T)108 480 R(rouSerS)-.35 E F4(tcsd)2.61 E F0 .11
+(\(8\) daemon will try)B F4(/dev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E F4
+(/udev/tpm0)2.611 E F0 2.611(,t)C(hen)-2.611 E F4(/dev/tpm)2.611 E F0
+2.611(;b)C 2.611(yo)-2.611 G(ccu-)-2.611 E -.1(py)108 492 S
+(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F1 .625
 (See also)87 508.8 R F0(The T)108 520.8 Q
 (rouSerS project page at https://sourcefor)-.35 E
@@ -1002,7 +1375,7 @@ F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
 F1<83>128 626.4 Q F0(EvModder)7.5 E F1(REPOR)72 643.2 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 655.2 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 672 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 684 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-24-g52a4871)72 817.889 Q(December 4, 2022)83.023 E(1)
 183.842 E 0 Cg EP
diff --git a/zfs-fido2-add-backup.8 b/zfs-fido2-add-backup.8
new file mode 100644
index 0000000..08a80cb
--- /dev/null
+++ b/zfs-fido2-add-backup.8
@@ -0,0 +1,125 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 29, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-ADD-BACKUP 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-add-backup
+.Nd allow another FIDO2 device to unlock ZFS dataset
+.Sh SYNOPSIS
+.Nm
+.Ar dataset
+.
+.Sh DESCRIPTION
+After
+.Xr zfs-fido2-change-key 8
+derives the key for a dataset from a FIDO2 device,
+.Nm
+may be executed to extend this to any number of additional devices.
+.Pp
+First, the wrapping key is extracted as normally during
+.Xr zfs-fido2-load-key 8 ,
+then a credential is made as-if during
+.Xr zfs-fido2-change-key 8
+(except the "primary" device and all the ones holding backups are excluded from the search);
+however, the
+.Ql hmac-secret
+is instead used as a symmetric AES-256-GCM
+.Pq Xr EVP_CIPHER-AES 7ssl
+key to encrypt the wrapping key directly with a random IV.
+.Pp
+This turns the
+.Li xyz.nabijaczleweli:tzpfms.key
+variable into
+.br
+.Ar salt Ns Cm :\:\& Ns Ar credential-ID Ns Cm :\:\& Ns Ar credential-public-key Ns Oo Cm \&. Ns Ar backup-salt Ns Cm :\:\& Ns Ar backup-credential-ID Ns Cm :\:\& Ns Ar backup-credential-public-key Ns Cm :\:\& Ns Ar IV Ns Cm :\:\& Ns Ar encrypted-key Oc Ns …
+.Pp
+.Li tzpfms.key
+is actually a dot-separated list of device bundles.
+The first one is as-described in
+.Xr zfs-fido2-change-key 8 .
+Subsequent ones also include (identically-encoded) IVs and encrypted blobs.
+.Pp
+.Xr zfs-fido2-load-key 8
+shops assertions around devices in a device-major order \(em
+depending on device numbering, a backup may be loaded even if the primary device is present.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-add-backup.8.html b/zfs-fido2-add-backup.8.html
new file mode 100644
index 0000000..e6d3444
--- /dev/null
+++ b/zfs-fido2-add-backup.8.html
@@ -0,0 +1,153 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-ADD-BACKUP(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-ADD-BACKUP(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-ADD-BACKUP(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-add-backup</code> &#x2014;
+    <span class="Nd">allow another FIDO2 device to unlock ZFS dataset</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-add-backup</code></td>
+    <td><var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    derives the key for a dataset from a FIDO2 device,
+    <code class="Nm">zfs-fido2-add-backup</code> may be executed to extend this
+    to any number of additional devices.</p>
+<p class="Pp">First, the wrapping key is extracted as normally during
+    <a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>,
+    then a credential is made as-if during
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    (except the &quot;primary&quot; device and all the ones holding backups are
+    excluded from the search); however, the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; is instead used as a
+    symmetric AES-256-GCM
+    (<a class="Xr" href="https://manpages.debian.org/bookworm/EVP_CIPHER-AES.7ssl">EVP_CIPHER-AES(7ssl)</a>)
+    key to encrypt the wrapping key directly with a random IV.</p>
+<p class="Pp">This turns the
+    <code class="Li">xyz.nabijaczleweli:tzpfms.key</code> variable into
+  <br/>
+  <var class="Ar">salt</var><code class="Cm">:</code><var class="Ar">credential-ID</var><code class="Cm">:</code><var class="Ar">credential-public-key</var>[<code class="Cm">.</code><var class="Ar">backup-salt</var><code class="Cm">:</code><var class="Ar">backup-credential-ID</var><code class="Cm">:</code><var class="Ar">backup-credential-public-key</var><code class="Cm">:</code><var class="Ar">IV</var><code class="Cm">:</code><var class="Ar">encrypted-key</var>]&#x2026;</p>
+<p class="Pp"><code class="Li">tzpfms.key</code> is actually a dot-separated
+    list of device bundles. The first one is as-described in
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>.
+    Subsequent ones also include (identically-encoded) IVs and encrypted
+  blobs.</p>
+<p class="Pp"><a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>
+    shops assertions around devices in a device-major order &#x2014; depending
+    on device numbering, a backup may be loaded even if the primary device is
+    present.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 29, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-change-key.8 b/zfs-fido2-change-key.8
new file mode 100644
index 0000000..8238eba
--- /dev/null
+++ b/zfs-fido2-change-key.8
@@ -0,0 +1,188 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd March  4, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-CHANGE-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-change-key
+.Nd change ZFS dataset key to one authenticated by a FIDO2 device
+.Sh SYNOPSIS
+.Nm
+.Op Fl b Ar backup-file
+.Ar dataset
+.
+.Sh DESCRIPTION
+To normalise the
+.Ar dataset ,
+.Nm
+will open its encryption root in its stead.
+.Nm
+will
+.Em never
+create or destroy encryption roots; use
+.Xr zfs-change-key 8
+for that.
+.Pp
+First, a connection is made to the FIDO2 device, which
+.Em must
+support the
+.Ql hmac-secret
+extension.
+.Pp
+If
+.Ar dataset
+was previously encrypted with
+.Nm fzifdso
+and the
+.Sy FIDO2
+back-end was used, previous credentials will be deleted from their devices (as-if via
+.Xr zfs-fido2-clear-key 8 ) ,
+if available.
+Otherwise, or in case of an error, data required for manual intervention will be written to the standard error stream.
+.Pp
+Next, a new credential of type ES256 is generated on the device (with relying party ID
+.Li fzifdso
+and name equal to the dataset name)
+with the
+.Ql hmac-secret
+extension requested; the device PIN, if any, is prompted for here.
+This mimicks a WebAuthn registration step.
+.Pp
+Then, the credential is asserted with a 32-byte random salt,
+which hashes it with device-private data, and thus generates the wrapping key
+.Pq which is optionally backed up Pq see Sx OPTIONS .
+This mimicks a WebAuthn login step.
+.Pp
+The following properties are set on
+.Ar dataset :
+.Bl -bullet -compact -offset 4n -width "@"
+.It
+.Li xyz.nabijaczleweli:tzpfms.backend Ns = Ns Sy FIDO2
+.It
+.Li xyz.nabijaczleweli:tzpfms.key Ns = Ns Ar salt Ns Cm :\:\& Ns Ar credential-ID Ns Cm :\:\& Ns Ar credential-public-key Ns Oo Cm \&. Ns … Oc Ns …
+.El
+.Pp
+.Li tzpfms.backend
+identifies this dataset for work with
+.Sy FIDO2 Ns -back-ended
+.Nm tzpfms
+tools
+.Pq i.e. Nm fzifdso Xr zfs-fido2-change-key 8 , Xr zfs-fido2-load-key 8 , Xr zfs-fido2-add-backup 8 , and Xr zfs-fido2-clear-key 8 .
+.Pp
+.Li tzpfms.key
+is a colon-separated tuple of unpadded URL-safe base64 blobs;
+the first one is the random salt;
+the second represents the ID of created credential,
+and the third \(en its public key.
+There exists no other user-land tool for deciphering this; perhaps there should be.
+.\"" TODO: make an LD_PRELOADable for extracting the key maybe?
+.Pp
+Finally, the equivalent of
+.Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=raw Ar dataset
+is performed with the new key.
+If an error occurred, best effort is made to clean up the properties,
+or to issue a note for manual intervention into the standard error stream.
+.Pp
+A final verification should be made by running
+.Nm zfs-fido2-load-key Fl n Ar dataset .
+If that command succeeds, all is well,
+but otherwise the dataset can be manually rolled back to a passphrase with
+.Nm zfs-fido2-clear-key Ar dataset
+.Pq or, if that fails to work, Nm zfs Cm change-key Fl o Li keyformat=passphrase Ar dataset ,
+and you are hereby asked to report a bug, please.
+.Pp
+.Nm zfs-fido2-clear-key Ar dataset
+can be used to clear the properties and go back to using a passphrase.
+.
+.Sh OPTIONS
+.Bl -tag -compact -width ".Fl b Ar backup-file"
+.It Fl b Ar backup-file
+Save a back-up of the key to
+.Ar backup-file ,
+which must not exist beforehand.
+This back-up
+.Em must
+be stored securely, off-site.
+In case of a catastrophic event, the key can be loaded by running
+.Dl Nm zfs Cm load-key Ar dataset Li < Ar backup-file
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-change-key.8.html b/zfs-fido2-change-key.8.html
new file mode 100644
index 0000000..8cd7f1a
--- /dev/null
+++ b/zfs-fido2-change-key.8.html
@@ -0,0 +1,207 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-CHANGE-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-CHANGE-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-CHANGE-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-change-key</code> &#x2014;
+    <span class="Nd">change ZFS dataset key to one authenticated by a FIDO2
+    device</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-change-key</code></td>
+    <td>[<code class="Fl">-b</code> <var class="Ar">backup-file</var>]
+      <var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">To normalise the <var class="Ar">dataset</var>,
+    <code class="Nm">zfs-fido2-change-key</code> will open its encryption root
+    in its stead. <code class="Nm">zfs-fido2-change-key</code> will
+    <a class="permalink" href="#never"><i class="Em" id="never">never</i></a>
+    create or destroy encryption roots; use
+    <a class="Xr" href="https://manpages.debian.org/bookworm/zfs-change-key.8">zfs-change-key(8)</a>
+    for that.</p>
+<p class="Pp">First, a connection is made to the FIDO2 device, which
+    <i class="Em">must</i> support the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension.</p>
+<p class="Pp">If <var class="Ar">dataset</var> was previously encrypted with
+    <code class="Nm">fzifdso</code> and the <b class="Sy">FIDO2</b> back-end was
+    used, previous credentials will be deleted from their devices (as-if via
+    <a class="Xr" href="zfs-fido2-clear-key.8.html">zfs-fido2-clear-key(8)</a>),
+    if available. Otherwise, or in case of an error, data required for manual
+    intervention will be written to the standard error stream.</p>
+<p class="Pp">Next, a new credential of type ES256 is generated on the device
+    (with relying party ID <code class="Li">fzifdso</code> and name equal to the
+    dataset name) with the &#x2018;<code class="Li">hmac-secret</code>&#x2019;
+    extension requested; the device PIN, if any, is prompted for here. This
+    mimicks a WebAuthn registration step.</p>
+<p class="Pp">Then, the credential is asserted with a 32-byte random salt, which
+    hashes it with device-private data, and thus generates the wrapping key
+    (which is optionally backed up (see
+    <a class="Sx" href="#OPTIONS">OPTIONS</a>)). This mimicks a WebAuthn login
+    step.</p>
+<p class="Pp">The following properties are set on
+  <var class="Ar">dataset</var>:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li id="xyz.nabijaczleweli:tzpfms.backend"><a class="permalink" href="#xyz.nabijaczleweli:tzpfms.backend"><code class="Li">xyz.nabijaczleweli:tzpfms.backend</code></a>=<b class="Sy">FIDO2</b></li>
+  <li id="xyz.nabijaczleweli:tzpfms.key"><a class="permalink" href="#xyz.nabijaczleweli:tzpfms.key"><code class="Li">xyz.nabijaczleweli:tzpfms.key</code></a>=<var class="Ar">salt</var><code class="Cm">:</code><var class="Ar">credential-ID</var><code class="Cm">:</code><var class="Ar">credential-public-key</var>[<code class="Cm">.</code>&#x2026;]&#x2026;</li>
+</ul>
+<p class="Pp"><code class="Li">tzpfms.backend</code> identifies this dataset for
+    work with <b class="Sy">FIDO2</b>-back-ended <code class="Nm">tzpfms</code>
+    tools (i.e. <code class="Nm">fzifdso</code>
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>,
+    <a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>,
+    <a class="Xr" href="zfs-fido2-add-backup.8.html">zfs-fido2-add-backup(8)</a>,
+    and
+    <a class="Xr" href="zfs-fido2-clear-key.8.html">zfs-fido2-clear-key(8)</a>).</p>
+<p class="Pp"><code class="Li">tzpfms.key</code> is a colon-separated tuple of
+    unpadded URL-safe base64 blobs; the first one is the random salt; the second
+    represents the ID of created credential, and the third &#x2013; its public
+    key. There exists no other user-land tool for deciphering this; perhaps
+    there should be.</p>
+<p class="Pp">Finally, the equivalent of <code class="Nm">zfs</code>
+    <code class="Cm">change-key</code> <code class="Fl">-o</code>
+    <code class="Li">keylocation=prompt</code> <code class="Fl">-o</code>
+    <code class="Li">keyformat=raw</code> <var class="Ar">dataset</var> is
+    performed with the new key. If an error occurred, best effort is made to
+    clean up the properties, or to issue a note for manual intervention into the
+    standard error stream.</p>
+<p class="Pp">A final verification should be made by running
+    <code class="Nm">zfs-fido2-load-key</code> <code class="Fl">-n</code>
+    <var class="Ar">dataset</var>. If that command succeeds, all is well, but
+    otherwise the dataset can be manually rolled back to a passphrase with
+    <code class="Nm">zfs-fido2-clear-key</code> <var class="Ar">dataset</var>
+    (or, if that fails to work, <code class="Nm">zfs</code>
+    <code class="Cm">change-key</code> <code class="Fl">-o</code>
+    <code class="Li">keyformat=passphrase</code> <var class="Ar">dataset</var>),
+    and you are hereby asked to report a bug, please.</p>
+<p class="Pp"><code class="Nm">zfs-fido2-clear-key</code>
+    <var class="Ar">dataset</var> can be used to clear the properties and go
+    back to using a passphrase.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="b"><a class="permalink" href="#b"><code class="Fl">-b</code></a>
+    <var class="Ar">backup-file</var></dt>
+  <dd>Save a back-up of the key to <var class="Ar">backup-file</var>, which must
+      not exist beforehand. This back-up <i class="Em">must</i> be stored
+      securely, off-site. In case of a catastrophic event, the key can be loaded
+      by running
+    <div class="Bd Bd-indent"><code class="Li"><code class="Nm">zfs</code>
+      <code class="Cm">load-key</code> <var class="Ar">dataset</var>
+      <code class="Li">&lt;</code>
+      <var class="Ar">backup-file</var></code></div>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">March 4, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-clear-key.8 b/zfs-fido2-clear-key.8
new file mode 100644
index 0000000..f7ab9d5
--- /dev/null
+++ b/zfs-fido2-clear-key.8
@@ -0,0 +1,121 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd March  4, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-CLEAR-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-clear-key
+.Nd rewrap ZFS dataset key in passsword and clear tzpfms FIDO2 metadata
+.Sh SYNOPSIS
+.Nm
+.Ar dataset
+.
+.Sh DESCRIPTION
+After verifying
+.Ar dataset
+was encrypted with
+.Nm tzpfms
+backend
+.Sy FIDO2 :
+.Bl -enum -compact -offset 2n -width 2n
+.It
+performs the equivalent of
+.Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=passphrase Ar dataset ,
+.It
+loads the primary and every backup credential, and for each success, if the device containing it supports the
+.Ql credMgmt  \" or credentialMgmtPreview
+feature and has a PIN set, tries to delete the credential from the device,
+.It
+removes the
+.Li xyz.nabijaczleweli:tzpfms.\& Ns Brq Li backend , key
+properties from
+.Ar dataset .
+.El
+.Pp
+For every removal failure and missing device or PIN an instruction for manual removal with
+.Xr fido2-token 1
+is issued.
+.Pp
+See
+.Xr zfs-fido2-change-key 8
+for a detailed description.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-clear-key.8.html b/zfs-fido2-clear-key.8.html
new file mode 100644
index 0000000..97e05e7
--- /dev/null
+++ b/zfs-fido2-clear-key.8.html
@@ -0,0 +1,151 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-CLEAR-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-CLEAR-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-CLEAR-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-clear-key</code> &#x2014;
+    <span class="Nd">rewrap ZFS dataset key in passsword and clear tzpfms FIDO2
+    metadata</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-clear-key</code></td>
+    <td><var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
+    <code class="Nm">tzpfms</code> backend
+    <a class="permalink" href="#FIDO2"><b class="Sy" id="FIDO2">FIDO2</b></a>:</p>
+<ol class="Bl-enum Bd-indent Bl-compact">
+  <li>performs the equivalent of <code class="Nm">zfs</code>
+      <code class="Cm">change-key</code> <code class="Fl">-o</code>
+      <code class="Li">keylocation=prompt</code> <code class="Fl">-o</code>
+      <code class="Li">keyformat=passphrase</code>
+      <var class="Ar">dataset</var>,</li>
+  <li>loads the primary and every backup credential, and for each success, if
+      the device containing it supports the
+      &#x2018;<code class="Li">credMgmt</code>&#x2019; feature and has a PIN
+      set, tries to delete the credential from the device,</li>
+  <li>removes the
+      <code class="Li">xyz.nabijaczleweli:tzpfms.</code>{<code class="Li">backend</code>,
+      <code class="Li">key</code>} properties from
+      <var class="Ar">dataset</var>.</li>
+</ol>
+<p class="Pp">For every removal failure and missing device or PIN an instruction
+    for manual removal with
+    <a class="Xr" href="https://manpages.debian.org/bookworm/fido2-token.1">fido2-token(1)</a>
+    is issued.</p>
+<p class="Pp">See
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    for a detailed description.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">March 4, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-load-key.8 b/zfs-fido2-load-key.8
new file mode 100644
index 0000000..247ca04
--- /dev/null
+++ b/zfs-fido2-load-key.8
@@ -0,0 +1,98 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 28, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-LOAD-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-load-key
+.Nd load FIDO2-encrypted ZFS dataset key
+.Sh SYNOPSIS
+.Nm
+.Op Fl n
+.Ar dataset
+.
+.Sh DESCRIPTION
+After verifying
+.Ar dataset
+was encrypted with
+.Nm tzpfms
+backend
+.Sy FIDO2 ,
+asserts the preserved challenge, HMACking the salt with the on-device secret, and loads the resulting key into
+.Ar dataset .
+.Pp
+See
+.Xr zfs-fido2-change-key 8
+for a detailed description.
+.
+.Sh OPTIONS
+.Bl -tag -compact -width ".Fl n"
+.It Fl n
+Do a no-op/dry run, can be used even if the key is already loaded.
+Equivalent to
+.Nm zfs Cm load-key Ns 's
+.Fl n
+option.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-load-key.8.html b/zfs-fido2-load-key.8.html
new file mode 100644
index 0000000..ffc6446
--- /dev/null
+++ b/zfs-fido2-load-key.8.html
@@ -0,0 +1,117 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-LOAD-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-LOAD-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-LOAD-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-load-key</code> &#x2014;
+    <span class="Nd">load FIDO2-encrypted ZFS dataset key</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-load-key</code></td>
+    <td>[<code class="Fl">-n</code>] <var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
+    <code class="Nm">tzpfms</code> backend
+    <a class="permalink" href="#FIDO2"><b class="Sy" id="FIDO2">FIDO2</b></a>,
+    asserts the preserved challenge, HMACking the salt with the on-device
+    secret, and loads the resulting key into <var class="Ar">dataset</var>.</p>
+<p class="Pp">See
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    for a detailed description.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="n"><a class="permalink" href="#n"><code class="Fl">-n</code></a></dt>
+  <dd>Do a no-op/dry run, can be used even if the key is already loaded.
+      Equivalent to <code class="Nm">zfs</code>
+      <code class="Cm">load-key</code>'s <code class="Fl">-n</code> option.</dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 28, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>