From 4d66925b76cbb8454851b44baab9098537ae4a12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1=20autouploader?=
 <nabijaczleweli/autouploader@nabijaczleweli.xyz>
Date: Sun, 3 Mar 2024 18:02:04 +0000
Subject: [PATCH] Manpage update by job 1161143

---
 tzpfms.pdf                  | Bin 65719 -> 81306 bytes
 tzpfms.ps                   | 890 +++++++++++++++++++++++++-----------
 zfs-fido2-add-backup.8      | 125 +++++
 zfs-fido2-add-backup.8.html | 153 +++++++
 zfs-fido2-change-key.8      | 186 ++++++++
 zfs-fido2-change-key.8.html | 206 +++++++++
 zfs-fido2-clear-key.8       | 113 +++++
 zfs-fido2-clear-key.8.html  | 143 ++++++
 zfs-fido2-load-key.8        |  98 ++++
 zfs-fido2-load-key.8.html   | 117 +++++
 10 files changed, 1766 insertions(+), 265 deletions(-)
 create mode 100644 zfs-fido2-add-backup.8
 create mode 100644 zfs-fido2-add-backup.8.html
 create mode 100644 zfs-fido2-change-key.8
 create mode 100644 zfs-fido2-change-key.8.html
 create mode 100644 zfs-fido2-clear-key.8
 create mode 100644 zfs-fido2-clear-key.8.html
 create mode 100644 zfs-fido2-load-key.8
 create mode 100644 zfs-fido2-load-key.8.html

diff --git a/tzpfms.pdf b/tzpfms.pdf
index ba9316d848b218e797f4ade94a999764016f49b2..dce507001c6d67422ddd8ef5f52106ea0cd48b7e 100644
GIT binary patch
delta 58832
zcmZUaQ+S}uwszx=(Xs80ZQHhOyOS@r(NV`q$F^;EY}<D7uYJzH&&|53dg`jKW{r2$
zoXr6c8E+6ZaG*en)|&I0`1i_=Q`$eerOYkl(TqXuPiAIOO(~jn>ZToy2~E00oM<Qk
zAVE=NuWnn)pD7>17umhr;xz7KrOvX3=H6`zIs6;XS(?cxa9^yza3*QgI{t^>z<zb%
z3+-n7(p^E44Iz+L9XmfB{rvkmPcA5af<t1c+QH&*?GC7qTj%BDVKGoR?8Z;Wa2w&}
zhqXOj#h}k*h>M=%c%JC{Ht|Ou8R|5kpSs?b8Q^91`#d;Zgtn(NZK9>E?R`o|SDZRG
zkBg#;x)i<np5u7BtM4vohY>mncOd2wF5{J}&@6JQrAzSL%q=-lfGLxU|A6=_bfvO(
zQaRS)w=NJCQ!g9Vn=nEC=VEk;L809jZ|uT7CyJV%v(>ypYYh8gRx`=zr7u;@sw&ZJ
zYSOZm6;tV_frAg?F=Y6jg7uO>{v~Hz=!TP3#uEk$T!+O;JHNOuZhA4H=5Y%y>3De~
zRk$mzRwRr^so6`@P5eNhDpzSeYuwdrqbatU5;agZ3LFYNWPt_b69;8_vBpzQefqxK
zSiAG%wu1b8tX%6~dkpY73p&8vXtf7%a2?K;vv8=Iu0A{>WLU`j{Om0*mqweEszQ_#
z<eQ!izm$zyQgWx9@TtYMA8skygjDc~4bB03Rz{No$NOV=u9&*UEr|q1_&Wb!`x6T+
zu^;G}#i|aK+!gW&9V=)gdJ5VARn9YG`N-brpmaA~xE$O$Fa)YQh!PMfwa{OnK37OU
zP|@lJ%`106LiUsx<#_I?Or|`7??DpDAEV_ONa2JAW-RCt+}3kMeG&qi?W0?&2EOl5
zQ*2i;?swg&M!@@NQ<8rYn0@~vCr%{X`3q2R*E%{|EW|C?{6U0riyi<+rj}^YL&Z(p
zC+MA5=&XUt2@PG*Pw+mjk?os_X66QO4t=XBx@MQS5z~jkIqw`e)QsWgD-lMg#C86L
zU^3fdWu)a^<$sT;$1{(6Z5~uy7H)hmt(y3Qfn6!%a-@#FClF;D+fjep+s9ww&Jyqf
zx%@R0AlllY1LYY3SBs{VB3jy!Z3o^DdcfgnC^$JrA3jW>4a+z#s~&~`O9b9J{N)X`
z$(rtA1A@pXzs{6xTw7@hqHh~zii+Nji6tJ5Ytn-y<l@wzI4G;E2eA#BIvV0dA?-$u
zs20>%5i`0^v#NV^^4+A|Uq7(~83Dim4+}uB>I_yKneW4wK|#NHb-(qfn?h%#%Uq3x
zdfj9EhE*Uhv5oYaSDy;)4`CLsB&hoe4I?bk?@Kpy6Sh0?FncD4mRaO)sV+k4gPh#6
zFeto**Pm{xI8s1fDihKap4=W&iU*~1y@3c(RjzI)sz%1dl{F=M>3!JFfe9ej*J@$R
z)A^p96qipsOjU0xRLg0yHdK&L>hv>=-@AiBw``H>kDGDN2$?|cr*)8-=AN;uHQb4A
z$}k~AR)V+dm^#(k)I7*Khv6x@U2mH;bA{tt0C$DRPLR}ZX{t8gsU6yg8~Yct<Ob<M
z%0SBR6i}gx;A#x1)Rj%|cYu*J8N`aH3Q-kGhBtZlkESyIi>{d;+GO2gH>s+;k*r>7
zzAIJi<aXZ?A!jsWp7q;5iBD@;&KBxOA}~rp(o|ncN;21Lso~c0mBg*sFr>XxH3}Lt
zs<}6rrl-ZDKDOU59nQou2Es<fx_`1@FwQqs{z5omk)RT1MADtS%LZ!Y|HN!K7jN!P
z+pj8b*K2HSnf~0fXSvex1Fwmh{u+YKOB8EBhkVAsV-!@ut@=`w)?s{@iKHngz7D-U
zS4t7_U2|ZLR7uulRv|*jC0nff9=JJ5OVnnkDym67S6ETAd<Kh@BC;3|GFIfT6vgJz
zyKxXJo<*mE3~E}%xd1@E`r}<pAspx!z^!u!!Bf?q(urYXj)G0e)}b7v&qx_fH!|dR
ziTn(V$$Bm{RcDaC@j<Bl#f*9@n?&uXd`E-9UgB(q_-Euh<d5Hyo&(2ZsDZykHo*A#
zzEsB&shGvif2iU<mX27G$YNM^QJoyyhXoIgi?sFS|6*3qxN`=wOvLD9lyc$wcQb;H
z%t~--DF?B1!TML{-3cSJk34j4o0>8+k2w@Oyg<RS-a+A-a?ujnU9gdo-U4*F3s<19
zCJ@jWnM;w3R+#Y05~EmQF|NMZD~7tN;fWfrQI(Ta9ULo8n8U2Yp;=qv(k|$oaH9lk
zL$2q3I^0JO{cr(z&2YADb;7^zN)AtAd*F$+aEJX#&6%p6#h9@%S~KAog+YAt^kVA#
zjhcQ%kN0<XjkA+q!1qH4a}Tkf{#2<M{N{bBycx58TBEprW#R2?Zsq>&?If)H<N<l4
zgVrWDY+<GP#=6dH$IyPe31`V!H75ELZQubTw^k2xrh^LDXoO55cWUYDg7R0+<py=!
zPycR!{*Hw%leo0dRJBhl75b&2etjw~v=nOlsKeygwJNjF6S|r6F=)d~nfuG$GIu$w
zGO}+Gj&78Qy7yg=R93h;z0Tj=ko$3Xbf8vvrm9Ja&mDS)Nad%!M<y)?1(6A8ida@c
z7#Yq6I9UiVz1p;EnqW$~$GpTCEvJ;U7kZHK&Oq=mKSR_;2b2pV(eIXIibp`~SY<YR
zGsGpy_uPQnt;I-&?Z9}zD;+-q+Ci!73Hi}k_wC^?wF`A5ZB%(9tYJtEAswyPkk8q@
z^b)H}|2``>fUzf*kxBl{^~vK*juhcMrIaCzU3&s1&mS`ChT|PcXWYrD>!cRV4hmqp
zw+GeRP$1Q>RhJN>t99@*%j)WaBL9wx5PC1n#zVnJM8fdH*x9cy;MV9Gf2k#1;mfuT
zNJaf6T!D^55W&$1VboZrP*3B+M*gAnWD8+A2TPvr4daQ$STrQNp~oprf*`OU%SZ4u
zgmes4`wb%@f`64~3z=PTj&nL9UM0`Oy<^`MN8st?MR><1h~Zjp%sY^vACn>^zAQj$
zQReqhR1EjyDXzn&Z|wG{_8?=e@b{i$pL=0VFB-np^l}VERp3_fbqQLIXhFUgJ0?f;
z4g`w8*c|!9t#!$K*t4#R6#w4iquAaQ!!ZM%On9&dXpWc9B#yLr3fd!>lW>(1rDT#$
z&9*qH)H^t`FK`r&!8>ZQ>c+Y_rif3H!4JgB-Bc0kPW?B`L7cH1ws310w^EV02@5}%
zG0hfbWBGoPLMg%6(AnuO5E8${Vm3Ve6bALAP3j2VQ2rZ@OvI}oiI@geV2uMcfAtDj
z4}BycJ-EU}t3|}@eOIKCa!oxT5C1^|uD`g<F>aJ%DbChu%a}miNB`}I9;0hJ-5lIl
z+d^G1JlwBg)|4a;Y1J2J#iigKf9dbg{lQw1#r~~0&j>?i^g#{KZe<s@A`!%MNZ~CL
zENqv`96hc=EA1n2l33h0E6$;N)ASWU*16)G1ncGi6G86bnVz2HX2PUMIfi|-6??4`
zofFhSp`!cRN0cysTg-Y2*)@?b=%nqM8*aj>(zw$vLmyc3b~#kmv%8i12Zk$g{4gFz
z8vpND&@`eH9wCRuH|W6(CFz5~I<Tq__{Rh7Jg&%Sr2+IPVxUZlZgvX2kROP^v22V*
z-eU7z-esFI+%G}jT6Y}_N2+dT*COn~*lOD^%-FkJnP{3)yIIDSo@m^HVK*?d_KId5
z=*o;A(bh=KjvbE^hNUTke3W1@t|kIEuAa+Lf4s-$rA^5(@+q*72V8vxO|eR3a^Z)0
zj<M<D+Xq9ff}3q{;nu(T#LyiADb`H;qF#)VF5CWj;aeOxLm*1}i`xVztS8l-oXm`F
zJ(k?IEX1Y??0<(z$CY3jYsO5dK~=S&`1Ldvntr-D*WqDb?WE>9U^x_WF<MD^Jdi}V
z;2dQp9sW-0yl>R?X7sVpnBzDqCLDSHI60WE9||?Zy11l;uTaq#le$_1k`-RI&p;S&
z_qdn*Nz2>flUdq~!wV?Sd@jQgMM_}?zvUAyS*dp507`*xFM4!eSK*rv)X0(L4=bK@
zZ-;Fs<|yb-rs@mhWDH-ouef`~B?I|S+Ur~3A-KqmeDS_v=t!6^&ZXUfjkIQ8<yME@
z-VaJ_5r`K<2XZw>N2ymp_<M`BPjXoH=5wk?0aqnVIrz^_<>n!)6b2V<4Af?;nv*u}
zm%L1|F?In*eDJVD%5sKLYpp|*Cad8r0r;>qN^9wRB)scnN9c1tuLy*cs~cjH)}kG!
zbzC#Bt%d@R_^5scZ_Z*|L%B<zZJ*7$W>Qw=3lDCQguMP573U{_ub?u!MXvm&xXKF3
zIP#jYmlw*{WyHIv^oF38g2JVC7$LgZSZSV9Vta>aNAUWZs^@W$BW>N9Ti})Q{Y9Yt
z)!4_(-qgj_+04ie_Me@Du{A6^5hKxmRu*Pf*8iR{asB^8US0-SGkXhHOCn}QBF3a3
z2{J$~X>ACl^Qt;cqzwKKG<1-|@{N&Q^{!muf_ZA~xPI$D0Z6xx1QZ7(HNT3Byr?_>
zD{YA-t#`OeRb81|lEgp#<Z`Ln;OTuzH;g6q(-k;sXGz`2`S2S$sIGXU-KurKu$Z<t
zel@D)S7C6$@cAL{ODVNt?1AAp9QU({GaJwn5a@2qG4OjDtMC5!d_S$meB5I2^R^?e
zwm5&BZ!qT2d3Qf-&D(q7U(~9Ysz}vJ--vpJdl`UPArZJk9X_&J?VRZ-l%VI^er9xP
z_4aR097$?7KOkPKi@TKDTC3Wd{XT8~cM5F{t`=;{=q+LW__Sk-st0CHl<+2yfEQ@r
z>3EyplgDc%sBfh-@NBj}cdISq<=HYl=&acapX<pEc;kJQs(j7q*rIn<uFs;COFWC0
zvQ25!BGrEU!xA*khRW|4az=F(g=+KdtuK<1*{`C^PrwDXbtOv;_80zY4AmORw05oW
zIO=$sD}_!(Iwp5jCdHyiLevUFR5uXQk@hVAyAM4fX~fqaX!CaS_3`4l!T$ZethZuq
z#!&x0X;i)GH>Ti`6aq#mN2;OoV6?*b_)yGkZLMe9fW9|aP~x+fI$BJ;z1{ZuHg$EH
z1#0<o_$fc2b4zdC&&S29v*oATf*2L{x6bBuaAOnfQnA4?e!SAXq1sgpqYFU4^i;2j
z4yPA6^+X6ftQZtH&Gnw^Im@1+yo{;=HCp=U&lCLFIDYJ!z`IeqY_HXbNlv>O8o^wx
z@YYl!t*)Uq4*S5u%&)_h1iq|~%-wYcAmY9EMD*qIu-H{*`#|ZA*jM2TJ7x#a=n{x7
z29@v(JnlFeU)p&1j1&uMCj(1hGZtzH0~~gA^&xXzG+Q9Cf+BllvgaK=PIE-~6&Pa+
zLx@&g#$n<TO!KkVTpq#<cwEM^L?5L|h9iiP%1fL!?W5W!Mz{`Gikn)~QEgU7lDi!=
zG6~~JXb5X&v>;_9vIu{1sZ)XjWUsh*>?429y-aW}gTs;_v~1+1=K=`9$CRNAnf-nS
z3l|_QtNTRazu`&k+_mgEz+xRF*4ZT&24?&{ZGL74zA9fJm!q43pCzNdFN>{zTk&em
z-j_cutjgg};A!~q^w^$<lg+?q@g6VEG5t&8?n}V-M%)Tky>ZoeFL)kYvpQ#r|1GkL
zF!FT9R)O0`uzfgxLl*c;9y8MTihSlV=)Ittq+9HA>Yb5NzIl_;^m9vy`B=<!dsyb#
zuX`Y?P+rF{Z!fw%^0ht`xg$en|6DY4<vU4JDimjql=+fWr{n^fGhGsEEm{RATq>RI
zWHU)Qq+~Cm3Q|05rG{oLf8g<9vX5ab9*WUIh8a1kn_lVrLl)qVA>J3Vk1V%yr*`Gh
z+KdQorysS21j(KhQKv$ZN2Q}AFtRQlBSnf&MdPbh%9tD|*E76Yn0;k9QcJH*B!8qh
z*SDqBsZ2Qt2$Ar>h=ufE#-kfQhKRy>Ab<r*)(+^T=NBo8@x+k5ccQtCkj*&}q4tRD
zTgEr$v-Fd-lmUDfknJrY4pgI8V${}JLkah;V=3$Yl(k7@A1Hx{!L5eXbixF9O?>DF
zd}|hNKE|nAa&@WTt57!zq)bGqw*--Y^8(Hi#rVX*6#dCYZ7Hz=AxOCa>sk?o9>-hN
zIICclU&EV6Gm;tBa{^;z9vRYPj*8#|r?eOR3aO~Ki@?Ld!f$j4#T4+W0<d9Hym6va
zR*tnEaF}b{SRywIV%4{{)zJyca1ta4^3XHwD1-#JTH0F<1mxSjAM)rDQ3qVXIQULO
zJgZ#{Anmfuyi*+>`+4#3S)BTUi=_>dJ`;uy6;`5^Qr~=@vpae7Ko+5O8cpPy?Ancc
z*tP0W5CG{mZx6BX$I?jLoJ50jUp>pxN>|>#s-4$(gx^yV_jE!08l_>(xSmpRXf*TE
zJE-OO-nJZn^G&iYo`RQaIS)&2tdMa^-XeYtS63>rpbSwEws@aRDO2<drBrOKU{r_&
zbBaI+GDbkA;y-GZqNp&z!|alY`*$T~TtA{{v;(2gg8mz``qTQ;c;ZT_Vif+O5fqg5
z@OYujsOU(qKNxMzK9+4zFL~^@NJrSX?`_N9gbPA2<{S_qAPm73?VD5j{L%tR!f~v_
zyV~fGL9RIqbSuZE5IUidyk9=8++Ghv_3xnhqG}He;-E|3&M!`~RLsYBn|}b!=n}Pb
zU4ZS@#ZvoFo+Qj55BP`W^8MM3A2HaB$n3n>8fh8AXO0W+cSl~tAq%Vq{C*L|O}Vv6
z!*ja3qN+e&<F(L+hhdzZIDYXX45S#mA9Vshn#DdfgPj$wIPJz}&=9mK)j+bSB8PbK
z<`i(=J$~(RvJi;LrwuJK+!IRao+jy&-vLyAVjXf%_|Z=xk}s_@`6%7hF46urJSDQn
zueMDfpAj4waV4AQ{HiVYso?;Z`=f*!Z~K%)Z4G5Tc9FfJEfujaU_`udtLc)<YMDs#
z8-A8Sb)gCL04>&YUjBvYmWBB@7ySgEsowO>L?|JyCcH?cU3}-z&pJF<$Hak?f&-vQ
zt;yS%DJYr}Q^ac@@o2{a0eW5H1Gz9+JV*<tjosUp#cGC9el%!@T4-d>C7;bB8)Ua2
zg(Qx~#rjks-`kv~?RdCJ4W<<=hMZj6XW5}>oiEu(Gs@u8>#onfu2FEo3gWwKYvr#P
zWs<Ae`2YvV6v|ft>qa^lnJY`!;$Z+i(2ZJSON3mlq_A;$DPKsuM2)_?;6v@J9j651
zMDYbG5enyNtFBaIpRu&XPg2aFzU@|`1TkRKOVn}7STpx~kd(53EcK3m*L+lGNQV`-
zk-STtWq$rxq}sf&BA`6Yc~a=F^QfMU??syQll;~=F0~{W1^nlr;voBqJ~!Zhy8MUR
zRs;DtGI)l6yiZ{aKVwNP>s#O!N9$b^2e@7(j0Y@%($1!&9Z!PjOh8*5po^+h9UL$F
z&7gMA#!jxi1Ou$be2?t#I5=O^;nrvjf)RY{6gJeMNsWGCZ%H~@-u-~;i}#RF2cb1;
zk?GO}6Ryh2b-_>1VpwWa3JeHqUsWPhg4z~qR=~f^m>24?G@{dl`PJqWsp_wc20Q0P
zNSTP7SayZTCfNGw2sSf5TQ;xp`YP(N$ermm^J26+mo}>UgEcAO=;fo;Bt(7%L*2`-
z#O5?R)si+%b38%j)O#`GkZeQuk4*{c{9n&NCszqkZE_d|<_-;`IxApkFW(9=(0jBD
zUE#jn8}HAm?(0L+2W=La<GLbu4>u6U>)0;jX8bdN2FtyZKQV-_By>QAu5jh8!$#6o
zzjSo&cHmS*iv+IGl$8;j{W~8CXg;q(fseA*a+ovsO;JR4b`GKvq#24lw-70>TKwox
z4eo006JzHEQ8UW;2t4q~uC?aY(DnXz#_qgm4ArY~4dsqCj2F{5<k??>st-AgX#QZr
zMU4!xGQZM<W0x(1Od_qQo67H)&pO;OW2699IhV!tNUnZs-cyS^A@+J#mi-!fPLVyI
zf>-Tkc%j;ZbTclHa-H*9U)H2>UUjtW@-J0*TS6K~yvLm}#$Ny(f*BI=f(5dV@dP(F
zHwamGe6eoWnQv<h_84E&CwVJ`8k%kv4?>9@-@3ol3J)Q46;-;h&&a!Tnxr<MzW6ed
z|AdC`Oli^WG&rj)=sdIJcm`kQPF!x;IA>KFEBdc&ay&wUvw+16^m2c?IYOZ%^9(6K
zHllmGS}ae1APHn_ste}_kt2X=Nk}{dM-_%Vr39Sj<vEwHswv+vT~$wbcXKCU%n;I4
zC?Rcl;MOHD+I%2+2+mA&QKL7nl&BWQV#7Wgag?Gnlb9c0Az30T!M58-TKXchPVQ}|
zI(-O@Ucdd?yy}|4bg#m`a&pn*sD)AE*|&ObFtThGaR8X_m`VTcIkH|1{`9urCy?W{
zEK@iLDjof<MwzG&&8;j%l%)>q$6lP^z>W1+v~)`@qsK+&AY>F00m1GK!gm)8l!o>u
zdaFPcfzrx(U7fWr#F=l#Q+aaRi^k%b32TZ&Z=?f9ijF>&Dd?{8Mi>I-@Kn>)#)zSv
zT6?EPMhnol^fy(%oHh}kGqfs{hdb`~kZyc@hB=_qD!zGjns{E#w{1^ImHEv<fS?_B
z1Fnago|)9^dv*MM<!*S6Af--~Yaykosxt|ZxsYii_sMvVzA9`xNu%K7AlC0aRif~&
z*7dwvZEgqsc5neHm4g|6T`Fc_LlD%xv(4MfsSz*~7&!$uGjX2f?r!D%IvgCl*tcX~
zO=3NNBel7?d$>z&?$*!Q+SCUC7eAkyvnNc3Dh7Ls5<FE;4Ro5bOw<e*7z(6ed{-~~
zTnI1s++M3`2Wv%koO|=SZ{zB&YqK%OG05eJ7X+*R`qa{|seesl3Z)3W&@yR3T$&fQ
zr~nFAxnY4hSpu@y@>0k$dW6P93O-><>RFfF=VE!5B5AfD$o?7Kw*2*PJ<KU@kDOFb
zU8n=vSaZ8sxf)B<f@D5abrJX_PqnR6joEZjw<`@`E#lPfCYR>@{QF5v@Hl_EPMg&@
zj6;<bf+BjvJ<-m*Y9AB@OC#Zvm%lm18Un7(E6OfzsXT^IZmG@B^%-gM{Uw3LGJWE<
zN;GD7`X$Vf@RQrRrPF#0HS+DJGc`{-#2fTcc6rsyYxx*-R-pmsE)R!w-;rWzqq!Vh
zYBiFoq8r(Q(a{g;y8m*nK8x{s<?XbNa21R$kX`K82!Y4Nj#G6_rEp4y^8XHX?*c3~
z2;H5h{PCWZ%TxWbNp6g1UMczU)7|sht3oR8vCI^;Kv~D8E-%3}N#3HAJ4IuLm2KU)
zj%{x&#Y>G!p6@s<e6@%Ggwgs$RLGW0vgVU$yDideGk5r~na&Dp*oBFhR+h}L<idyt
z-5+Nn>N#ntQ|V#LyGp_@*gCr0yW+-9k4Wz?3{l`iD*wu|{|Tx88)n(LIR6`Fnc4mw
zX4#Vh{)w_F>N*Z<>}W&!547RNg5*8<VyBzMY%!TdcB?<!nQTWHXTIB&CWxgb?-f@2
zT*Pe>ldsezHQ|0A2p1#pJ8H)}Ww~V(%KkjzuTMG1D|%QVIn<f=HKlcBt{>8<{WNZ>
zSsjEJL>nxPOG2AeR~M`ye6eh5JQpxf*jW0<ag+dWr%S0<(-fC$ql6sp&U?8hLDtV>
z>ArO(n8v4XiWa|g9wEzD6334YVGw73)W1W#k;%0~o(c=x-h+eTqQ*5K8LE9(a-k{b
zs1V-b)wv=xNT@mMC6|gu1=)U0;M%cRty*ToZl?77^IT{POONs{#ATDVi%_-_NjmE{
zOxp$Qx&;mNz4Nqp2#Sr8CuuQRM!YgnG@Kn9bzMmcICLMFb&A?htDl7)SrYFv+2V*{
z;kf6;3S9`qysrAGyM%=<-x+Uh@{1IStJ6SqE21+&#C>ISp5zsw`AB8BQZ=3NHGvHK
zV5cdc2@AiGlCcu6DLb)NYx=&0>%$Ha`TPcYIh^W>=K2cRX>EcUY_pMiA*ug>)3Wk7
zQd1~pJVt}vL|Wue@qoz{$o1kheDd3Kz|>Z^dq@SNl5$fx*#-+ZpwoFaLVdXOs%^Bg
z{-tH6h03AON2=NZcXUD~Z|A>~S;)oJ!BkPK6kaFJ;(anJn8Cm^&mb@;!k4lN++zif
zWl(VlotD$ZgXG|saV;Rm4#{;Eh1twPqqnWW)r|$C_}ej@A(^bOnI~1^wv%5wRV%lQ
z_QX%@3^6-tpldL_@aM!avRcZVkAAcd9(U*!_Aj5Ap6afVk8C3&`H+PRZk5#=@Xd3O
zAxE)Z1`%h&hDPM<%SL#c;#l#_IDrBcw)A8WP|XlU?KSaOVYB+`fdy2|Gn3(hI342w
z*p8D+2jX>q&>E{i=iOa(*OFFmRN&c3AN8np)<0{MMoh-TN+yw8Sadzppm;9Qeynut
zo^p~0#KFKM>dCTJbSqF&5>6u)#rA<K_a-w2h=(uzp(z`CS<+QZzH1ffTvP=z$;$?u
zOJS^ojbzyj!6;k?iXaeF!CkAa6OPtRds2O^&t;(zr5HZDHrkozBFa4%=bFC#-UR_e
zKbH+L!D(Iw7(8Q`Ikjz;q+is8S#RxiXLIQ~=*B7pt?TuJ8l<bw;xCsA^aJ|~IV5Y1
z)8SrHI~v&v`_gO#Nup739_E0+Eu=(g1kLI&oJK`lecEGqH=~|d+@b9eR;$bsh;cV0
zs8pF9eqsWy=!8o|bEH%`4GDDP&c)V5;{sG_WC1}LFwWfewR4_N)&UzGeh?PHIO56c
z2T2JqMI;JshP7nyKhhB*y~ilG*hE_^(x$i<wx~!DcMX;qjowTIM-sp`DbnRRp?@<i
zXp-tq*ks29#MFTGdKQZxnt`W;Cv)fA_-OfE>eUQ<)pPS4qKI=z6X63wZ&wp}z_MS%
zKpLWmS-<EeMm`6gwrwFcmjvA($Afcy{;stG3ftf@9C|`Ufi+dxF3!_9LEz?-{_DuH
z<EhvmEp_nZM*p_oHwjqyJ*vZM$L>Wv|FsF&bsI?=cvHSVVu-gOl<_gI0D?{)#J9i4
z3+@U$8O^IGQVFZ>!301mJ49+Nj;^L>BD`>nGQ@p%;w<L+N%fYqj*r@BH{KdhT6?6q
ziQ%!n|6!-kxKUu_8CUr6rYsZ+_M5`U(7{VB7Smu%4Dp6DgB_q-_V~rOY`Mr`uo#u{
zS`_%E*GsIp=4DULAN$~QGLtZWcEPmz#u(x?7pIP^k2&5i+8Z?*uq3PZRl9R5Bu1#>
zfZ6Yk1?89oW%ZnvPSA)7^%@z~tsu8%&0~G<!?JFW5X#h&!TlJ2)IxSILNw_&dF0%0
zXgcc}Oa<@hnJoL<hMJk7oRt26`~D8c*(_Z2?}GkcJITb##QuK;{oi(yh4Ft2x~84O
zKm8fv-KQEqBEj+y4<pAtpr{<(3&`wEBrHn#8m5Rf6KJE@#AwLO#JJXr-`qzGPJoVd
zJ^HQldq{TVu<;Gw!}N3u^XGv7G-v=Bz~06HiANF=Dn(A>VUDK+y?WA$oIjF!W`uWo
zLJx(|{tP2Y`Nlwf$pyEm+iw7?yF)jFfx)1oaq?<&V%lMX@KB(erO!j9j#sU5Sx%!{
z-gdm8X|IQ=+|*e2=J!^_ZMtqAfz}`@Wg%iz{$a=|Z0ZkP!y2ZBG;K$4oR+4J<fCud
z2@HBMYjT3&loR&(L&$TF!Z={?b2kTkOGg`g^dQl~F^;it^|(VBmFz%4fWyjwY17Z0
zxj)PtR?5rfzhU$<o_2$I@J>Sl+8WH_Ag>h(-@BDXlFV6h#Nj>FqIQ>ijpohN>w8K<
ziUSwOw+bf7cG#*#<t{Vl(s=0{OU^VCHuqUG2O<i=9eYZzASa7ny4qE{W*zOW%gV@z
z)<CTr;JAN?r6Xrkihc(KPZi!Kt4RK0n^IcaOIy14ST4_owxHKnD)gXJ%pi|F9851c
zV2+O;g!{fsrFmwP9cBzah56n!6<{|rl~g<m6Ir`b260|{FLk9cbho$aR?u(hmvaP3
zVCq=jRXTN*ib)atnP3r3x0ko_<M>!QefxaqlKWV6^94CBHnIg;?BVW5d{#g<pWYwC
zrCkZ?i2NF9qj~8S-n7Z~(-zlI%m@l2w<wZtr$(9-4g73~;^xA|6E4C+N0Npp<kI$L
zbI0XR_GY!z>mPN!_=2xvSlzPWF~vvqlQZ*GIXj^53z#7KP(BAzPb-Ob`-$<%B2X2J
z5p4DXnr%gsLzIAHcDVEr8)e&}Jk$V=^OAPS(Qm;h5zV~asN8P7W~_fVpDQh6Z(Kil
zTGV_XnoPwe&KgF#H&O@f4dU$0axr7k{Z3ftV1%u|>EkXq5;6CmIXuO?zuAqZ%zab3
z5I~=^qq4HKNaVrb7J0Rkmae6R@&>hE*yn>D1btB2Owb0}CG6BZP@t!-8yK35Wl`}E
za5E3$iWOLo&h9k`fUyB3(-Rl;aM$oGuhj-1Zpx+f5SbJW{LUl#@*-#gN<{OhD$lL6
z{Nd&6#1uK&acz=#DDCei*lx4Dm>B!^ZGwmF@FUggtVSCHkJNX=S0RJffi&44h<Z||
zYQKfnA8mo!%pb|x|NM)?8;NmB3C7RCCzGJ4>HhJF*5$?+1o_@`L7ZXm<?2NW_brG9
zz0qy($=9oQ?X3LeA@ZGUZlypS6Z428^$649aNKEGWDeO&pB8@TG<9&i{NQcy#ktkf
z*QM)sH^2wfr)|Ms)UEN>mK=CXhcn0<jzh80x~2mr*Z%-x0=*YapNx>Iec(zWWQkhQ
zHjI>u@;*e-pRyg|Fm83c(~rDg)rDN2Y75siP&BZ4sKSpd_;RV45-aN!Uu^YhxXQG*
zY~}iensT&(DfoH&V)P*0uJyEAA;-b(!VJ)j&N)RYOOd(uJmS8|mTK@Kw8+bCJJR*h
z6_5Zm5|@|c3p78K(+o`^lTPuAZAG4(t`OliZB|v&ezT`4m?G9HbV<rz&OC&W9$a)K
z$8oe*x)Sz)n|KPM7v9as-yTr%{!<B*k$&j$4n1#Or<@u<JDa*fivkydwZH47x@mk3
z#B*?=oTMH|@wLvrVn?ajN|n<pdRXMosbIkLO%Vng*GdnCirk9&6m=&h&`<{C)tR>o
zNu%NLXY^o~ePR_o@lmc2QEOTtx8}q{OaY9-Ob^03bsQAiBOf_Wympg0cQS7dmDWQM
zhjn{ks5D65ICYh1tlc`kyT9(xr_08#1|{opMysHETy|KA4P<(0qcY>*^dwAV)-gbS
z#T*&2Hu$l))f*-m!kBh0rKlEiSE2czYZcKAv(%k5uPGT+_%m)39z$(Hp*IFy?Lg1=
zHg|&nh(x^?&`KVoTw5^8B^D&8JPTAKUsV_yrkRn6sW(ka{wv6nvQZCK8@-p@G6C5a
za1*3GU2&hbpgaoTU2I+UyZx|ud%!bWsCZ{cNr(ZuL``&;ZLS!*>$aU5=jB`SV@89%
zD~99<6QuVN_Vm>-C-yVV`M??OQxxaRhH7sELiXWzD{X<ZAeTIc;}|EsHIPai*MbbC
z2|X0dc-KflE6dJ<2cq)q9=lM2Xf~x~HEK&vuoT+Vpaun4rGv@flRaEU0-!f~rHQri
z*a&WY=C9vJnmU^orAkL&Ju`{HJvP>#H?<CxNkKxTA8nUBrwubU4#w_`_8u829&;=e
zlhobgQDyQbB%S*B!8jGj!m(Vx9+dk;)5CuU<Qq@MpF*CHs=yz@maD;@;QUUjmz|PH
zE`fzQptPk77ME9c97KC1D+SbY_2r-seF=Twl}Z1exYJ}yBc=xu4XGvMNbw|trZM}c
zR7ZVJG+*~$=A?f5(_1yCs6rmd0V)4m?DOSPQTiewMo-7kKE{jRZJ($=w;>s}d5#0k
zS@}k3Um2Q!4D*?--_E62_JtdDfm1~{jJaghu8gSSiQy1apbLk4`3Zn36gCWm6-pU7
zC?%6w%E^lh`ZVJU(N{VA*oieA+`#`15n?@)8D0lLSh6ZE5tNSoSbT(877?bOpC!QK
zLiiV}o*uRKPbD~>Q9o{*UMBi-SKsG!<%kr#M!{7wtw3r#5saj|PVdh49(%}lef&os
zN4t=#n6o&$-VW@Bq<$cFn8H$UC1z-|hUG~}+7{nz*MvdGCkciG0qw8$KKf!l1?KVm
zeQq8?8Z$AiXCOvNqD@$UZ84Noa8tmmVO(`=Y15!zoR*p}LNY=ymZ2FvM8_p8;lLcU
zL(DBi2MCvBI^~M@zL;(2w~RkoP$Hmc>t$GM1GeFKK6&gVk(vNIXc=QrzWtfE0bkB!
zB8ul${uE&V2lH<)8gK53xt3g~+Dx{m2?FwJ$o>bF)^^>A?si^4M7?^t8qj3N>dUKc
zpZ-y!kPfk--F;L0Ms4O#L)aXG$Wh0Ytn4UGA^z;!^UA_bVzlfk`~rG492T8AJv@i9
zjOn`Y-c2gC)C~C3Vyt2Ab)F+VO?ueqZzh@fO8(7%9e;C(x$+7zyAodC3i8L@Zj=yu
zq*Ub9MVBHOoBasldNA+uEdL{%+SDKA{&;%(iryMu&fiFCK={5_esC>~>K@jz3ELby
z*Cq+8oucxaDjgHsRcE^Ew2MS?1%_{_XBwt{ve-3A&>M(u5LbX7(&(Q?VtIJkxx$`*
zhNb_<xlKFf!~V3uN@yzT->Z1)gxMdmPJ-eda!pg7$%GG-Bd`^SZ7K91n^3(7<0lWH
z$DNSHXTf=xw@H5TD4jLXF5Di408i+3V9_(OUM5|fH_hGywHlJCrANXe8%LamCUPl$
zriMXaN|WTZ?#g%v_xnUbEEWa*7fiDJ*A6hVv9bLZCRteiWd~UPk+c7?1OLF}9{cwp
z--l|VNHAK$AKHbRPjlq$n^kKa&&CD;>^f-CV#C&^qqMU(-rbwc`9RUvO=uz2?CSXj
zI!ye)&wn^F+siyHZloW=>$d!(bu)(dp7WKH<Wyz;Q}b%(z?!u)>fl@Xq@)7{)gLN(
z-`|CnjksI_-8yYohYk)vsgE0v{s()cu&mJ<4Q>c=EH7bYEa}m1<y-%GF_QePQS`53
z@$0O0X)q+8u4)gSr3%xy4nJ}YD#Tf9zFXAuBvv~P)+OiBBshp@G6JiM=QK~%6{CXy
zbW7+62()iXQDZ|Sn0iRpeJOM84G(h&yn$9YBujDg5t&h&j{c=U4h7V$EWPX%v{jsP
z;2v~MOK=%N4o6J;Xnkax*dX&$M9z<^ijnU~{C_<@^*hdsit&PV;@x9X&t4lad6O>l
zqhS^u1G2SKB}-;QIT>#jnmPljyD&|pK^%io8|_}^CNGS+3=nyP6n~zejWa(5ROTT1
zbhh7x{hi8r>lFh9<mX0MxIXIfvTZT_tm0lSgu_v{?qs)hJRY*AFcXo_=SG|lFKk~9
z?YlH59UP`E?k|yL!SbcrP&&k?X+)?IRgA$jjxtsB`4N#{h#xx<t3xD1zj(XjL#Y^-
z@YC1#%N0yxp%KZ=v}5o1-yn*an2OtM30-ROgINQaVJ8uQ-8;W}8>r1cogY3D=C;3u
zaV(QLJ0^y@E4rHdjzz9tA*k!JK%1%_R^?C^3!o?{4;!K@X(oJ%tvu;)$eQpjY!Ct7
zxPZ;<RIp(9%H|43bi}1^-DZ=`CpY&ufvIsn12+u}qKho!8QnH{h2-Z$5NLxVqh8Bt
zHlpK7_pxJutfQX@xX*2e#(|pY#9HAv-+DOFg!OL=<udDTdSSX_DBu5#^eRv_s}V(W
z>(Pj@<qm1>WG6Ki1dn2>C*Pn(O4+6oA6*pXwX*hEG4T1K2%i(Ni|d>#-`XC`?6#L$
z4=4^nj>Cof3}w1yU5V+ZcxuWr4O$rzx2c)khtLlIoRQvkSc@#s`B&d?!s4jWY6fnb
zz>v)j)ZeVsa}<54C@m+Y?|WwRKsDcW2m7#w6&F`;EE=(PH8&dxijYrOVc?s`f8q@h
z$U{4^3!ABtM~`VE$n_CD9dSzqC<_@YhSEtV-A-YE;yD@rU1iKf$|fup;fTtpKQF`@
zW<lQqsCxBHe{j{ug{?ObU04Mc@DEOR2B0Nv%2*LCLU~dv4tLR$gQ6)?atNYL)?jIC
z;JK&Q;eH2!{zg{{{!&)EDsBNzLw3_&UFJD63Oq2k{)FwQN%3~S+k2NkfgjOdx{Dx5
zb$xg|^meZo7AOn$cf22BxIDy6)u=zn)m@(f`mM0sg?B6b^gG)1KigU~=`pXa=zrB4
zY)w~T)VG5gwL?qE2W$J%D=1RqmZnPy{`}`Dk)6qAoAlEWvEm3{P+ly{Qnpkx$z^4J
zqhb(>Z;*z0j$gnoLo^1Et!4Dbws1goJP_1>KA<YD%0C`u=INM!RJV$O8S3MtmxPuA
zvDTYJTx^n5W@^qo)z8Q!o$*dJDZx(0Wj2XHufjI6KPB)gPj8)&Rah+c#fagsBXRhS
zY(WHMon%X-HtvZTibWp1@yAIwQZwmZUHB|5nI8LNLEFHRL!qoVkMZJvF`Z-x4WU?^
zRi<>nkby!e|2nz05!M%aED)srI=y-VrcOidPYUy_3liH81_?sHg%^(mfPq0&1z(lT
z>%~G%S!v+o+)MPTHKa^{ayTDHC=PHn6r&o)gbJdAnCLdj!qH!?zcd{B%u2VF2+f)?
z(B?e_NPQQbnhjAX48pCk($<})AxOqxOIUPv>$6;t(T<+8|6wHpBdE#ui?&n&$QtfP
zjHkWqwwDOcE>fK>Bt2<16&!An+sHqp=d3XiR+rZTwQ9&|%VF70ycb}2posszt*+FV
zzwiq7&QcBix9MyT!p_!9emeA6dx)?P!D&v7=La+FcktlL?YZin98gKg_Fzkj>%<E~
zsM(yGz;P_>#0rch%gnosg|o^B05P}c&_0%z@4n`ZIAeTb73>ajn=0|;9OR7wyvw7@
z>SbrJ%jI2MS;RJ=@w(CrVw^dZt|8f&;RNTelS3HmrGYsH4=r}Q3F3|~mF5fUfE1C2
z6odX2l)>OA!7vVmo2EWZVXLQE5M1t)PPK@UhfLa(tZ1|KXL;_iD@aNKU_3scrPk@c
zCTD0Jzv-a|dl;g*H1=L`ULVO}_U0I4%tkwK?aGF*hO*v=@h!sQ_LbTJ;x$*gBcL6Y
z??v?bo$OD5OlI2}kZ3#`_hnTbVq_69<B6<fa@y}nLfQSB@0S|sEt|5I17Z&)wd8kU
zYMY80>An=^gjb758lO;QfPsoo%^1`*N}gKPdS9f2YJMD<bfY)-gKT49eM}0m6bn_s
z2E9Z>ruXlZ6LcJCMuszw8UuP5jS%wQpFk#M0mee`I#Uo@pAzfYSc63fVWA;m8;}#q
zm;>WSb3dmL^(zK@Kg}lTBzS%P#XF@O?SS32T`3VAC!+dcyO4~2zz@lC=1`G#X5}R}
zbBw9lhn;t=ur^dTZT(SM&2$e8b}4>br1x~GA7wnKwNWD&K(aKd5VX;;-9nsB{PMDI
z@-cis)s7VTr7>y14_y76#?j(VeLsPb1c^I0zefD%R^&C%&>A`m_!#k%+L**>_O63>
z<N!%Gtv=+~%9CjX{$tk;cLCpKUXGK#6Va;X_*`7rS_gfF;`}k1^?4JnlrazL&B&82
z>Bso5p~W1ykMDAQJzTdWIrjWVnH8m>AAe=>W8D-lma1O>v|LmKtbq36>U~uViTmFP
z^DOr@1be056fg^dW?XMs+ImfQbDZQh&H$;Fi8dvE{+|FUIo)?quFUq=5v=*W8hp)9
z8_S0BmJbFHG%UfMh<65)Vl2D+cn)`|<1l2_BYdC)37#N<HJu1H2;&F2vv@3iepN=L
z_*ZcC7sxMJb%uZA5bOUZA7*A&#{a`1j{o8i-2b)yv2gwm4^3+R&+wD)k%nxMvYDj}
z)+GF;mx`_ZN(31XNi&VsDw2pH70FNtlpvGp1!l`T?dR}4JY!43{MeZN#V<lz)U?aF
zjbeqTZB&vp5|V$0pTbUpbK6IYVbr?w533o)1g0o4o3r1Ix-#Y&RQ8$nAu%4oSrsU+
zk%k**esVAYpD$18T!4q2erNjR7VhU83+q~HisbZRw*r<EWBm_KfjEjGw&~|AD*Y15
zWuZGq<Co=pp_vXv{c#CV{#?fy$_77VMOocH9XGb)sIJ>8*(@;Tx5tBaGlCrHdnSbM
znZL^M)^*(xZ3Qu&aaL9NTUv@5xW=d+b^GF_(!F;8BejeL3bv${3h(E3RxkE<W!$%p
zlMc^Ujr?s)C-uB=jSe*QG6MGU2GP=zmiJQe8RO!KZ&&n>DU&M>91dHPn-k)U#8v!#
zYIp||`%0$tUe8YLrCav2qnc4pOw6WxM2->k14~O1CJ+h_cSup}ec1@oHPgBuQ%lC@
zonF^KwG;fZn^{?=iPGKj-y_!;lG@Tm2`8<69mkua9qsHsauvJCAKb8$kKK@~k6ts0
zsKfjvO@{Ns0Tzv-TG3#&HD)OJPF1_2$#&o#;(E+|`EfQDPhNF$AwMO_+mu3d5nxQ#
zWki=stAb}q-^)+V4=yr2?l>GALIt_U7@}#xj)#(7!Ki_q^Zs{A?6878BD+xLO$e~B
z&QtVfF{ID}AIOflGVoO~a0AMQ%UdP*IugGEdx*8{>Ukj^;VXoIt7}DM-9WnPBG?i_
z+!eCF<yFR;t_HXS$5}RBIIg4?6YxvC?Wl(mwS-RLtCQu8e{6hk5L_G$+Z#kgZmLD#
zDB!@TO6LIc2P%ry*_K|>FHVHWgswCi)2rzzP`p=r=xHz#R`bcd#97LZzGr%<O9(-N
zVNJ70?8sc%!v@GS3$Q_Q*t_%bjV9z-Dx5TSG#)=(h8_l5eLESx-@l2E*n(uCz_liu
zd<Nd`Mi-3nDSxJi8`0;2_;GX(9VE0FpWIm4vTOo|xs$dJ8}7%O9{fS<R=#n1{`1aE
z6VUjEY1LxHb!853jJzfc-iSYXD$?1kVJ&@^?lM)7L6XX$3d!|}QAASFEz_64bHheG
z7>)EzuH!zyr=FQVv%-)fmLteM^Dg;+@RTPU>%;a+oguSF1qEu?KtA(9<un13YSZ}g
ze)<5kBAJqK7n#9a%MYQ#sW7vk#z<GO$=d`u&(%g5dX>5;nG`)uM?p89m-||arL&bx
z*;J`3d~%wBVmo-xT~>6Z3EF@{<y%<Co3cO+A@b>2#KbBV2J&AHh4~n_9|_whi)vt2
zCx*5$_YMV1Y?YIYC>@-(E|}^p)uq%GMlk?q;9YxQapiZn!`#TKwFqc#azfDF0Vl+>
zjZ=2h%B<7Biob=<Yj>N2_v6_47g?Ga`G+mo?`jnIOw=C82Kt*WEJKBH1Ww(RoI&{Y
zE>O?eY9sly-KDqtt169P$SwZJ8P<|DnNtLC=(;gasHAzU{TTHk%XgWVr5wd$OY{Xo
z!N(dH&prA>)=pjpthB%iA<Z4xxHZJGN!b20;j-mWS!T<*A?o)-hlY}6o1F)b3E@(K
z587dR@9DE@)!1nH>o3&_)-DVvgS;aWhQJ=*EDg3p3DGaTutz9TK&89wCk})nn&JEg
zj}uRL+RzNBoI?&>Gj^1J#I)17{<#KZCB?6rF$Ce4{qm)CB)e=<gmr}xD_eAySQ+io
zJrYA<Na9;XZ+(}0%(CV5RXD~-=RPPKt|o#BfFSqz8B*6_<3P=JARc^!ISPVUB<qDv
z1MJaBcG6z4k_hL_I>(XJ2GTd}Z_n*Xyp|?SHcOFHr=)_(j*aU=ScvPHp7sOUY;p90
zZ3YrDu_v{gh|lVkz&8&9g^SeHpS~I=jYZ%he-0A&mY6x=qOf*D(F(oDh!%wlUusZc
zI_yqvf<6wnI|a}DXtlH1n&@&DU?s_a*cUBd3&WmbCWscvQb{Nup$5=&K?nuN-a#MG
z9%TF#bl;1|%UdsCsj2~k`<nqE9fXF-eY~~W2VN+%cey>(8?D1`v&<vX=e6#Nk&Ph_
zkxcu;yp)m4$rR0fE~_xubjGakfQ4u%#=lB$u<W(@)^Zw;TRYUj6&(1IL4+rsARBjp
z;fTn5w{DMY^j>rLRvE<i7g3uTjC<c4lP^fduLtVnFs@K%Q(iS=SkD899SHY!j>4u=
ztFJ+Hqd7ZK^+=f(ysq!y-bl!OsX(nPZrH0yrz_UDq0|dfK+_{9n-)AlbS**Wo9w-@
zeFQ^JAtiQQ((IlbaiXf^CWNvI8iEXJv;Wf5QwYv$aAMu91Q`m;-g-+~pz|63GW7ix
zamoJtiUEqLS4?|i7*Y)IB|YE(BPL7V#P1_B-T^V5=oEg^#mjau*S4*%c=nHn+t-Z+
zRV4J{Gmxy9tKs=G1I0MN=u9s`o9*co=@&=plFI$w!FbN($z-|rPmV{+&a)5R4?Fhm
z-(M!7`dz+!omra`XDi!Hzbd?6)jLXBUO>_%Hhg_-W47+NQ7i$5v07p?i&+-e+E6)&
zQU@5vAdn4+Yy^181&H1x1EDUBwGScnj5xmby%Qk=FH!j;$qfDs(vOE;Usf^v5X{?l
zH4=$GFyK9*l8Aer_7LN<3#;z)pv<p`b5YaSwp3qSB)rvr(=qMaCZ!&h47Z4bLhn@%
zTM=KtI`qSl;20oIME{GBL$Dol3(9EwgWor}8L0hA>?Tr*Yc{})R(Wz-3JMb^kQ+*Z
zeS_dBw!W)0f3L+>%cayj@%>CDG?B|RT0*jH-(bktfb3Ndu}fmQn}Ul#*W8`Br~6ig
zS<@Cuq8ACaaukjN6<pYLu$G3cI%~w8^9}}lLVPKqgcJOmV>thhV;EVJ!Z?KL?_eCk
z;937GcGwxYl1wFpfJtpRmo>@6&NB_w=fC?<parm78*AT2<s5v9?QF=0M5iV3QIWM0
zXDC3~K{9?-yJTJ)oP2RIlq*8!l6ke8FyQhpQv{S%Or$axnBQ<<JpYEgFaGlB<bhe<
z7<Hi3^&NZdUgU9a;`Z`N`1`GV4fTW3qSVle;8kl%y*-KX25=#$TevZOd|FD~JbkD8
zTJd?<J8A#Y_6D>*FT8*0O|Kk?tc`B`d^n4MHZ}+*UevOaH+P6CYe|~qIK>q(FMp6q
zdm)~_`wV!b^F^P*#A7fAT`~wxAau%erz;bwHJiSayYdNOu#8B>^a9Wn2GVnS5gBCX
z#joVUVn{U80E?jka^IWVz`IYi-Vat7h=1mJd9PoZ9@;))f!oC=F*nLiq+27`?1X>1
z#0oV&mb{k{5gXPZPbIDKxxcTW>CKMC`X0yiE@WU6wvt>oJ{^FciNEclIT?RwF7^8@
z!ggwrYppHBtk<*|Z*-bE7VzJ0SNyo2!=sdcm!<P~0h&ForWv+$xvK&ghV@(NI2x}b
zCx_ap7YPx4KJHa6TbwZ>-+2|lOx~~l`Ps|!T7ZzKj*4lzl}e?Q`r2mDcziFg^W3%|
zK{3y~J8I$r+;*0;`Aj^I!;FyA95AN>M_u_YDH$CjQSMF|x~}5#aw4KLtADHA99T{h
zFv&yo1JJ*E$B2UkelQs5b#NJUdVN(5tFyD2LI1g~CsWhZTByLO82ccSduReN{gT``
zkF;Bn4otMM+`r@9Rlv4pj|tx6-dl#iRa}Gwu=M;ZU<9;Msm@{#+{aHlD>PRcW!29P
zjkZ!i{8X0kX&;8S%Z&GUpgc(;KNz9E;QM-&0V%u(_PNDZAEQ|?{oNsAjgbK^68vkb
zbl>F3_tXVIp>L;{m-Q0EFi<kfa$_Vvslt9)yh*R%_V-*@1~o|Rh~S>k>T<*g(k&HX
zC58=i8fW20EWS4C;IeUqivY&W0E)^fZpBnS)55W_Bb-kATfPdx<MjZ@*pk_tJDhqA
z;HIbMTnSID(?rYOqhhyg)f@YC@Ve<lF|EAy+p>wL0kKYS&B$EqL!55k>C3`F@9I%Z
zW7D>XT@s=Mer2SDqZu*Qg-mxWr-upUo;AWBJ6k)H3*%l@lCTsaknsPJbx+}$MP0Ul
zW1AJ*w(W{-n-x3xV%xTDvtrw}ZJ+9M&fk5}*ZX=s&zftFcWg+R)(<8z$dnFjbic(|
zMfBkOPtqm#Z;j<p*AIg@I23^tz*aZt7Vq62?m@=&!?){-TsG>lF-xQsi%D&M93vQW
zFc)jG){i-bn}cW0FGgiycN7}D6RuTWq`fK&Xt~Vbhyyv-;8Mox@T^-a8mrwC;q2?*
zZz<(jVtrb5-b;IR7uB>1wV&;nCx7MLdA(xMGf6beg~I(<^+-sodQ8QJ0458I-08vs
zDC2j;azGFVyF+I7UF#d~z?mHPts+uG@d}*_T7^~IYu+m1A=oJt<O7CyK$U(-$C9>j
zg<SK3{G6lpRGkQDizFRaySD{v7Seb6CXaH4iXyiZWvE;~;{Cyp7$C$eR3B1gGE10!
ztg(yGPTJbBBYW;tNwTc8fIO@ss^^b}4kuO!=d>{5N~Zm9!?GyH2GllkY1;Buw*fQC
zKk1!o=vkzh1({{=V6qN!^<wtW96@Qc2nSgBJeO-vRmlydBA^mE%22XJ+m+m|XS?xj
zizO>hxOO18+L|^;;*eDS5om9Iotz8wcrqVyU!Y~SVWH3PZ3P$o03Zvj#<d=cjV~XO
zJQ0OE4aj??T5dVKaE3S;BOPuSWRO&fz>N>{xW#pE*_;Gjy-%@RA~5yCF)$1D#{L{|
zk~jA*iZ*lt%E>34N3r8Dg{GGy-~MrJwfygH&he||4~0EsB?ICi5{6x0un?aVS-Opj
z_F9no_t?rc7_-e~z=mzFK^Ew)20`i0L<x=QL|n0z7in<JHeq#v(5H_sl=lTCR!kmz
z^GU9pLqpZ)*<PbQI>%A%(EEehzRpo=#;Z5TFZVI3r50vyfh~q-)UbzB<SUPW2%AR$
z)1hMhp(QJu5$WBq+U4F#MWNBfmdyoD>Q!L*34XbJHn5%#;DJVvThFlUR;Xac?Dy`9
zPO4Dap^>O`2OSNEXsEtlz%_okF*erUT4A12W*oBt>#o#T0&y~0f<bws7x#wOpaXiV
z<MeY9ju<y1;4yUXW(+gV*l<1dl?@Cm1$3TvANRvju#i~6TOAtClwxx3->`H#i@RCM
z$(5-a%R|TEfS~}Xl`?hG6nizXGdX;^@`zJZ>w60u!lO<vi$$GyUWk#x;)L0mYNOo}
z{oV{<c+%Szm!oDB4Yef${UmtwORxF9MtLOf3zX=fP%FtIM?M;#vqsFh3s(3*Oc-&7
zZGu3|*~Fk-HRR?LR5N|)3(W*7NFV<;Fia`5Cm#}Rz;2_ej;Dji`7NspqK6Ib$=3(r
zdAzuEzNS*7{sNKZIYpwSDYNW@>)I1|P|vj~b|Tps#?xV1y)+popEHCniV249hu)@$
z!1{6SCie4hdy)C^q)-BRu5gQajBHqD+!$?-H!G}e&+H=0lwtF`d)kQy#_2c2J4@g9
z3<dxaV9wG#qu8(@*?PLLybnDd_|Yx<N%mU8GA%eTT#F}eIo?`+h3;HNJb@vIf2r8*
zAVlH;eZgBS^gN=08K0lOT2C~s0F@)$1cI3~pqwhB?yTU~TK3&0Igr?u;^;TWi6?Ok
zIv}kq`)I;+{D5FOWiCDJ?@DPYmVOQdGN&sRfb^6E#N7&OxCtRmh4(}cz=jX`PXha?
zJZ_6MFHs|5tRiFk%((3PP;0j}RcKZlNK}~7g9t#~+Z@{_pF?gb+C6pf9{3{3v(erw
zxrB{>k<BACfA_3bN-8$@)*^1ei`EptKRW$hjCT)~fo^&g--nA{Ex<8P8r|Qv8O<XE
zFqIL(+a0@$XNi|ArTO4O#+i$ll>b}fw>6Rx4xFm4i%Ih%kz^*YpL9&kTYu^C_zyGP
z)|8{Vn`_s?CIs$SC!b!9gS!NLwl8&2Ld`M4{e^(to~JDS=%I>{Bbp)3g&bC#8KnqA
z{eVg+cp=-<WN*6tHB;gy>FjrpR=g+&pu;ta0xC7hP_Nh9o}&4gGEudv7B-$+x@<{{
z40^PcG)4@_gduz{mkhJ7<5`+j%~tHzBghERxE2o>JE~48_fOjs&Bj9ebs4gYCV?T6
zsk~NMR<2NFU0gvvjcwfoDRqUG@Ex8q6J_pPDv|5k984ljTomWnclii=Pk1T;=t+M9
z@91dz<5r&BN6x82exGhL&Va2XqIIS?It6NtfbNhtw={qRc9n*O3Zy9f%bDkQz?WY8
zf?Nh;y2th}RcJWp;|jIx3&I7gkB;yXT6X>I7)P9XnM=a+p4kHw5Wa59N<nJJt8ka@
zjdHuIIz8!jA@4Fsp`daRp-=Qb07X)SY_mpV0mmj`r)WkRfa2$@I{T>#kS9tA+NqI>
zLo(`EP;Qw-=<}x;^NmC#LzH&Tl6)Y}oi_^K-f;Yj5<yAkXLrc))dD56F_EFz?vjn-
zv@!NEiSq6&k#br0H9-NM7gT@qrE6MSl0q%#m0~yM2_Y+wc*wkKXqCMcfIrF~UzynR
zdebULK+K55yz}~Z&pGvi`sqSC`FB2l*>QpuLPEZUz$6!X18Y${FajL3P?ADayko0@
z7g%+2PbM2aRhQ80cRZofkhOjzFIGG&U-gqAqI5=JeNGH^XyhXFjTP*Yi1bp+YzCv0
z;zsC1X@6}G&mDpE<CwPzpsh-B2|P&i0#UyaE>uP;{MX-JTJmBLqj5cjp>FYHYGPL?
zyqJF+A>sp;ugQ+kf)z9tl9CcDpX#%zCQZi&+$a1uSSzOfbh<*bv0c#@>Wf4@Nne$m
zUX&TDg`d*(dh{mE%1adaj8z&jdc3j=@m6pi2|DS#W#Qh*9q)ZPz_|G^^>AI9<~;RJ
z6J{0`#}r*Cn2*sYd~!1M#Y+*v`qnB9|LKj$f?EU8*6^%{5~GgA$v~thadVs2aNO`!
z^^-6NG)9`n<3Ec~OUL7E^+&}+QP(4*^Lh1*Rs*|y0r>qk8>1G~*T}_s!MbbjoH+D1
zu8Q~)owEQk(g~Ll;EBnXlXCX=!Q9l@A-9@_1KuOYWYRy5Q0@oUywXl6EW*-`X1Gw}
z<M&S^xTJ{LCV$TS(+E1;G4$mqHO!8ZUq8LA8AMF3oPH#Wc)ObAwFFtCVn%Ia#8m0>
z%mlBnP7gG|Jlo|PW63b~2X-wC%kv~xrC=kBvGzXVrwzn_Jb|*UhdZHKv#Z{5kI^#;
zl(8b4P>^&Z>)sxddRW=~uR46~*bbfsejHzlx;me_>ngFR!ji&r*CdM+?+V$NeB6*V
z-3$%>Y?-1$<c;*DQ~E#)gmlGCo2AXnbFJb|7at!XK6w=QKiIy3v?7qbJeL|St6P$6
zul~x~eCjKJVESU%B%6$xlUfUML@dr~7s}>0MmE%V9>>PS<BRldL`&}@+W16?N9F#<
zFL#)a%{PspYlUeG<}HnHN4}Re>!TR&$H=I>T-OF&S&kel@!x^<wv{{)x_9BYhiWeI
zN|8LjZ;m>9d*&<-efh246Tkm{e08=?xY0bT7c<TQx>r4Uc)H!4Jf9ct=ko~|#9fE#
zhh}V^ULIEdF#I_9dU|+#9}Jxx-4h7V1Gx3MH;Kfl`DcxsU7!2dmC)gUof;L3W1Id&
z3}BcOutxPT+1qJa;H%i2D%JL;)K97ToIcO~Saqq*^*Zk?QI`fY$tuevUE*Cc4vPk+
z*?&_2V#f+65ktldHh21o92cG9$W(Qu(tc)N#M-Z;guonZ7~YA_NEl(H-mf_m9*LM`
zg9i4)r&x<HDiA(2Fs8Zk&Xhk;1J))o8$8bv+zdMV`CT@=o<G*HJWG+3TNqtj1PVns
zawM*|l$5PaNtD=}O&a_z(<d1!zcJA&YR_)~jQv{i;{Yd@!w^Ntnb97v_N@zP4oM@j
zWW``uPW7i<|1dMe&iB~{hCF=7PL##sH%$q3_J+b9gT-}lGbguA>MIBS>LWdUMYJmG
zSzcsgHODr_hud)MStI%CeS6xeB4Eeq=dFw!0&jNg^<t8Qb6seW2s62z!~C=@JXb5g
zaX9YlG8~hI@ZT;p8Z&1h;oZ3dSBSfPi5#SD-41bd_@m9hG;z1M8NG?jV+B@3853CY
z-OBb6mcL%y2UdGW=ZApXlb!uqnWq0Wg0uc-Yrw+E`QI^Jw*SN}{$GheB8)Qie`PA1
zHrP>eJ}UJ6$F^k3VxWL`y{;$7_{n5(S}TetAFX!W2~kphDU(XascqK2unD|l0PTqK
zq;9XWw1^qJtZkX+>b|>)GKz`%Gz%OYMCE;5zF;lo7CcLMi~eb8JW|c$U)`RXG>iZV
z2^j4+3~CukKR5{Ew(!c(?CstHtZqD!eJ%C8em}|Is6EG40=6{vrf_ZXP3dADu1c{;
z@XcaCU0cQ`I}W*aBF~F`1NfSv&E>-Iu*I%`J<9QspZxv~#VI`WIn+z1KaW3zn4ebm
zEPWlJKdt|=!G_=j18O<2Mg$ZdixQX^@FLlI>q39jl*M$_hy~mij465m%G%IQla?U|
z8{w89{pUAve@Eh8iK<a1viJAIgfT(7AuHP`xoG8e5;0>+7?+9#W8e0X?Uz+W7;DN0
z8sv-<H>kp>z+JxmszUceOAbl9#Wq->JdyB+c}O1}R6Jy(zJAP&6L6Lk8>)O|tblR?
zfs2V68rcHU=HtkXVBKj2C=kiUMN;_r5PaAGUGgHnu6xEuay>8-`5R~J<*5)!lLh>#
zgL(5C`Pu%S6^i^tZiv=GDR;zK+}}q`UtGQpf=*3TiZ<Ul;qLnrgr`s$hrqd2yMOr6
z?mtGGbBt}N)r%YGL^3HZQ{!ciT;hx7f)zX{jg09rPp$x|Mc^I{82^dhK;XM9JGDJO
zP*{LmAe=?>{6p=DqzU~b4@30OGUn|<oC7{<Ms(J<WCTWU|5X?J;6!chY)oa0Qe`SR
zX{ntvV@c<NbDEc`u9#UwIVg1KT0#X&&SfK2*cXC*IpqzUEUVNr1FKoeG!LE%uMjSx
zm2{)itj>N8k%=4uD9neHIq4HS%@S>nv13>n8l<o-anVdNFiGz|xZ@MQnaW2B^<};8
zv!)4Vo}}sz>fm4Gus%zTy|_@ch%B>i9@%dnp1o3srjPW_2W3Joa|N#QR#%y2TqUJE
z&kTlGeF$w(y8P$~sX;^di9qwz7PRtX*MF8R4wk_3-*kNg__;oG@Ceq)3~uG;quCg|
zKNGI&<>_Ysjo;RKA~@Po%+ZG|N65McQw%8j93!s|7ETG24nGI6%0y?HA@9Zz!h!47
z9$`-RbJ~zF3liKnA|kVomp_`Ns6gZ{T3-PUd;Isp!5Q)d9I0Xoae;jH%a>(mO0&=2
zgpa(VYcLESfbchuq<&TuIuF5Tr-dCoH=}C!v~UsHx!fw|UylrVr8KS#?@d(IO3LU-
zO+gx_CZeV4p;jcpG2F1wsZyjm)sAVwRSmyZntqaNR!d87^^TsM-P0-0jQ%bHEo~gF
zSk^Y5Fdel6ZJyvpB)pQQ(t{u>(kX;!p}CbXeBh!DVAjLgVEH9N4Sh;nB~yyYfH`zp
zF!N6`+a3@FB$i@glV{d1SZG&B;|Wn-+KYQhEwaKBvM26|NFgi3WzdmLJ*$Us&{Nj^
zrvckF89o`E*F#OrIfd9i9Tt4vL;g6fO`kk<C@{hWl2Q|CsYPxWBhgzm*y}M@e$Obq
zC+VvEfEZ_=0((LsG5U@*2KVItQ*{C?MSY7QoN_*a6f8Jm7I5nLqU3nA;w`M&DP1(D
zX5i+4!lEm0_EiL6T#^VE>SpA+Ta$*@48i6yc=YTR5iJO6+gGq_1B2`S-_Zyzy5s5-
z#k3jJ7*=@x#G?5JT3-H6iVPdDj+%kcRMeLC0Bj8cGpqJTi1R={rO8?3<F2zphI-AX
zd0ym)RF-Doi*P~E0FnKt#>APgFe45lH6BtIGTbsNK#7=^I=s!lAml*4;({S!+wUsB
zP%ZhYuLcxy+#!5z!}?|^KBxg9?JB0fXC@9g+0>a&=lfq5h!(J!53!jk3VU2kPqNF~
z0G4uKLjrL<zjTiMRB&7_JVDoth9Ioa>x|#Ae?^_W**-EefPDZ0QLRYq=Nna&$?Wum
zdkP0IYC+@&OO;agXnJ%3h9jRdCRe9jf>JA?0J)p_Kik@PZe1M`nH^H|!rwbDwbcY|
zDif<X4gkc;VDPF;_K{qnJ9|yi@G|mmz?T7Kl}oeMk9RSGVD9Udmqf2{*UuTAXJPJp
znwYQo>p|yKyR<fy$Kgv{O?6H6IWbjT)$uJ#K`18w;zaMEcdGCH9RXwABhZ7+1!;rx
z8a+ZHky-R~Y|Ix)po?;VEhBU^`d_4w)({qA=J|<F!QQalJasX5FR2*~2$bV2fTGNX
zOU^wlmZmc!iJZXjBwFaubaYoK^qIm8Ul^}Zf9}|*vMKIUNwa44>;+<GE(L6=K>Wbd
zP_ic^olNV5diQ<y{0Ca)OB?M}=8U+cpvZaC^x!;H*<VYQ6Ib~6YCVHL{@SwS-|yUN
zl^CP5bewI~>qJQY;80Bm)gbqVfR?Z8btUQdy-eX{s@r>&^*X%e+1ZJbNtm3`qxZjI
z=?$*HPL#DA;zJM?7ZtAw;o7gdbUdw9q^-xjF!#^E?03xV+Ii9Gl3|9Bou|R$(-P1u
zdqW^0;;Xg~TXLp~aJUN|ZU(e(=Ra6l2`)ZJisClImp(|S6pn+N2zU&BByKnt)vK!T
zwfM-em|@7r)3(^$5vmvqCF&b%47X4E*&iu#i3s}GU`$-B%!#!6!T|LR$HNw6y54E^
z-Ki{U<UrWk-|f`vx@+;>^VAs*$+ouC;PGi#HJqfWgOWU%<I3CrDo;O+vBCN`JiFzJ
z9|^;OI&ezmbM3k$z?4NF<zINXXrb2Wwizrw&|P{HKt1a<tFDE=3>$URrqF`nf|*7X
zqu4`(PmEt7ZF4ZE82~#qTT@qTUt>OR@Av!DUwii_t#Xg9;mf7sV*`#4cKu<oSSJQ%
ziS$|4iecGRy>{w#vFu|35@`#Z*X*n-p5dq9Fpwm|QvoAPk(w7OXcF;-GwsVGx&i4e
zbsdqNk!_Q)_F#r>ycS=ZI&i+cP>eA)L8+dGE)te*Ns71-K>(uE2G@ZR+k=X8L4h_Y
zda*11@kIW9CZc$U^+Jh(=R&5>oAr=oy-bL-hgm&se#AY6OU2t2dZbJ1O8W~fmG@~%
z^xv#X`6JWVw$;ICko6K*`DHw$@|2likZB2w=g(YXZ0<|i!Z?){870wSz?WIG9*m~h
z#EL~_VnF4wOMvHD!fg0YRBlPKO?FO<ARygYl7A_=-Dk@^PqseA&YthL<Eg86D?Vu;
zMDo=?jZG#slFBbaq_HCv8&h<rG7k}t2*8!;@-Qm55_bB!HTv7STXr?un`zm56fxmF
zPu))Sstw}u(&s!4(=DY{t8_mtZ@!oO2Arpj90-D?R)F7#GZ&yf7=-~qAg@Ay3gSg#
z2<v^Avxv*(lM|>srx$%8(rf*1tj7<{U0X-Fd)-)LCVq`D!4gYgSh`Wb{tERZfLS#0
zKtPKLh2iEHizU8vfX&;P4>3|1^VD7@$NqN&9hXOdKg&7FyG8H6m@-vh5%aaeqW7d8
z(+1PT9RP<eu<f*H)U8e+Lvg4Wh%r$yK<Nq%m_u^w*dc>^tH*}|rsl(~!hKJQnV6gj
zso@Hmn%>GwNBK%DwP-<sFH1k+Y^kBhX8Ai#IB-@bLGL92_m$7hjODrZJg;<SFF_6U
z+0CnS77zjhWhtSK#JF)fu-l2Ozjg&Lx<XQ-^8mJseIk+}|D1HHQ(7M@?q!NV7XQ95
zugQ(*JyYro^UO3n-W{v!`9|fJvDwT3hRBq%?95L4<0<YUhfWZ}S;n^A;rjZ|31O%`
zbgclcWegTFy?-xtBK*4WxcQm`*F$~Jh{g?nZV?6$2h<1%<%z+(lxeiqOi*iKC*!=O
z3jn9qa#)atQ~{<V>nIPi+$Mp$lGW)>2U~;^=ua3_2h3?}%VKz^oIg$Ted<tcr}5T(
zFL(<DGvTDS7X%w~YWNoG;Fv}1e2KY&K34~00YjPksuLV*K>8!=h>R4T7BD|f(eJhv
z`g!jVt18t(^Sa*|Sfyzz+Q%fg`ID$?|A=fg$>OAuAY<%1Z!`ZtK|9Sw6og}o_?G0#
zRR8|r`c`Lx{T9YUQP>j_gbPvKgFLFXEIbMY)%<1_bsm43Mib@B8nCA*6M|6$*Ht5t
zH}J7tRXApJhP-+`GOetZIwS;px{%<36eWSDXueOB+A_AbAx=~h7&^t!x}#V71K36|
zR>mF39}uF?_)R{`N<^U*OsJTdYF(sAJt&l6l?TiigYXGTm0v;wBt2V_DQP5btGROI
zKzH#(i?g{9eLwMbb)NwfR_e!}aU!`?nqCi8<j0b^u1cM&rVuzt%9i%zyradBbI3e6
zCn@pLkha1p6OK``boX)vdHB<`14#d|z0fnEdZREf$@4(tEOne5ot8_$-MUjb2#_>H
zd3<!NSSS-4A(8EHGq4giCCZmCY*~rqo-wEjkeB6|$Z8HCOZ8MEBXZ*p6G@(6S-d18
zElaUf!;#`zIHF79ibPS&gIt4-k-4*paNzRi6rXIM1}}&d-A>9yEu*&*0SIoRi;wWo
zLErS@RqUz;1_^r=R~&mcTa6oMOSX-m%!YP6XJrott5jYKHYynu#Jd>pvl@1Xn4KsB
z2zj9>gG(ocOoFL$^`{2?8;Fx9YB6W=WN=FJ@!vnfuLCt8n7T-eAf5z@VwHI>&xlo@
zkaMgoK~N_Zg{)kW)Pr4i0g4~Q_O6v$85b7&ZQK~GY-h~E4u^=SlbnA&%&`#PMbtHS
z^m@8F+@sk6?QL&{TgX<=5!fa6oaTAJx&(+MlLRlkyQ2^Ii^m$Orq#308lV$ar=E%J
zrMAFdv|pqWHhA)U9-5X?yr6wVBeU;`#`Nb89veX%cAQ;EKWrCcfMwXCN7o-K-xS}w
z&7(b`#aN5#7)v$wpNBWE6EEQM@;TVI*R~?CZThJ$&TmOH`4!WQanEA_bKj=!c2B!C
zK^Fe?ar+#UgUbV+=UffMZ5m?L9zn0Ryl#h9??E2o*>=5Y@p#jqZ1<zjLgTGobr1Hi
z^g^rm%$(D41rDwmpnKxYiaW-2<2%bd+NzH|E$DAV-V;P)$dn|*b>RzSKhd5K&+q58
zAhSF}@4xlSj2}rBXQQND?V-=M862hxli#I&t7WM@r8|H22!sYH<+S5*bH3tpY`xMi
zw(l9I4Q5Oyw}PSfm{O%V_HXTur)knh2SDq_ctnuMwa?wekq-@zXP2*!%<j}*-xydB
zift3~tgwlgxS0PNFtGh+{rx{(eQaF+A24j#Z46@!c`T{J1%TwkII&_PFq};|U^hG9
z@bIT-HAP1TkV~K#N2o}RN8EdEBiz$`jWn8vq#|Dt(xDLgbEf)edR;Z2$p6>4{bl(h
z+kzUfoG3t{@)NNRNTBm<&ziIYc^YtJV~V7L`2|B9GXO=`ih9y|gK>TTp70IW@A2T#
z?a6&beg?17E<qJyLdT^;L_PUT{y6wt(WdCiE*Pq}J5;MK)-gbKY+P@Tigc%|JUNFQ
z0HI5SMr0~gT%<2!SfVK4SMb-AEPLAxwkKP7864uDo?9h9XS#f=;u~%d^KphYJ0D$>
zUF1IZ3^KxiK6KQ-Y2zlKe`W+6D6XdSsuP%TB(-Q`4f)Iea->>-<*%`7U9&xd<X|{h
z>`s-K;Gt<s+GV$x{<$yhCS4ce1gBcLWvHP|IB&BysrVGL+#GDSnf19qMLz}$@i4D$
z&x*=A+C_QlHzEl2T-*QGrn?duIW)?4o$KB_KA+I;kkR4h;Mlv9zSIp6iF!il#=$$>
zqx`qTUhIvyn|>a+xnke;MdCaRa_(um&S2|iU@b~x*+^G^7;5FfT$zY$RWE&kyB4e>
z2Ax+Wp?S<>0gJ<)r>(ScnT&WECB8PK$KNOn0A%RR4EV0*x`x3+d`g;!8Ra7_2<sq>
zm8QY1-Z=S;W=v7$5vu^!*e^0-JC|DU+p)D)dYx2yN{~tY-||T!o!>w1A!))C5|OXq
znKf{-A<3q_G=v|^5O#<roSGP{pwU-t4xz$(V!8Id$ZNMqV=3`<p6f?W3j-t3%FpLU
z?i38Jy?m}81FD2H=aLE^83`7M{3!g+P#4<6pZ0t$Tpw?NtrP%g_I_n_{e?d8ucKCv
z<rO$hmE+aZqZL(6y^)y&bM!SATO|RR({UBU1L7EE;Wxm%Wm(L?RHl<$Xblw{Yu9k5
zG%88(p005o*V~xI)8L3$MR}1RpiyVH7&Eigs3#sckln|ma0I5R<L|ET(afc%R{_{l
z8CA4|bn+RgD$D@8B>&jNVQ>Gh-5`FgYv!jtmo)BwcWvdg{poQ|Lll?^PugxLm~aFb
zkNn-g;nt=g%aOVm{ydZ9L{uBj5i!5KapB3hkgOZRBbzVFmdH`&YuIchf=R^7ZT4wH
ztBM=sDr`zY0!L_3{Frh~C$*;tVxgG&dIaM3(?;{q?Y99CVa5=X#g2~^U?dUqbZ(7J
z+yz$pS^1>&v)SV65r<(tptwM}SOWNu68@krYRutzTpCoA4dqZ!2vja=Q*j`DxD*AI
z0V7!CY3_#R#TL~;6_aw;1qKpG^D)I$2~UiBLaeSVkTS&*x-HC0cfsq#z9(a!Gd{~t
zdUL?0lGlI%d*7h5-J-;a0wJIL1^-aX!v$ch5@8UFC85=m5xYM7+F#AP^ib0e>*ony
zc(ZvT^!yu5T|FDg@*)u;1jnw%8Twz|4uxtCFu|L1XiITQ$lhKqT)kQaxh~j#93c}k
zf9R+6d(s)ipY~t^NQery_m2Lo?C8>exAE)K*60IvvKWp5T{*q&IXh7X)FJ$myiP9@
zBuOK`)p^ozTsbPiLn8NmwzD*ClnUDtN~3;(TGJo_u@pAUZYpuy8tW97ZE|$_6sDR4
zzw2-H&D&NN4hJKq-Td{a$L<^xK`0Xb$<IU+B@P$GG)2aeV3rkLPbi=zO{={F&WrJu
zb;<)c1?OQ*d5|h)ELkF`MLS%AM<Ir0GFJFPxxll<;5WD*hKAV-b|W-3c2=cD8_K>{
z+(&m*bDY+iEJlLP5(<UtDr0wWxzAZ9dY=e-mZ*d?U~nR8QpZOnPDx3R!YCX&SaGfq
zKEa!8y)=dC``UKwaz>MTl<Az2{xRuc(QN>X0l~oE>H-5Mj9{!%kdC=VY}-TeGo<lc
zr#$`QtICm8+|<S(NQG==4A%Xw9bLL?Yc99m;zo5Bn7x&O`zu}5Bp2-YcDUMZBNwmO
z>19TUtYqfEpx8z_Bypa(jhb+O(f27b%&sd`)M&{rrG~MXckcuobwKDf8Cm(!EVu*C
z=HAiq_8Kl~R+63j{cShPV5olsMc*mY@Pqm2hjP$N67T-%Q`2j)S$+o*JmiC$I&|R_
zp~<W!nLvgFfw&8`7ul3~im8kSegSImdRQ}`%ngj6KaI9Sq1vw&t%itiS7ACA1gSu=
zW!4;0ZKxLo2W5SE|8eI?<AXz0GF=9cXGlN<&OU|$U($Rx_1|Qf)A398We>1`N1K6`
z1@}To+-e>*u)#k<*OPuuBUmz)$-rh8!;BII-fkZ`I0&>P3fKJgAL_a1w>Iy}!DdNE
zH4koKwa(cX_P;k;PTO4FS_lQf$^g(MqC`xC)v1O#I4P;huU=8lRd=-pF~I{s;PWFB
z8{~!jFs{IED$&PC{jm5iN4mwehQV_Po_&2s1yy#=iEH<obdudNa}XnNA9tO&D@2J9
zh--N=8Vt}x=HyZQsV+Cp(&zm&yXeO|#!!k-^=^QFM?@}e1yk2<RzRpTiLx#NoneQX
z(Np5->M`!e=a4yTsbqpF)|LS1qGWIa@zLHDorTF5JF80a=vn1~otkfHE<Y<m(J)+!
zU1@Wv;dFfk2VI~elvs+N1(RV{v3HVH7pR$}QyB9Y4a*aReAC(ysV;QWkdgb27d-VX
z_vhrPQ*3V2PoIJM9Mhd6ZJ2l;FQReTxRC$@EF&l6t9==q>G>_5xoiL>O|`z{W;?b#
z&O}avB`p(C6E|O_Qj!C14@(GeC>`PpEqHBX?#J+oz-c9)6$rn_094^NA)meiWkalZ
zguT{<PAcWbU?&;*K@lWZn02NGX;}=Ptrqi^f7#94NfLhvRfiyvcQy^azf8zRi|?ku
z9pHrI#HXLCnillFe(?Z!Gp1N>hvXr*cHEa5q}5eVXhv@7-pcG@hF^;ehk4s$q}oD=
zkgRsnlC$?4;7W>0UwxBni;#J9sO(IMJqef{55fu%ikB)!zC@MvyWndC_rUD>zpb$Y
zxxnXZ(PUk4@i0&>;X|jC-WUV#5}IV#J!g=&#>_#NAPAE}g}?#F=XbBzf_m@A>>IIv
ze(CNdQq<Pz{j;uOUIXUzx9=}`e}IzXkWj=Tv}|+|z8gr_I-fUEU<a^~^kP}e-J0Be
z2JO$UK*fJrUMAYc^Pehn;mUI@hZ|S<x33+a1oJxu$&_b<GL+EVP8^J%U6mV&aMvQ#
zK6FusiExbYr0D>pP&r-n0ul-)?l+op9@<27Am|)jp%;0EHG4@Awi#yXy=hbDj{0Ou
zW5{GMBG+8j;jn9y>+nxi{v=kKOQrkk1Ni8mkN$#GW)`qM+lzChgOc4<l1GnkgP|3S
z4-FZQ;iq2ayiX)B8M$1xiHqrebB-DdTI(uaNN<)PQ-*-rjsfh;bwgA4vbRCa8EVT-
z#Z!l5I=c@^&}c^7wxN1DTsMqw6Ln3Unci+rKw!#0hU}};<Od_~&&50Wmmf7_-k0Pb
ziNVc~gZss0<LCO^iTB9aw65NPUQ)_H)dBhV^kq<qWG29v#4{9ag%*ITPKf;Mq0{|K
z{y`Lo;sxOFdL!xT+$#9HmZNsq>kRW{s@2WGB^G0fe`@@l;0AE=iS(~-u{-JIg^&(c
zaI1~;I|dyw_1^{F%DI<7BlZ`^!$s>c^1#6NE4Z<T!xNupdGC7~JR+-rPcLWpys8ZT
zTelRWzKa3f0?Nvg3ZGxuaWKc!rM{SVYIkg6>@1+p85A|gDb9o4I(VQgoNL+Bdac(f
zE|V<_UP9QgKa1e?5-lw1k@Ziv1TyYp71V;XYXEZ|qb~@P4?Q5NagkfGJL9e=I-Oo_
z35Wq7vZ&FMdVTEWk7$vP5u1ycYG#AQG_6pcb=?W`aZO;*ZP-LPjwA5+mIoPXdp9Vn
zhq-bX@^A?~yvM2Gv4YRFH`m+0+A;z3Ov&m0wLW9}PoWJn7c0kqBn~_Ce<aR-LmYON
z|9h{$(vnTwWKZaRsWq@L|Et<4n*k(XSdEAu+f}*MT%G*RyrCphSE;boR58jtrqs^M
zRN5{3T6-#RE$s&+snSe3lC@l)A6O7+KpaoNpilm4j3hxDcDD2SW95bp`JyhM$Mj^)
z_}#h=4(Mus|1=d6*tDs6G{QjRr4&U;CT;_)=@wfKCXlvq>Ct_EWUB8?MgH-4ed_gj
z+Un(p{W)06)n^!Anb=(_Cpfh8co;yBZ45K!I;^h6*in;pVd$J$Or(UhQ&X41B9jSo
z5c;9xi#P)wh%}vi3``R9_`6i1>QvU!Z>+s=VTkLHaQi0Bgim^?iIuECBIDRR<E9U2
z_fevx{9U-m;`#66@US{pWCZWA&}f_1?L!G-=vPc=WoSiv>YlboMwXcoPs#xW-Qx{S
zt2RD#r*;)W(c!FrfD4;SH*P@d0aaRpW<xm9zGS9ePJm$p148`Ka)j;0^MN>Qw<bxT
zuLVy#!aDgcd=ns&b5tH}bTJhuTuwmjZ?fy9+}@Axp~{n5-if{><wBctmx%$ZZiJhP
zrHui-+Lq&8wfLcG3d-o9QRBkTkIp*>BR#gBImh}rH9c03oLJbM&GiTQ7DES>`>ae`
zJ>C}C=I%e8p6;t2R%T~yyRbL1jaQMi`ktZm1Y8a%WKy`9r7Hv}p|c}n$Nd0PJs(uD
zcs}dV^sxKMq4UtzuM>%uuU>awKe4e1CJAAb+WvqXNX$ZiV`TZLtQY;aJu7zi11bvQ
zl#$6YPP3|1A*ldbhF8+y@5jrf6^7j2HjnQwH)Ffh2h?_x--U`Vnd}x-$GkBOgMNJl
zSFTGf*TtpUATOwDy0cT4iH?Ao(_#EkkG?vO_kZf%8$Z>_Q~k`ls&yl8Yl6Hils|5&
zg6Ap}TVbL33Tg4(d@;ld&*LMMcT7RU7ruy;s$dI@?5Zl)3CFYylorp{74}q{SjH&j
zIMS^_yQlr1@%nNIDVntg&VUOz6Rea|3xr#z*O>4<MXO_8R~KRVOAlaUa!#1mwnU3m
zkts68_A!4x&4qxx7?^}WG*%pLOeZ>S9=6miQMOrWb_3N74Yg8$K&byKw#VVJg191t
zUbS8lPg5+p1=(pu7nsj>w9C!OzgP)5lU7Ab>{KvxJ?rHV%$%Oo60uDsL=?MkzjXb)
zq_AUKtQIy>Hh3gjegepBgrm{0l4FlHst9|ilG>Z0Wzlq~vQQNkD4&Pq>99F{sUdHW
zEPAHRz86F`rT>h#E*#iiy2{_lks&R#!S|2SJB0xuP~Hs5eaX}n;6S){EHGQD8e4Rl
zl#COp@k4FA6D3T61ywJ~g_+S-MHPV#A0a!}o)m2<^Mt8<Y6je&;Exnan%DcS!P}G@
z%gSPt@49(h7F<`ewxB)YmO<WN=VryQq^KqRJu7zbGXN5*J0q28Ia|+$rjK5Z8Z|M~
zA7A3xF_v-ztI$>M0H#s1_nx&2sDL(EY2GS}uK<UGZ~`~EdJHd>leh%S{=8E_-OC?b
zwS3m#2)x{;QUxHj4ZAczC(F+NS|pZ>rgL^IH{pso;V$4u0BUEld<W*Q?r2s+1%R-+
zz86uC|DXmb(+emgj~U^Z=$sOMNFAB5BxDE|!3YN}U2rnF0XJlD17jC;SoPLsdc|@C
zXg;tucQN5$268PoW&@d<+AY()e^}-m7Wb~vO_Fw6r2&{E-DUc<n#F1qB<cT&6WTEh
z4cAr3TFmYwlKqS@b7Dx7U-CY+RtGe-8pt}@<~@3UWx^iy)U?Za5!iFZsW6w76(KAX
zx2+84x-Z|chf1&lp06Qyw?q$iXRAz0zvt5sDCM)P8<b85@Euln^M}KE1c{kcb5bK0
z7V@@dCji-`KtpP(J2wQ}FdD?S2mICC%&}v?hEwB8RWTQLIBU#aX6YxJVapq^t9PR{
z5`Pw&$$vujN}*dv1w$2dgGtd&CA<0V<qa`S1^IYYJJLg!Tq8i?d=e-pu=0ja3_S0H
zh(%<9WMqLE4Ay`qtWO~|4g)+q#NG;dt+GU+Dgg;6$B3<wIK10U8@8Q?XmII*`4UAU
zv|T)lD3GU7QzJl5QT#4^BcWrnnE3w2VKkw^KL^PcW{yXt3p0w!TT22emAS3=l&w#g
z*xw}Mz<CW48a8O&Tsw$nQn(%1x1rsFtn&cTXqLZy5zaLMY|A>3soeR`zh6J)our6p
z1_3Iah{~U(z4>|ri+n5gpU*he+CH8sCw{}iKSFCIHu1Ydv>Yrs9C~RXQaYl=1sEas
zK9o{|ERk6_=eTz|B6{88w9CDOJE4$yDd|Z_uefZ*Kq`*cdJ97}SKD&GGRd^b0=nI^
zY#dZHITB&uM-r@e6rnBR9hON3Ywe3&EdB+FW3^UQc-r~0)2UF)>MxB0OU{DEY^uY4
znh_D-ny{MYTWp(q2q#kbSES0UE}&)mP<+BGtE)Psi6_cEYg6ae!XwdQxML$(6a^1B
zTZrO^jBQKKmni95!IUBzC^26st+K(+uBdbrD5u9KqAJ?PQ6e231`9e-D?Aw7o&XhF
z1rdqhl+y!>;L@zWYbI!wC<H0^!3?&(^lFd_FulM+K(IG}lkxfIzyiG9%r=}>-YeVD
z8ymappY)Yox)ZnAM`t#t+IDjkz_&KD(vO_UR@REuh^EiY=4+{97X12@859xo4x;I$
zu_8#MDOyI^{2`f2_G?vmX3!LWwE;v`@g;E41OQyDhk3hS<B^EYq;~WloxSh<d*qnM
zZM{F;xgf`58onrdz&iw8m~h&!8=D5izsbv;`#ZBF$he^obO8#A)Tn2n@?CVu>ct`!
zO$hp**R?UiU$#++o4NGbwmFk#-DgF$Pmr`!h4}Nsw`6Rvdfo{cAL!+8WdMmFu1kTh
z-<<+aa5J<-6jPK&IXcQEifWbD_UidNv+yL%9wf;}9X~59&<pq6^gPyPQcc%bEq+nf
zs)}g48!e`4+@hb>nJE^RRN!1AWU?9Oy19P>l)a$vD?Dye3V9}MZ`7h9ccg?VILv;>
zg|%y%kXkimz69Vl@zeP@SOCD~AC?=CdRR|G1`#Wkem{2$v$N@X4(?;gX!|biTWV=U
zLW1!b>vMp)(H*u{G@l;@9iakQ-b(p%i1A+#**&c~I9d1>kmFf2YzS*6t@3JH<TSjN
zsD;VPazZ9p7owg1q5G?Y$fBIIb}Ib1=U}E)(MS^byNLE{HU3FzBN~uOVF~PMhAt=s
zf83lyWc={A=<s8C0{b*~&YK*cg1ywXv!blUr#zFT7cAb5RwGABB#gW-)cK!ivn^YP
z(|28(GmbIEu3x2eZEqF6F;W|}sxNThb2%b)rA?$xo;oF2X~a_${X5rqz?-0W2CKf;
zlx<J{WyWP~RB*yl&j=`yjB2;T%(NPFI)6mXfYWA%rIhEA&)RQCU}9UdRIe0SQRM4N
zEPHb-Y!{)%;G8!wE6-rMMQP&;R|!gDY=kb5frl4g47;|G5n5x6_Q^PHiQ6Wi{K0Wv
zObyk9mK~JlQ9tk$FcPlbm$K6;hSW9tsv_#;9SuNt>0{`52M0)@#qud&n`0FHnrSMx
zfVq{MT0bDx9Ig2l3pJe;XbQc`fUvMSgsWM?%Ya~=a=vC)>4%eEs9^4hCY_q*w7KoM
z+fN{(0PAGr5f8gv#KCtGkb8uQNTg-jYjvpedq16LTLxMBqH9y^#F5pS%}SOfS0eXw
zg*iazQ)~~B_XmihF`O>9hLw<^vT9LdK!W+F2U7n@mkSltz>4ukIA8bgK+zW~hk0z8
z_?O`jxsx4V!o3Hv{;@F=q})dUFf}%EMxYvwPG1D$Po_K`a8m83&~E*EjWmTepqgX*
zn?yeqK{+L%Y-S~4O4@K_Mm5Z&ty-x6cQ59=yDKVT(g1*f&GQ2RyHqz>t%o_wDju0e
zPSD?b3G&UgkQ2Ny6e%e1cbM7~B2DGS(n{<=<ecNZ)ylOtL2S;`nGuWveLrC2efZoS
zfOomqpeNpAJ|`f1ql|wsK~4{men8;N)W>sRS3wXf$vnJkc*$?k@#myGRq?W?8QJsH
zC1f^?X#z0Lb*fOw4!<{wGfK9=?jYW|SyrfU06SqP@WcY*c1|q9#lCuHB{v$k<oY**
zEGBA8c1*)^0@fxaI=9k-x|}O|WL&`)Wn?Ge4*tPXf;Xkpd;ZhI90YhYtzEMH)<^WX
zIkg40Jx7PiUX<_QNt}AQGSrX$y=)h(V+eyu{}Uj(b)7BxPav#lg&L2FR&=mMdbQ80
zb>urtNtQJ~KmTT$C>O*=>#;ADROhv8$d1MQ<@Su4qE~<$TbM*@^v+$ltNd)gHH}q)
zV$5jNSg$rJba2`HO&N)O(1UM+#;fiUV)sM=w{~h=TkbbES_~YF(*k?Q>&u*1(CzEQ
zF$4&(@HeHk5OhY*rvZ)6mLKP%CoR~VE+^NAnBwQye{S@5|MZP;O#5Ai@0Nyg=@O}_
zGJTyF__jM5Y~TScsk38&|1*K*%%2jIC=cRT!aQI6{pYqa`zM!_M-51#kcZY5@o(Rd
z%gxh>)=q{OmY;C)IvkK9t~w5sEHTruPYA%fp)h{Ac{YligIsdU^}~uxWPgj$wUhet
zsOS82`k^WbgxB^tCbU#`L4tQ@#%}t6)CI?y(I3^?#Y1CZ`;_h7XQOK56OK#dN=Dkv
zQsW7c-tEd<5ZZ^<gNaE2)#8w237#@5-S@=x?gg6;9<L&6q1j}fhYtTxW*K)t4i)fd
z7+=@uU4R_^v8xEkvG4MB(Vbt(`0H~&O4lTNNns$Mj%Q>ncxy$i(bslvN3)g0dPwz(
z*9a%%!yktE_^Mb_xElh6MMqY0CeEpPGUZnW?h@;9K2vq9uR}~N_>wtrEvGcqkv&1Z
zOG82Poc7GS5%j_$-<53~$)G11R0TkLKcEIJ!Z%vQ1Gi|ebJB{xAd16p1os5WqB@ov
zgETC*E|b4vF3jC`uGf?mhO|x0RLT<#Vx!&8t6P3hSw=-w_V=)p(37v4q2SMhs#om+
zl%<)&;*vhZ-W_tg@3%8c;F$Mg8o8%<kq$z?C%q&xf6ab$bg*!4slEhLEC4d01XQpd
zZc4LcI$k94d33OtHf|m}4;jourOhyP2~v@Aqy-<IfgdKfLtW_0ZVf-)LFg?MM1#M0
z-xHlV9~AFnKPaJRisjHF2_6)McM|W*J<YG5Wr8XWp^2Pb17(V*+L3l-7IUaP<-OnQ
zN@J8!|DL645iuYWmyI~rs{lZLsg(Ser!t6{k9)Z7(a3+3KV%k#6eWmd=!tjR%0HI_
zW~c>4u+akvNMH_+09T&9y*xhey}bbdzw5z-{;%<${XbHbm64J8zsLXoG~fQuT95s|
zQnpGAjUf_QzyNOHk>Eiv--Dl{<o8Vo^7#^mF(82$hh|L3f}u6^@kY{^L5PrWia$Jc
zbvLcc_}}WyXL$uxTG9r)8bKcTr993no4?{Qa0xbQ#9Y<`$icq-3a;mMa5WI-tew*g
zVW@;$wC)-AGKI3pU5MOb3LA~>!-6nN_mmJ9TCkza`T>MK&<qpw;9^}H>cq$cStvYx
zEek;z@Y8+?_v;;@EZ#1X*3CS&0e_uAdlQoh6Ggo(HT3H?HB$Xj4}ps{$zDb*hZbNe
zML_ZR48dC3S5x_?7<@TXIi{cxJb^oFXl(WLx^nfaW)Y3T4-6u?u!$NgAJ!(^9!vvK
zB{tl4D*(6}#f_cs9(V6wj@@Z=ss9#djYr;JuHSY{1WA}zM*S&Qlzv?*#rV5@t<Z_Z
z{AZ@cqK5rAU_wH_;e;|^@a+g)lZu&PO~HHNBH_o+scUK4N#%y*O~IuR$x`AB`3LCd
zR6Tm|LW+BTn(M-@jA`s$)UpLlRr}Iu)aPlBb^$+utL78U3d{B>H}3H6HPKSME!99g
z{45oPk7~f-h8u+$4hN*jV)~0z9kB!cA98+t!cR-Ge-50vcR9?;W8sujB`GHO-f^=-
z26!j4T0kmfQiva@S^^iey4ZKMh6jg*1o;m5x9tZ9EC5RL4lvaun`Muc0p1jhHWMk0
z?|^6QvYWf7a%qt@HNEQ`3N8jPJ~gH!!DJ!1y+0{2`Q;iI&C#JEYN@Bne@$EbNlk4B
zRl|XB9QrFE(Nf02sqtn*5s^nX?D@sJiZ3gm4n*zM$4Ag&NL#FNWnZJA>|xER`9tbR
zOBG@B#9T^z(oZ0x)bR2>I8P<zi&1c)BLVfVD2!H@=b-NN)<40l+qFv66Ge3Me@63g
zyN}N?z&VKgL^Plei?GmS7cfXafTCI93NVJ!2^UGNU)#fjBT{A?Quk}1*Inxcdp!Mt
ze!@RRI>agy%kToCxP?WWuNN5F1X82ubT@-kDeIC#AY+)Hcnr+rNpwl`@Mrmt#Q++j
zA36B>3RAY7zHL{V7(1El6m~80jIp?`x(>P31DBSewbACXJ{tHeF*Bl;tTx+=iWS&y
z2U`ECAJ}G$x8=)M!jtq|%!r9be$9Jj2Ayrq%7eHaxg9=5e~AeUY-zMhMKj73mpVLk
z-QYH{t}i&~8Y2n<fCW2-_3kM_X8}*Fa?Oa9s49GWt!F$1nD4r&AY!{zRav=xzKM6t
zwxlIAYN8~Fq9wIUx<g()9xZ>)yuN;=qIbk2G4!hi915oj8o1Jshn<YE2*5NT)p6Pu
zDe%d8q2zB97QUBdGO_+?3LntTNLIxq^0+XCe=73ihI|DcPQWLX5kdv#xdL3*$v0s3
zNeII&wl6UUcVQEGCk%GM7xF}@Kn6Y^bPCxEQ!wcSC&dO-`gLcZ$b7h6`lXckhir&E
zqj8dg`A1FAW>a<(gCfNN>kn*H0nPpkq=RESZC+dP6ce%Xqx59{yE6qpSgK<tcm_ew
zKc`w7=fr3dmZb@rQzdOw5dbIzm5NEE$q+XuR5a4oU176{5&j4b!uuNq`URJ4HNPDt
z)a>Z?aCPfSaBOL=lc0@8FLB=m7uo7(kq<&D8pewg{=!VfeDJ5g|6ulX>{y#C%huP8
zE{~Inp$qCfhp}C71$xK0%4E!+U)p45H2vhfu(qxocv~8J8zO|gGy#yhuX7xH?mr!o
zl)sG3b!GG>Wy~1H-0e*rSag){Mv|+kH`W_h24zhZL!US+82|gt_g!Tv^z-^`pxUnV
zQ#tna!DW9F(&rZ(LcP&|`TRhH9~4TVM3Lg0H1!$0mkKl|QEtL3#{2ew;3Y8KYRohd
zZTWaY26`Hs(4R;_hjajZaFqdA!2?P;G_3P<b^*$7`0C!ItdJ#Ushm*0*k&aRg?=D}
zBn4ybry^RJ6@-QK^#@>Da6cWN_woTNvIVJyg0)xIGC!Au(0D~GjoI}S4B3qU%helr
zvK)Cdp9t?^MlZptbNVDWOX^_vqIBi;X?8SAFbM71E5rr(-dup%TRx|Tm2b(nWqwBn
zF1c>$6A>Ps^`!^*Wa>&P^m`Zs?(Qn!#g8=duL<JS6}YK0A(t#fBH0r};dy<!8nxt+
z8F6W|5$M(7Fy&j}L@SuT<x%UWWjlXom&VjjBRAjZ!jrdgUFO}?>)a;J>u-?e0%5ms
zGDyV?-Wu2|<|IJnRdZN?sPI|;V{f3i)-5m10X2<5MA>Xl#r^$|GmQRoGg{IhCX0}^
zm!fOh_?Kx*u#}ty!l<*vblzEMwGSO4yCx}FZ^E8oArfv#ww(q0<D4f4hBD)2$P`%&
zOFA5%F_)iYXS75d3@g3LF>i!`*nN^?07Bk(LSk7(K?uO#7L=(E7ed!p-NYqE2vvZf
zzj|P`;KG7~&OLoej5Lr52S%xFo(88k+}%a_pl8m_fcx#ez921F&dSo8gYTFe3i9rp
zsrrEwmg5NRueF@ra!yRSI^l%vTaUqJW*mf5KDk8PnW19(U{?Puk~+`>wm7+T*Zi(`
zV>T-TycB>EB9M3U?iedy-TqQ4y-{a!X4?E__WbH{|HG6;0Un9UZQd-mgOYIhJF3j9
zOc>SRtPPU8;sI9_bA35@(G17;J_o~(|4(ja)JG3{2_e%Z#$<aLJM=iNBa(y*3I;=n
z1&D&@*6zbcp7yD7ULVGX`at(#<;QX8MqQi8L<L}bQ1dPIMIUD;xHt_-@1AEa4^A&>
z;Np!%Z?kuX9p{U6^%^a9(pJ7FgJDsb3M%3`yL72(_HIu4-w|T9Z{9=vlOmGRRL{`U
zO595KW0Sbo@QWuw5(M<7@=Rd<mi?P7%2zt$96Z_SP>Q$OccL}aan(L*`+d6sK*k83
zYyiNK0SWO5;d8sqkgaavc+6?c$I_AsCEj&VG6N!TRWhDu^wF`%%#k|%O$SXK&^R_$
zsg#Oz)x7Ao&vh(sa)?-ONqgeN>ebqX`<RUo9AdE4>?z0J-P*#n^GozAHR$YFhJ%zu
zZ`6=^0^8AN&T)gOC$io>1&Bx$fL0{#od>9=u0i3~jn+iXH|l!=SrzXZsmiCm2>Nlt
z5bL7#M_IA&>)4HG7p%A@6zkYus!Va8MTvS+RYI?o;cv`6o*zo5vW2lWmx9YpiD=|m
z!4P|<+OvN3fS>FvX>V5h5mTwTF)T}3Y*zun=s*}?_atw4$OnV*VHc{buZ2`jn+6;j
zLi8(SpAUmY4AQihLAo@KqKM1<AG+QGDz0YR7RKG(Ex5b8YjAgWcWs>D(zru#2=4Cg
z5(pmLCAdHGoqNu`_x=AHgF$!is+wiHq1Ik=t|dE_gRM<(<Y)Ih3F?i8Q}bl6EOsce
zm`75^<ZFj!*tzQil~Qt8IoI=h<^%MI0OvEe>i?aM_1{V=R&LJ!D5<#qx032_I#w_)
zmQP<0C1As0O%hAe@eLz{Ot@T>z}e!_HouoQa=u-`uBOPNr3t%Fi$KPXI*EdYZrr5i
z-eFGjnC~J37wO}y=$z4xB#t|qM`-J5+EcQJ1R8yBH1A;R?tM~Zt-)~m+cO5oN7cj8
z(}`U(%-(01+6)7EC1GV076M7DCZQV~4;Zn^T|ma&LS=DRySLamcFiF+{7c7Eyr+g2
zm&k;wdi0yw-3_igzdUY;zQ%RNUAUzm-8j=C`dPu!b4*xzBDD>cn&aLVDM6AelOvS3
zUe{WwGG3r1bZ%jMHvLvJq5M8ngT!L1u`1Ibsg^ODA)%}L9N})Tzp@oV_5^eTB<WOT
zGGM#cle&KYxORJ>r2f=I@!Xx(%en`>G?%HX7nQm7*Nsqd-MH;5T*mbT+Q>9ous)bn
zIdt5groFIRjG@khl(M-F3#vj7xNYRE(CI#2ik;A;T$%0M<?6cnLcUl$@FnFIteT1w
z?noyLWueADtdjiEi7x0%#8Fe-qO99iOaL3k^Nd&1yK|CZBc#DON<pM0;|b!LYRA;H
z31x9o$TuU0B<@nqc+;2Mnk~X83l6rRq8~XL=#X870%^hyU7K}GhZES*6Io09cPR$A
z{Jf7p+gBC~#gWl>v<u}qOUc(b-y5l3Fkb9=pDiaIksHq2f5b{{A`1p>x9F-B!UMV&
zMueLg6(tx<+~iL-sC5iL9&K+*Z<t-^*dw-dSVQgMB(UOL2KfoxnkXB1)}x@(J!WQ7
z8rWfeQ=s!G8pjx^eRBb(tzt3tFLH!M`9G>MR(OI%8X}E>ywdl^@En9fZ%UH)lgEg*
zcqc?vNq*9Lvtd|8zh96jzyy*tZUV0D=;V1sSDnmQ|LAVo?cy?J_$`@18pzym)ByQk
zDyVP#mE*rs2!l?-3N>d<kqEP2=_n0^v$A%+R|F=}dQdD!5(lmV;N}^!W9(Hi`OxZ(
zA891BRA4ZD4|dBWk`|!4(fA>S5uf@InU7&gcB6@C9=Tx<aXCAcqG0c8cL5NSKGJ{0
zQgUYtg1b%$U}M*v_fepE#jmLNi>f2O7sMlcS2?>0dIK>8Pk=7CiShphB=@sI7F6Hx
zh6ubt*z_<#fLy^dup{ab^6$m%Q4BaZMK0%#V&_?gjEMM&K2vm=_x(-J&WVgp8Eczr
z{h|xn8CpsjdaS^+>-*IE#|a<_>TB!yL_yV;4L+B$IbKxEK#Hw+6f3sT^4o#@`vq$i
z(Au~BnF|vFd9s2PkNIk4B-w^7vJF9-Ca1u05rUyv6ST-JEwxit8Z+k|mh%^<>@_y4
zfV+Wx(G-Y2<p~prm+l&*)@~oR9-RVW3{%j2J}o_ZMyA}JT&9r}#6rNAKb=_VKTk@t
zG#yhN9T`(6vK+CnC!W?E4{96_qERE8)wYdB?%YrXgo2pxWu^+`(ua_(1tbWC)V`&G
zefnxz)G_j(QiDgR$CPqO)fYMZMhjRDBigwaZDf+hdMfZzWwXa+%}7xQSd7}&`N^sd
zp7LCyTS-00w#1jB-P8a;I2mIyg|R>Kfp4@^)jIIop$(ro5)?u*DbbfBYq41?1!-+L
zLUBF7ZPZMXN{$Tj|0EPdgvL)sSfDp5^k!~Q{jyu9BzQ|OJ~`D;JD+ttRbEc+oF&Wu
zDLx<?wNW;aH%(Y%4#o<XX#;|QBc{1~s?X%DDh)QOPjq@^E8GnTKYOVzTv<wM`FRrg
z8Ld_%OLc4`65|9@gulQ7v*Qm!zzqUBTrHFPj|HL??6*ufO#7j}z}TYdz=+c#j62wC
z*(~7{&;zG7|1G___L~5PsCJt6_Rvgl!cbO)$HBWF-x2eqp}Cw&R`Etx9@tNXt(DP_
zm4==|=PG786NM504K2dGAh(fzXe>7N$iB6D#vkjq30TEyeMOMRY^=fGkD0iNYu$TN
zQh@s)c;}@ms^7p<i#}vZut9+!%_<98c!nSV3rSK1L;kOGB|_xl{`J9uBCn+DC@n!&
zN0SeG>kAo*LMHD7F`<oe=&_?Sj|TaA07{j*WgY1^Y;t_SDn;SmzR&VP2F9#Bf@a=D
z-t1#)LdH4z<d={j#W#m(@8Mj|$Dhyqrx1PDuCTE_(4WZ>V!wFNyZ%bYQa)>p>gUCJ
zOSo^eLe6PJ7-b2%+AQVw<!S~BSNF$t=C%<x0UfDU<!!FXRZ}VNu>E(}%W6D*D@avB
zQX<RdRZj^3QD32zcyunk1j;I?&YH!L8)}6xf;M5?e&`{M3r<U<aG2IHY4*B7hd5VS
z*~~RCIEjty-TA959euSGT%nV&DNyWX`7*Yj5yX4bMIP-i`i+<Ib`=PNIBZku?ZTBY
zzL|YxpQ`CzFG+j4ByuF9oS86&C+ACHESLFhB~aNMFr#z^x&K`jVVJ7a94-Zq=b*Ga
z6NY7;5Mfnu1+gRZE1L8Wgjv!Ktx*kBu(r?$QPBK1`L>)trBPxjBni$bma6*^9>S>z
zE8~|pXi*mQ!ql_rXi5s7Mo_`9nRN%l9z>31j{|aXArZxCrvpNcC3?v)2Ut$=qD4b@
zo>CGofWW)NYg;4?tb}ISUanOB(Vw=$xu6wcv3rf>$fm8x(a;beFj;Mxc_HzWSg*jQ
zqx|ML-+np*6n4K=K8Cfsy*o4B4VApsH2C;x-y=AO2@9RpJn2wpIl6?dQDH4)-cxd6
z?y-Jk<)LMhFdiAjdP7@J-ypWIm;9sU=5e7Jpq-{!Q%x+>rRaO(@~&qs81Mb_!BFUa
z_>S<IPqzvS8+~R8)SE?9H|8QUJzC!sCg6#^Z&OE9GYUOS*8e2@h1-Yyi1P45Ab3~D
z`8Uh)QWQPv_M%#qg8FT+EbrTyD#Lb>pDfV#$hS0c1zg8T09{N=MH92hcI78j7X#rC
zKwS{4J_+?(<V2>N2uKIGIUQ}mBI~o<gtgX>U<?Ru7%e*U0$QA8aEis%MFAQ)5v}_8
zui5p1ey-26MqNo6`M7g-{yZAJl%u9IWiIqK4;p-{)w^O}ju9zDq}lz)y~dwV{Fd5g
zS&KyAV5Qkg8*}XG=l7O$XYV7l>4_|u0e@0_rDBbllaPZ>@Lke9ayXN@%ouFX#5v<M
zXVYL0zQq%4w|!iK{-LGb5b@<Jjfo>KoieIF+qgZl@USaM!4t(*Tx!%9p8a}Jb#fhg
zCJn|m?)bF(=REqfa_RN5^0!D(-%ZZY1*IoY>boO`4eVkR+yaFWHT2L64)(BFAfOVz
z5wm#MwU>BR^b3PTqNYqv8neWrmFBX9yI@uya6<%E7HvEue`u3;Yi999y}Nvguo*e=
zVicGCt!iUyG=$rbZmh<f+Yuvpq;?r`DwSuoGj<;X!Es;$^Q#Lc0-LF~Qli6YJUOP7
zUK#Bm@00r0vASv_^j#WKXT=0K0>F;t5yTb8?a4la7!D!xF`8|ZH--U9YE7G_;#H|S
zh0Q}uq`i7_eAq!02I;QV@eVOv0q~&(Yf%o=!P}aS3q$NL2sfHSlE}Pi%?$FL8k<`E
zo!$<jeNpiOdD<7wyu#(<0+BI2u}XOliGV1BX#UCTgKah<W!#x+Y_pbb0}vp<bz@F(
zh$8=E1$Achw03&MYHaE0`M20XRVYh%cwSuPe#Jns1xOaXIg-+s74IS)9Vuauw138S
zrnSe4?vpSgcZ^=MxS3rZezWamXChx!Q^rCGG4q%9_7<$Bq#n=5_j?!UE@o}n=W}lG
z<q1f8z3{zx6JXjZF!u+119m<yTyE)X{gM3&Gc&~ZE1zCjWB2wIm5yk0k7aiL=(R6)
z(<H$42h*(H`sPhzCKj)t&*nP!!YCI$;N#9^GKmps|3+i4`D$jDKy!akRUA#*OLIo>
z^g@@zM`V9AdRhBMVWjN0RvzM|WtKTW#u%=`$Z-YDhTDw$>K6*&+oH9v*rgn_RX7q`
z_2?g*UWD-oMCKCClK3F3hvv}g#iV>n?lc64l=eWJ%9L*4G7Er&tew+cf;Xu1@myK>
zh9f5g*TY`++`iUBYjAK73AfS4q6@>et_PaEO%=joKJwLt)QzR-+p1?b?+e}QD>gA@
zgUf%+hW|V+=3@CTwip{TJKMjXA#?pZ!t;MWL+0Z6Yc>EK4cP!0_&g@r_R(R8gCr4b
zhktS|{Ve|wd8d;oz8(P@&IiR#$6jC)6%*g7)(X=m#?Cm=kW(uob>x-Am6MqXsI1y@
zxO@B>oYJ_`7X4iX^t-b{F<vIo<<g$Wzp+H)=nzp(KhZtBJk2=fJf34P#MzIum~dRv
z#0ivW@TFO&RC@z%^g0W;g(vL#ji8greMEd|47_(BVVPrJT)_xJ)OWHQS4%1Ia4F)h
z#VS1O<WZUQkyYz<&p7Ae+PkHg6~OlDl>(gI1+!00$CFmH__3KRT0)N$Y5J6pl=skR
zvHkR#99q^?TB;V-{kNqixajJ0k>eLrKWOsq=YSV|jM4z!;mRtW3*KCKL*-l#>j}Qw
zd_uCI`jj2!#g~fjU5Taak#(0LZKQGg^+Pk7%UpkD9!xNy=kpb#wkIW@nuO9{0|BKP
z4;M<S9j;ufqa!kCK9mJLn!8MQ(S~=H@;!kNY%^@e%NG@&Di3nX^toA=gC)P~yYr!`
zKReGSw}9+ELgbNx8kF`EuMi^hU^L+zMftr<6L<QGyHRp1qxgC%d9-VxsTyJ<tos*2
zmAa@%DONcMXfRg19Y1NIKI3`7(&3AeTb8m?2*itwo&2%jg~po4o)cNz0^J2cVv{vk
zdA{-46>Z*o`|C6u1-vr~^e}l4m+3W3D|^2iHDIRU&8Q=$Qc&@ga1=+AL2&}h9bYiG
zf*5>JK^s;6)+a#xxYjbXYfw>ejZLbsRY$GtsNow3K7@clbVa39`4^V^@Pxela>Weq
z=>3v{((a?W;&Er#xHH{Ag}Fj~RY&t+4fihsp?|2`3#$X;J*?L*I1ve4!^LxmI6FnP
z2LKC5PIuzmR!K(j*=p64u{aUJLftZZ+APK0(nSpw=4k3gMwl$`8$6g&(23{VMnS;l
zelU9M4kgCNA``6aQ!PkJ4brbr{ijd#Yeh?$_>v8@=~in5Lw962G~?cBSQLYlhxR`)
z_)xL<8Mjcr)|VgYU|m?sV}O<-+Ob=pkN}K^8(|St^AQqDH92sUmmIpX_NP!eUQQ6q
zt-~(NpIrtOz1hAwi6c4-j;Ddf4I2C+PZT~!SHfH%0b@qnscI($$DrMWmpAsyH4Frn
zBZY(8Q{;DX^T4AJOVss=*ro)>3t&;0a>)s+1tjnHy5eprk!)n|O>SMnFZ=-mPX>^-
z#SehOQii1M1WFV3RwCW)FP09Dn32#1eybL<O3@%(B}74hkyM+<f9h<)QwM~TU|{*x
zIU>9@1mNk#fHB$?ee!iXTT>b(o#tI}61UN+4Gi_CYf_J-GEnlLe_!3KMc<@-8Ue}$
ztw9k$5Dnajw4QZ8*S5#=1HZafZ-BpVclyV@&-;Nz03Vngb0gVITC&GsC%<TMmD$vD
zD9>^C*)%<xwesqfYQIbnl*GNVazT4i^1R0tv%QPjWyeN0P%cXLb;+aFZH*Sqhy}cv
z`B#Tl>;~)QN2V?W&W4;Q`Vxt<G6VUGv}#5Bj#1BG2-7m054b+Ac%6h}Hy}-z&E%_R
zZAG-PP@yCzmN^aF-xL;D$D@8$v8V-<?hP-6nXz-Hchty{?DZS@TMfz|G0gBj5M^+I
zqk&cO;jiWEB044FqXc+7@e<RhiVagT(A2cEJ=WFzH6Tw=^~BFAv`ilXR4?P){<PL*
z24i~;UTv!WrF0-*geZEDfF5@a$fYCiMbEf3pRGbginO^@cIXxAb}SK8Y{bj_mgaE?
zT14iE=yQ8l@5||km`h%TV}0-##&*r2(q0duYq7)ae)QklaMNmpQ0wzC(8Ur8MVR`8
zEIO+j0>{4fNX1r#Q)-<uIPO1R7_=DcK1AVDL5tP;i=h7+2Bt*-RnG+{Y=V`NoU-f+
zs99>E;%ZSEBbi4-H5*hVSfk1+4r}XA;~)mts`BZ;DO`h7fGYJ15(L5y^6&80@(Mz1
zT*xR;;fI3-rgS0bFKtQKk~f;isb3g)yv8JA5Tu3M3KaUX8pk+O!}9|V46KPSp&Ouo
zO-oqV2R}_39sT?bU_RtGRmAr@^eevpEiuXCN0C2g57Km1=>$<D!PsOCJ7iD;o-^<%
z%wVThfX``y87&CB+Dx;)WBzL%>;!e@J{dN$=_{sWEXqX7>gc%5*zXEkY1_1%pE=-)
z1|e*8?`tDUl!BE(8n5Q4EunjKu#`dle#>WNiB$Wcmz@moH@In@cXh#$`GL|`WQW(h
z;5^Yh8ZQ7`MwVDBXsI96U8z(XrwVm$$@3h{s8|D_n6bp*kM)L$0MH8Ns0$CuS{B#}
zUZdRfm+Upoq%FEOz;hu;VbN)oO^emhs`Dd5bC@fRaFe?7{mdetx{Ei>Z3fp3Q(drz
zq}`dVgq#8C<Wz1d!n7qM<m8&5zSb}r9&z9}f>tKu=UPJQ1ofXjk~KWDA~U(;Kx*7t
zj;@-luM<qZ^H6y3^q{QNh-E6l0MULQoKshb*{8-$t|Y&`^RQwRQM`0V5HpIINitnf
z<R3l*Qd39}#IZZw@d6w)!}<QZ0po?UeCCSl*n|M=5_KmFx);QwNqPn;$TXOJZuar2
zDXE`NZ_`oSOX(n}lU{3J><cVh{YOJkvI&+BAWBT>hu-ojfvu+XO=de86#;x*dGp_b
z<4mSmgp^T~=M@9>L?sch{4pyPAZvwvjc-FTC;Y*-kA+Uvy!5wBSKwb0k+w0du(gQD
zNx%V_?MZ{LFuR!;?q63ij{V0*V(Fo5h`!G1$dT-oE^teR?1bqx^5tUESsj5)*ds>j
z1at|L$rkdI!KMl)M(l;^z#K<t{fZ!^hCNR)QoY3P#I4kueP+3N=kDRH@rJus6DBLH
z;T)N>sEhEIRIst+`TURPbZl*auU`mZao7L|^7=x6Yzl|s$U$WAWnFd4?xW`cx$DCf
z(Dk;^f$Yij0U{m_CRLD+4WH<fN59r_&yfTVo{6*bT(ODB<qb>3LZE~)YP0a+y_!7x
zKJ-Om&ob${b^hCIf>6<#KFtNW8IzS4QoE8$RQ?6)`C^NOnnvhAlT%Y`Y~P;gmx)@y
zVsOY2&DygZMDY&|5VLk>_6rD#&XC=F>uTdPB>Q%U&m5#vt3F$1deUg52&M;owsCZu
zQ@7CPRUr&In~kMlYa@cNP`%(mqRV2sM|Tx|g66UpnCjD|GgPGVVK$OjyIo^{2t)1g
zC?VX0!k&rep;h;4C3ROhd{Lggp+4mqO#hN+7<<w86Z4&F52WycaaY%VDyg(@`?zt!
zE!X;;EsYgDQii5pPor<Rte&1<PhP^H)coMae}B?zR13-#nbxh0PPKYRjlu02w$AfM
z3YNMPe=rMm2_`b+_jLI*7JqYh2b1qcPo^Fw9d!nWGd3)lioV{yfSiqg25`Un`mLFL
za~W{ttQp=)5_)y$?o!NxZalj8R&D`2z3?4&G-3vyQ2@L^tbc=?3=dsfR(W++-DGop
zzZn>9uW8NM(yM%dBYrS-XCh^+?v`NMUqe|SXUG4zI^VgK*1YmWyQl1nG4Itm<Z#F;
zZ#_j3fOl;FwN-K3?UiOh3@A_>>&ASX4oVx6hmTOcbg8=gSr14h;niKiZw~DbMiqjS
zLd^0JXw&snB8ubx+49{^HM<vqJ0{0S-a%dnTF1ejrn>(5{zoPk5AIIH=kdBUC^z6k
zTzs;rqKs}>{HE6GD}xA$W$mTPN%i+hQ`lWqE{h$&c(x}0?wYSKkP8srE6?jLgOEw2
z8ZqjBI5F0<eb|Eyi6{1-)AfJO(f`gM&&tik4(zsZ1?2+PIidq4Y*9eDfg?87l&pU#
z94c^vf^bY?jt*|-4sNa_EPquU|6Kb7bTqMnV+9V|*nqKe0sCyx(f&gIufl(Tz}Q&+
zmO}ljDe%G>3pi(E2*$<%{B4Jh_McAv3y_WTZ|A@ddrVNS222M<Ffb0TzgNIGng5Ot
z>aQ|f1rCTh^A8FY=U;Q+{~F{!DwF>?4o;502%wxm7F%?5&c7s-|5eKKx0H(OuQuiX
zLi)!^@jvTwvHh)!$@L$M|6Up{pqdjG;lGB*`ma&3{_7LlzmPv?R^~*?$ng*31&;Ht
zaiapq`L8wO{MX`e{cAP!Nj_oS9o$G*IDm^zeCXW&!ui~Z|5_v#E+D`~66>EG`nwCC
zwvY-d3moe|n7|-cY+#-XB@i|U0T}6m2|RR017-Q!;P09PT%>>jE(ow}JaBCPboyV_
z*?>_l7@t*9vDp9i_Wwrpa3urcx!?oGT&02W{eOGlC;ev^{@vt1$p3$1;=V(`RQZ3_
z_{7EfXCMAQSpS|B7#HWiX2Jth@nMAG{%65}pzb(e+-$&nA3ZQu79hGC7bq(b6o3ab
zcN>LLQC3xy69cljuLA7>C_sD<3ve!0R$#El4=@g9Ad@E!6!$;7^)C?iPY_XHxhEkE
z*Wc_y#;#Vt5l==aNo7rK9odE#PfSo?uNMTc*q{EN*9Ctppszpe=X-1*o*(|_D+X}b
z8};)W6y!tr`8&@?49Mey1AOzrfKpPGQ<s+kV*AzuW&BZrweAoN>%LxKP~89AO#kYh
z^KbVJ%>hfGP~89AC;z(4_0Ooz0|`Ip1t0VWjq9JX|Gpo%xPXcM><wbU;n4q{?@Z(n
z@O={om>FdX>HvI*N&r?>h@x@*b0__ehTMM}0=PK1xdjDX-CWF#?cuz#bG*FuRF~WD
z<4AoSb!{>66nZIFf7;j*R;pLJ58_fCh=?d3cq5UL!X^mUCxMVcz$7rwu)*wz6FL#u
z<jgj!@U8yN{@Gk=yD-%Dpo{P8&~v$Y(*f`kdJLIb^+lX{>HPeO7UPyD<0hEKnE93t
zNGJ-saAt`x{dL%ai;cu)i*`fn3D5dUim!T&Glu~t|2volNxk6!frpi5;rCsd@d<l>
z(13Q^M5$SKTE~noJXU7|52K&}3mHAX_kBHuT-prM*SxpGQM=`YqHnb;zZ`djRKyB*
zcT7c1fDht>5T)c(xmuphzS3H<x4#EJ051T*)cpsSkO)dHzNtUg(35@KgQvnuQY(kG
z?w|W)!g9U^q{}3Tj$-0p3<B*`W{yYQwN4K(@zOKYHCC56c`20!x^K@fwu0$gA3s3e
z_@J?Eupt=?lIql`bSVL84Sqwu4X`^LCQNmiUO6jLor;|zXH-8?Twy(T6#7Hb0a9LQ
zH?T}Q4E<SNSy!Z3DBXjUJB0o5EAsT@udtdXsHnnrq*&;>kracRCNy<9D<Yk8XXL5q
z9p5lR@vn*Mvb1E*NHtKwM5UczE&GF<NG(vwf+;D{nNVyaads$72w76TeKDZqL|OQD
zJP6vKIEw}iOGTF86$V50IEY|E3Fss3bn?4CBpvksx=vmyBLci|YH?!XO+cbSGQ4^9
z9vR~?gTG@eE($1qJ0g3IAFBoucaiueKA2obo2u%SBJ|vz$PK4ef87vl+TR~zsx*8z
z$sD=mDoNv;c8hU!ahvCh?L>PXhuMlG<{0pne2ZCQ^PFLydQ}vO$rl;L1Wcno!=Lxp
zWS8=B@d&y9?&#dFA0Jw#=$APDWA<}gTc)Aj0(1KLe#yPY0Ar3!a}M`f^cu}7n->f2
zY_=sn!}Ku5d+jkuQr-Dcz|5!`eqP$mO|K5Vt9%q@7LH<eOA@jug*^pl0#0@)#EBJI
zXRI5N;<^Na1Up#Vy16AT70^p&!;g-2Lkfvc8jI(xn!#^m`FO~k7bCi??68l3<3RBi
zgIk;r3_o8S+g+lt4-{0#?-Gj<r9S^E5e^_?2$A}c3<#<h_lycZUi1_><RXemy;!C6
z5#Pu0BS)1b&QOxgh_UE`oQ<`}=)pOr*$^}@F(eXjF07Mz<aRK11l%a6hVoZ3%z%yw
zm&nG$it&@95p=g6%FMGUF+h0ODra>oGu0NjqMi5{6rVXtBk)+YfiOrIOdMFb_`6<@
z?Q_}~b~nN-f>btD+oE*C9Kv@?HLUs56$Z+~%(JPXw(I3D(rAHvU8BAf)xIt;-h;)5
zxKe1nc^2~>Yx4WO2&fy%kM_3k4DGa3x;gWgo^tciVc`S{Rn(Q;;vZf6Cp(Chn79+=
z?!ntYte2nIT-r4eLsRtyHgZ+al#q6tSw1OQt2^6cp5MCaH#Oa)v$<*U#&CX9!iRmE
z(|jfF%Wqee<P+#hSV!qx!}TgA5=bIQA<FIopM7_6t;D(K1qjm=*Gw~gG9!;5zY2*}
zU$<YfTGsx2xB?@L{a$QimdfFh*&S|f=vt7-GbqKD#wbk2etOJ*1VadTM2sphy7oN6
zbhaP>-0pzg(vpF<ICA6ZtYy*0;g7c>3YPQ`ce+U38U_Wn<T{V=uNV!=jFRe0a7u$!
z=!MCK8%ULd0oaKtX(yI2d&wZ0>kBo+1gW901nkA^(N2n*<=@dW!7a%YL083(H>bvR
zlA^EMtiGq>vNE)z;`yjL3Cef9n)}~nz{c!@Pcn58$O~TJ^gUiR7{M{6sFhk!&kJKE
z;F?3eV+Ke-_uACb`m`LTZjeTUW{Q6oQ~GAn2QvC%4Y*p6E4&?7s9rPG04>13swF<T
z=f`~G2t;CEzs8t%x(F*+{N7dgliD`ho+=tADu|^*!{UTu<mEf_{+N8}JQ&76M5e4u
zh=FodhvYzUGLXE!LDGE^vilLyEztFMBZFbrIcoAAE;&)bB2>-dmAqm(a|r7x{Ppp%
z2k<1&3&5WZwkf+L$Z_sQz-XfLICaPeeVL;ZPZ^!<H%I<~n1$Tx$r)Y3isHr=-@!9E
zGMhro#z#hk+Qv>xiK}@)%zx^Im=gZ;=431?k1vbFyvP`gr`z<Em><_Qqav)DpHp6c
z@=!n9Fpq_N&uPN4ml17#yQP`#u*UH08SWLP8}ONg#o1v^>f1u30VI1xVnV!2RQ*TM
z8D*GBNO<_gBu9Xp^IRQMwYhjUhQRHKE+`7<EPNl`me4kShhZJTtQ1CiApHO%+X6mM
zlcLcuHFg{u@fG-~>7>-vVB94MV`g;8me&2oRogQV+$8kyL3(B-NlvbyKIRYY7>o7i
z`XBJgmLJ-S#y^qJaH*!GBoUQ=gPJ4h=AOb@%JxBAFZvBny!rMjE4LR1>veXeLd@>z
z`u-j>;Rh|WJ(39O3Wh#+%FCPUw^6nbLWBp_`VDU>l~z`BfkP=(o^~^hPQ%8!5r#79
z`QY_cQdkT-Ci*8MlcD5tqW6{irq}n-PCzBi7`vTC;;h4Tvg7ccS$kRe6)aYly2o^g
zvO^z2x+z5qKI?cRwspE_6A|BrmetQPda}wYaaFh@9a{-g-3oynC%thCq3f39;q62;
z$_MEYH|ha6O|T<gSIGn%T$&&8I_D*W$uCzQJSu3D+q(>^<4r10Hl6!z=(?PE_@Bhj
z?7JR2Z}?(g#bUjhzNbZt??3VP&D%TJW5Qg^XWaJxBt2Y<imEsDPgj*W^SeS;cMG7S
zUt@KS&4ktbNiL$)1(rhD<g-%4Cq*a0CxLYR+^}qrI!&Ab9~?*|w8oSn(ZRvMJnZ1;
ze9^9_24|q5P#AiG@*|@%gr}bS`DwOla4jCL>Ju3dcKh>|+dG!xpf2ywnl<H%tSrwn
zdlm4wSR>L={4qFqF!)MGp7Be_W#o1H(oZe<tKcGrIsVUuBLP|)$5+Zm7b5cCxtDl7
zxZD&cLhen!Kcky`m1`f!G@U>{xu4}Q<3!jkPB>}2om9&Q!yR^0&A$^?COH5YfM9+1
zKAP1<#Gk%I-&%P#g~^8K2657na)d?<p&l@o8w>OEp|w*+WKq@OX<>1X#&LYlN}!Bx
zl8m+b7*GGERn96kC7M*ajMsD<aYWx%|1>+Ky3r(NUnnmpD=Mi0hY~)HR~=<MGqZTJ
z>gxjHvC7jU6mpp7Y|myC9lH)tDx;p;C@^N`kN0zmsZS=ZWwEJK2E;MHP`_>L?4Y7!
zjbXuZ6f$ZYbIp(9=Zx4qI!aQK39!It`47Z=&$+p#UgwP}cg?IJeM97tXh&y%1!VxL
zX#SB^>y4L$gB!Hob20amZ6t%5mHNIKANl*sZAmt75QjFg@OLnqbD1qbhrYl*B4Xit
zz$PuNq3`OZHIFJ~cK%1`AJv(aD8Q;@HRtF=<HJf0{zY0UKj+R{PO4Jghx*e`x@5YW
zmAA3;Ngcijnci)(x){5uhKfLlvc?L%B|kN?boi;0`c76OtYF#b@&Rex#G06spP6bQ
zj=eNxnnp_at}(wJsYc2^bDbR6#^$4>%l^>6!t_#{b*r3Rv@?rjxU_f&cbvsML>@~m
zF@Sw4Uu6yYiAt-Km`S3Ey|n*LjSzPqHZV?6CQfJ_n++jy!gJe=MQq13eJT&D-eGqJ
zajPFcRr#D}h({RC?1bF>RVA5P>ytSj0urb~TGpKYHT}vX#7s>S;1Jn=p-;j^g(aJo
z57OtSm8x6C05v44WKMH3I^t-brp&QQrryNlCb9)DTNup>F9J$UOJm)8_eJUoQAI}#
z0S_G|Q#h!t6FX{q3o>OS2GXMwf+OWuY5TU|B#aH=j8OQE&`{*WSzBM)I3^x$KG1a>
zYH&6JOe~X9+g|n%K)NO<%(Q-VnQA9j`Qt~u=HV%v8)e<kDmpOA_JXGN2Q{&(G%MsV
ztP7bLUW}w9%6O1O?uZSjU`FIybwqtEo)jN!wUWEG#*m7nI0ybvEK~QmIcinR$Ul!~
zYQhmCO%KsGG;hU04%}^*OleT1zhUTy7>`s8lo>gpXvSD_0o_*cI;4RSG;ePvSZ4Sq
z{dzyOFv1mP+N%6=Q3*M1^n>~fJER7>)clu(4DhuderqI<L)6Q=SA7LfHtJ7AT%#uL
z>hv0mmqv;OJ3@NcXg4r$s}!~pqgSgE@?RbgVqn`Ap~FR-AO8+LOE;@|h4ZzJgI#+K
zL6lC1@_S~}5Wt268cssiq*3yR^o;xjBkHJ4y=>D{Qfjt~UdxZ-uqhvcjxVfiO9<m^
zx=4Nzn<yk`KjL6D_Qeli&7G=KKBK)RXTr%%R1C&%Pi*D?da?<D+B3q>0OFVDjLvEt
z3{_^wOB%1H>9snYfp-t1(8tffjbaR2+_093cA;W`wgZ;4-L?1)zDmSP2EakiY?D9o
zW;eedcM7}=yv>VmA_-9OM&O;QCDAI|y4`WsW=O6F>R0-MRi0AWm>}N(bAAwAK}@{I
z0dz-s%YaVkOo{wgs|65)GsP{yQ-oiV`czYcO5q*F#mF~QXNqUkuDDdf1X*>A+@=!^
ztS;^+odAOCwK7=cS|$Bd-C>oEd7Be1Bd_3nHGhY&dTBVBBJ||JQ+LP;$(}z-B;dGX
zzD0BOgKCikl~!1c^v5N)uL#0aGUSno43TdwP&0jPhl49fU8<`#G}Rn%+7(;IUJBXm
zsEjvwdi}^NXsLThM?(&I!Y9kFEkft?>R}ks@Bq~)6T0FhVJ$=RN}itmL0Q07W35r0
zq0%~MZMfvCR5Zzhm!r2_X<5PW&lSJK+~*NF09rCzubK(?3thA-NF>@YB6SGMRYFhb
zEB$gIyV09Z*8KEXa<v6dd2jY)nz}WhAj2DDl31vZ?n^;N+Z6so7Rkk`(8T${>m=)W
zC?FaCA~|`Jp;!6>d@9D3Ey5eQ{c7Q60ec)1{!gg1c)!g7LoVi<_<jMlSBlx(i1|-C
zD7+|XGkgI2OKX}I+HU>c`lz)R*g|a;UHDT5FURPRb(%RY2HSFNId=kT!Fr$1B$+=b
zGkE(%6&%)g3N>ll&M*$cMY47Lu5g34765_EjOUtSW3;F8leg0*3Nl0MAT$pTT#8C&
zYJL>tt!$0rHv5s&$!16c6|z^fGb7!(HoaCHz1Ahtq+3$VQ>_yX`5slKO1U#qY<J1<
zQ%q>YPr1<mrPK}IK%%WTN98PuI+HNxN+TQT-I`*|czJrxig+VCx*}elNj@h`A%M|a
z!HRw_A%RU)SHfn_LPeM8z=YYoySl20t^8phE%7!qQc;9B0Zg1HWTiEEdjput)>aQp
zq$$}gO7}nuzujd!0%OQ(>-;`C+2+`*6jdqVTC{t@UOyo2$IcgIcKEE|-mo9hGwsn4
z8{NFm6!(DvPFN0sU>`&;gExgM=Ya1iIq)Ea2h1=~3w+<FpIhi5jwEUo>o}IE=#(?l
zvk8cZ(k~E^f_uknv9|g~^Fa54En|g<_(UFV^C|?Pj}A4in>4&y6K~)-F*R4{eQ-OX
zqMHvcPE^$Gip%&5#MOiRP0Y;|ES262xbhx*A)G~xJklKyyLeC7+<=P?N&p)DU(Icc
zvOhR!8MXxx9sA1{T}!o=;1xYTGiX4uY5B$%-y1aZ$bFP1ADI1^@tz)SY87u#X$Mv;
zYaE^QeYrAr2AmiFoSxW*;-<WebL3^M?Q|wBk%i>cu6~6AmV>tI@mvkBy}Y8NP%h&q
zNuawpfg1b>NfdyL%^qH3HU$(FBu<F4f(6X*(qfLrT9+h~iHJJufihM`bG9>jR3f+G
z(tMScRZykAaS1D@v7unhr@`8<Yn&2<O(aRaCxU(c{XXz)Dpq)r8l^FdSWR%WmLC5Y
z2F4_ogqsZRt1Bg@Y?-TI3!<ODygEPo)9M_gR0LQexheZS+u1U}cN!pehbs)&NX2ai
zyeSXr9&EBJnKs|&Vqo`{zDCCqhA`aCr@JIFtfRri%@R5PhW3Ou{1CbA<e%i8Xyb!>
z*q$7({nIsx2fQ%FgHq~&%+v3>bei7`A@d5F#~Hwk{FRH_@1;?6a|d<Ccl2I(Cbn};
zO<$gA_dr09Z$;PCLjqVU9NMZZHw~G>?E18Av704gUTJ>Vrq1h!7{ZmVbb#^QR7KyM
z;Z6=J<7Zj!M&K+&nXV}_(_;viwl|dawd4ym&=t@WIhwzb5u{MUdNXxA_JCy-ujUU2
z+2@ueQdBiOe4oZQ!fKxkp&PvhIe_h%Q(1&BMJCocO7r=A3<Tg!N2xZ*Hy2<u@O{kK
z9k9HNopyVM;R>atYx_<zGWiv(T<?p{*%;86kcK7sC_1Rtqfj7Gc{NtM!rr@a;c(X2
z4pvBzhljD5x45pYy}g{KjTg%^fOwow^$g)8x|T2C6=EEadwh$u8^p$t;+C0`RH-Jd
zuO^(y#88;CIt~yOizd@Y3L&vJv-5I$Hr@vRiQpw1;qMuTL|6{b@~H|B7WawR>Qj*O
z%nMO{6CX2UgF93Qes$pVm&sTf0;6@Y=kcP{_B8Z}hcD{!yFIncT~64Jdu)P_fbQja
zUazaB8;O_c=M`sAHizARarz{S#+j@YtPNiG<Z!>M9s!03_H1K1fTFAdT2J(!$54&?
z6%GrUxbq1Nt-Q1{dDY6jUoLumYLwRMKC$aD(Hbu8>=YGLPwT>t+WH}_4NcEjUgCUj
zXMD}?TR|afY6l~x1Xle4qszmFIeFT_4T&_oa=($PWp!e?-5AQlPrY{2WH@w2Dk*G9
zN-Mxrpa9QjUPR@(iN!i&vd7m#3{zx$hYiZr)=-m;N!HH;l4rp7(An7FhPh3@SY^{m
zbgc3ioBV=?`bD@zaVXOtW(h2-9*+n*FkO%eh)%q2R@6NuL-&UX*(Y<_E+Ukp<KxMe
zg_?6}pbb&u90clv7Ht!uEcAzRcNPM^-p11iD1i7<72eBEe$D;RRwU+_oSRd&#~ILz
zbZlK5Gc*@*Qw6q8k?(kLcB&E5raRys5{@9%y*-@o;y$)tv0G&aI?y*JsqDBGXbOnl
zejVzS&JHVT4!9?{_UvlJm))m-Mq-|=jbVMYpm|w*&F;<aiFK*85H3z}W223BKm4T|
zq6Y|Zlq{Ral&VXpKa#s$k!Zr2K>jv@PMwpc*UgufOKon-^oz%|<Ci^AYQmulojM7U
z+1?<X$!w={H3&oCmiXpGHIxQvZCZvdB4lqNllf((9oh-TMeK8$$i`!SuWY}#MeBLu
zkPBKzG7COZq|vt<GmQ4So-+=)!j#)3OD%v~7yDU$U_sf6Sw-b>%@N40usgR#D30uD
zwTe$|d#+tEe_*GcZ)`ZEnk&F|A6D3~EXI&R(m2^8kJqvXuLr}j7!5%gQkL!rwciM?
z+v#?`{jD4JrAz!6n+&g0nB?1xUQ=|p;yz9%1*)v$JyO%&6QNBP&llksIGP_)CF=lm
z>|!Ckyn(9`S}dqDw`nWd6cVDM@?CXjE8b^~K!~f3?D0-A`)=k+S$l9SC0$j&)UZCr
z0>-1LhSlZ9A6S!;ghz-LvR}<F2Hy<awSQ;$y+&z>=FDj=bYO|rTzg=ZOHAUm`uQQw
z$O;B&sABH*BioB%-9!vk^-VUjd0qmXaZ<T=$=i^pDn~Cmtmy=5u={b)p5le}^{I>>
zS8UJp8#<lsY`*V4LF-=hwZ`)kPrBg+y&(*J9NYO4w@L_kbUjk;boTg<ebqg4jF$Ln
zNIG4yxbkD#QD7ZOhTD8^nCS~D)tubcxB0E@t-EqWaH8Ak-rk&3|A;)jnv)KIm&zWy
zi%n>c9k(4yc4<WXgMQZ%aihCpf1-U*t5PT1J(NeZ*rY{w-Mo?wbD9vdA((<&QxPkV
zOj0gAgRag~Gt5-pbx+I=xUjm=?(C@bd#W!>7&4*k%rA$W=es_0ZbV^hylMk5s_(c*
zL*|ZT*z9-HFA3b9Rh^e&%FH@|$kv8AK3Minn2|>k1}?b_%sc`zWboVPz?Z8b`2Dns
zlOfD|UODvq9`0_iADD`x5Vr!*IWv7ZD?L(uI`91RNIBj;IlftT;X$2mW(aV5q@=%C
zuTiE1JGWt}63a(3BCKY%#-uT(@F~}f*pYd6o$m|6{I?UNAs%iPRvxkeW3>EKUu7wf
zDv4Zp@<bW2r%i$%St28q>)az1819;;7+~*MOhO6XM?S71Y<!1nl%U(<9_1uv<V(+c
zzVp1suf8w^$=zmLUG&!OCBr1D8kjW|O_<G}!b^Pp9S$Zi+kt^u(eQmov`choV^XYJ
z_0<r#%ps7M-G)%Q9yrYf;FgDH3lXZ`>N}FzJG**CKATF957_Uu7gz@{>ppU=#TgFM
z<sx0eA}GqneXB@y%Yys04~GDP12R>Og^L}oIY3-*#{CouuekHvJSRlSa+`np=gJ#I
z0qQ8Fx}_(34O=OX6+>NxQOlL1n(f_SUSZ$=itX{ot@FVCFx^xRz%%?<h$;wFv30`=
z{$sQJpuM^;zUSx>ws#Dq8|`_wV<uRUQthRYmK7qemE$v#ciD!+FOW@$8uRM7E%Y8f
zUbmY7546T2he^GWr$3<BNU;is%LTOngHU64x-yuq^{A}2y8YztB@^ofp&l)>gT}t^
z?%6%@{axSJu`D1z09Zc4HlAe|xx7^@*IM744udDCUe93fzA)R|8LXhFwEs9c+sFiT
z<<l<dmlmXeQS?@{97jO34S(TL_U;q@mU<6tuYS!9{xko+d9a(0sz!U#Z+~4}HSnW8
zb@}#%qe{0&s82|q0KE!9y{4dLhZ#p3io2hJ`#yqbcjco+8t^T<qVPTHt>E)O*uxx1
z%)j0IJ>yjzhtmT!j6$$r)!m%cALngmKbcXsJZ7;jP~@^Qo2YE}zSpE1e^K8Yo|fM$
z3Op9+U4D}W?h;xx!!@h;`Zn*KDq0(zo_osJB{2}-qjw%5WR<u!BF>%Km5#V3ll(sO
zqf?ihPV>$*4se&fN^EqDtY_69lDq9BX|)m%k0P$%WUhi=sOaSenInS-Who4hupGH+
zbC3pqL_<Vo3UZy5S2h3x+;U%Rh$>0Xo?+4j2Si924?1%n!){9dS@G*Ux$xC{gx49_
z(#V}J^c5axO1^NF*%%)8<<#v8NcR6JROZm8{#BQn9e_v>ySNizPglH_l-v5{Exd?T
zxhG6gmwNZ?LYiLeHq;?TVc<s6D4>TKoKt(uUD#$WrznHC+zx!TJ2c`vxantT$0Th7
zy=;uG;g2k}Zldom5od<d@1&-Q{7yGe50tD|j<2K}ePCcj%p4EgS6Nhglt|s<GxRVU
zHIqE~=zu~ywCb>GLxFQ|5F$8$&u4}R#k}M%1%+iW+R2MevR{tgbfr%1g#iJZ{`;#T
z(VC3t-+x#MDfV%zeu$ESerGndqxrCqRA>wkh`lP`YM|JZ+oDb+Khmh5X}=qr`&8dh
zgvI|_uy}+<Y*Be$OL6D2<D*?Tb!)M14I2*;mj=-JAb~sJ^|bB52nArcK);x^q6i)s
zLU62RR#lE|5E;?E<&IRxI$M{lDk<9)FOm<%DN!mSUMjY|Z7ch4$y`Tvw;Ma5BbXx$
zHx+5f$s+x#_3U;ptUj%}v2-}ZdV-Ys-Y?GLTtB$j^;1vevTOH;CaAyZ_G~q?wwFmT
zHxvNbUatS;DExgnc9|yzx^qmCKePH9XgNufuuZ^2=paU@@61XgINyvU{D}{(td1~d
ztu1XsH$s^jF?2}&T)>~_o4|hW<#c2xaKP*DcGNSU46F3Myoobpvbm}2w@&?9!XE|M
z0YpKzxrtUU9D?Jd#z?Qmg?k<>*hJ1Gu2}$hPv*R<0w!(H7#~yR2hCu5AU%UzPVj<Y
zs5n8<ymb(gRoIE2y|S(1*8>*RBGHKZK=0e&F8rS*=IIrt;>t}l2WG+}W0;YoAu`BB
zTh`pJl76pVOORI}>xl@@c}RFpH6l!E3fo(w+z2kKdHt_7Z80w^P=aLYFBDmRsC57b
zVlq${s0sYd^M_L;-YhrBmWzd4KV*r7o+os69%=@vL4|b?Y+-2W-r_rUI7xw5rmyzH
zn-=qP0=k=b&q$1ds*6@FQI+GmlZ1A84%xI!rk&BoM!3J;`ggHAVpU7{$MgQ6iM$dw
z<6Fi3<q-Urr}y7%0w7#D^?$jzf!yV^pG*+ba$#_m&yf3<eUd=CC^X>7CKeF6VhfGy
zAIiZ0@E`O1<3Hx$<l*_B{$p)uHMQk-!7r0MBUbb=(4bQU-z6zH=|w0|Ve?H2XcSNo
z!SKpy5xTyR*d?$I%vK_T4t*ocQAX$^60X^RP%!DN8%*2V7t+qkdbmdzjnQuN?7I8u
z(q?3l*5mi_@b)1oj*C<vPKIiW&A3*_;RJ{{ILzqhPGk=Fc9kna;DPo2YFeU|fK=)d
z5k2b!&c0q7z~3_}?SzkrEhTzJJ+4Hqvwft>GUXpz`gD8DcGllAbg|ODe=`c}%5X55
zS4-p3-^+!52L7el0XB;{>=gwQ2d$fdotb{#+V+T2dk|ves`d(&(Uz(TcAX6VdJS-W
zU)qlT0q|79*uSz)PqTmI?Xcgxm-D2L)*?D4(M82PZ=tnVIMD)(w1SihA5Jmq3K}-J
z+b8JO`hJr-3J!~|q6EB-nPg=&a85UW%VXnm&b4}%N=2u(A={T{D5O+oOvdEMa48ln
z5zH@9vMn!9#^;E2DV?N2J`o!S{`vg-QI5OFJ06!Q<E?tXNIxE-BRf@+s*JVhVuQ3V
z{3HKBnXde4k@n<^4Trf5j|x0B)p#gt@no5Eayp)3my}HTLpkcA^msU)L~O}VRmtSg
zRpHnIP89-k`PgFdMYtrv@q{F0l5wJb1ZNzVVWZqW7Vy5=fm%5`28RNHqf0>g{v@J@
zVAiMyaubfv31OC}PdE<(9p3%n)%NeL9=?73r;eU@EtW!`A~UnWQ6b5p*k}LS`MH|d
zv)CvKizJA#W0uMEH&Y)T<cqj#t6eG6sbL4)j^#acbVDEnkQP{30<Tc1keANDWlLnq
zQEjqbd5u5v5cl!bi$&BcNDW|A5gbCBSc{|KN^3`J@Kvg~XlR6H!N$8b-&PJI1@n`I
zODw+Y9xNL3X00vjqo)^nU<;17cK;MP@Zy<Vv~<O+-!hOZ2wh?#t?A62{f>zgweR*3
zwp9_sD{@vIu5za(!{kRxzg=aeP0OS1TE6E1e(`g?P#|gDM0A<9NeUo&{hlCV*xuFh
zie@9SgzH}CTPR01$B9)M&encM)?Q*}<d1V!c*$^{&5&}-Tfk69WUKuHGB{5bqRS};
zobMY(nw3JeeBy+cov<Em?JjdH)o*n#)+#hEYX%a!LN9*tLpxZ+dv3Iv;qo1bE|i$1
zu-=gHjBUt<+BC16Tq%GL9U8O=S{0aL3Mzu?fU!F*?1Uq;{E+u)aUt;iFy~@KlPgDm
zy;lyxeRuPV<y5!6i+cq|+L4{0TxA^<bS`uJar^e+#Yww0YCP4B4N|Z%>q2BEE1s$L
zm?ML7Q=jgXo`7GP+}Qaw?V~nDdqMbzGJbDbzY0>80_O-C{|R8Z+z4T~rxWZ84$l)u
z>J_fRdJVE&iNeQ<&p1Y92UCEL(<SB>@oX|4Dtp2?azO&PE;Z`%{8I4{Cgxa_m4Xs9
z>4NkwEH{W^D9CkC53(-<qMUOij$``xQ8v@8h!O1%4sB_*NZv&#(K4m}CnEPB`e6hK
z3m%4fvE9aUiRb{^q3vs<P$@9L`Jc^&!y@SW6t#S`X8I;>QU+H|pZ3L#Im;23L6hNE
zidsKx@LM3U$n9fXi)|1)lVq+&(28tWlAb_lxdL5Ww47Yz&q25vwZ0eHBQ<*sT=ig@
zzAL$;D$6U<zAFp?1OT9!X(B6?f1z#r>oN_r3!^tLJ{jP6!FIJ}OOzg`%L{72D-stW
z?;RulX_2abOpf*%>QrpKl24A|fUz#`{dZC>ad(I7O<pHbXBD2#w}(+24fK~}yqChF
z6%0e8?e1;L?x>eq3iM*>@<nb^Nbm%<M}sY$Ygvn{7)_hj@0?!6JN>sx%{frJ*@k`0
z*pzkW@<;&rOo;Fm?uel^cU+tNCI5izZD^H)(!xz1$d$k*(|Rg@_6f51H@ftx#hE2i
za#8<U2pG62up_G<%0r*|TP(dnIKSiz*cDj*8SLJVL0a|?@M$7>lF&j<ZJc%l_p94t
zI?}Kw!*(R+@(9Y_gXocyq9`32Nh|vKN56F~_%#)fIcpfYp_56i$Vds(6b7PWat&5?
z(2l-qqolr?3-dI+@e6J+l`aKy2sbL-B|x`J9yOSM?)m%%>-2@@<N-Y#?Xkz1RW`B0
z`TK!mcIRU=@YJ0euqGotp9sNu4*hn>aaC$#ix_z(vEu7oWyawLbLoUhGY)YMsj&*A
zV}Ah1W{P!l69cRXI&aR0UKr*gLTsP%+oxnl`n`uT+Un=E%w>6KP2+PNTfI-$n-w7b
z)ctAv13C(rk{(9?zKgD^ie5h^^U~}<?M}=!G`vPyM!RQ3zlE|^dqd2(#&&OhCbyEM
zMk=OU^>D(F8cl#iNSu#ui@9hsu9^=c`587VUiIi{XKn^+ypfkkzAo8g4YhtDT5U&s
z;)OZ2XDt8zE$wR~5szPCA)$bzeipo+%lEBCQ^XH&)hq)7{Ipa&ij5&VJGUAwh32pQ
z;aV|5+vhm^*y6yxljr^MR9o<2eoEX-VV7OWZIJMGo8j<@bP>7s+9U%P^Nk5M>=bo?
z{rnem%;K_a203L)3yXcTA{lVAiJc9U4wHpGHhyZ7Z{?~;O3S*!UYdxqJ9UI2ph%yB
zp(0q`k2lC3JOLiu>fK?^v&fX~UnL{a1McdY3x}mlQ9e}9!dE2x1`lcaVXNqarWBz4
zth*7sC&`1Mu;E2yWUA0z)5R2}KU+Hh;WY$@=qsXr9n4|4<aG^RT=wpByZGgU@3hY@
ziZ46@*XxR4K88vtwWr#?a+VC~cTdJ_0_<D!Vu2YNH|)bv+Zilcu;Dvjd`2c`udS#Q
z7AtkL<#&<ubzk?ln4W{f6`v7?LM-8IV~7*KOf-e+X3)kj(#~crQ5~y4K8i{MFgs?W
zolfAm83o@`Q4ksFOM56v10;mP^%bueodKchSBX*74XDZ!oM@&CbxDN%db`U$EMKpn
zApIxaUvGO;WLO;L2PbomsWTMRN|Le8rl*)v0<_)rHbYk~nr9I^zwGLDoBp4|t~xBL
z?psT#bVw^9EfUi~N=is0-4fE>F^Y5w1JWQZptN*INC<)w(jtf;(%o<efA`++1Mc(O
z^T*6Q>+H4HyWh3WbIzQz&%5`o`y2f{=yUdzP2Pb<FX*qhF7Ttvk3Ko%qADyfi){()
zL#td}s!x5&dBKg^N;pB5_!hU__d238JN502nFg6$=zq#iv=lxVUe>sYZGi@Pk(GKR
z7M~_R)eCykPB!@Qx44nQ+3j&WYkiW0ulD;IxS|gbH=JAaQcGwy?$$ksmA0bH+i-X-
z%bMG4LKb`g>HRqGL3b*dT8tWzN&2(uoNr8#*eW@Y;q~Vo;Oo0l+2-yq)#F5qLt~L|
zw)!R0*bM~m90ey56t>5_*U=-@mfdunRpG|MKaJ*!Mga8EDb4NK9^Ik2T}aaxgoNK7
zhBEU5Gwf`I(-KmXF)N8=2<~k|J@L99vJ`~od;LnwA)Fr+5hc_I;2EMuWk$B;ab~jU
zYEl>N`2%>I)Ftj#-)ZLT$llJ%cq6~6L%$iw<5*^(5&WA^K;dUn&8_|*#SMJnr{FrO
z-0hUA=#XyTNG*aCyr?bv?KduWjePoju3NI#EL0dzMlKEWE*!jo{(3CQC#M!CyO=a)
zX*uB9q!{BC;yaypv}0e5^72EuusZ19&7k2`;%CaS3=P!S9|+|mt_pz<`D5V^z>PjW
z$7`V6^R0^b%DyF`PZiiG6^ni<#30%No(c6R=VJ~aYx`a8M(VFN`UY!=u#6--;MN|6
zdDKuP?pd-lDYwIIHee0$^eq&JgXk?wl@6=;q1y={2a?s$=??W^6n!BCiqhcv!Xn2x
z<pFNY9IXACE@?kkS%ABiZJ_X+TsR@6NkEpXWgZItoeYo6p3%i-PqA#s(SDIfnlS0R
zaojhRk@G^?tKhnVeTqE~7d<UQqR5b?lx7BRWIq9@%x|{;G&p2*z@bX%+Zt)FW{XEF
zdgn)XcM{9>jz=f>s1#!~srjsX8GeY!wNpGI>m%`O6rJ`M-J<H5vS1Q8Ie^+w!Kbf~
z=swd_!#b;180LSkR@sY{earVo#c9lTP96j*rX;8cn&-5)+m3QPh`V`=@d!)rCK?%l
zWv`u3s_hHgm_HAGIeeWOfZOqWQElLD*giaowXNW$>D<r@f7IO@MLXQqu7bXYl7sQA
z#PtJ$Ia0_2F48ipPqUi?E>g30A~jF7Geu1-1ZyVN?ZOY^wb~%j4tqAjR4W5&>?v4s
z6>4Hmq9!EP_^>b>R{BvU`?GDO9$l^WpAjhem-f{*WM((J0im_tW6r~$%vK5an|n!d
z74{CHb4{gpPEp|#qcgS9UxXP2o?PcRJA>c^ZN};vW^WxS8JL!Zbh|t1R|q70d^>+S
z>ah|@bb{FG&eoqUjqUay)0PI6Rb?2O3C+~+c+8luYLn8jEU)nLEO(JPZq4r<r_iNd
z(^)c0>gZ|yP|JVBkF#&IhpoMR`XYWf5Rce<mj?AbDhoybnU+zaW8DE1bhPx@#(rg7
zR#fL3vdvSiGFVBpSGHNQj^iCxaHVnI*MNiFh0eyN&aJT$7w_t?-;C~z*X8Xvw$V}5
zecILe&H}doex{Ja-1+iRlUmYhk%6^7wRiuW_F+<Hn19x)>-fw{QxFyPB5t@*)$RUo
zf?G<B4Sjhi_L7RglG<FY$&<Vl3MbhKXbwYPWpsQh#hpN%zOz#Mk2<mPpR5ihBcZ3k
zEC<qKF>|YP>2b*s!uUtC_r+BJ^}Q`UCf^6Z3E*5LbTQ1M-Kr*-Gl@fPC+PJj+U|R2
zPYgd5N4`**-f2*On7TdP7OWoJLz5stWuNd+T{4anwIW5l93Q1dYUggFqs#m`QiG^!
zvm`0mkHQb!K;ine?o{5ruEVv(Kkjh`9lFA)O<I9fSh@th@H>A@Sa?iHyM??O^g@T%
zlUQ3B^4m|;IL56@oVY@kh3O3hJ+n-OQ57i5QZ>-y56tw{U00U=wx*J{Eugi1pfG41
z<-U}KD$?AQW}wF!$+6(&S%_l5zHf7oVDU;!cssj{-{Yn6)13V{gF-|aT#C(Fl8W7A
z-#LsVJJ#aF_Jeh!k^yN0zl~;S`re=e<Jax$UZtfsiAhaL2&c0}owPP$a@%$~Rcl6a
zAAXy!>mhylIPt)avGjxA83O=EGDCRu;aTqt9%`HU;d3#=UDUITs(vcfu6eni_aQda
zl(Q#Zk<Zdyg&}UMy3q-QOCJrF-X#|6IvTycb*5&fely5`J2C$t-!slTc&NS8i<DlU
zxJEGI)wb1JmO+>I^GT6fk5vkMzj)A+IMw|+ZaI_)u@xdaMn*ULy+$_xRuYJJK8M(f
zkkz5$JB3MU8#(KQw{u+=QelA|2mA7@iq}UD?`jMzMYqmMU_)nP)mWdVb0!cxL<lwW
za|*I@5}GB&2GzZNTUuJEOh6dG;^;n|80|`C{Y)a+j#~`xV1YSkh$DA*umNVr;^B2S
z@dI>K&iSY1P>YDZhsAhhpgfOWicblyEPFEwfqSE_1O`SOZ>*i2?6>sX$6C2hpBqc#
z{QBk5!{7yiPN+y#mGwBE;Syr{v%FtRWKcAp=jeoBvHo%B&yVTF@+<BKr@D=gzdYIm
zYY_7;5CuHgkLgj6vg9H}eiRHoI2hHoFBL1}GIqBTvl7#=yKaKHW}{%$o$b@FZ`#{N
z;hpZrzcRq(A*^}@z>ZF=8>I;6n65Zp^y;L6N6EN<pJh2wo28hQsJbp~e^;Vl;@1Qz
zzus!CZ->P!);la{t2dP8=?j%qLx-mi9;kIW8ptx)TM2nV_Fpq)U|W1YJvJ)ZbuM=%
zsS#89`~)yCdYVoD)V~i$vX3TD0C`uJ5~bW&3p6*JY#A!*Hsp*q8)hHojF%?+?(Vvw
z`?R^R7OIx4AF6CFW`5c?MW+J`pQizj-(adOmrm|q4i#eZg`|88@={_B>b3s$p2USI
zEy5DNkg()CUp23@iZo4ooa8<9(ig_v<G@=Zf_wotXyn{GDOY^jYz!^GW6e?w4xlL9
zW!wH#-Nz;vRjbRVo(%`Yw0~eSciKhpbIOM&C2j^JJ9!%0hEn!sYBby|Jk@6wm?7iT
z`q}QUABe>3QjeO$JCO3MSJ>Qi-ck`!HKop_oK5&)f?e`KN?S`gfHIFuloO@t*Jp=*
z<mn|QAnRuC*1<>otVMPQ2g?B}^aCYBzN`5tBRsF^XC(_?&5ylWF}|g<yyner^L%H3
zE<2HCsGr7Op)qA<HWCmcDEC{&;BmQHOhZaA{d|(|9#5~13679N*aEPtczh#dguGvk
zJb~PM&2H=NKn<s<skw#O<^-$1YC{YuLE)qy+qR^S;9(dZ;q?eU)Y;s4(hll=?rCq1
zzFXf@EbEEIU73Qe&-c;k;E4V{$$}79LK^|!nd7o_y-0oK2YR0{&m-FM8_Yafr^S?M
zjC*5Gq5(a`o2t{1)w_fnC|W1HkF}m}p7APZaB!^kJ{rCEk@W06+x;|C@F1jsE%$BC
zo7W98g}egBOa%zJ35A;l>x4-t85$g^4n=d|B4|PGGo8>HW8O2YLq=tQQW(=&S7y)S
z5qia881ylt#Je~5ieWXz62o$HU40fW)t19biB(#}9I?7G0`3>yTUK9ob&*X`UXibU
z*^!y|r>^7paB5Rrz57)@WoO;tAwqV;<hpHqw|{wd#o&O-oiNRu5mUGYYNY#%#w(u%
zm+}1UFi2tiVqi>t?p-|K`!}I@<@wNBk+)TuRi>m?D=16y7OcoD0+hq(XCwzJD-JtF
z30i(LY|CjY7jXEdhMy{B@!lfu6fShVD~lqItq(Sr=*Yd=y4Yjrw{<PT$U^}~_PC;!
zG#^nHbc8FH?amgMMGH$pIan1mykRla8QT~xvkp1w9ERQ(4W9y9lQgfRF>hlC<mRRz
zZqAdsx>6TrYL7mQnoelX{6VWNqcK;!O+?wr!KGFtpjfRRYb7M8t~s5mi7tAXEvFvC
z5#2}l2|b)`9yyZWGoklHP4(979NkWRPNeoQXn@v|<+mZl7#S5cD*n#%<1sisjAFU6
zq+9<BF3LgWUctsVwpY6E2;EqzTb1J0H?PMGyD@oG=JP9(HmY)Rsy>#g@;oIZqUaoP
zo`$XCl#vl1etz3I_QnKylC;{VyC<B6O1tY}q&o@H9UL8*rm#?4F@u`=(g))MUT@3M
zxHDNL&JH#*T0~4SD6%xVXO%Z^Dl>38Dg<!qQGEIohL*zZo;BlQG+XehDi%&+CKb=f
zUct{e>R}nUrBb-7EM@FhrsuWkFWy8GZ=Ig_q}XeS9iDCOQd;=S!_`&=U-hZ<a{Ke^
zNq1=gxV=P4uYgZV;9UJ*&Twc3UyH(S_h&ikP1Ba$!0}eULxRdR#_{3g%Rh2mEF>@|
zS69%G0LmsMIJ|m6sZSFaJtH8{gvf0uWiBaI_bM-bUqe+!I-$>-U#utc<ekM7K9h(-
zaioojoSccccB?U634s9Ssz%an4$brcyK*OcPjn)g@ux6zz-M}1HWMestq}q({9k&C
zK-JgSL)u@*92!t7^HXZoDpcJ4e0@B9z5VwjZM4hEEB%~v_dZbx`b>GI4D0fcGk%&?
z^4_>fyRp@1Kz34I<K97#@F19XfJL{s>9Mx9##fj9@ITb;2KMfiWlrvu)f<*awkaLY
z$Tz53A5t0VIlYe4XwIg069@Y2;~%WM-}{5Yve%QZ!`#nC3$!5q=k+R&7FHZM5R6W5
zQO3ORw}$!DK#R1Bkt5Fa237yLbB#d1Y{fiyg#G)rwWg)Ax+b+B@k#MJiYLoL%OrV*
zH=tJS5gbt*I^;y$HFrZoq@Q5>hm{8^ylx2!GG8RT*;vZTWfvM&@7VJ2#r4Pz^2whd
z9rWj3grh8IA(!vT=M}rs33YDKynPA%KH;_c1)phm5(?=*9WrdOEvNXX0$Jc!*`L&s
z9UVTg^tOVxIlW}tjqPTOR_RPz?3qsIJHoh0^V%i+g(u5`T?R|VA|-zG$$!~qnIkgK
zq3E9TWEzSh(WMnJU)Ewe3uuqXNgTFT9kP$i0H`n|Wv-rtdr7-E_5ShLS=vsh{5=}b
zUh{iD?sZ~K*O2MXalk$<%GKeGmz$iVP4A}#(lq?DW+eboc9_z-Qff?GYOH`DFAM02
znYsFQ;g4Z!>W;ViH1!C(J8e8h{z>GIZh~X+&8UIKy(aU-9I2ie8x|r)=765Wq+TA5
zXGtG$K@~~WNyuJ3b4GARQZFv>1#SAbm>A4m=f|=UbKcc}>cQ1q)WF>V6HB;Ys<6NG
z>&TNDzoH|3v_d??YRR%aBf#pzE|${uLt-HjG9h!1<Kxzz*%xB7I6NQp#aRAKOl2yj
z_BMvc!skp)leXX+f?s$BK1*lK*&K<nk`h$bRuyJyXqKf%OWVFgZ5{58J8O;k-`*ys
zdq39ksDW|GAx4Zz5#<u*G4XNR=1A(g?P7hR3_ta&WVuJ9Im;x1hjw2+MMyb6rVNpO
z7VJN#Sv1=Jhp&mdZ?20ri{*}r_w+Un{{Dxebx_0ZlDB4P+z9W?=~ueL;$#3TzM!#K
zCj<QlA^+0`;pjwO8NW<fyYP6up_bA-PsFwUQ#KdR(amTJ+ncCQiCJ8qxW5@iMtERm
zVHni7m{}Zo4o8`z@icq5T{&#+#8lE1sSqd?)oZUJH=2*vk_VE@b(*S*=*Td0C11pM
zu9v-?H&ruG<Kg3p()eBEn&%asTc$TmWS46mu_0|1-&c7T40rc^zG7<{b*%*7L0XHQ
zh+NeEHg_{-Rhdx~tBRbVZ8U4^Hf6cIEoW7h?d;tM>UU1)#-~43?&qxHTb|4jXtdt^
z@d3wR=2uwfDT;M<kS3oeu_%`R`B;5TeSVwo!)V(4^cv-wQ_PD(4ht&`)T~c~qbqA)
zNdA~TY<e&e8}i{+8=1odUR#j><*&$Gg&KqFC%*RN1z~Igtf=a2Ghy;c37|h7Rr&1H
znC^&OXi-$_eMdz{w=#{NB{KBIyGhC%&SZtUA(TN~@7A9+#Ss1Rp5r*pN>f3J6=;w5
z^2qz)kWRs*hezh=2R&zlqr@riYo6Vj3r>mlfX*g2bWlDq&@RL8`D1PUr?>7;ua2Lu
zL>-Vk_~$y?+8)Yu*R8}dAYYv5eb8&Q*GOS?k+p=WR55$5cB%3^Uip0{mfV{0+vqie
z>Z6+ZR2mPFKZkDCyHS+_BAJ#7kCg+NY_*c_O~vU4Tbl(pS=Bb}RrsuM#3P&Urn$it
zV+?b_BbqwNutF>T@f6*>IMQs3@#R##NCWoiM&6m9$p92Ti?8)_dpTFtC$MJd6YtY_
zpCZ2^KW8^z#m54_boMKwJC1@@Ck-`J4NTPI<7Pm5+(o@m>w6Ce2-JN^J=ut!hknc4
z^!*}kJwmj)OZrL`mgGGa_ejevPYq3@!c|7OK)>k_1*#GLv&QXNN@e)Y)^_}{nq}r%
z*~}0P9f1?-@uqJ9xnEMILHIYDF<mhg_4WJ@t*rvVkS*>34^1*F0v46jMbA#Y1NyYD
zd6T+Xak(cxc}wA35k?wK{A>=2tu`fH?Y1{yuV^i23BR;Nxm2Ct65r<?pm*YuzGKMH
zjBFIEfZFqmME658?BkL5=(&=S>rU7#ntF4uC9}OyELyX_oLoLq>lo%&1aiORjV5lu
z^;^fq39OrDM@QdM<YcktB7WaRQ#aNp8fH1Smu2sr^ER6q`w@lFGr-*K`;+;PyD2z5
zMBHdISH3w7VR8JiFxSgG2F<PK{4QG@vsTwWJl1;~Z~3|I)26DPK~de;%6C4buhIlx
zHWXf?p+|-7FW1Ujne=EHvC}EiHUk?P*h+1GH5T`MwoSN~Yt`qZ_Cj3kxXfl|oHw|s
zZh~NdHJHGK*M}*m9-An~z$pY<2fMyKcyh^YogUpZA|J+JFzc}?q3#|T&qO>vNImik
zuWg1(`PtsB=AM$z1QEpAU2P2~lOt(_zM<_CDKe<<_=`38tD>UU+Xdgs^W;EJhPom-
zxL*;unFrcb<^~C<GrGP3;7anC^78$1ahCRrlEGf|xh*i(uaEr_-SPO1J@#n8WJXh=
zyb!mOUatky(2XZ_bV_lOiX9$?#Mg#g3(9iQqNTY_SR*QJFzYRXa93pE>tD{Qc~8ay
zlxM!7%7VU4-8g9b1{UO-k=TD=hwg|SNtOB7pp#iLplzeks4~2-U!vC2ImmV!f~>U+
zEEGA54WY65zGD~%>rgi0`XD7&AFn>nr;%>D*yBy>#Jb0-G52LY!%II?Ge^A-DX*;>
zDCu6)A~IciW83T@$~$z|+SIT)`DwGp%i*Ga6z|lc(%26L%597NH%o&VdIHs3%i0F%
z>BzMAw~CwkG#1T5A_D6t)6~NA);H6v?Bz0KGgqoxPP$o*yl*T@Vg=#HW{kIE`PX|e
zwjzHv4bWSyh$=Kn=ClV>JCn_XZb$KZ91}?>F;><~8kdP^?if#24l(m=C2f6dbizDj
zMzx2Z;6({Z@m8<79zSbtp`oU3I_v!<CL4M;OqFC_5KnCW^(VI;N8=ICx0B(b_pSQD
zbT)3BMI{Br)xRUhK_XQwA7}%o+Xtzwk1I37x)rCUs+2+;`*40c6_d2nAe)x?pS`Mj
znla2k!5oQ$%<@^?V+Fu*6c5(friZ<3@=!BbxT9aH+j1s^vf~Z%yR~Sa^Hmn>EyIBh
zJZJTuCoij(gPsO->MbvtO<1Uayi~ZGWP+laAX~;GG!u$xv*_VEJh1qDJa=gCs-m`e
zq4<N}1}*&VR;yie*=wN&%d!@s(yRv*o8P%tgIq(W-vC8e^8+#(PJd&jH*NYJ(V}w0
zBzyDwD^4@ZGp4(}meA(Y-2{q^Z8hU>CkKxU%$P(%ZWF+A2R}cOfLDl17&x9%)FnyP
z#YxQY*i%w4m-MQdINF$_B}DX?7$=KD9I(Er$Q&(_#1LKA{m9?GOkmG>%gjPgv)=4S
zQXOh6^Q<xz8D7#|jF;}GD<yaO_BLuTwHoJTytxR;k``@blTfYGqD{t+86T$MCL9eG
z#Y#)3upZZfG(OXYo<|;kS`*;pL=^l^U=<36<f-3DDPw5Md-j}rTu^7~cZu?@d*wX_
z?U`#~Yp!sgGk&0q7)dSV5gV-~Y~tpscz-A}4tC8g?+0QWWl4PdK>{t3%$q3cfEFIw
zUPjjl-g+&ew69blxD*E?>v67&`}mS<&3jIrA9(Ukw4@iszB@Yf&9nWOzj=lZ8_my2
zlmL!+rayF$f>a19SG0B9ONSrELO1n8?)=skd90@>zd%I0G&EoJJ?1Em#WKG)Bx@yU
z^XQCeR_`U^l=!zkhrkDqEZ;TMD`BnL_dxchFXk0K*A`9ezh;WR*i6TBT^^hCj~^aY
zRmYq|pjJe;9m+Dlyv~r~yKjg5cI)9fO=%K|2_ZwfZP6}olwN$3NiFx1jLBdpf}mtr
zvZVZgT3xwR<INA7`u7a7{Y!m)qys~tsCPL1g$%<ov_=db?Q=6NfHRzTIJj7ED*Qi(
zVo@OeN=N+b@)-D6Q9z|%h>Qa9SHI$4`#^v94NjX;VIeAzJFM6^AOQf{a1Z?VJASW)
z!vtV%3^6l9@&bXz5X^_UF)skK@gjl7Ad@EuxUo3`%*l`5*yE_k+Hb|e1_99Khs@_+
zA%_TzZbHl9?FSGr_*{SEd}Fp_CiwdUjsyWQiWwJd5HJXcL3q&y1VGVuj@VIPC<r63
zaB&|5d9Jf@!3G5Y&NV$Q*dTB)0K>`!8yo}xUx^Qc11`sh!4ZFPqA=e73myUkgDyM6
zATZ#Sz?kVY7=ecifuRWS)q#K^SHS>*$ba>B9v`!Tp^$$W|6_xLuLg#|0hkFs=i5J^
z;fSlufT4iP03kpy<Z`wEa1<tompTL>5LZ~hj01Vu83Kfy3v*lmgYmsG5Fikfs7vi2
zVAy}aV8;K?NPw_&L6!?0Vw{neg8;z@z-6`|VEF%0WAJmWl8gO;5ukq$_%HuJ7!Ys;
zAq0Ab8BCBXBZdHxSJH&(?_6N!Vqh2oaJjZ1U<B%XeWeQxAs_(kGSxuX)s%n$@N;pM
zi@sna@M?b`z-2HX0OG%GsDJ1Ofe^sU^g}SKLtO>~0fEmIXf6cC_@0Z^T(m(D;45i@
z0M2!F{%Lp4KLi9pUd|H;f;iXV`KKY~7wG@0bWB-aVF3iY5*Xuq<&Xsfk#N)nH0NM2
z{9nlv#``i080RaX!4M?)ayv|a$ji)NO#f3KsQ;~gj5G8ynDauvN+G6%FEIlF17Md^
zg7H09sJXx(1XJf1*~0J-fk4hhjxIJt0IyI81;C&eodE!hEX}!i(gj}_=7_yqaG3hN
za>&9#m=go)k~0R&)$<1wdi5xQVXE-5FB}BC3=jgpnmRZfdA|DDU(oSvSd>_ZcqA6H
z0Y+m7jzEaRkP>1N(l9Zkv?Nko3<d{7fzn7Y5GpPr^#8WdKNsV2b}@Ex@o+LTCx9ct
Oa1a4IyOfeN!G8fmPv(~Z

delta 44120
zcmZU)V{o8Rv#uT6wmGqF+qP}<iEZ0XCblt|*mfp%GU3GEyU(}xsZ+Iot*T!AZ&j_k
zue-Z*-XS`IAsXR9ff?;B*R65XfKx4b2Z!|HH0B)K?H2_*HVZ4t4b<$Ko%ui<Ffmj+
zeQOYm%o_jTseuDPehwrQUq(VTMRpRo9ajG3{AQ`r?+y}G9yJ-r85nUFo!>c{3ac?v
zdC<x#DLhS$)l>RnHd46Aq`k+v2ZMhH&8bBH7kQ{_-JgpC0N)SOc|a#;!|u!pG2-_j
zZqD_TY?;-=9(5ddmJU{4p%nUIj@5@EM#D1tRgn*OlfV4}iM1h3!!bD-u`>4=x~>om
z4Hcu>u6O$}EbkrdTs8!o&*K57by4p0-zMZQg((drM@BwqP7-*3M28>5`rE3T1Qr;6
zj3(n{@_lze<Bu8J)EpUoO@R-C9De-3>iB>icSHV9I+eRv?pozvbcQi-8pydCx+UuB
z`d{kg)=g?Bp<dYUlP6alxi7?)x0d8tC~LG~QpF6Crw#-Vj0>;dU(eRo`$d6YHVaUz
zEh4bb*|mGGh6wo`k>4y42?ko0ojh0^i3|aXnN(;%u5AEDrbIz#>;S^rJw`nxvQREr
zY=UUZ=c({kKZ367!8-K{V%!_|U0nuotO^NMJH06TtVUi`^Yzwjm7JvZqs#S`pi+Bv
z5^}XTS4~nasY#q)^cfz;oBp%a)C1Sj#^sh5@yYG(9zw9Yyb+F;@Lx0yyI@V9lp`wy
z>#MC)DQ*Jb{A%fgi4{p|Ok@+mq8Aq8%WsA5u9gTv>IKf5SOZ$LIJf~_m+OTFN(XfS
zl_SJqPOGGdusAVd(963DoN*{)O%+l+G2R~STtkb+sk;FY*?hK*AF+D@#xlaLU<dZ0
zWj&Ew{Q6`?cd|_&K7xn4(O|Q<_}^MFWGW<R+OiGM;){WPZM|(=0^~uBN*jq`HYZx0
zf*^e|hgpH5;<cQ(Oq`_#ntY&udx4Q8n$@w6B1kAxxov_?vjrcZh5I~TJL*MQV;~~n
z#t;s~WAA5THnf))$jl}^<cLs(^3+Lg3LJbk9oaS|p!duFV#Zbm8Nk;&yq7j;dR%62
z$8`dj=Pk?L9Qo{S`3gmHTl>ctg>AcVEW?nPr`JkQbXGb7a0;5R1)#BvSEunfAY1z{
zUuS4xf+i5b7ttD$qKc>BTBk2T=SPnCvX~oK{*8TsTKVIC&yGZjUx}lAt9ub=<gZA(
zGllP$dBDJriij}ad<7;BRbCUTuDC^l7h(fo7&2)|OcQJDjB+T|4<;MNxnu?^E&k@{
z1)kR_Q)yQRsutMKc*;A9f&o_>Pnyq+OBRcllF@K~E%3n$xD_NY9%M<X(|W=5du#SJ
zlqcL;L(49w<)V-AtE<BO0SfPKk96Th&qtdw0I#p!#vvklf7B$mr!m<_LBZtR_7{Mf
zw};8^kY2?Gt>M0-C_Yd73Ijux;HG`6*+FV|t)3ZifMA-4IY3DPw4OB;bcO%r5Nyeg
z47k9pt)V6*YIl%g!&v;M(-E5jes^wLXxtF3akbE_21cxDk0?jO!{z|?PSM1{2HX3m
zCe@^1xOdA^W|kZ^ztoaf=A<h5iVYx8t_U|7z`xm0T>F-pLL*^d4y|42`f-m@&C<40
z^(rp%U|-{Qhb76(PVtxCj9MLOQy7=Vv1bhbrDP(+U<&N9I|DN2CshX6zSln*b>YMT
z#$65=*RI(PnJ`wC@jCKM3Ql*LrF{Z#_L$z=-*EQ%5zO0Ip>E9s)>|Q`TQ@*n*fOIZ
z?v--em0mEpOGmhBksOU`TL#~x;`1>tQ;c`^)k6LFu~YM{`N;XDNXPgxt(HI_qznuN
z&Bh^J+OdJ3Ts18hS=@jOlrxRRWUcZmzLUs>fsYCb>RU{PA4W8$dlMyeA(7CcQoen^
z!Vj71UJPT^-9Kd9Y!_r|#H&D!k2~n%C$FxneBzVm;EU}iU+0Cl?ZEQMWshtF!!g;0
z>%?C>+`MoJ1Q#*5MSe6CJJLn}^=OFQ_Q!uifo^w(MIHl~40Cu}So5}!WoTF(s`lQb
zkWabNC8|_u<kb(+!k9)OMZy(6VfX2-3N|D?F476gHw(C0+QE=EGm(Jn$VkQ4r#{z^
zCoTS7_uB@uBjg>fEwtC1{$DaQ3mCIxtHCh;m6VF|MH}F%I<sx}_Z4CAFda=)e`UL+
zeg_kll)a9;(pvb!y&xKx_=GzQ%PvTKF(qu9!KiNEbw}vx5RnZu11>0`YfEgw5G1d0
zsQZJ|B7+n4kD0@IJ}JOdT%c<dA+1J7JCZm3$-PD)C^>lF%EzOdT;xHAT35+t%!Ex(
zvEe|e8>*0|TUNRtc#-f-na(#S^l;+}lH`Y!=vjSJU~clEvaW|9!Xi{WJe0@IS8aCz
zjF`=#^)EfpIAno=7wTHQ=Zx>6Hzc$jhr1^RFvf00t;HcYB|m`blH)6BtR6Y;43p#a
zJH``-E<mJi#|!ezec=1k{_XPkDYCYj=!fDOC@;QHLN!-+(X(LPQ@!NR7{8~NiQK76
z+PByHC#I9f69s{Ge7@G*zk%6boViA`-<)C%djt8qicTj_^3Hm4ngSklhU(k?L2;!w
z1p@8AZ+-GXTCsuS^`z#OGu&?N5vY)5E{IN^AVaVLD5x^skok!QVxd*NPj37fse&D5
zhBLmz@$+rzR4KR80nX0Eii*-J(ZEXCqbPQfJBO%!lyA3WCMmBb-x-q9IflMQ>3JjZ
zFE<ZBr>g+pacE3dvCi;U{!3`*pPD<P=yzcH<;{-Rf*e4>o|?lq-l#nl!SNnYA}&6M
z-=crz!Z`cOcp2h+;d!llJwIM5<E<)EXnd-!P+<3)I9DayCnSAWOW`$sr4`rnGpJqe
zy+lU_g<fu*6PN9_H%U8~a#nuNb$=BE--c$foF*wC0mnpG{6eokK3fD6vEpIE=+B%G
z=qC<nvjvZ%xtqJIg^2^4g`>HXsVy8Q2{XxmovbX}-2W3}W&ZCVKR=Vag`<_bH3=(A
z3#w2W7%eNye_wGj^Zeg*_WzyEk%}rr0nF$cxNUPb2dp&+cR6ZUwnwmo-mz`)OV3&#
z?yRq-SF|_NmA6;nj+^p}DM}}d-CqW5-5X5+y_KL~A4x|$Ki^&HkYyq$=FbEJ-rU6o
zng&nli-2yR!HXKy54higT^ne=F}ft=)64Jel|PGI*@^baZV_*!NDa(sTDcJieh2=h
z)FV`~1cV0eHL;!k&F$6_EA4&RoPS!pcI4{#vRP>%E7W>EtTa%QMfsCbuIe}_S~}gc
z0u2{VkLW_CwNKIV0TV5Ce#JgwiD15ie@*b5AA}<U$HR9yn2=vH1bVmvZXx@NC=CrQ
zcU1UM%LC!~_;D}ecMG2J!yB0axu4N;zIXR24>xK<pA<+C57t2M-D~~d&Cdkje)YxY
z)zF7{d1Rj-`~~)HqV8?ZV}Ow0tR4O_`H|P1qJ3hkSB2qyo-p*1Lru_GVjusu7J3!w
zd6c$f{k5s)?K2P4vPHG2;-_t!iN?gH-{`)i+tIF0^<ydmb;74Qlh+f_(Q(UIZ)l{T
z4{oH`d*BdT!QrICMN#}P{B-m_KiACN$oU<(C6KWi%t_Vp`Zi*6yMw9sR91P|>GwC&
z&g*K3lmAW)6~1R?)NM<@x0@jMra&Gsvp-G5xR8+w{`cWiC-KN23;R{&z`uSWasMBx
zj>HO@qa#BFgvu4cQ)K1<I<fdo<nc=F)Eai}+U>4qlI&Q;Bg-#pmlD$E8twBsv_<5U
zU-q$SSBBLW1_|19qVtdchEH|I3t5*P@nWJcp^DKMbBu=6Bl6<>a!nnUn${h4+O#O?
zHY2KC4TP??z-St3Yb?TFaet*beN40$>_;<!zZMQ<KeHiAT!CEz(BfEc;dV!x1R{vu
zICFwEzF$)pbD`-FnlZn{8|yW8e`v1Qm*%wBLs=(w5kJvC75OgTffi2xj&$rdi~RkY
z`r=tZig;dTOng-@D`H13V&&FY%dfCw)2|@TwAnhS?V-eR6LM;!`-fcHswM{F)-nEI
zS+jnN@z}d*!1uTd5KXL0wN6-J2n{>6yy0Jqec$=r(oygE-pk<FF{w=ncIVH_eDSmc
zQGk0-GdVnVN6}4qDv9&T@AAuK`kX;V$RjXOzshPRP`WdC#QA4m;XhQ{yhaEjYN$ry
z*o%34VtRFviLsKtLSwer0PeBwiqGDGEe^BOaeHe^L&vu=pmmxg`Ir8BUfJ;ZH@}Qb
zUcnev=daF!Vc9Vss1&5IykkTYo0fT(?P|^!_JSdvVqz&yH!vaeH|Mp@Hu+PEgO#A3
zDJ&}kCyj)I!?`{h^uX!T4L*8p;vq_SFu_Il_^8H<gkwrI4}<L9<UpF%JxFJ2wadNH
zikF_<tuD}9VC|wqOe8%asfTU2m_|<nSniE`%NxalX+-ko7@r*!E#mhpE6{gNGBapp
zps4_NUmD)?>0`+_0FsCJ5G6tf3rRSZKk(zRh`1pJZG2ahc#S6O>nI=T6thS%=~olS
zzJg%GV%j=pU*1dng;d~_)yNR?RinBciZEjqu$18en=9^aA0hM9^@={W2fSSskKF`z
z@RIUqsy(urFl<p-yb0@wH6%YzHoLS7nz`X5D-1sT60dH00|jSk|MSHQOQdg*i1^74
zTeA{$G58ok-oUgR`wNA4#c$|&UG(oOJ7@8&Vvww6%a(v$_V@Rk`3UQSHmtI8p?vOi
z3JfnmQD$kJ*8?RtE-#;F%<GmUe+Cr6>xZYuE4CY4^bcHf@;HMz-&m|T^ZmaCNf|(q
zu$J3GdJ1{S!Z!9hB;Ad6^y2eDRlDA;ShSY3YBWScuP_J--m}h1x~=0$Kho$0@>&b#
zbZ2e*mg5i&czcuJ?0}YsUR4CC$kX#UH2MHwNEhB$@#$;v?MbHKEg!zLy7ryDOyOAk
z@BB}T(MiW>!|U6F<{$mhj);5z5F8wvl6n0Cf1zEbd$Z-vJJdhLi=p+y-?5~LlN3tB
zO{m~AoUNwF0~rkII=7yBJBmJnIDR+DdF(v<8XW^*6(g8+*98csZk&1_{U_b*P`G!1
z;8GXpRYcSsyzu-kxtG0==-tYHRL$r(h(w$kS_r{5vzC{+QY%DBgOJBQ!m@yY&z8+a
zk-~prt${k$IOY&0w!gim9g($Y+ROI+Zd{3FVp_`fRz;5M>e$}B6+>5EB{cL|x5&s*
z?>Ltl3tqBhu1=bsMF&%YFR-<&zEBCMn~>6tzYp-WPSZmbf*LC=H;qOza##QDuooZz
zP9VMMP`hY{(O7pmB*<i2v+`2rZdFL~v<k@!jvSsOeQc@uZ_<is_<<sM2tK|P`!-<+
zeq2V>xwLu{2DYbx+;c0zKe!G8n|Apj;3pnP>w><oj|Z=bZGt5wJh>h3Efxr%hJ2(0
z)|JA|nyB^}Lkh5FYf>#CIAJ?ziJrMo&u9IRZa(9Rj5DyVKL3lt;m*vwj!!sOOkjYn
z<cP?J*h#8lF*TA{nRmoC5#tHRN{}$73Dd6|(J*^RA(MJWuUk;A1EnzqL@Bl`x%GdD
zgjL?NE127}*Ai_Yl>dZbC>j9l^6iTFP|B;g7Uc1yPpaCiE;MBoYR*C_NEH;GcH|Gu
zU}ABHOVrwYRCKY43$d6*OHfleQ?Ja!ADL!EB;C8mp(85!-Ef6X{4iR8V*@4eWGZp|
z_7?jtdGE)O4OV{iVtye3h1Yv_7?I{Fk_=d6^B<Y4B_6`%Aws9d00(e&SB{`>d!9(s
z7DP3gBvQP(*`jpDi?8mfX_J?nv_Koe@cAo+DWG29)}ieP`cTE!qfaM-hyssJyR6~{
z(E|j|oM`ehpnt8YBm^)bY{!?@pCPb5X>BGyj|rq=9um2DG*~YoJV}!-Wwccm6)_JM
zgWFCxsuP8Lyv8GrWC4zBi1jb92I-c9QG?CayPH`|+!SXtOsNG{D1J8*S8N~*b8Xq?
zr{a9<TK_s{7FGVHF3_8SM@340)CGgzUC=N4?4M0cB`b(X@>^}JOh<Q@+4qh%Tz%>+
zW?pC(BiV`|MRJ!*qpT{am*7|AW`R&XaFP6@e=_AF`Pv{gr3#2q{_Lr@@_N<(Md3g>
z!vT}X>v&coN^0)pz4mn;Sf$&5?4bbRRV#dOp=dWtGHuDNYF7zvK%OnzD8rxpOZi0o
zUe=bD{SR-pt#r#U*^Gz^_J0_&WT^!lXK8<-!RUH>JZ&DC?7C;;9GgOTKHfpihBU#F
zkrky<P}D0G>==*~|1?`lt?K?~O0s&Ii5s;o*!ZT5MyRL~$$J)|2a?6C^QEocxHol9
zf$j>2`G;lF)NJ0mom5h!l6-9E5sbj8$(?K5<=1LF$Bi2sYcWO<vH_2@xaC26y(iyJ
z7vZX1IcF4>2RRJ)(~qDLeF!SX$kqAnrd%rCnJ&rswhn+M=ZwYfkzN{XF$&|^U)c|l
z4{pcN4)<-wI)o`AG}x+K{Z`T+CGxLUD#u@wo|RHAwvisx&vlOlQ)VcAjEAU`hj9Y#
z);WTUww}!CgbJLa`K{0O@}Q(qm&7-|JKwxcR2KCY_aL|i%M1{knO`AR!)eyPS`3>6
z#~l8mZ*u~7Z_5rwUfG0!S!$cJU&Xv<fvL7Au4GPv)4{DI(iAhO&dyPAB{BXm*)Q<z
zQg?XATTm+su0H&EU!QzKCjz&EW<J|)9X>j9wut;TRKIysYN!#)k^l9(CJC^s`@5B*
z9sW}CHsbf~cuSqtL6Ug4wp`qkqIgRfs(*6YD?<Q&Z<fj16LwBYVM1I?8VE>4#0&l)
zOd28_DxyW`&aBD?w=3oI=2sITP4?VgXR^C(4XJk?4e7!EIgzY9NnRkKR4BJ!?0u48
z&4RO8L@w*i*_QizDb8}<x3dI0u8XN9>%|GrLS7V+MA(wXe60ds#Ez6FY21Y?Tu((R
zz^)fy#RZn+TjnmQPxj`G>*e>l@%hK^#dbJ4QydM>)T41~f+aXojQDZdkG#BQv02P@
z1`Rg;<j)wYwOa2RUaFS%JpFp5n>Ejb-RZ?ji+{8U20G`t>!DG1mO7EX%m5%+g!dV(
z%pO~E2ueKYkM@vY1S&Lf_txRi%-LDDhBV;iwYfv0cA$z|?s~6J_&k3mK7tC0@AV*n
zR@j^Brhd_SLrlyv=O)9`nMt-k@kjdf`}V1vVlzX4x9q%b4$h5~C0akKp7Dz9N9slt
zXpnIBh7h>3)-MgV=^c>4b1$~N+lRJ$X&l?n1>_$UisatW=KiW3r-!MAb2$K(+XQgl
zKysjhTFK*h((USYdw_*!_HH83Dk!V^f~j#5ZWr5^AQ{&0?ZJ-r8){d{V+K{WFLht$
z>fV^WNYc&8sL5`j94eXMo^)X6f`@yhb+Ps4gh<Rw<TJA5kd=nb{h?<hAw6>E=b{=3
zcQcEbr`jRfydtmWqcdmxSuw<z1tUNJi-xLr>g0Ik&&Kvn>eWCkXMTkApvn9th-W5{
z`$2!?E^39Drt&(lJssd#-<OQ|HBEMAS!l1dFj`rVwU}nVm4#)N36Mc6z;{bmtq~qQ
z-d`IT;X}9zxw)@W5_x*RJkQ);$9!to$+xoA)8^(I_6rKU+xT$&Az%`flmL=*%V#u!
z0dBzUDKU1bwl<cSNvR>@`=86}(x|H_j;V7zc33j1trfC;X)BR}7?ObR`axBnE=vbw
zDjyae<S~Bt)Fq>Zev1a-rU1qO(a-cpql#PGxTI8TP&2L&FRhMGgciTALc-X{YGU)I
z%bDi&_SI#}Bw7oNAM4-q9)M`}d3^Gf$^i@rnIME+Qj}97I4V=JR{LkZM`l<R&6QcQ
z(sZP^(zdb3^L;ywkzzEDvxAZS$=?})_W*%xcj|dLBv6NyndA8gtA$6w>iTJA84BO|
zadjjcwj7;|9b)k_q?(>)1om8GNIwI1#6s8{4bK<b9xg2hls;XAQegPxuKK1A9Cen+
zbEVkCNSOJ^fgv0IT?@}ar8Xn%yC@p|>SPJE)^+T)RnyOnDY>OxGE=-xyXGrpdW6ZB
zCRSi3h_uMh7EUK<8Eti`LRR3PJ#&TJf4-)5RKg&^O6qKkmY2wUA~&%2y-lpLLJHd~
z?xZj5!oh{~d|jW4YM^AAmM*BGCt*31=pys{L&C<egmn1lrmnzRzJxMM$2@0Qpnjv_
zTJivuJ>>Vu&a!Y%btX0BImHR3v$U+22!xND*kDoZ$2|J5UtyifetC{xb=-Wvd5fEe
z9`XHKaJ2gngs8xax2#Uibm#MwtH=G`zf%A-oW-f&KXmWr&iVg>J}bw6Q#u<D8~gvD
zJKO&zeKwZ=gYM<p25wuOnECw|TE>gBVHZ&-Ac2)k3i_0}JKkDtY1!ACgoxt9Xl5}-
zXhoQ}c191SexOMuzbJCA-LIkv(K@+1U$))qKj_G^$Vvvf3(rkN=N<1a!*VLC-jj*u
zYoE*m(a)hT-=huWRemX_d2=hyzcK$6%~MAHnTURxxdzaA_4QT=^=R$&ef*sn{xtd9
zz(?JmTe6a>e!y%1WHF-|pZK6y<tyab8Q$kx7vyqr3tze)jINi;EHWgmy<sje(b&hq
zwlVP&zo%uZ`E1;S1w7gJ0fAznH%N@}<OJX#Yw$C$fQjemc}lWCaMpgT{<TEtK5?4M
zXt{FL5da<h<6R!(fJ8RD#_z!hB<Q)z+B@}TuKrgq47j#mY2~#u`RA@6rcalchZ><R
zC9As;huJzkg3EYPEz?gGKO@P2OMbf1G{~%^akqpy<@)4fv>`5W34)<Zpkd&)m=YnC
zJDLw;%y;nQ(3%E3vw4@x`4hLsT{NK!!&>j|9{AJp$Vvi5==^3hI^m@TpUT6}gt(|L
zAOw9%ot3X5l0Qh96(O@|g@MK-p_{IgDeR`wb_%yLkhm2Oes#Xp!~Uy@mbXI19`1Wp
z)14^>@1jscG=or1tdA^Td~j*~mW0M7g5ln5aqY>B5wqLPod&iE&KxTOgYm>mebq|x
z1ei|jN;!jxYvGaW&I9!eS&~VUD2;oT+EK7l-lae7X-@f}lw93yAFM>+T1uLx;TB}r
zWW$PU9Cq;Qa>{}S`CYf#3)JF~Y;TN$!k}Hj#(fPlyyy5FT+->f1ZT{|hz|X9b)pzU
zO_sSh5Qc-17cS$J1Bs?p676Y5C7_x|9)RZznX1Xl_FIQP%K)wO*W;LH|Ho>>Sen%C
zOv5m0f`fOaOLaFVUFrpC4psGFv&N}^tWg~*Ecxy)JO%klM505w7`UJe!r2(mhixD<
z-_Ofpsj{u6{i(S}e01zN-xKvj2V+Uk0zJv8B`QYuM?P8|vW=l84ZAc#t_b^JA8;4`
z(SpkRjj<8aifKM>{G$xQ)|Dd$2W<<3vxLVDIn4JDswn>!SaKyDJ3&fPf9-9>7Huq!
zqUoH^q<nF7x-bEyKqP?)4Z4VgqJe#=t!Z2M@L3;w_9Jc5X{*A<W4GX6X4nt-)m`3_
zytf=Xkpun{1r0otz&uvs!GFtt6oA=|aLj?0tq}bAKVeTyQ)_Fr@hmA*{E}b7V{j9?
zWv`#;%VnsMaByw?x}^D(4oDHvgM7vWeMwlx;eS#*;ZmiMspC9Z_t`ai&}MAa5t+N!
z$@l7=wASLl3(&+N$|O0IN{v~D`p4cDXW9O8Ydr<KcS|zG;yor?h2DjDfB_sIsdpKr
z;6<m3i(F2CP@weJ+&_bVOj0k01t|cyWJHcsaYiPaq^HYbtB1nqBRd3>K2x;Fo#LbG
zMJ1aHF)e|#vPR7AH>49>Bk(y6_c~4UA3>W<61o>N2*TB2vKG(a(o}7A$JXEIqdBJB
zj8SxMZPi&UXq_PsI*ill17v@O3HK(gtU=U>Il!KI#4r3+lpBWTMv`}fR>9b$)0o13
z=&IYK!t|vGz7jKfpH<vft@7y*nZ*oCDoMtw41aPgp>8!M;fJB=B;pNP+j@RY!yA?G
z$&NmMh$bSBC!denPYvD`ovbhsZ7O6w`!4n;8Xd_&s<zd|VQayd28vg18o~8BRtL@U
zzt%Tq@J$*@qYrKA>tSvDnUNHSZ}Z3r_+noqv~(D-wVaIl#q4l|0Bw)37$zAT&t}I$
z1;n#AV;@w@q1Q)P0-hTYhs|!NM6nkKvpQyU0i$b#N`@lhxcspPm9TsdHI)@zG^-@%
zDi?5cQN6p9(KA;J;N-zNi|v~YkMm8fsBG#}=(pcF*9!xZ-Y$Ppx@}8u%J;*U-l-qs
zlkl@FKmVZhACSx6Gk>L&`3<#nsB#uwP1rG3yL9M*?gjWFCDEQ+`!MhKL;T0dUPKnT
zVZpn1uG%SbgP(gc-XZRnj}GNEb;HfsP{B|1y;=`K>HfI@uz&8fulBnGY>y{~tk5fT
zWV|P@<;iO5%W!a>mXtFr?03wN??|!<n=9H&a3Jgu>R(0Aw3`R`oZtu_Yy!66jZ^Wd
zSyA6C#Ak;Yd?-F4SV1M}L|?qY8FZ}A<T(HOIIF(%IxP6d`<;u*g+a`OBWE8E@S199
z!kz2;QJL2S;8iT)$*PNtX)94vT3AfI9*(60tj0xmWrJR1K!g$*e_vBCN@zg-DGZXe
zH5i;z!3qpkJSg_LcSU$tVHN1}c#P}+u1I=<;}=?GM2LjL^W9yQ7-i!zGSp#NTBsk4
zlx=JN!6~fAxl$==zwae*Xs@ln`CQty%|A?GX!XJdv^FP%;XF4c7Mx%8X70nzSsLTH
z2+h2drirmQPao|(3`IN<L&j0$zLAuKcE)w}&`=s4L|5bci9n1LJ?Pr!W^gG*jj}<|
z|E;{+*j_4g&4TUIR{DZ9`i8s@HxvCo^8Ej*Gu!|8>MYz`|E11&|HqtX``^ww+kZLh
zlz`Tj<F+K4gyAXO8v_N&^JBOc16Z9sT{N29s_pL}be|^cWC6BTZi<~FX(DK!$t|*h
z=I_oG`(4aY*bfr#b%RW`N<|Go970X}ap2jh*9fK6z+Zp<L~Hpg`sHlYx2YHQ5&3dv
zn4p5jm?nxFiM(}}NgsIxn16FI`TV$^1aypy7QJSt)=sUsW)n|^`Z|VRICTkYb#Jbp
zA|c6%Eb~IMJ(?RCB^cXP19tp}h;+x`iA)tss|1t{E|kQ9B4-wgWq)TLOH{kOm=6-x
z$2_}$9nvft_^I3~g<mFyQDQJ7e*zCrFYNCQMT1n<CA{l}=$&XB8dzh%3z?6UfmMQk
zz14Z$+e=D{c{0U$em=`w+*B0oihhsQAVN?-|9salwo*A<n9YVVI=pg+i8aX$89f9W
zE9r&TrPFxK(xA3gnaAJg*|j!dDPKu3UNeSYQ~HRXQ*aNaL74c>PEHNg3Zl7_MAg*f
zMBxn1!sbJ(RY64aiy(qked#+s1DJ~|gSYdBtHU-SW`Q8{J_4@1?%<9_SXB|=(qS_%
zD@s~U^;+1qI-ogh=vVplKQEp!oRlCL=c6A3K}xdeWJ$l0JG4$~Gr6$WE@Qd0PR#Fq
z5id;a>RRRM{&+N2n@jnzL$Ks;_wDyNvfeY-xQFdP5L7>(hIxZ>R*Lfk3M}tD_@Sp0
z$bvsz*%==<@n*Ei&ztGqT1xxi-S(%;>sWS$=RfFOD*k%$3@eR#Ev9@Zo2dqm6U#*o
zu!-S=hLaLI%*)A%B=z)xE?R30H&vHyqfLwc9n0*dlUo%Tu-59)mnt2|UzW=F2h?3A
zaw7DMC7KzrblyS8oV7uv3CMn+3dwO7D6S4Y$RF=$zSOS5PS|D~`o_HWXt?x4D)#93
zBdhtVL^1XwR~7TUxqzpX1ikn6iTXDIQCJqF7*mi4VpP=tZSlrrK3c^AxuVL+H)^pT
zkw;@5d(?t+1n-FSL;y=NY?V#qMkqUuu~BWeWLi85$F;>7H02#{8sO=gfR+^zdwr@j
zHph+abq<XR%pR3aFRG1*^2g`<8rTj@Uv+gJrdCv19v4ywbVEBJM#oKZ%s3u(w|rlc
z1SW-T86k1B#T{V@Z}FyMZVFFWt+;SMG|rmUInH5MgAV=;ZQ7pT$#P#*E)`+>b4`OS
zscYeQz)^~A9S$KY41_Nsn3E-I)GeyAVb5W*%p)?3L$LjN!I%4)c8SKVdg-71-7ioT
z@r~FhkPK>a;^C!C$%g9{8NrQvt)lyaaKT4S5dV5APKSd?YU!DHk+iBRl@U4xw*qPY
z(~mtj7!UX7+11!eoNC=+Z!mH<Uxr5bu3kxj&OPi2_!yp14^UF0#6uc}Pl>!9=ZJcK
z^xPL<#TMV`!LDjoHRghXWG7r|0=f*UzVWfTx$HMbTFc^V=RRD1=wpDdPMA4}^U}NV
zk<xXICSQfEgIxXNzAs}6I=2f4uRvF{{D3iaNBXiE5nMhpx&7<)ZEI=;$ceX$*|WYA
zMXXW%%}iE|1?c)0314Q?m8ndQ8s<<H38KU!wSq$yM~E<ku3oRAB9=;FMy9LR>acY3
z6~q|P+mVsv5ky#K6zdXN{T4+D8d_&fMwUC{H?_T(gX&z<5yTZ|9sDCL;Kf?##c3Zx
zbUmm~bV6jw=zkx{SW--6<i6nR{W}=nv-JbI5e-h14A{3|`9pc0Kl*nFmx&E23WKV2
zrk+26%8h-oOb<STQvC?+H=8Y0ud)u@7RHA<2i>#`x%T2}E-h^5lg!nWd_j>db+NiE
zRW)mhYstIb@(E*%M8b_Z9XIPx%kk(RhyxszIyG7p1B&JvZ^fd`Dnv}5Em8*XHco#K
zuc|OE1OSa=bHzg^pD|OzMY$=A-=0Pk!*y*_HgC#z!>}rYBde;cMm~?KZjJd${{nFt
z8npb*c_WscE8wwbgIhU=dhyE_bZIEg1@8=V!01R2b}Mmz1%(AAq&SSAX0y<S{O1ZN
zk);d*{&aD~qCIIn+U4Mgq*C3rs!VEvWn!tB3xJo3M2-;|+OB;FbDC<=yNax4;Sun4
ze{jX23jm%^hc%STS2OJNd(Lyh;KPE3l382@K7+|)gyXZt^za&`Ga{f<81j7+yGzqS
z{R6~DQ9loVQq#%)jHd?SUdE9G{Kvz1^Ai=k7obM`?m9N)Z+eAg8oU|`_(l7@Z~Xyk
zU|B$SC6a=nW+32u^-V<B2E&*1_SQjme?oO8_pm|yud@zCv^v{&D&)z@$J>m;L$A9_
z&s@A_RBY|-eC$arvXa*T+sAXy%5r&WI{*E9lH<?%pBH4b&gJ%VY$Ncu7spy7zBW)<
zr@Fp#`t7kJ_E9=U3Tq3`>q1Z9&0t%`02&@$80l3DEh_H0Md0HV3HO<X%4m=KFl!RC
zV6nDYrqHntYcmY8{qQ@BWd*mz{PeDxaCeo%+{#@0eglaqM&-FQQsRg5ZF}Ez8<W?%
zUE?M5iG66+U6kAwY!|kvV_!<s_8w^NHu^6Zv-Uu%Fh)x(hpU1H?C%iZ8(Qa9pvdxn
zOZfi)HVY36^Zx~G?*G*rXXE+*0b6GyVM`KgwD*DzE&^0dq(vQG>(pYi9nH(W!%tT>
zsf-Z9zL{b{0n?&+x%q?F3H)33%f(T{1%0Q00%tu4yeXq6&+n!y9XZN4ChBYHBiE4{
z;wLpR)$&J74zS4J+nzUFFZMa&%Fz@{3x^A5mQaer(1Cusc8hg$e}VW3Yy^CIcKZv#
zniBkLbj()pkExzpxMy~mHR^0Q8R&H@@ltE$UX`_f(wz*rlG?8K+@)aEiM@#a8g5L?
zI1iJ`TH<!ZT6TJ*E)h~DZi!NUABx?VwY-rz5~Q79r@COdf~@1QG>-i`Lz{j~Zn^Aq
zS$={UrGHMI0&h9I?;ThNM&ia)?C$k}ECaPodkc(6P?PcUY5ISyH3n^4i;0dZRM~#i
z3E;O-#pMuOB5q%5{8yALNW-+!JrRIsxP0xQVzm5wY_m9JoAO!x-{`kzhzK9MpM808
zdB^)`h=T_pQkEMBnNuBFv9Y7$97J(_uCcwEo*I|ZXC8suanF7LcLMn0$vv`9cXIp2
z>(7nfxyXVE+@wF@<1;-KPQi`|+&CZqjQaomcssE5`TKnTSg;EZqax41ttG2|wrdVm
zbhN-}sL{`R;wsP_<(KuI-v=J+zO3|c;lmxZb%+!_)AuD&8DVN9RzB2z)}qK_(z>%k
z`I=NaLsJ$AVRJ(ds1$nEItaL8e?;qc?s9j?_;SUQqS8kZkhYvVO%X!{hq=btSfzw-
zobgvV?vkRBS%Z0x$AVp3Fcdv6OU5zdKxB2`^Y@4ls4TwY8#mD1-^gc^8nB*F5WQwW
z2b@fY=ojnPxTX<c8E>-vhSl#bYeh13^G4YqB=inKcHbceNDSqiEsemr@9_faZNoh^
zx;Qqp)6-o%Tt4BhQ@VE@esrEAoTKsEhl&5_0zWHqo%ENdF`E^Mso6d1VM}XBqQ~@g
zN0IomE7KG93zgm{Y?ntyC9Buk%7|+=5KV*j!fVOtsl2&IV4_+7xIC;=$XZ-CTHJ=s
zUbEm)#w0iq2)zr#!P5l$1v2ErU_N_K`@nAA+43XafYYY2E_5=U9Fo`CSVHh6zibuD
zxMkgfWrPKPF&0H(_M`n7oZuyIQ_Zql=18}-jOPe$v91kKLW*1@TUo|X*p^kLQlo##
zWyq`qW(dd0cv?>k)kxVODwN34$Qd(<|5PD}+frB&;FVyKWfskF?8>!RLDlf{iC7db
z(E~3=h(=|J<c64R4&2U76hwN`Ij4ZyBrX#^Q4^xzE?L&87K9AKQ~bcXFiImN&+=BW
zE8o+GP0uXcmKaK4w%w>8N-K|qMLulGg%tk5m$QkH9nFM+0=t=;_Zk_n+paMnAzQff
z{uP1)EbYn#h*&eBs211P+bDIj-(=x3n?{4aA;Nz$s*O;=L;Wk|+`@e=BXS?UL9!l3
zeHqv+ep}TPL|{bf%Rug#|G2M=wd;#fBU#NzuL8~Ve7Zi)eLY6|G)Ds?m^TUx3~>3n
zdh%zf!C0f_e*Wxq^M1Wt@p8f%Fv@4b(qd`==CB|3jAo6DW*Ve|p57~@`1f45TFBKW
zCoz6Xb){axdvF>j<58w_ANN3T>sS$cW2Y}V%l_OSE1OjA((37Bm2<8BuGMUG*VDt=
zM}_XTZt-fu>sbl>_H$H038X;Uta@vTw{<)l%OaDb9SjVGo~v7dfZkj|E(IO(p;+Yw
zmQ^A}JY25A>sBhdheSxlR7&6ZakFp7xXbDkcCI)xTUdN$BJT%n6MRFzq^0^eAPg2r
z2Q@*&p~~#83S0Z}p%+=pb(NduyXM$}#Zw#=b%hy4%&D^x2OudP(NMS~6PX5@`W*5E
zbJ^AF<z2Z-);D%5U4w$aLQ?NK($s1Ie5{AO!}e`4EBdhL_F|qv$$DD|i99V)k-~<t
z8F{1nMB*GeUN6B4(@H#9EllQaM<dmB&I`y{Q1wcTifF3EcAOGwq!Djr-MaYJ@>+7q
zse(mO0<V->*z%i_6?Gt*$8GhULEEwMyA@SRKsGyA26}PK9b&9K-%w*161p9TUQ8#K
z1BriHvgU^P+zI2#^h8yLHLj(>U$pfH{czb8-9l1{WNXD+bmMpa6&xh;LAs5?rPp>y
zW+u!6ayIM#jQMbCT-NwjLioeH8MA7Epag|il0jOSvP6Ngrc9O#9CHX{CZAPc_t~-~
zK_YziD#^H?87Iwbeoi&<bp#67<4(l$PfFs8l)}Ta1+NMpz>>PtIc;V^gn&I~Z*p5l
z6vKPobP1YOg+59W^LC0A-;KX6ORBA+ZW!Cux|Uy6v!ilL(Z`c>dos5skY?b_@?L4w
zgHk35=xC786<yc>;f!Hcq1Jc`+NsZ2+<Xt-E-(I>9-G=cC+s|FiGvJ?mST$HjBQ0+
z)37u$Jd!P*Jdw+Xlb9*^1+~D{`h($ASFb4{6<<FSbLc#lDr~zI@9l`|aK~8tt@NB{
zYX<r>XIT8a$H=Z*^BYX1qHqXV=Fmit9bREaeOO>t(R&WLXQ6}&#Xrv)E|U~u4ANgi
z$B=9f6?u;i;T9}L&yoc+)lkqPYJ>XlU?xoxo_b(nw_N!$kTD}^MMw_2A#iQh7rBe%
zpzIYKr(`+q?TUnP=Cg!QNct8VTL>0cdzfEHgJw^k`dN?645gvqNR0z~poKM~S`FCM
z2Loz%qf}bJhsK7hF3pgY%1L9pqZ3*9?pNORVI6Y9`0SRPgsp%I8I~WN+H_<6Dit1_
z&9j$^?Z0fsAfk+aT<9ukn>ivxF~BWWNq4$|2l-CIl5S@Rk1MsA%Wu{Ma`pY^Rkedc
zxGkyS$l`izbaBSdhDvHp{i>j_teN5hTb)3N;=Vso>g~M^5}oD!oyx$&Ag;ltK5@*2
zHDtx6Uzi(lRZam4je>0~)9rDxqLZO4r?w0qruPdoq@$AEXm%qJF=%Z^IqBv5SFm%M
z^Alq!8#oD~d34)i%^T|`lQ(7v${S*?8rK1o7474Y)kN;shYwDl8MH<zvIm&rn!~fk
zDC5Ky&bAi$?K$Ia3dDx^UAvFxqm}}1F@h&EIFtqgr3QfXrpl@Pd+!wb=$n6l=j+c>
zpW;#=d=vtE0+<35xH#u&+4(MEzjhaM(K%^-?S;X&I?f^L$hj6`)=TaeQ%X(Ha|6&U
z9%zZ9q#X}~_-fX?gZZX1{1_r@UIdR=ZhgUsX7SQq+Du8X0JHXojZ$7v%)E`h4TZ!v
zruzd=BpLXkwBk8dFk$apO1mSf53T5mP{Y`yX{#-qwe;v}P%Wm6#)?3F$!i-_t<q^J
zE}-Qu!O{r$(I{}GG62nwLgOyb8gA$`b?Rn&Y{<yQ62J;;{G*kvndo+leouJ3LPTEV
zg{|saFo0R&*$z)mqYb*auza52xtp(UsGe{&LJHvhNNy?68160&KD5=_KCys$Gd_A5
zd6*w|vHFATnLfJm@jCiy*Xr*R_-eZV@`D%B;(H(N-QIfg&!JIOAuJRx7PIR*$kvq?
z-<gYbTZ25^v|^!>JiPTDY3?cd{pb=b^Q)p-2~i};7$!|vK(e~hSSa7$Vqy=Me=pMZ
ztsQ`{Yy&6Le_X}Fn_MTS)C(krWx=VbH>cYHmq2M-hVg>v9=;?jq#{Rs0$?=eoy#I4
z+SVOFLE5FOKh<)&_6v{fY3fcz!Oq+(wK}m2(jjPt{{HuQ@F=VG;6>n0H59iJ(l#xt
zuch|6TI`3lTeTr%?wUKGw5T*+DZh6wa0-yb_^-l5s@%FlT|!TNRex)VBU+6lD{C_!
zL=IJ%uq`IP?<2<SC*9Q(mgjyzSPq(eK$x8vKU2;(4<*0R*4pj0`z)oB_9IK%JuN#`
z><yqKpBSvHVy?`X3A=g1g7Jh3WU_b>R)me|%kM<J7wzU_lVNV@38#8R49atQ*swt4
z5V1w(xSdW-4D8PVpo(GwD*wBr=lSpIot1~3HT6+Y1i03nN!e~k?Y~tk!l;~f$@tGe
zD|F*Q=;3&D%DQG*A2*#w3}5I*Ifqz+Ov3NOG^MVtj~~8c?%)u@rj}Z+#~50&&?`to
zlBGcZSNG7ZbdGY$!NA||<7YC;4(vSx<xe`?Z#~Be;(A8GK*IxMtxNcptdx{w)q8Pi
z*S5a#W+2Q}u^tI~L8#vw)kxqyWwh}7wWZ<fk>cwz)yYuu;5ek0`#E%zvA)00*rtG4
z8|gn|uM3$PYCAPIVxJTf6D#*2v0-YoW00Sj|7b>`F$^(iIgnX%F!Ih7YAuZ%#sl;Y
zFI{q&)9(Jd@eom1c1c52p+1P-KCD;;79wDz4Fk6SAc*}x@)rMUNTxPR<3`gi!3S!;
z{B7K7_V&@@==c%%Ga+?J-d+m+-vrF3&AAsH+PSCPQ*bK*KZ=fq*h+11FOiZ+o4g2h
zgfzODuLs45xe>RxAvaz7&%Hz)hH1-qvd?)>TZzpG1h1GN)S2kMpOdV#lmwm9VOTE*
zxeY*n;Pb(G>>#W0<RH!8iW}&b$(-WpJk0vgmlp9!vNqm<K3rlqJK@WeT-#UQf!MVt
z$^15Vl{k1KgB~-b_F@|{?V&5qxtpzu&Fyvrfo%tHjt6`FJDIzRo#&0yxl=1ovJv!$
zum|=wB_`qwXjEkC+_AKPCyf+}n>v<KR$9Q7xCGhhy~nTp(}-WlILz2oJ|1TjKW^~!
z$ex{9`&VcB!*h$U8$MNoA>`yl7#3~YkA!GEssxm1`V9)VuYX6Qr*nmZJ-%;GT4u7b
zuhITULoQRIbihi=?^CC2nB<;cH|>~5S#W8G7Oshoo`rFcl3u$Ci_JyH{~rJFGdciR
z<^NJvpOl?A%XX?Gmc^9RTdop%ilMB}H$6$(UU6+j+GIoGZB!^I({H!APjHpACk)&V
zGb~~0^z|udO<OZO5OF$!2BrVgNaL!}>+OD<5+@1`J#qsv^sK?du;FV~{hV(@PouR?
zc|UMg-(_+SIb8VI{xoa$5}X_h7`*}@`EPrJyb;3{xYgv=iq@R95I2KR%;;raG4cnh
zdICEsFm>7$N;7n0yQ#Nq%g5(+;|3@qdwhMoOgmX8>X6&t=bx3|JDqv=tVLL^h?%yo
z>+vpf<MG;Li+f|DRh8DLU)2_;^X<_}wNFlXl7nyW{pBytl>hul5Q_Jl%dZ7W1G(I!
zPi7Zw9x`Q+mWLr7637PkoGv`~oDw+oi?N76UPAt*!7#MDBMM!uZUs6LFjm@X&cG=M
zNI}d7@pab3xl^Jfo0`Kn7)87pT*hG2C3$NLKgm{4m)4AB=^EGqH~Zc=E9~jUp1J?t
zwAE676G-bNpD=nD(%H#H&w&C<gFUO%V<U0C>7u@UW$pMUybwd(YR1hTYmN@ixbzj{
zC~hw)pivDbGF~9#-M>D-gtbEsWqPPI#MIaRvtN@e=?e$-aBOn?BvYvvxlWq@=4eD7
zJ9M><C#%gBda-M*LE`-LQXSnc*POP@Jx50`YkF<M6=%*P=z<F*C0+(tLf&7h(Zl8V
zqa+;tlczf2egHI9Jr>zRd~q2PH<fC<e~o7&F0DKbmncl8a?Ql_1`Wsh1oDg~s@t}s
zHg_us0nETs=VaVikP(Vkd(IO~lm@Pc@xrOnM>Wd1#f~}kqQ*oLe#i`OsRr=~F5*a(
zO7)08(Rd?J%22XTmAo6+jH+w~8E-6j)79$77NHfj_MG+a0$~#=d#Tx^xppZ!(@9}D
z=TAQZVc67T&~~rvCW;BOg<9P8hxg`M$hyi+zj!pl`&B)Teq)ddZ-e9)G?LPTr??GD
zL56G*9+i+N)Au`*FB}9;Pa|NU=aShtIX&^c^=+J9!c5yJgufK%{#7x`#?le#Vq&5X
zqv#3+;#3x~K+J?#+R-X-I86#pB-#N7r&1*L<e3EE^)Q29{ApU95v=1>BPg2xkS4VZ
z$|(prXF-9(wFNh}g}Vcz#~-|hdIP10lL_q|{#YPtQxpwbnQ(hr@NkDrT)VbhVqDj*
zM8-KM!RqB(hC>48b#fCyPhNdbcyqjz^OeASCE>3m>g>J<m#u8wj^7WFWz=?-_cW)7
zIWLMhpQxd}(5FF#kAqmdY5uwQ6K93{xwq{jKToERy*n*)lOnWEpZwr9oAJ1-M#pdX
zrSy%H#GpG_?TL*3Z)~7Mad=f=Px0eztIE#J*ZiQ1W`-EZa@fQoFr0?x>-514vzb=2
zmS=BkOuH?n0L_7&32jXpg9G<@f-`OU!o3gZ1Yd4GM208~Eye&zk9%E{Z?fxIL;rm;
zo)KisbW5#=P*X?DKAK@xt#L+!)H=?4Npzs~w#eIhT@k6fuCCX{Q;<cQscd%MQz5m~
zv=H}c6mbVA2k{Y_^4a9J>*gmP%NBCxqDHN7qD%%;MxbTlYj~WB$5i_=VNXm%7ps|%
z+UVy+fw3#9VWau*u3FX^#-F&t3(L~VqV9;QTw)~c5{*E@jmr3Bt6&=GsM3~z(|7ZT
za@?-88@A(D9aw|LJ$S1Rp&|~+XNND7u1BL8?|cG^45Z?7&oCHp))&8(EL+1KAhC{e
z?fR($1a2fp`UAsPo+Kf+gafexL&6=Jk-EEh+{Vr!*fz?wMDkW<%8Zr>{<B(=*e5Ok
zLg*x~Gg-{NXm1)jjN(o5Tl=HUwlbSc4n9*kee4hX?>V6tMBb=g1E{~CgweMlLjSaI
z2oya5o5c66y$D+4!u5MKsKFPNyATU_p;<&KbU~SNwp|N))Oi{0+Z$2$RVr3wVn{tv
zeb~hLd0zkfp#lEzH<!3nG6Gya2cj9M&W*ALME5wh7=g0bKW?@eb^c5oUUKRWhKbUC
z>w6!fJwiwbN`$0RGt8z$2BsAznwK}udLjdW37(|=gXE7X`EMsnwD#jCeb3eD66+;4
zdk|Je4~d1K+szD}^Q3bo2i=sW%Cs|rLUtWX&wy^KF;AtN8lPKDVK2?j-Jb;511eF9
zHzaXlWLTcb>DKd(yYQ?<PuVb|B6Qw)9U0{a<-v|g|H^b3HTLYxm&hyp=nFz^M)??k
z0*mq%Zjm$G_wL~BR+530pBfER^u(a!K}t~GYFI5q2b<GaYwst1_KTnj?fA-Avi8YR
z5tZUb%XojAV6B3Ve$!Asb|9HBMrPBB3wEQt-LZEttV|>a%bK(MttHRMY<VP6>%czR
z^PZ7E=qiz##V%GHZE=p{%?l~*3}WvB8?94tc3YJdJn(WTzGK11(d;lPc?FiKsPiuI
zE0+ISYmq?RFmy!KYS&+P;e4@s$W~%G;xC)%q?*jKm#giih{Ln5$61pL3J6b<5z_k~
zF=y9dXDxOyTBxXec+ug1r)}q4^6F~AYZ_P1xxihG(+m6j#(9asruy}0UTMGxyck42
z-ARhfXxWVrvf>UUL-EOR#0A3+Udxn;O3U!&3QsQY8;d8NDgMUDLR?xOYjT8Nd>1$Y
zzzLsTO|VXl-T$1}PG3dJSFP|*DAi6EP1P529Gybz7)zkvEm#SOp_Q8<r<Hes(@wgY
z{m29BU2uD9Jxac~C{)l+`KsRmoHV(Gm&mR5b$9x0f+{v<cfx-#i<#(Y#AwA;ZNNrS
zI^~iu(jJACSy_&ukkP|OjM2xTw}2f|oN|7w5@8hyzPT&J3kT4`Z&&RkP%*g7%2K1#
z;tT7=yZ8;Nw1E|Z;hFRbck~Ba>ncZ=ma}e(p{(;%J!f3IqlC5nnLiZ<4ET!b$F+*p
zQQ5BV-LPkrMN?S?BKb!)h4OGwF#bjg<!<=Itifem^~OybYo7H$vC*2Q;%7|xl7eVM
zxW^mI7Ft@QV3yLl^_6m>ZMya)9cKNkDK-ijA$;@;m-cpKfyV2(3xumFrpYt3nr9Ek
zVmZ7W9QZ)^@>wbf+wwC2%HuUAk(iry50~M_BG;WB8=kHVsbedi=7&h~)KRbzBHwgS
zubr4Ckn~q;DIVz`m6qPq-rt&|V}qxgpbZfA^Vx(}l%yzd&76fiiMe;Y9+n?yJh!@G
zc3!B&oPTAVnj-P8*C>c_!$P_GZ&J-#XA*m)`TGA^zkUy-VD9P!ri%&muDn^O&68Ff
zhjZMNemho}%Xi*`aZZgnDI=t_=TRA3C<k_)I{EvL1U4im9M@;D14G$CAV<rFWqGe}
zq{y3cYvKBe^%ywf0*Fr$>UEi35KM24`zTAMQ)v==W*vT|BpeuJYm;GS@)i|69FczE
z?3&%fE;G_q@y|DaEDKYkur7w6TV<3Me_*pg95xQuO;4Jk2oI4IEr0O|Z>hQ3v-8F*
zZVi?hi)o*yCQZ=quGqgSSe(BD1ggULS3DxH(I*Uvy%ZpE5WCog|3Gb_awHZKC@&Zc
zyiS=!w+^ykSqsZ!4$*;U7b;GIGg71u&s0+tzEAg)nr;UGDC~h4;XHAa%W-`6ut?pb
z{C|H5ho1X8ABidFfurqlZH^86e{8*TbS2%pEgV}NTOHfBZQEwY+%Y=Nj%}l3t7CTT
zbZpzn&HMh&`M!JZy?^XoyJ|c&N7bk`_Ly_6XU-A~oO+#|Iqik3V4W@fsJ+U}`czEh
zrv;G|^`O#2772{X{CkSr)b^!2K;YC5SU@6nT31D=6!+2|x%Ys0F^%1!C0uQF!Y3_j
z>arN$FQH6Ys&@>|E08Yv6lDO^0j1-AudiCI-Qx~lS0=s2SbOR~(VR@G8If(*@w{XF
zmpCe!1x+RL-7S6_;%dBS|IvSpK^|r#{zCyZ4}t$I?*@)OW#8jM@UA8*8yt@6(mq7l
zrRrL0QGbB#o|T6zUzEB3J!b2JR^ry{_x9UDQ?DXZ@n>uTw^in{V$eIl*G;M#G*HvD
z4=lRUfn!Wj+BD1%T6q}d&XV^k2uH9&U8E*Hep|&X!#_mTtq%c4SLrj&e0##?1BYA;
za{Aq(r%PF@q2{n&<|;Wg8A{G4$DZXW{o3eoep?ph8#4w=zAso2s7WgU`Sg$DFQWsK
zC^4(WcMFg#+k@CqO*sJoS4V8@Iq7ijES(M`Wj?q)Fjqw=GQ#$kCwOR6PHBC5+A`b(
z9OsSqp0B_)s6<5N&AYxhxNfiT%@uYW!)Re|GGwDOlCLnrcvL`$r|{*i0M?4=W#)-O
z-*I=lWZ;AmsjucfTW9VK%k|&jO%JXFrKQU|-H$)O{_7R-r4DkyKq+dTmrpNW!($(h
zrJCn*cYXjXZj$tIx0gR7fr9VArw`HfliG<|-JJlD^P5hR`~t7DhY@L+OdyJwrQpc?
zY8D*qWXO4X$>T`rBkvg(B1x8iIR+~z3D|urIu~s*#oXjpE(jB)_Jo$NE<^tFq0Ki@
z=n%sYNyD;C2SYbr$=?Iy#sQP?0mKZRDiUg<{lLnop8lRs5Om8=-2Y3zv$6h{erM(8
z-~!eO3pX(P`GEo)cH4JFOu)W`_l=C712~%XT&h_B(QxZ(6!^@}8Qi`$s-y{c{{XOs
zKx_F?*B1G+a@AEyS)-bq$%*baU)&r)yRAdC6nt!){Zavsy)YUWKuFocngNL}{D_@r
zf+;j9kB8nX?P`)(0oWeTJ3O<(%q8|aYR;)V+*%hAq5)tO-yM=_o*G2@_nbB%!dM}a
zz-Y}{WD?3!NZQMOqaUZ6r>JQ)n?u;RJ#ceWCSIDfo2`mb%b`lPSN0}gwkq*;w{gch
zbRj=5HirppP47%L_W(;UYdq5e0=g?ee<_)Rk@4>zMvWurx&h~3gZMG=D+|wO`yJ2q
zeUXLdyiNdhq^j8!{r67KcmFnniInldwaS$r-Tu6QmNewCDEB&}ad&hfg9;U7r>(V+
zQI*`gdX<7-TZln<#N=Vb@{q`!D7<4T>7n&OhGBzH=5EPL$$F@zJEiqO#o?&3BTTu*
zsYexjn@Ih$o1Z#b0}pi=tvr<qdG$0~6UnsJDL(*LpTcJi`#My%T;m>{P<%^6WQ1!P
z0R*`?3(DS=0Rz9zl_y)B6C(;3PtZ4pw|o64dkOPjPD)ywc?hoX8s;U#%4Lgy`-Fb6
z3jM}}77Dtc>J+jG&**D?*7OE=PV}ZGyTo}p&P0w}JI0NI)W=+*i{Bj7UetxV(XgA%
z$F%`|K8W*=PcQSu`F6C79)EyYSV4r9*fM!z#HCl9vcuDAbWy8A{UnvLchuV~YeI?j
z96J?a0Wqyx3*d0F`(VjPNB!Y2d-hyJ-~Xz(tA{v~w$kpK!bzg8vBy%pNkFuQvSJX4
zY9-E<K~5L&%ym!Pf=g7!PV?cr7L}^N#)bd}wR~Z*+1>9!`BIxcMQ|@QsguoTF^@UT
zlwu8B+@gXqQF=+LAb!ju{4BACPxK3rz=cwd+L1%CNo0Rp9}p3jwOWyNUV^ai&>}YM
z5(@Yf`ykmUSdgAa5|$vyC*gTK##+yn9ZF$v_)UYZCDRWsnf^lXt6?O80aXdvis%+V
zN>|{g7^hTr(5x@G?(PtEDW8ePxki~LiPTZk`e)Jjp|O8ysG&rFE)HkdvVaYj!|{Yl
zJ*LB%K5zLX<B<8XbpBLKrj~~_A>I_>xJ&-`ox>4jV8;#b&CAe7LGHFg)q0TxcIoU~
ztM^|IBpuxI<JOuw=)4{fVtrFauOv{wkvDGXYWM<dMb6dQ9l;FzdyQ-$=@q)hl%i43
zsAoC{>Kq1bK>{@C+|o(S4*w?KTFYIRfAl!qhEznV5v}l#d|6_q4h*z`+r4xmNNpIc
zEDn`2!czW7CC7MWzxhe*49?YoZHCD)n%MZx`}#0%75;4SHxN^4WYm(p$bf8syT>x+
z3jEf05~!1Pn{*L_7!(0%lfPjz1QHcrD+JdY#9aA6>>80V$v*X719{kzcV2fP**T&9
za}pmoeAFPJA@dZ4B!dJ{n2~_mZF>z6tFV(`uo!L!kEZNd6kH<MO?f1*z~9e}mGIL1
zzagw&$D5cHhv`t%<nkKO$LtpYacIQlvkAqC&==-3baM6`p$gx^TZnhUgzAKQMdmJ6
z-+o9hT{3KD{jDj?yr4V(2Ddk4ll>$z+svqdwi8_TOX@pHbkum%vk=y^9}YkF#+lXp
zRBg?W+6dV&=5Kws&}M615WlDg`81_t8wZ>;7XPgKrly7Mx09VWlXysX01GPLd8V`f
z^~+7d{Ohij!K9(g<RR1W)7619+lJbeI9g@p%5t5$$kf4Xhzm~{a|hbN)508tkNuG_
z?N#xM8sek#gOLu*hd)%fR^2x1v9Y)iMC8o(*|H<@<hwBb3W%(DMQLAnze{7{hX71F
z$wQPBHFN1nxQUFs7V*3<5)~$*!2~wr6*(UQ$#bZn3|kzwXegu5Z<9{;r$1*{hZ?@j
z2n1TDtghNy1+&C9{8;Y%86*Wvs7By@e%qq>K{d)^cP$@mQJPRf!rVyMR#%739=^o5
zhcn4jK>3dP2B-fFw63B<iKVC<eJ8;}!J2nXspuQFU01W99Os)qKxaRE$Ef@{{iQVY
z#O6nuYxZKet7}!=;W3k;fg#1w_im>E)6Wg?L^?Pie`5<)(oEnU8;)GcJYICgu!T-J
zadKv4*5XgZMj&3{UL3<FDnv>0=1uAT%h`<y`{$pNJ7UG9+n7FwA<kV%7soAH*!iDu
z8{{eYV%9gU42|PTfSTqdQaDuDV(7U~BwXvh+p6fwssQQ&k=Kf`ajZFN-<2g5B~-%+
z2>WyK6=Rym)D=t$?tE_IIRftBlHBHpCcb5}grql_u<#fWCv5lj{FQ0R(+w@TzF&A8
zsa#WLEO*iSAf)FUgu*n_txD;)R3GT0s$;M`0WY!&1r<MW0Z`3|10XKguFv`j3*1oh
zZ@v&MNTyLWg&U1q<{DTD2t#&MQrj}Mc5f6r3-U3q5}Sd?d#A%cO)z=Ni?28C(lUwh
z2P%gfr+{?pNvbfl+-=%EJS7H!bS?X@LC%gMxD%ln_`)UO;^wF>P@<xGpcA&(>2%jJ
z!MBs{vz=^YfP8F(8>it+%MgRUI!g1YAIyThxm}`_Ee%nZsgpwNLPhJ+nSLh)0a~xD
z1sC~n@&U!WghyplE-3m|x>zci_D`ceIv_8dehw@bud8W61HW{c4hvSvs9Z*b@fW1E
zI<X62g^t~V|6B$;<SPb(>7E%PJ|@;)WD+^_?;z1v0=&^I_YMC7?0vCPOhi0KFU5jc
zJe84Z5C3>Ne+sPG-OU+wsPeJ2@ITvhD=8KeQ>}XBXv~QWOET_jV$Jm~gb8+PBWceL
zbwB<6x!(NNARjhvawbIzi_lqH@+sB7_LR!>LT_Dxr8bp7dENLzzezY|+|TTN>NEb4
z+>5Rj1h8j<#eTqfSnsptXj=U{?K2f-VZ}`FGhkRc9n^POI!3zx&N<)Sn<AgKiL4A}
zih{CMMqi|HNo6zgFikKaL2#g?F6+<C*~ZO}X%8NB+#vO(6Yl4`zpDqnrYQG@s3mKx
z8}ZSeB;liUwj=lA<MzW(3`0BGU?FPn%JI0@fq<ckR+%SPb_@BCpP)<dMtIkR4Pg~k
zXdi#H(XZ<vWc2z$PlIR=z{=Z$(T{&>*6QpC%Q7u$N~?FWJWu#%$YNQRG*VY(lQaA3
z&`e$E>7uWchSY8!vNK&~94zX*V=1?Fhv%!P9IC)-9q}Nn9i@*<g`-m4tw2-{brZ@N
z^GE>0aUew9D)7*#P;2)J2<InBWwDv5**y%*>H@Coj#;7iq>VZcTEr2vp_KtadEIAq
z(!STRr#NaEIkgg>VS=B~w6xfoKtg3)a275OAg{6rpjdk&c8vp5!tszgf>dblcY(M{
z4><a=^bXk^MUM8`xdU$l3>SxeWdgZ+;;=KOPm@Pfx6Gz9va~XQRXS6D0wi4v-OIoG
zHv4kAhZGuZZzT6+bKzq`c&)+kPs9uQ!e`aP(aMb-3-TWH_++|)oRW|-3NyZhRh!@~
zwmXa{V0<_I{&qaHtJ7ch{Lrxk%jNa;Sg}RJlUF24RXg(C>UkW;jZY3ISU=^I^^{)m
zSp!{h0qrb*|0FszErF^6E6H*HyQBc|mB|sxd#}qc$ub^bDRfSrViw(IGlASb6wphp
z!&sGZfJDof)sTR-!z#|XubYYuN?|{EG%NlEpf2OI#f!dj<EnM#th%b+UHU-tt@GDr
zl<IJ*!WIm+-sN-dZ>{|W|Impi^GH)$*gl59!g+AXXPqlO@1KjEJH=(wuilge?r>Yk
zn;}zuJmfneJF(JRIZIV_vz`1gxZn%QoS2N`H(WoR(3J%n>rG-j+a<>2)%+$nUr|Q`
z0EJy;t&Ns<ar+)!*umT=l9^9jYT@+$8T$H+3|PStB5+WBjlkBb6ZI+sj8^$Ko5TB{
z11^H?heoWq!Q1Ek`<ok^5=|)Nsg61Zj%2Fo_Xy7vs+~z{g_b6~$v%NWe_-gv3d`9$
zSx0q@<lh+Xz%)+Xq=J~XIeEW!8U-(Mz~T|MW`}TmCy3Efk$gB{OT!AOr|#nE#1F`w
zPy=0VOo+6K3Y0!`6bF}EJ3JiI#tpejjLa&{6K5I|uN#H4kHRuO$#@wMc%#Nr=M5aF
z4Q~zi!ZaGfclpilNQ!EVDv_@%C?%$oZ^sHD2Z58X>=S<g3WBV2?%9q}0!LyG;9|jf
z=C5qIj!u>9wy6iJC0qHa>73%9iM1k73ss6*=6ev5yE<usLX7K)m|`r7gJa;ADN4TI
z5p+7>ktbgEiCu)pg|jw9<4$Jwex(}C5sE_dFfptgOjZi(OYI33a55KyXEb{wBa24B
zaOI4Gi&S--hw}Zzco;U#jmR<_z`~s`3hSeZgNobMKSqMY7PbY?S5y;T*d2#ZD00@2
z^A2JN9`BQX8|}C9lg!r&S|CHLQ4)mf&z3!9m{LIX_TbBP_?%?cO~(^f_e)wtq129x
zzEi6s|Fzu92lw)yK`6?4RC7@Oq4Oyp6c4A6#`rUzCGOR;&sq-at&p`&0R9-yEdBRj
z+-ehLFs=G`kU);$ESax_2f<tl43IVC_9BL`J~Gsw^5FKbrnPJx*)!(_8mEwD_yaSz
zJhF7x9hmzS5iZ(Uo>H#@_=oNY8B_k9S(S;zTsB(KMw^cdpqdRWb1SItW!Uf_8^3o<
z{JpNvCS94U?51%O4%vGf0V#rpJ-!{D9)5LNdObOYbS0Mtiko_hhv2C8Wxai|r^lq;
z?qG%-i5a4)Oi@IMHqko%RNojOX79iqDyfA2&_fs&a*1pIR8!WxA_@1;BB*#%DkpcQ
z`J|!MqH(67O$Zfo8VET4aU1aK<k0W{(^>RPtUIy->$q%)JkeV$1CVG@4)Us=q2Gkr
z3u_r_fRX{l9xGXcX3S`&;ik4|1H*a-H6PK>B|V)jG)N-;$V`-mJV{}d5y0LSH8=W8
zp6i9Ae}1XDY(0NdGq{G@D_>ZsI5I30y+b)uFq>Cu9A+MkZ2<(^2~j_$);)VKh6Fb6
z$FokjA@~iV*`^1^Ab_E#tu7_5NRbk8HB06~flR3uW(StNayhy5Dzi9GIl!;nHv6Hs
z`=~{%%!(EX%5Fd%mQQamv`ir)brqrlfhm0ayyM{KP&P7cf~MPyI^;b55pj~uZ^{}+
z0^x+>**?Uq@@6QO2mVPOC7pRO9yMnH<Hj=<$Gu0jGei_75P%<9u2{6rT0bG3=CU9s
ze~~b?I+L}~O9;Z2)yudWiQR^y`F;^jfW&M0Jo-)m`7t2tM7)<Qpn8BUWfiM87e`)d
z11rw7@puYKIkk$|2n7JcIZ#cBt8>fGebIO@r<f)P`JLo^R;=(`wHu3SE;mx_tO--)
z6LK`ny^hMW4zTLxN&(4+*1u5NAz9Q#Zf4N|aocOOrP@Q_nDc8GvAeEYL08!6O-H0~
z71U;1a~FniTyL>N9Gy3&;8&~{XAuGYs<0&m_>X9kP7hecP2_X3_{v}8wUif>=X+}j
z96%jDh2&!A`$pR=JhyuXNp>-t9F}kD-Zsg?Gshq_l7LErT5t9Hhz<86V@!8Tl4-oa
zn&feVm0DKil6$tZaSW#UKE8FT3>jBD`1NUKuXhkMwDyGz<Oi8}og*}-38^1m7I{-|
z#G?fSECng>T?b?$!TGD@x$Ch*^_;`LnHJ_4wee%#UMSu|Nfbr(Lx~E~%ZU`Ei>7KT
ztmr<%&ww)2;OkNAG?8Kng-2-<*>9l<7e>?mzukuxTv0`7B#43NnxH-lC~_U#4=_m*
zW@G0`{2KTb5P{L-bOf}5jo|fWy&C?h7)orSpdx`oNdXnAYcz=L1hQ-PB+!R+@Af`a
z==W6GhfStOYy`~gHQ$ctLOC+s-a``Sw?|Y4!2ypn=uGl$4yruj6PKvUNbrN^c@G;Y
z!l_Y^evbzy>Vh3P*6mo<9!{YZ_N7z9!Oh&4&}2!wEX-q`?(CUJuHVRhnFl$4?pp+9
zPaS@zF;6_y(Y$S^Ws_eEp7ns5o4JY|UVdzuT8KqPv0hLA!(bUq#Weak$@kG}zqo(4
zzW@L)fAn%Rkjtf>JY@d!vb`YcsJEF9_%-;$pZP0!ApTIbX>jXjWZN=(*cMhC+F1;_
zYcZE{*?g%(D{`S^u=|gX&F@@Q7+8crh3XMhPzCvcF*R|@vZ94Q0t;XYW2I!>!QCFX
z5&U_OORUTx<m%cg9YOZ?(`&QJdKRK2v^apkwAQLtbckQPO3ekRGW3N#jagv}G*ZF=
z!2#?lm=!_7+)5(V@(T&|=pp2<djr()Bb=p=h&7tHyfIeI-8eKxXnXmVYF}BUK9vOa
zOV{}cu3?G9WEleHeEYsI-6wihI4a*mA&PQTGp0Dutp|V}qC+{OI_ru?d$bR+xcvYl
zvP<v<&OIgvUVAFX5!}V)NLTFIJX*AgZ@FB(E}xs=d+JK{!4K{VI0RA(nSEv}ZO1c{
zXIhH17$HCSHRg2c!rXt@CL>dtNus7H`$y$sUgj81rp)y)zCuGn{b|AMAlQf{jP6!0
zBUk!PBbOSGkB@#Ss)r2(t#O!EOTq<wEsa~j$26jNX$+}r^r9>0>#OhYKbwImx<ivw
zNmE${LHShL2`XQvu9T=~E(wUWlUq*T0WAREkr!8Fr2Xmpy{b|8!n)k8nkQxs?CDC4
zJn;+|oU_V}(s0Iuf4brU$jXIwMa&sAt{q<#YViyC%X*3q)z$HhjC6yMnZg0WshgN9
zB*S@;xjDj%#&*nHs|s++7U3qvS#`E>vu@@Zi|%M5PG!S>mA1WRZ^OefOtRVY(@*X{
zChSp=Fd%Gyi~yr+$6;GFbM<P^<H}v)_iNe>e_hza1p8G}O2!{|mf4vY_D-W{Djh&$
zryIdz?)Y}$EO8>jrUna7wG;rlC5}L1`Dt7*m*x&ru^gvw?g!6a#rc&GY3jRN!XI6~
z#7qY(>AC;2kuW`hhmd4AAM{KpN4SV}L(`Eygv3pAt2M`?zWsU^lw7@D!B^8i5_5!R
zcnH>EzfDj9!fM~)X1^|ti*7gCQU_MQ$0$)Z=f>vs4!@3CxLa1T;Tzy1=AM9YKjccT
zGZk?RRh(PyPj21LhkY}Y4sO<F$4sVTZS5UoMpULxj>JDo=FbV9CGNAuE|CF!7~S!X
zl7OR_1Nf(1_I5qC*H0-@_{)k>&2zs>3C1#fuWO$2o?~n_{L{*hce}1L#v7kP)Q2$o
z{4mil@Z9@Asq7L?S3tLGfW;Bh?oYZn!ihXzEo4(0(-#!0)2Wo{WL(sFh{MFc)hc)>
zrcJXRH#`T5Vq!}rHByxESUm)AWj)z0O#L<T<z0vxNKt9nD<r`hlT}zI<PRPJ6duvN
zay*HK3?U39n98pTsg{7y+)uDHw_nBobFLRiq>TW<%EZb6WYiV`f+n*8xLNTNO|tBx
zLJ_r4!dVY*vM+rt-*UK;zCi<4dq&-N;_vs~L&_bcUny4-Q^!ZoIC>dVDkBXhq<W=M
zU~whP+OoBJd>ekHa;C2PyYTCGXFg@M|L!Xucijn9g9xHSMmv2=et&;EY|(gfm%$uv
zPtety)Kd_ZJX%;Z*Bh_}X!8$KW_g>X%R!v=7L@5L8SZ?CCSr=a`Ncb2NTL;bI4~$M
zH9A7YH+1jSG2V;rYsH(i8{4o}<~Hw6AmO$5P50>}rt<bfFZIW_(4ie}fwT>l#qKd2
zMBi|<Oy{Pp-HPVSjg&PnoYIG2J|tf}u|?-?+OB=TO{t%2lFu)AfO708X?bjiM9C4Y
z^e#n>xhSDdcv`9b{`}*b-~G(gh$>;|yj!1MZkWx=&SB+g=HQ^o9u|bjUShVTTcIWn
zXVBlMj+s}67}8B<ueUBPzl8Mpx7BWnRp@xlZ7zz{>QwJ9mjqf6+y%0)C%d7qpO14x
zXKObPf9d1z{QOHBfKd&uc7kMbDopPI3)(LlU4jM^eimuZ`RyH8Ak$f?wHrUpn?sLi
zbR~p;abka2xRiAQ{c9ELiR6Z^eg?930}kXuR2g3AP}0G!LsPXRlBB0z$IeuH95CD(
zqI}EWYLqnlqy5bRMP^%-@h(~#hSl^Mrj{?Svv#b(&#~htz}AP*|3NJ}N@vJRJ|hO7
zWF8T8yCehK{M_4%%(=%>D0?JEV2zbrOO<`p^-jDu0HPDAM0+NwaK0{{$8SV&dcJsq
zuh>R)bH>qic~-p@Lh^yVm!fjChNgu^xUyb_aL77?U0WLj@qFhWuLRdYw2>DfM?JAL
z`7V^xy%-n36J0qx8{KXkgXBKYO%FKIU^k{OSJXtKj_Ouqgu(i;p&d#FJ>h-?`{$=^
zV?f0qM-n`Ld0J?aeH9-XZLS3WA2+rXyB!mH!~{f|w5De5j2&idW@&RYOYQ-RWH%La
zUIci8)LLXpM4TfXj0;PMuNIGcGByj8EqxLlG>CnG5KdaDCONipl6zZb@j`;y>rOP8
zv+#xbiwddY@hrSmFQTD9MK~d%Q>_^)b)GvcRed=Y2sTcGhI}q462_%x36sDd#@<o2
z@H_)s@;rWCZg><Ti2Ocbek#aR9@2;*hl7B!yRtFi5}IxS(v2*$$<0gFxnn-?B!RZL
zchGMD^R84+p*-Yxanbf4Cn`HCi)a`^Mb)B5@xeU!90E+ec*@e2d$-=xx$Ug+N+FMf
z-7}n7H`Y$DNUhkUe*X8ngVhD>5{0q-X<%6G-hOV}Jvxa*>LLLrul;`<8K(@p(-|c~
zO?;4I__WON4L*L{PVVotWZn+$9NeEjn|!PRPM<R~pU+`_8EpQ<*Hm83zQ2J<u2*3{
zWicLn?c~Obmy+L+$w5^>V2fCx)D|8SQI^^0O?6IA{IPlV5Tlcb@l@_$blkj1Ml1qq
zXI%e}x4}H;lf4C-sU7W^qQao4FoXI*xdh#uq|ZMTTC-Z*8=U(Xay#I!9%YaPS=9l6
zsf<B*BLJ@{ZJ!&H1)be%VkhBw8W(&>{>0)@n;EZg=~(H4)!eL$q=&Nb14n7w4Q3hx
zBmtBi=l*%FEx1t*XAGZED^8mxG8#B34Lt%E-{oA<UkmySRe#wbL&Es!U-~k}<;P=P
zq*uP@VAeh7S2_v;hKQmE+GEZPS$72BT5pP7`(X%FY*U-jV1r&B$;c4;W|?f4*Rr?@
zQS(LkcOOJu%nzr+#V#^ZW;5Zi2|6@MN_*XrT>MT!bbbjzYdV!&Fl}j!e>oi1#dPKt
z5)$`+bx7(fI*3NfH)iYrrJQWLHiP!zUKw@zW($*O(_D%Dh9sO2R_8a=W}yJk&CbEe
zs!1TY=cTjiWKeYZpW69YpvfT3H}&Mzi(ix<1!~p1iaRS|AwH)t@H-|1!VdCwSnF{G
z0TvGQPf#I`gImTlLFn(rDOeIGSl1ef8b3z#OrjB_gxV71DJolKIKUD6Kqs?j1^zx-
z+{TKNTewRx<>DZ0tX_W2EbaiTgD<OUb$q!3e<2x?uw@|TVfwSjZZRL!v(xX)AG_wc
z{bO*rlW_@{LIwXZLfrZ2rN<Y2ZuZ6cDQhh+u+F2GRP8BRcB+(8EGBRBorxQvY&4Pi
zOLSlUbvT%-h<x$><{%~qg^Cl{j&l?>aPQ4ZxiK((S}aQQ+?09%!|L@ia*_s&kq`&s
zn$2Esb1xzRa0!{IGNGknz;>B-X>2&0x+T-&N^av^kXZX}S7P2Je<^#wlj&y}_sRJk
zLb4%dZB)HOeMs3q76&v`)C?t~nEl|yUkMbX&cDl+|K<H<s4g3U-kRlo&VqmJvuvnl
z2oP2kk0fVc0oi8pKdE702ftP@=pmwvWBIWKJilnamVo-dwEq;<tjI)mA0!1~8Fw>P
zeQvCFI{=aG01-l}mMu>P=RGp-o@ufaBJb9^s}}vaOg1V|<f_f`FKGNe3v*N$T&v>(
z9=DA<@slTtyWd&4G&96Gp1Ue$_}_Bx9RXXi3=KeUdeaGK9xITG2tzMqtj;k>Iy<(?
zr6Zf&`GgsiG;O3E%4*2eA!J7OE-7zn9VE{HX4pA|0kl&G*JgBtS^eGJTW}u~nt;5@
z)VqK<s4NqtI0yj=Qy=40{+m`_7uB=ypM3`KE7w|fp3de|m=n(nDd-WfMtHhM(s)pH
zZ7P6?e~7buBoA#({gXiIt^_6+`y*we4*a*9IjmYOVyt@wiWN9qp57n2A_Xaij4%?g
znZY?mIOuJE6v{&D93s^Hu!B&q6<{^?{Yfh8#vrSS;11(%*ACcY`f|XeAYN_U@a-{q
z<}ucb+*8JeaS&1!#%&8_(f^$JE}}UK_4@<lKzHbe`fY`HPcqLxA3wTp0T-JNpLZAU
z8{>i?2?9GKlHNGP^&6DZ4-Z$kqhX+k;jJ|l9`BF_Vv-2Z=n(a*cK{qs?nc0y4BB(L
z312xoDcc_MwR`GrcE|~2vYap$jg0Wg)UHI2t%SKeS3O1zxC0u~GeUy7mJNyU-5$X0
znLNm*dJzQO-ng+<RK^o}Sa?pap8;`&ZL-FnIdfsZTZT*q6+JB9sk*5s)Xw4@{=O=Z
z-bQ<&6l|@S;nuqsJWyomyYA6_yRQJb&V{)+P3a#>0l83biJ|MiX3t0>9QWU$+H*zU
zACH5n>ka30R@Hn^UaY|;jpH_q5#0gjRJepDPolQ`l|}B*fu@D@%_)=1(4w_OIpLVG
zyiuO@m2?gVhK5-^BwryCnwyL|LZPL3XSKrH`~(>{cfVtNL<!)rx$Oe%A36x`xawCm
zD=<n*mnbVBU0XEcM5$R?c|a*PNyvA&Ah>IUNX~9sy_pHu36NiuvBCjyj+p=iWrw}V
zgM}ykhw#hEmPhA%A<RjE$*~v49)P7E))Li-!B{wSJSOJ928W@a!{aRS=IlJ1$WV_M
zEw`Dreumq#4pkRq1A_}Kd&S--s)YZr<!=2fLhJ7UNq<Y!2`#89bDi1tj2(UG2fB7^
z3jpoT>zRI*Z-_wgOUfZY2RhxdL4zyWJC$8aQ0qbQ4O$q{r$6N%e*^SKnXyah_s2eh
zBvEil*K?{BGfF0KBs5BFRlM6jfhkDM1C>=Zey0bM3SmzI#6u_LOA0*zQqlt*j8hpH
zJ3{b`Ia!zyoRih8wNqkeF|xgRB*>5832$<=wk~M4HcN<!Jyn*>(7a>nmb6um?yNU>
z{||VfdaU68$(g@GzuEuWvivoT&JEPaa{=W7j^%v^<pvt&SyQsGe05K#zzGPzF^W1m
zxSBh-x)A>x4gT-3FR*`e!&(1R`;X80|E&Edz2tw?{s))!|AG5&5ZV7;%laQ&)_?NJ
z{}0@MQ&Ij$E$2Vi08A~!0Oe|^E>r{qPLxp+{NvqFfn)in1>|e<pFP(9?6GnJQOZf+
z^@+c3%+0}-n3)M^Sk4Rf)g!WzhX<st!i3<2W99?~RMCU70JkfNfxeaBP+9&rE4K;@
z2OJ9r(5YG&l=Z8C@9UeeN)iZDi3p^r;sxqfB0~Om1>XOM1&pagg7~lV{_E&WIVo_f
zlJx&CA*hl9`vNYl;RNLbZr1ETiK@%1DyjpAYgd7Vzg$6?fVg$lxJ+MH%=Axm8#_CP
zJ{+UCgQ=sLwSy%w2P;sy6(8(t16ptR^(?LG8K9)JRYjzA8nWs!K!Hrn@WA(GSRi*J
z?!Uj6S`dM+4S`@BZ2z1G%8^*F2s~*-09KX510ie3z&P0dgU9}bCjyMB!3EwoVn8X%
z%c#l708yIifeJ0qK&D!#uMcd)YLgonC<jofl>qqUivWbL=WeKPod*Tu;QS8==NE`5
z@VFiS>&~+KDS`AI<EZSM|2&<q5%yoBiJddm2@aI4L7+1X`oC{|tbY)gFklS?9sCIl
z+82Of|97Yf2mrqsqo;bqfzkjtS-F`71pX`6-ZLxP(^^Yav*RI_#K&=%hAkt2!p62~
zN~hYCz*$24Kv-D$zzd0l1U6o%J`uziDW2&ME6k3VxHF+m_H?rf?_>4ln#x*@JQn{_
zOHj_-CGTO^RNQ3{k=^27+t%FIw%k{3y5BZneI|7!tq|d_!wfEfp9q5AjJ*sdmg~}1
z(9*ci^raq4&D8pgAyi?QLJ>=}lK<qqPGrDlf;x6WqLrX&&@HxuUxY^KWv_1<)|(wq
zjg%FoZT050wpD7@=&&v^T3=))v^{*(^#y)&+3W|9J%x))guY4+5WpclM#W|Gc3<dG
ze)c~7LSz1X{QSrPoPRp{2NB2G#a%6bJ8okg8yE1_oVZx#clOzRBtKK+a~9e=jCZ}s
zdzvTt><5hv6jtb)B4Nm{G2Xs7UHr3oH8mtpM6Y+(-Qs>+XFl$yStVysoKThG->cK$
z&LBKNiG+q1;Q=FQ^8K2@Ib>OkjyNmg5ysMlWLt!eR4?)o0Ly8@ysbb-!WTg>pz<5I
zEKT>l6UN7cdt3gDR0E|WGI@Z|1fwo>S<+YNjB*hLI-)5A{F=l$o=dEX(i0-r2(38;
z!&q{H0s=x_j*Q}4W~7q|O<ic3M5nmj_YySLh{6!|e2Um_93jZp9NV%^k?9aoPQQ%@
zb6?Qnv=h+m02EIOp1pquyKTgE26g?$uXnOY4ijSLp_8(_#eHVm?sC!2DFrgg(kIfh
z1if5;z9;pSyOf-i{>^Ik(Am{R+f?bkUvNFdxtyY^%P}XgHnlHo!tv(aIwz??^e{T;
zOP6K^<Tg2L5X6o14%qH&Y$<MCZreWlHODruG-KIa0@h-e<$vw2MV<?!^P4wsoDDYY
zH{?!SXR9(F!UuNr!k?7JK!LE{9a$WtYZp3D)WjJi5Z%EXr>%90p=RR(34|_36T23C
zzumDY|BVd24}IA=BQ++<8VQuB_mMVEBEgk<CYH!LD9IORO2w58eAbid<B=-lnPQ_r
zOT)PU0h~4%TM14uWWokV7nKUM!8FeN3gz)ADfopmeOUSX0X9Lf_%EaE!&njdRZ_yu
zSPGWS)Eraf%gp1=gQ@WjxDUjiGS}=5Dy<8K?I`MC0YzPqqjtW?R1|CKm_ok6ufI0I
znIi~a{P3AUy(Ah^#&X$NVf=Wi#NXiGpkX~JYXF4a-+XY@t^!xm)~c%KZse?l#5Shr
zfNyB9B=FVS`RXHX_k8MMl28I|^J3f<kuJjIOt_V6uUlrV5s%1hErW$@=u%I_)Y{*w
zMnQhWOn~)5qV1=A9~Bgc&@-Y(?uLHc^tWN?OdibTXa{R#{cd49f)iMg5EGwaek*!>
zL<hL|RUwqWArZ%|l3`C>kC^V6SX)MNmDkx-Ts`Uwl?C3lQ#1W?wOaQ3o%~&V|5<&%
zaguQXW2kwqdD>=yc$GqElI%`o)5$PMz&tag`FUGLuX<BhcPqo`#7xgB(Qs8j$Vd7%
zBjndO+)rwIaSes?X3g=2XUO{d7JiMjph*BBWr~#*KD{_WLwl_HCq3Oq3gZ2QGebs`
z4J>NjiXdIc;`B@DW**9o##_W+%o4F5;k69HE-1$h9&6<R6*UmXW`G;NE9&>SZaid&
zPYf7O#}NJ#J6MULh_j`nl0dDzk$7sdBZ8z}(I}(nPBCpbxTjvVthJ(Xu;)A>*-U^^
zLj+GLL&`_=L7(<WXt=vl2C|B(riGDjO-9*5dlJ|r3gQM;D-4C+XM4%c4%g7E!NC#(
zCIyjClF@owIa3Z$hz2duJdzkg>Mqf)R^`unp%J(ik^8jylJF-6h<x6R^N3_aKIh)s
z`r|XZu*wS3YuENE=q4yvW}HWB7Bb)!Q-~J#;uUn(sW15>L{&eiM9H+sx(AXO9jPBf
zexlKKF)rNrElQh1e1$3tUfq0;qnggpB`WO8?5-@OTfEaqko88;7zDp{r@u+({t)AK
zje(>rlWi-a^fM|gS8m_h<?8qtGkB-Wi7o=n;YVm;Vly{*Dr?Mo*tor4+!Vl391W6#
z&?;!DIa@M&6&GR-8-^$Ckbv$$)#?voE*^ep1Oo0pFq;3CcbH2<n!KPo3%C9*wb@(h
z*cw|t_8jju`@3<Cs`_+}DXc2*tvT=M0*t5#W``Mt9VH2(ziqek^TWb}W3TL${ebFW
zAb&2g23`iZl^Qi^Zt-DBS3ckjDcvsfXPCkSy@RR$#c{2}*Bgk?_}tD7;88%Q$$H%I
z;=IN16RJV)q;V+nLXDTwaonmZu$a8k5Qo#^S_Rm*y(q5-7G=NT(F?I&RDC!*<sInN
zqHI5B0~0;Wr%k9BOZ4F95Kjm*o)Z#nxp}8u7$PR6l#7NaLq~oKVMhSQ6xl*K$kxF;
zthtVN!wvshA*^sB#o-v7hItWG0b+io6KzYbOU?S^C?a@Eib^J29<l38ON)Y}s`j6d
zYR^Emqsr_^tw@yHWoJl?8zYq4kBn7-vo-d&mQBtkF1WI%!)|UzFGP-nSNulbP=H50
z$)=voPRo+xWk>ApEocG!o$zLvn96~ji`g^K|55isgScB>GKY2Y<3{Z#SfH{>84Z|g
za$RE$cOSklDT{w;>6MR6u}ds+5)Y*@54ve6ErhF^L47UCF?Cai$}#b9((BVFw+fxy
z!4AFZ&7{dOROdeAuI}RLX(L<KdykzLR`IhE$!5jx=Xtw==96N;U`9AwbO3xABOCeb
z?-);#?g9}Di$x6`!%k4n_1w@%PvpP*7QNi~+~qQ=<}`t*RIWE?t?R94T0)NQKQ@oo
zU2kL^w~eH1O|0o)c3;CJyw8wMup`mP3X{c)NCaiW70q^)LEsjWF>PpVZCNJV6&;cO
z_Moi!w#r9D=q3~c5^0piFCD7RJ7!VpD`rW_XBiIS7&Oqx(%TqU3UjWI8OG#Eb1Qz#
zx$0Wqkzjap*+A>Gpd?;R$GL6Z=V0As^=SJb>p@|O5d<QBBcE9aKaycVg!-`~ZEm6>
z1Ev&U=9kzv?8&wS?eYgNYDUEM?S0igl_1o^z2`0*tydESpx}6JQ=HFO++m>PNgkC0
zg@^GzkwmfRC%2(D6!S`0H0s-AK+aXqz{e#*r>LnzJUU--Z}Vd68mYJB^mg(bTk&Bb
zEF<je`oo5A3tGy?5zhFKasG7Grv|GzT^kVHJO15nPHx$Xv}Jz;jvd+R2%7P`2Y#X2
zvt$Z3dqx>2;CuA<V!yOpL9<@c6{>=;q-VHucigu8aV^Bp$q~<@VaqzRO=44f3qKwN
z4`kC5y{!r<Mt$#^13E;2Naf&s%!CN!RZ&7TSOQJC8X*P|1w8a!`E<&h$P+>rW$~1W
z{G#_9RpzSi)UL6QrL=u@UTJtk&X|fJQwxS3-9g+O0HF6={!MnU$B2~ksA%v+G9~+z
z5DP<KY4=?pMcME}|G9Z=@05l96_}AeX@Q9r(<d$hyOLzB2J%g*3<Kw<cv*Z4$N_Z}
zYm_h{Q4$8W&VA!IFR3!5CgGV!hOD4=Po81{{oF9X>^+UXM2ZgbkAVD<Wu(opIM4gX
z9|(xv0QkCMf(gJD;_B`j34L+7teAfd9k%2t+5UIgh!h%^$~nlNi+hPyLXv~S;@L+?
zL?HwB&`x3TB-hM0Hv)g^T4Olzy2Cl?@^xl!=K`^%lIm{C)TzQ+kcJ{(K|sWPm6VOR
zY<t)4la<bKLRlJgo7osCBs)>PZZZ3IqJ7;203(ONH$m%*bZ?6Wu<GSg>S~@sym!b3
z###<CNFz{fp`lH!{zbRlqCX0I6wE<<!AGWOkAuLT7!6je{hDzYh2>50F*LKFa14^~
z_Ya+B4!NAuMLk+g%H_yGUG==3Yf;)&^9<D)%YQoZI{bjRt3NkDaxNLDsQBR`o<gB(
z3P7p2WozpdTH;W5&904c!oV+>t{0UqAAa9OEAAtPIQ%7AdwKu&;^yNNER(e5tbV|u
z15?Rhc{MP68m?+;o5m}MP69VM1>`7iB!$ozv$$(<4V2RT^L%#86+cjY8B%|IVzPIL
zSb$-D5d2)k*6RwQ*e}ZwbR}e!IaM8!1+Wpjq?gh&6`_IFM6Rom=OxzPuO|O|c^lsB
z+le=D6G$fh)v*K0jqPC;OfjZUJ8AfgDxIGLot?MawMO3dSpQ667C5$}D9BWAv@7R1
zAr%%lkoe2sj^l2NKU`I=>3+z9U^7BPwhYRx8&xV$4wDG2L}e^d1$7S2D{*X|6yTOp
z#@q$5WN)gh5R5r|QA8GJ142$6BMA_@yg`ZN2zjNR6=iuwZS9p3A8Cj};1(a;|803y
zeL1~OSF8XzTNfku2Sz#0(h80Bnc@^^oc6?y$AI@9Q91i8U8vHf`t;2@%Zx^{61pwm
zVoa8w1fMqlcbKR^c;`1R&~ETjN5H%BcK&zaoJcUv%BcqXcee#N<+eQPDih>o>F>>t
zfru9Z80@?3b-?EpyK=&-s?hi9&*u0hmBTG01q3hGk87)e$-KuzT~}*wdA!LG)%I|4
zam9wAbHxEB7XnJ5B68Dnr=gT03QMb`^yA-yWrWI1lG<6ycKPn<Gt-6rSAZw!@{DK|
zuNv$`sean%S(|zcw;Xa%A+W@+9ISpaW>`{cjTtpPtwaQA?a_c(j7Sp^TvP9hd&FKy
za1p!k6ijxEJ<a21%nCsxuKTJJ5)M|PnmzAJxM(-9JGk&a#P>E^ABXnhaG$=$3ce0v
z>8)T_wqx?isUF$-hx-ZGM*zyZyO?!wj+uy8J8rYwV;XBaw0Vt;6Wp5FxsR-uu)HdR
z5(K<uP0XxLX>|S)(b4GG;7+kUEF8!m1dFwUN!|uOJ%dAmEEA)2(rquA8QM~PRdo$n
zCa4F@kKCp?y8|0<CF>UxGSnJzvTYZ_#xwnP(M8{_jO_5VCc>v<GXY7-jdC=)iKCKW
zs2WU{F40GpG-&cWNeOMan0SsyR#e0Z)@OcayCphO(c_8s1eFhvas%}YczY#QNyOl#
z`ZmJ3@ok~<gEM<Z&jL}y6AKo>d_paU)NdhH<olcG>PF0l^FP+V-b&{vr~|%|$~$4H
z8v<QcCD-~ZH#kLaHwbX&nl8ei5Un8w;+=hJ>BQ5>^LaE{>>{}l!j-yzpa!qCi1|z4
zDBJuyu3JklIa)$)`OkqDFSeHy++7w@q*WSHA0cO*C1vlktsZfE4)brc(Yn;C(kF%(
z$pWlezm$E!zGo0G44I_-zSp~~9{!F5Lg~~gup^@)=?#2=LaYS<ty?hendP_bhsQPo
zDY-KCh<xW6#|Z8661Mtuq~3S0)upm9^GcnlTehraU)`Jt)Wk8Xaj>pA4g^=V=$8%b
z0?F_`*xPfWvS#e;;Cxfqt6TTT@Lit{=9iYiy??K?g5Er94#1~Yii9gJHqnE+=BX1M
z$=bko?Jcw-<c$J)m796{_}L}!(Xg=4_kep)v7ov2y%KTV@rEE~!3piDrGI9#`44HK
zK;BnrrW}JPPqcbWRGs@1#T|_`ofqb(m6eMksL+zcz9v=c6zOOy?QW~N&$bBn(deTe
zq~X6<24{$W;6>tzJzQH?u{{He3f|of*i~AX$2QwZlPZAjG6-u`TQIKIEUIf*<&}z_
zQT<gyW=^%Gq{m{<La%^cr9HPoIn~Cdm-WioUvZ(Sr1^9UiHrU`qC#+`qr?HHM24C}
z`(a%tI3II$gX`tOL{d?VT&Ag=tFIMbFOaj+Sjy6!pz=aMj<BNIl$8V_Zmlg;21LcL
zfJ7h_D;q$R9y5M&bN)b!Z}WB;22*H?hH8E@f#5IFsS*os<s10sx})%Tgn}Z}f%yD!
z_hdbJ>@O^7YK?XT!WrxC_(x<NKc|v`133xA#l_a%LAOM@8vHzOd|7Kv&(aPOOQ@?t
zWmT;3j#<}1_C<AHTnMn1h3aW`N<E-`uC}S0ZV5Q!p_~X4bgEr!dSG9S=$C~k$pa&D
zN_3A!;BlY6d{7Kp+BZHRU+g#bgt649PdLpeWw8<{&gZ<(+$=_nr8Ge%LhGeXk|83C
zl6H|kkkl6Ak*)0S4!#(b=Vic$A55%}agiAYg=1Bbte=CMfAS%BYp>03g#Qw^;2y9E
zSb*YY#bn;{D_P;B{hHp1=*9*K2_v}J)guwKCBxh_qM4vKBP8TiHN$q0ZfJh$^O^gP
zjZ>SH-Lm<p5lQRkPmE=?K@M^xyME6Yx<)P^#glrZl7dtG))f3(3j?Q9xE~!`(S5t)
zd}s;~KOu$-f|F$DG2^0^2=VLud2Y6^=m43DPNHQ@iLdo@w{%}xN;FQR)rm|?63#7j
z)wj16*HMuy$=j#GM3KV&mb?*He>CQ2R8(|XM6GRESy^pdWkhfG=J0H@Cu?wf@Z@4{
zcfhQn#R{EymU9VtJV(PW>mEy8HdsW%KwG1{i?fiBL&OH`7A;aF44f<v=z3p?0l?B~
z|7lC@bJXUuGwBQhMfCEPui12=50q<C6-AOGk5~cHde>+c6BF+oPRKfpn&1!F@sYx5
zWANS59|OPbAMn?NFo%ZRGw@JHfph1aQ(2gh&2YG)QH8Sj&fy_(v7|bA{ZH3DM1mj4
z)5+XJ>c_}KFQr_%d#t*)^EmXwHGm1U-Q{la!0L478?j=M42nSvIb)PmN_ClAr<tF!
zsKepzLx^|o7@A9PYZ){bftFwLo3K##lYpyL-rOL^LKyr(l#t>gtSU()D@N{u9L~dO
ze+O=$pi+u_{WngB0?iDj0){rM_I`2v>`dwqi}d8G+8|F<QjV9YbxNkTApoHPk=6KT
zg4}%0v}x}AR5%iPRuqzD`5lcPg`j4>CKyI`Mnw{=7%H|gncux}2^!W6%h6C}Z76G=
zy8S3Ud$Zthv07;fF?dnH{5-lfTt;xob=tjJ*hLZ@>4Nlc<QAuHsm#(QJ%hbsPxxU}
zsu*31k}h98Js+H*32%0=Pr!+JT)Pfju$UN9d30pEhqan?AioU2*)!=e@Rxlrp{Kfd
zw!DpuBQ&S=lT&Br^Th0AV`Q17<4e{W`s&9sR4ZgXVawlBbhYfMQ*co>x)RqO40J%w
zV@7Wk0I6ZzQlu@xb$a}kJ(a!%3Wq0d52TGh)&xmCkAB_+Yaxk|A3%d2Rl-)Ia@>c|
zsf`vEyY$DK8G(SVC*?FA`}=XeJj1l>%&%my_I2Oj{Pz0NMvUn$3}G&pe(ENm$c5d^
zCfE0Ugd*}2UABo5T<?srDX<qA?Rjq!xT5*kvAgdwZz@FzKNmwS#$)n;$nR8K$Ma3}
zl6(bmt#FAo5KHY~L;#fJ`VWxzG?}Hg$e?|Pl#Z$2OCH(mUZa0Sl0?h1Rf`x}J>RSu
zIpY-A8$R?Lg)w*&qbgXqBfuiZsKm)K0=o}M2;Z2y=vXzg2NmfxGlW3PDkgf&+6-8u
z%4jp*=2PS+@jP9WX}wd^6Ae<B{gE}5vs{?rdkQd>vDAl(9suUkZdIX{WObLT5KGba
zJJ_RG(^gdBc29NXJ;ay0zER)gSXq&Y>ab-4hNWh|(bLJFcH7dlSMB#Zp?bx<_qNIZ
z&YO8o;Wf72IBMiM9anVc4@$^w<x4kbh48`t`FdNN;@}kL?*O>xA6RYm*!Nc*aHNIc
z*d$(j35nQfz61zvMB%+ri+cDIzzKwx_)|)Gr@l^i(V%e6z54k+INoFXI(Kxwo^S_F
zPCt`eob>eyIHeQv&G~($JzQRh&QLx+83`NmyfC=Cy-z6AbjxWLjnjH1dLYivVHDK2
zYALH^wR)<rn1JfA-2!k1p#y#r4pqc1T=Bo!@L}m-AOg}ZvH|ydJXuJ21c;nfA!svl
zY+m<1BS`W-zrLY@m&&#aVm{@&Met+M$CPZVbB#ep;*{UamvI5CiSt^#1;c=~NqV%k
z-%>Iv;ZH!{7t))o8l3pD^M^qi2?Ad0{vd^_uZI@ltp4!F(~{#5BAWWfg8%G<l52+#
zfN9{9`vC|<8-Xwz7j7IUGJ}EJMM#`viUzm8Zr#tHx#=ZM03qC_(D~ayK7O6W<+aCE
zr88pThqPkHm3h4%Harj_p*B3vxv0j@Cb1L(|E>Oo=(C@QW^%MP530WUI<<aEo5SZ*
z=(aVt@lFqX=_pE=Kp@chx(_UKA|6h;qc3ma00v+e<hr7h*EBw<ToNh))d~f}n^vlq
zS=K{YTLa+db|Fw`1Gm5Yl_p_9;UU)%H<LKBcydp)EXthQY0}4^eYTmdzuqxvS+k45
z2;ueuF*pPnt`Wh5z@4&R?*?)NVy{h4#)48CCfFFiy$;X87k)bJUVD`mVESMigbBv>
zEf3JLh6U)#TkD|c7Hs?#(sFEJraND_+;KC!g>|JnbGv%##)-R1h%oC&5%`yJnZOF`
zappPf<e^)!$L1ZUHxi_q;OZv$TaU{O#)W*n*<Z^q<>|Io@qlRuei`^ojaPsqPJjTv
z>@~mwtE0`Ip*i{T0*m($H?^fv*xOU{yBBcMr1ne0W<Y-F2v=rJO=-I7%j7&VVH;Lj
zq5X*)79PG5Gof?Ae;1;5sXC&^re#|23uPM#JeB)t5dMUGy0WQexm7u1W2`Z_;?q}H
zxu{KE^gAS6pt9}k!!64l<(w$%I|xzr2?_hTcJ>OnIKMukr4RuXP#rqG;3u6z<2pb~
zWo1{p!~8VCs#eIjHJ4AQE%I+ne_jhyFK*31o!|%l@JElhh><Gci^o~q=i~Bc4Cvbt
zYzO4z&QNdfOeGc50pvmfb&3`EanGVshEf}!m?<bi`-YjD2;!IZ(1jrHfFhJLpl!U}
zar-<v_mk3|{vydEaL|mH@bP!rEE)hXO~oDu=XBNX^z@iWbzHlV<x?b{Ya>x@tEDd3
zSCG3r9RRK08@U(I`+e#o0+(_)#6m3B&Ec^Nn-_*5C}*~Lu`duw3Y;rBj8fybmsJWe
zYX+|`6sP*f$fn1|YEw6$SC#1rA?pgvk<7vMo5B6ocaAp<`|S(rNXL1;{B3}R%x!U*
zx6jIVV7UaZo!6p3xmBm82$qr+4;MzkP|Uo8Oam>oh2boLvUapPR*bvyOB(@+mdBBE
zK6ZBOA>vR-4jbAc-YC70ULLn3D`Pnu!D>fh@M&w^SioA(4WD!w%43lYbe$`0*sUTg
zpL-7Ey@mlmX3Eqk_HS2zcND;Nofq))Q5ytQF>Oqe?r8&_0}b}jNwpq4c4RKj=7}mM
zBs2e=Q_xiaRPkBR5#M`wkpIIhfS64Sm8O|d^Sb?GW!3e6753F(QFdLw5=trEAkrOE
z%+N@8he#vcNJ$UfAR#FwC0)`Xjil1u(%l^gpZ7iAdDQQ^&i%*CT))|C@3q%jd#-!#
zz1MHO7}V2s)~val40S3DFoW^5MFXox;hESGN{QU{q3*CckZePo_{Hdp<Tn&_)<hwh
zoZGBFl8fIOxW~fHxdYx$O%+|I1~xG5-d1e!=6V`SjU``0X2pz!+nUju0ukOhEa-d*
zOcywYdp~2<ev<A`>MQMJyfsjZX<GL2Zt$|@tXot>&6_e))(YFOkUp9o`LtsJepHlu
zopNCH?v%0?<0|%=nhcLwG~k=u<mf!F)|^+*8Ag!LYT8%$^59D$muy=4r81!3#Oa3Y
zh}_GCO@1#*MO=J5wx{1j+}|7u@MKI_-&zy?e7bLMC{NeZCWI*2O}Or9r*3r6DQ6(M
zJan7T<}#L=6A+O>o~UM=ujih?^ut>~(Ny5wwbRR`Hm!b%+Ajjfj(ynGS+c~kYwY@w
z7cm=qlQ`cI;FG>kC1~^0Ryi8lY4@<OVW~t+IB9A5ZhxF9Yxk^ayJx?t_J&YAVv~CM
z%;7VRF-j>}wXUCh=L|R)Oc09<1dFdAnbeulq%?cYNBQ1&BKlNKD+kpBAw7Yic0y)q
z9=hZiG&vQ-_g^O&e!LjfZDizg$h|>#L8J)2YGl7Sqvuh}lv?EipN?dAhHD9&FwyhU
z^QX^#N(ZgJ9{-S!d<cI8Q9O-EP$EIVi=Ft%_}?wz*vBi(2%NEim6wRzpjgaX@dOr9
z1Z+GR4p|O44tWj*4n+=S4iyen4z<|Dl|>xRe|FISwN)ECv<icRK>yx&eT|~3Ix+s0
zroU-IaulG83;~NrNLy+6N>k&$RLy3V3noQ|D60{>No;-k0XQiTN5-ddb`%FboU0dT
z2uaq^Wj$0lYWDns$+4fBBxKUx>%OgbugOl-pHk6R(`>u%=M5qkM?*#&7f`OZb~u2Z
z{(yro-y(Y50PZ~fkaxQ753gmZIG~y6;mF<Hk4Q+M?}=WK9+&L5ZYp65CWG)%32QGV
zWREph4S}9lPp`Y#4ridYS0J}G?LO{f2CLw7z{LP^&|==eM{0UmD!~rqATb*>tjJ*J
zIr6VUq@1mEAZmNx>n*fGUzk)oVs+DPK76m^e&IR37`GSUk|j}H*Tc#A_F?NtrM}Dr
z8N)Y7>Rr}$kywsWsP@mCXEwfW_Nje*7331=77)OpQQPfy#E{Njoyu)_Yt`4m?GU?;
zwg$K2^vR@Gwi%_iz+IJptrE+GwS~7OVu4<joGk6CJi^G)>wA>z!Kl|8nJiTNX$PL4
z^x?(o%Yn?B{G3s%-sp<#cqNCt)lqZ{idE5p&+5uARK9;8SQV~Q&iz1QEFY2OKkBmO
zDJ|>yG9p`Cse06Gi+{_ZHxXB9I}bSO7MdlSSN_3UQyf=<L|GXf*|j~<pfBh-EYZ|%
z&>MCF-NBni<u$XtLNOt62uS_0R-ph7lE4glcQk)F5lldXNg@X+0M_4^j5N4QDAP2F
z>k^+1<=tkjhtKo6EjG>V8yK4Y^cvzDiU($O6%l7GTh$@sNyN&=el6dRoZ~#(nf#Vp
zx#=-N5AL$cneuY@?(vPQ{jI>y?-6>y`6M_n2JZ7gKi8jM8ljmug_{nF$DRc@90uXy
z;gdw*mSvN%tW<HD+vn5zcUijBVWSKWSN8k+qn}PZfmD;BVvAe6Q#FD}>et%@A$j8V
z`$y%k*wNmy?BMj8?FKBcM7RrWWcf;uX$&D<gzL4u9vODDFSt@3DkhvQ{VL`_Ti5x)
zM%64bJQ`V;&~vZr`<6o<(wHfnvvWVVI9OauBZZ=8V;o~6Ftqg)CrV~PcbZp=)on2p
z+UZ_u!by05AdSH1?MFT-QduT!Xm6b?%iQ{;BTk6-Y{&&yH-w>G+TddsVg<FhZ_s8+
zaYieGgrR8)yX-JVtA-A0qj@6QR{+K}`oxB7b`7;Ffc}&8ff8vuD!~q1B`3D*<_XP*
zlyqHYx6S5-9k|Qe_K;3CT%1yixw?D*%X1lad4iwlsRImV1ZPVvC~H8^&q$4Yd{EYy
z#gN)GKgGoUlg#R(aToOyEeTn}4HE~f{i?o>l`~Pgn<9K|rPgNECkM}(KeVsKvX!B}
zzjI<v^zPv(Z6Owy^NJ9I$FS<{O*B-G<ig*8jYCh1i3I1GZlyDynQ8hx((FESSM2q9
zu8K;wdDVNAoUH0v#FHlyWu9}0OzzJh9A$T|7t|CTm{ThpJRxW7_&s5R5)e0@*w4W7
zn4cL*Af<G1oZ`StJ0zZFqS*3wqBKGyRQt8%llLfweCV_Z-}m{P;mVEfuf(1e=ob$6
z#eymvz~D|@_Pd#QDnc+JhfmxI@TH&|x^EEdmQT7P;B7@XX~%dk!OE6_tf9E8u&}sh
z5s&($6xs{MPp|5f%(XF0klQ(=D$-gdklR&G05?BFe8>egPh{79iRQA2`|CD(tb%jj
z7jMnGJulb4StbdOf(Q4vnqA@Xt%2_uU+I;1V_BWqm)fvbr8IOHTuI232;42LRW-{v
zE*h&13N=d5FUszy<n4yx7=k^LeRvx`A5c@YsLO`)6|3+16F+^~wK#)R7$Dz2NK&e5
zr(%2{-6OW~z)|vy{<7KE073RmLy|`#1np_Llt5U`7HCws5dH*_OW;vQzk)H=+6R54
z@wA?gCx@(k!e>A9p|AK~1w^AhYr&;tgkWVFa*D^{WpSmh3QeYXJE!NQ_28kz19`Nu
zkT=GBH;C>W$}*k2$QHqx%^7-iKH80Gvy&*G7`z+y=dsDri5k)KjGOJZ@hdeawAMIh
zmS&keRVkFCm~daS=v9o2>5rK2Enhm3@Map#gdIIp6H#Zh=>4+tb}WW%K-rb}NGRPl
zwMJt>!Dn27Sbp)otB2UNemWws+3u)+M&7GL<Z?z{I5d*BEQ#<$58Cpgci<Uqg{l5}
zQaQEh1?v2g#W229GDZ<6!$jUbK~<2aC-dPfm&^J!_#K?*&3OP+S~wZXtS!ABXG$c=
z@{_=PEH9Mbu3&ZgG*%0W-TiR1uK<PWo{ff7AzWToUO}OkhGBQQv1HhC7GJA*mCDJ$
zeVLB!kZtC^x{25F)p$vEDifzNe)|=-ZG~o~$NncFo^mDOta?7zQ2k00M6S9tj(JU}
zq7g)@<taSO{D-x{jHeWxd}Te7A>9P==<Qftd+PQ1^O8+*ETx4m+<V_i*y$vtYd^#!
z{u_f)_P1b%q|;(u&hJLsv{u0Z7a}42e(S#aAPqeMy_vV>gNZ@3B6yNEd}!n?imwJH
z2ct<Uvawh;=!nJ}`MkuHCg|q%)Ko$WrV1cp_Res5FZDn!$*shVkVyivGx7v)a^Xb!
zPD-by$NulsGAJo#@bDKE;rvp`8OMTASZ0H<cr?#p&IT`v9;LJM>q3UrblP8fe`VZC
z-N5=Ja^O<T)<7DEh59Yj*F_@Moo5TbQ|urxn>uqOsF6KGOyZTRt0+&zG1eaC*VMGO
zr_qyeG;L9>^us%OR{PrEuTw*w%6@LA&k<cr5XT!o*)^vXgB?#MWblSIiE@W8L^g=L
zjwiyt<}QsOh%5~z-7v>quXI~HQy9<f%j9f3G&#j_qZ6pa9uC+$p-%aVh>7;TDd&X<
zM&aguPrm79P}DW*I(n6lQrkCa>bx$|m3m1tcz;)D^`V2D?sfou57x?wQ;^DtU#jvl
zUuVzM3|NWzW07PbD-$zg2|irqo#c4n<Xy>u6E0C#v76Qq4<cXerHun!=F^Wd^FOZZ
zKgy>vjM<M5_6#sg<COOyX+F^O^1=m%<5H(eB<5%!eB}WRPOIh@RPVPZ7k0|!Nj=Qm
z;Tj}GDRXF4izb?4SW8de55~!nMHJelU@u=0>!4a~+_%K*XZeNF+y>G=J|L#%PQ)N=
zd(#w*HS##-L@)~&5#ddL`~EJJ>H>cRK%}KFagz^FDZK}d%&m*H(*pcLvWriKv<wQg
z%2T~!Kkajp42Kjj;Ebh*<b`@Tb?m#ofm6QkE?5|3D778T{K>9kN?j7^r&Ox@P_!ql
zQ-)8Inx_%JE}+=Kv~}&#&=4Krh_zL&jHra^WK{L)nzbjBj?htbe_tJgn_5yP##*e;
zBN-jQWmQ?4%^-;9Qxr*U@{sdm4@~ZYoDW)o3q;F9ZbJ&=bniHyb$UdWX>$~|JHm;c
zXC2DUhM9_#9+Xj3lFWrlU&+;oLlz@7e_llJeS2K(Hc^iU_-YIEb9^*=JO$Y6UA>A_
ziQ#`X=H$Q1GJ?;PH04S{vdn3zleLR;?PGnvy-=ce`|Xyc)l!-+puD1gi^`ecwZ#c@
zY<G{M={vDbvM5SVlyP#6HkqXsqDXi+d(w-|0>))Fn~$PDH!pC~(BAvUIw4T;5ehX|
zxud4sxN$xlEq5ZOQ>~80wy4zXx#y0c!2QlHX<$e6mF>oN-HSdnBX|Ne<3)+lBJC{U
z*NA)yg3)}-J7m2~p%3zJ55?VdO0^1+Lgw?#RnX=onv)S}O4Dq4-Tf7PcP&le-JF7?
z-`dWRrK?A1Go3k;1vKrqJC8rsc;R9RZRVhlvYD5oao8F->R(Ap9C{)-Lj+o70<J;?
z5A~?uNVJC_<d45dEcHM1XZY9}6bm$d8lH582mO}&;(N#b8x?F1)EFW_=C);(mGSC|
zv2iF;`)-bn8Lp-W@RGX_Qq%;8@1CffAnTkLm74_BZx}Mq3y)mr{XD>@&L+P@=0K!^
z`d~>OlE&b)kP_;P06K9`A3Zw3lU+J5ucM<7S0~eG0}!K_JXB_6ifZg3PhxsZN%whg
z=^3}(cp>Y$&DG>mHO94;J=nd&__8w(yPPxhXscJ&)jpcGvcDXHUH&Bj?mi{WM`Zq3
zbpUey_TGyBaC^j(!3u?GKo>1vvtwrj+v+Jw7o<$V_U7bW;kE{4>+Aby%7wj3$}VhW
z16+sg#vjrQ5~Yu01gmb5<!Y)(?Su55+_x9+Kd{YhP++A4kz()R$q4OqncEAQDtgbk
z+utCl?Ch2I)_HdpUEN)X!UrOr-U6<NZfEy3hK%NKkZF=9^HyKw`yb4$yDW+CO{ooE
z^KxluPRGvQPglL5vlTZ*G>b@3v*5T#UiWDf92gLhLs=Qr+s!ZLU^AaORJ)wmcx0id
z@Z+tKTO{p>L&kjG>3GTRiRZU@5*xBNO}AA525U@nXULPCF@J8o=kPT$J&L1SoFAq?
zw$5xmS+~$OI;gF;$N!XejP}%bN)0avxQ9jidWe9^<c+U5u1cKsc3=*uuigupJvF|y
zgn%cWbF#1wqY<`R38odlTYKT=nkpBjyMDM}FH>H2FIUq+6lG(s0VCh1VBzU)IEc_*
z{946XD8<gSZR{`sLx%4~#8*n6e?I%HD`(j~9bL&%PEQ_C5!vU-w$8@yC7_kE5XGb*
zT9oWgOFJT(KaZ_SK*K}oazM73^A>OwRLG&GB!T!&vTcjTIE+Q7uckNCBC|lnIg{{A
z_{UHK%ne$^jziSZ8^m)kA?p|KztEo|sskyxA5PDAPOYIe=7j5iU*Rp*D&2#B+o&2P
zzop&Z8f#>D*bn1PqADhA3M6MFv)7Z+$bMd-+G-Wk-5`DX66XFG@3Uk{eq0<Z%;2Jh
zo-ZZZg5LsH?@6DJx49d?bu@duo3ZU|7NMP!n|eEFZ&A0bOC9d^oMgED5ozgTTTpvA
zF2$G(!RO=La3gp`UZx}}Tz1Gn^+a~&N#pqS%IV^l7WJIPy7)khkldO<kpM9>7gTr8
z3+V0P5y1;Bw&okfr#06n-P6MFE^R8%!Girrgp)7ek4&OAj!|!#si_)7La{h9g1FG1
zJ~_I>xT*Bqdm;T(8E~T3#&;@sx;?>*+?l@7M1E4Wc!vttJbCGfNusqqw*Pu1C0TQz
zueC`sYUugrGswP})%M;X2i?U?15b45pvTnkY~<wG+|oz7i!B}TeKso;Pn!X$iDye_
zcRtH`G@l|6f(iIhMR7t5S}nM{Z5PM(y=5+M$<qX*(i7s+{p|ZCF|^gxG&Nr_2R`;l
zDue6yGw>+FD_eA(?qjq4mt(Od3PO}0=cS)Qv5^}W<(6>YeQG)--ZDsMZREC|ZljB*
zu(ssz4;E`?#d>yT53O;z=n=d-Uz$rG@~wYW87juH_LAwmh9aGSz3^stN8Ks4dDNjG
zUG}<m?BI^u76m0?EKJae+o5V-`<yN0OkI$!GS)F1t|s(N3Q2%C&HnKwBho76glJ9h
zBe?rVr)owDI)a>p?1UA3BPu92KO1*F&C*IvAMg9r_}SXQ!$$~xzNrM^9W<ZWtJ{2g
zYKpz;XOB<gZkKl_>NZ*`{j)pD23pHMcAu=f-gPyNte4Jn?FqiE>GFPZcl!jvvDJ*7
z62ixr2WQ)f5*2!3Vaabt>8RjM`z*5g_A*U=VBKh){J_8P8CI)?^|cDYAhJS3$RiHf
zcTQr?jCo#$ma`@P{F_87&2ss@=F;Z!`Qg;EyGs;hg9gU#rqx`fgr9a|c9wU=UX$L1
z#Ic${I9NcS8zL}ora~u0w_*9Gc`ZMxW6ihuDDXKUiDe$)Wa{mj-kpM3f^xdI1i;Wy
z`bs~3r>le2w2|mfIm?-~6}z^z8%1u5@{-@XCBG9$K&<0X;>skPY)Lzayr@HjDEn8)
z?F_skpMc+vNj)2@816y`YP`&{!x_E({PLttH?pR+hpsN?lCE1e(1@<nI6y2np!0EO
z9x=S<OW&~cp^P0Y;MHOYBO8;5Jy<nGFGVXw&nTI#kF|%k=ll1*UNt0Q?YQ@7-rGy;
z5?tb1K%~8`P}#w5_Wek~#lT64>xgRg9+Qb!fL0F~(__IxiadP?RTMWMn)fBDsQRmN
zoit5apC@ZcBKNHQng&RGBH`=6?yvL4&HHe#^em-y9QSMWYu#ZB24my(RU?^d@qp}0
zDmcD!gA@E>sl&!G{;|xH@E`XV8^eb`QagP5v$fq}mEKj`r;VjiMEL3<3Z(RF##xRX
zZcl2S^LlPAjv-d*C<<%$`r-1oe{M8(8P*e0Br@oaxjhH=J$v>X>DB!74~9FN?zj(d
zBK%C;YLHrVN<BZXc?0pn^?FQ-Y|Mbwmk*(p1)&u&TcGmXjSHRZWyXlR<IMw%Bq|~#
zu_t0Cz)g(xP&Q(|eQ2&X!WC2zpb-8-V0G}aUWQGAY-ZX5D^q?nevo*&qU1YTUD+|o
z3TZR-8y#6QNnvbs+NDtQFfLL!N$LokR`oc$-_$Oz_-lSuZJnfgsKwM)<&n$#s=Jam
zjfp}ZbB3cDCmX|MKX~J=COvcAb(K@DOrl$;qd4BrrztkJHZgaM<|?8s!Ko^LdFGf4
zm4H-3)OTK{P6zQJ?5JB(-tz|W&n;I}R49TDd8#tY8p|>?p6)-##>_T!;NNY4mwa?B
zyUa*qmQ1nk0sj0jyJ@)Ie7VO??58AxA$9Ym?mV~FMf3_K%&;cMKZ^?*XJ?U9RFtcs
zJ>zh;NY`<<yUhHVW4UG^ndbGyW=xKZ4j3eta7=ja=tNkO`+8C=av`qm(;%0*hP<PV
z38A!pEdHhw|F`<@A!BK~))qD#a4W{BK1H^Io~X`;;_=cSl^UkE9V{F8mPdwTagAON
z)Gd#vxG|X<kK#Nn3bqLe36_cw_SyM}Om=*hY&s)g=C@FnSa~8Uhrs`%VKva|wL9;G
zYoX`%*<~15`U^%44U~?JjjkM&L!+A+%9oZY%G!8*(=d@Ro~Ad=jKj}00k1f}AUS>^
zc<WqIWBbM>gNsLi8zHBHi59hDICB{Ht;Blkv@Whc*m6$zXFK&Wt&&vvl#ryKH{~i7
z?u3y`M@~jc3bMIsFhnU7S4r1LVSS56ssj6jZaVqII0M2ACdskHj7uO)=<AS>?=$9A
zs=8u>?LCx6wBWUnaNpv=gpa}E)hO%S809If%t`DKL|XczE(yVyZdtoeZ<}d>Y*&6I
zJ*=b*Ps4HCz-1ymOLnB=typaqnuRh%ae%N4iwg8!sa}suJo4<#D+&*6*igu-`B)BJ
zKu+8;ja=$#YH-uUt^wzm`BeCrfLzcm9SKOzD0XBxCbl5vOp2}-9u*t%S;|O)-|Z=N
zhV>r&pmVLCt67N3>XjuGPHgO!Aci-ds>9`~WTdpBt(<M&rxMGW$oZE}c|4_j4SWq;
z&G_YNtD(JX5mjFD4>ed$V<vfQD}-IR!UWyDCEB{vZ3Q2-a)iC;*I1%x^oXtPkF?xV
z9aSHz+`X><id3G^z@}qW+@wuzb=%-IlL^%~dh_i5?XyJHosw*|eMSlLcrudb@gz+$
zO7~APF)t<l^90)bhVlQU5D~-{-C!a?AF|JyZWJG~n=o$`WA$%e;y{08H~lLy2pU^{
z3xk89|9;x6?y9O{N(lF9{E-)4m5mjf>B?j=hQm9}Gd-=+n(0gC8?0YdO_|52HHD1$
z1ks=e1r^OeLUC4;;B7I60HS84ri5K--$s&+b6391OkL@^1K%+n0v<pAts&;U-Pc+7
zg{J1~hGuuV@X>&1Nm`LxT)1-Vo6J~x*6{F%OIpt9E2z-Phv0Ud4xADaqb1u|F9!p$
zI5L%G`c|8gNx6FSi>SwYc0Y~H+|cX;LCPUUTQ^u+U4iWAWH7JB8a?4R;>!J7oJ?CV
z2KnTo$bQB1+srhQRPrx8y0<*H3~W45Dj++L03Cpy9mM&%iIVD}`p|Ry%(Pfs9I`J*
zml6^!_xpHH+rxtu4rEf2KBUC(FtAaB42?}xPYN=|ED1Y{bco1cJ_dv!p?*gCM3Mo2
zKv<HZ3EHtKeYk7-p`n1j38*jeb-z_tdQt~6z#*|Fv96!bMBs}zno%Ht8J(KOSUQO%
zhPdaP{S*6VZJC_CVfY(!4&E64aPdzONVN!sDB5vNEW8j!?lSwqM4=fJeu^F5i%EUE
znLTICMnTcW_m697Bt<<xvy6tR)V)(Y3QP$v>b;S>!GwG~sfcFeo;e%r@I$mNDYPjX
zQ7c-{QbJi-sI6|=V^yzS7WXt1*Qo~Lm44&VHX01VNu{3ON`$9bI~Wbddwmn#($KJA
z1{%axz)re(eOSPRKU9W9A&7j~w9T3w2!yZR`g4WR{0t7Y6Ww)cC!$?^MzcuZvO95J
zg3VNlv3@u7{3tRRkcGx;ZZKhO(Zc8N)5sQ?$R_FaNysKdO?%X5aP4yP#g9u`BiD_i
z_olX}{fW7Zz0B}&{fO||Id`Nx$HSxV-yI5`v(bY~qSZEKr)PaL`BItnTbF6!tYqu&
zHW#XLs*IgHbQCZsqh^twu)JT+dd=38+qkBotwCNqII$u7%)~*ZuHdn@Gz+kcEN+Zv
zB(Q&W_Vn@ibhkEwF5Y5gnY0~|;65>ZGs-3Y&JbhHiy1?BFhBu)DrcOC#q6UCYR<#y
zl?opyPL;@3+Txi4yCGdTBIfL(nr?~9$~kPA$55)b&6U}etADC<j+<Z&>^zEmx+2zA
z74&}3hsAcgj97@*qqd!Z7LjP;{_%9YC^7}{Y^yO*c+sBn2Ur~R=M$2rCv{TU%rP5f
zvyt)qA&V67U>w%GsK@)?=j)wiwB_)1LmWcCgjJCWiVaIvoo9oRQWcwovlrQGT0Avr
zNQU)R=<j?Zl;A@7uc!N29lU6;n$*QPM^{NlT$jTlU*fa8y2o1y(!_L!E=@P);v4F|
zE=TJl-LlwbapFvJy1D9dG^ECCH;~fZ@3Gp|9YI!r2PD$JL*+wDR%u^3hEENUoCFGM
z)AoH5I5lx_s4Fn?_BgMf`vx)PZ~bZTqekn?yX>)Jv;oTkBo+_z_F>u0+#NS<2Hp#`
z?W(5qRZCbt^D)_o`MaO^mt*z4fy@ra;%ak`wH*3B94(#5eN2rl94cICsG;-FCfkzA
zwq-w&g6B(F^sd#ISp8^Du^qA<v;A(<oiG1c8{^~MkZ5{T>UFPluS|GB3`jdr##pT`
zPO~?<5>X9Kh4uJdq7@0ft)F_R4o2;?fQIyx>eRPfqqd4K<X~5X0Bnc1B~)1JjD9>>
zcO@|>uMgtt&(?IR)J!zrb1Ha7f1-RvXDbtNFaUpgsNHDNH;<ky_85-a&sy~5y@{?E
z>3)iTGJQ1T_oG^CvP;d>A)Y#z7?aHPrBw+>hNAClS1r4iS%2=d=#ZH+TUOw3%lfCV
z=euUtZ!Od{vpH7=$=`a&-K?F64~#c9U62dR*q7+6Wte$u^!R+Hp|YPcC;wp9AB!6A
z!ov^OsZNHDZWraE8$}q(=^_fcc>Cnm|6q!#p-Ht79aki^h{igpm}@p2>DU)r5QwgD
zeu<n&-9p)VONKF<m1h(Z%SSO4Ft}Ak?&K4)^_s3k(Tl{xO#0;FWQVhW)zgc8ytgv0
zzTik%TlaJQd}FZ(R($GQdSk&OBGS-{9oHpzRrxAQSxh)>_&%4eF79CYk&VLnTBOVe
z<to$KcSs`2H)U2s(`+cs^&^<W?I;+I#U60!cgV!DRV$QojO5NCShW+@J(jXp0&Gmx
zmLW|mD0z3xEP}YTpJ__I;fc2uW;`nW_BBEG<8y4X#^9jK>)O%=qD$<M1fuB1=d(^o
zaBa93a&V1If`%mUcC<T!jye9RlW2fdWllV^Dur5}BC;r}(SW>NJr}E>1g(!_^W(Xl
zb@?aVLO(4=n-Plq_@dOuXee;F+1I{ck@}W}%hF0yGyH5Uxj@>gn;e}U*k2eP4BpPy
ze`Rru9_GYd(6Z{FVxm8ljlHxs)O9w80>2Q6AK_(R_H%*TeCbM=h>;9(trFHN25aTG
zWfg2T2;{^oWD7yf?CnR;)o!ooaDHf2Z8tMor+jKr^bY#~Wy-JMQBT!3UsWKs=Rc=W
zUm09Wzf%2VE4j(F&T1^hiL0~3bM4W-H_{t<a|YU-*tqlJ9PuiqEPR!&Q$O;)0^S<N
zxUtX;oG{`0>f*ef1a9QxcX(n+qb<@zuxT6|9>hDl8yoid@F>-SLpq&_Dz&EN^iV|q
znsCzyArK=bou@;{x6lQ%jmuEWoGtDweZEODyW^uTxBr2t+YHLASD*m{=A>$7nMQiy
z6~M;Lf->Iq$L+EW_q@iN<xU?&33yuOxYoM{ua<?y<1q9Ec<xa~b_cc?6AA`7lF(Xa
zf&4MhV1m17HcXIZs~=2KWY1ukS8NX0j+h1sRJSb<2Q0LVB$#<rQHAD5)-@Q<VB?Wv
z4gTbM9*k81pHg_lX07zGlK_`80*O1*gW`Y&0J~9eJEmQD?N*ez1VJnN1iufIs<9B~
zb^6?@K^*YCrc`^Gms_9jzU`~mOD$&|NE;3N*=WV?7bX&ZCIUU`_AcF&(~R{nYX*g*
z9*eoQq}F4ZI8hUo&qdNa0p5dizIrwj^YK03<_Y+x@GyhBs9m{SZ3*7Z;qLL8q?~V<
z8!(jcH{Sm&^|<F3&!@&YHix^$FQo3Q+g1p83|qloKd|`|PpC4VS9)03w4>M=w&psz
zC7Ev+tDAMRe8>8n@H!ih937=mNz%I!<Pb9Dl_dA<&dyUqaY57{tt>LP^8Gw^kA4}o
zmw?GD4TdCE-d&GrHl+8Xo_&~ipHELnJk*>y7e}?2m5(Im688?yBnaW8m&8Se2CP>{
z9lbdYjeg=sx2o5e8X;U$Jh3AwvpLZEs1SMHrF=ZS`Ii9E#+CtLDM$0OOj8RJjNF{Y
z)GN{aqz0ExKAv}_TytXNS0xuVwm;ABaghjCGVmrDS|qbxzp}$}vq1&5r1O47!8bzx
zxcOlLAOXS&ZbbV8APa<7NbFelL0Ks<x6wrrgKsQddU>2~xTs@@s%F0e!psHZmE59g
zc2mAEqt#9h+&{v(j`xsG<uwOqF=meF@?HK+N!d+sU%1;x{CW7jN$X61bv*aOg>WJ0
z=q@{`N$UI&XRo`-XqBl0i~6{}gOZq6)p#Dzs--hf*v|`EmtCu9-pshurPpFo&pY7w
z&bi1!3%8Ehv(sK}e5qsY{abw92LdtUIMTd~9?cBjFKO-7vT2QbX5-j$O&1ex2YK^K
ze*Qx7twC}&HcyWQyM?E+{<$Hp*+4~bM!<mr|G49=u|-FCi;W8Xhb`eD-TlxCzvhM%
z;XMHYv?d&YK!b<`;NeWD03m??`LF>(Xr<+XL4Y8bF&7&UXaIS5F)?6!APNAm0Sydb
zCJ$NiKrqO-W&n(^g@6d)OsL~Tp#1ed!->G94dq7v)$~6XC6tpB%t>iN`5z3##l`(V
z74hq$wD~Uvg#dmrBK(GdxL~jcb$`cTU~qyh6oC#7g1{c`>VN-|n;Z5(0q`3J<^=ts
zY4{xjL4KwE|AuiwxgdXHU?A78b1J{L13~{$6#jtzkM>|7gzJHx;<ttnZV1<d6Mn<M
z04Ud=gFwI_*k1|)!N9*}&c*%fZ_NMg@7MSM00;(wJ#bq5y8cHQ00_eUuZI782>=6O
ze<}mw2K=gM@|!FO2K~j!@f-Fa%l)S;00swg|7mIvHw^e^hu{Yqy+5&sfw}*}U@+*P
z76iaRz(1`8;0FGu-NXF<XT~6I;9ph%!MFkci!j%pfd>Qvp?^;V1pW)-0&xD@CI8s}
zLHI9!0wEy4zZ?FtC5Rgg_%o0|TtMzWUH2gSi(%w9^8>j+&_A(<{@{NF7l;cC`O|j~
z!hZ!O2nhPc#q!%A4;5))e_G~2@_&>4Z_L2|Wqt^l^UnYQadZB)#2#p2{$Aq{@c*{P
z|B53JHx%;Q7{BZf20s|$kC}iuVSfeY!x*qXgA2mV1^Cm)oL~U(Pd9PG9)2wT90R}!
zHU0~HFzas`{!$PK{%a|MA7blIH~pH&pUOZ%4@)ARAAt-3nn2EvK&i_O1`CS{i@~@+
zLR_K%h&bm%KQIUsCI%E15(hmz%;5X~w$S-SzvJL&VDIQ+Z)}48U{WqlbUHdQ1#$HM
E1BwhSumAu6

diff --git a/tzpfms.ps b/tzpfms.ps
index d2131b2..b07243e 100644
--- a/tzpfms.ps
+++ b/tzpfms.ps
@@ -1,15 +1,15 @@
 %!PS-Adobe-3.0
 %%Creator: groff version 1.23.0
-%%CreationDate: Sun Mar  3 18:00:54 2024
+%%CreationDate: Sun Mar  3 18:02:04 2024
 %%DocumentNeededResources: font Times-Roman
 %%+ font Times-Bold
 %%+ font Courier-Bold
 %%+ font Courier-Oblique
 %%+ font Courier
-%%+ font Symbol
 %%+ font Times-Italic
+%%+ font Symbol
 %%DocumentSuppliedResources: procset grops 1.23 0
-%%Pages: 10
+%%Pages: 15
 %%PageOrder: Ascend
 %%DocumentMedia: Default 595 842 0 () ()
 %%Orientation: Portrait
@@ -237,8 +237,8 @@ setpacking
 %%IncludeResource: font Courier-Bold
 %%IncludeResource: font Courier-Oblique
 %%IncludeResource: font Courier
-%%IncludeResource: font Symbol
 %%IncludeResource: font Times-Italic
+%%IncludeResource: font Symbol
 grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
 def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 /Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
@@ -276,15 +276,372 @@ def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 %%BeginPageSetup
 BP
 %%EndPageSetup
+/F0 10/Times-Roman@0 SF(ZFS-FIDO2-ADD-B)72 48 Q -.4(AC)-.35 G 42.103
+(KUP\(8\) System).4 F(Manager')2.5 E 2.5(sM)-.55 G 39.602
+(anual ZFS-FIDO2-ADD-B)-2.5 F -.4(AC)-.35 G(KUP\(8\)).4 E/F1 10
+/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
+(zfs-fido2-add-backup)108 96 Q F0 2.5<8a61>2.5 G(llo)-2.5 E 2.5(wa)-.25
+G(nother FIDO2 de)-2.5 E(vice to unlock ZFS dataset)-.25 E F1(SYNOPSIS)
+72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q/F3 10/Courier-Oblique@0
+SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0(After)108 153.6 Q/F4 10
+/Courier@0 SF(zfs-fido2-change-key)7.564 E F0 5.064(\(8\) deri)B -.15
+(ve)-.25 G 7.563(st).15 G 5.063(he k)-7.563 F 5.363 -.15(ey f)-.1 H
+5.063(or a dataset from a FIDO2 de).15 F(vice,)-.25 E F2
+(zfs-fido2-add-backup)108 165.6 Q F0(may be e)2.5 E -.15(xe)-.15 G
+(cuted to e).15 E(xtend this to an)-.15 E 2.5(yn)-.15 G
+(umber of additional de)-2.5 E(vices.)-.25 E .273(First, the wrapping k)
+108 182.4 R .574 -.15(ey i)-.1 H 2.774(se).15 G .274
+(xtracted as normally during)-2.924 F F4(zfs-fido2-load-key)2.774 E F0
+.274(\(8\), then a credential)B 1.604(is made as-if during)108 194.4 R
+F4(zfs-fido2-change-key)4.104 E F0 1.604(\(8\) \(e)B 1.604
+(xcept the "primary" de)-.15 F 1.603(vice and all the ones)-.25 F .185
+(holding backups are e)108 206.4 R .185(xcluded from the search\); ho)
+-.15 F(we)-.25 E -.15(ve)-.25 G .985 -.4(r, t).15 H(he).4 E F4
+(hmac-secret)2.685 E F0 .185(is instead used as a sym-)2.685 F 1.555
+(metric AES-256-GCM \()108 218.4 R F4(EVP_CIPHER-AES)A F0 1.555
+(\(7ssl\)\) k)B 1.855 -.15(ey t)-.1 H 4.055(oe).15 G 1.555
+(ncrypt the wrapping k)-4.055 F 1.855 -.15(ey d)-.1 H 1.555
+(irectly with a).15 F(random IV)108 230.4 Q(.)-1.29 E(This turns the)108
+247.2 Q F4(xyz.nabijaczleweli:tzpfms.key)2.5 E F0 -.25(va)2.5 G
+(riable into).25 E F3(salt)108 259.2 Q F2(:)A F3(credential-ID)A F2(:)A
+F3(credential-public-key)A F0([)A F2(.)A F3(backup-salt)A F2(:)A F3
+(backup-credential-ID)108 271.2 Q F2(:)A F3
+(backup-credential-public-key)A F2(:)A F3(IV)A F2(:)A F3(encrypted-key)A
+F0 1.666(]...)C F4(tzpfms.key)108 288 Q F0 2.238
+(is actually a dot-separated list of de)4.738 F 2.238(vice b)-.25 F
+4.738(undles. The)-.2 F 2.239(\214rst one is as-described in)4.738 F F4
+(zfs-fido2-change-key)108 300 Q F0 5.181(\(8\). Subsequent)B 2.681
+(ones also include \(identically-encoded\) IVs and en-)5.181 F
+(crypted blobs.)108 312 Q F4(zfs-fido2-load-key)108 328.8 Q F0 .081
+(\(8\) shops assertions around de)B .081(vices in a de)-.25 F .082
+(vice-major order \212 depending on)-.25 F(de)108 340.8 Q
+(vice numbering, a backup may be loaded e)-.25 E -.15(ve)-.25 G 2.5(ni)
+.15 G 2.5(ft)-2.5 G(he primary de)-2.5 E(vice is present.)-.25 E F1
+(ENVIR)72 357.6 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4
+(TZPFMS_PASSPHRASE_HELPER)108 369.6 Q F0 .046(By def)133 381.6 R .045(a\
+ult, passphrases are prompted for and read in on the standard output an\
+d input streams.)-.1 F(If)5.045 E F4(TZPFMS_PASSPHRASE_HELPER)133 393.6
+Q F0 1.595(is set and nonempty)4.095 F 4.096(,i)-.65 G 4.096(tw)-4.096 G
+1.596(ill be run via)-4.096 F F4(/bin/)4.096 E F2 3.262(sh \255c)B F0
+(to)4.096 E(pro)133 405.6 Q(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 422.4 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 434.4 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 446.4 Q F0
+(Pre-formatted noun phrase with all the information belo)160 446.4 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 458.4 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 458.4 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 470.4 Q F0("ne)160
+470.4 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 482.4 Q F0("ag)160 482.4 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 499.2 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+511.2 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
+(FIDO2 back-end con\214guration)72 528 R(En)87 540 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F4(FIDO_DEBUG)108 552 Q F0
+(If set, enables lib\214do2 deb)173 552 Q
+(ug logging to the standard error stream.)-.2 E F1(De)87 568.8 Q .625
+(vice selection)-.15 F F0 .727(When creating, the \214rst de)108 580.8 R
+.727(vice which supports the)-.25 F F4(hmac-secret)3.226 E F0 -.15(ex)
+3.226 G .726(tension is used.).15 F .726(When loading,)5.726 F
+(the assertion is shopped around to e)108 592.8 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F1 .625(See also)87 609.6 R F0
+(The lib\214do2 documentation at https://de)108 621.6 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F1 1.666(SPECIAL THANKS)72 638.4 R
+F0 1.6 -.8(To a)108 650.4 T(ll who support further de).8 E -.15(ve)-.25
+G(lopment, in particular:).15 E F1<83>128 662.4 Q F0(ThePhD)7.5 E F1<83>
+128 674.4 Q F0(Embark Studios)7.5 E F1<83>128 686.4 Q F0(Jasper Bekk)7.5
+E(ers)-.1 E F1<83>128 698.4 Q F0(EvModder)7.5 E F1(REPOR)72 715.2 Q
+1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 727.2 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 744 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 756 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 29, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 1 2
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 41.363(ZFS-FIDO2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 38.862(anual ZFS-FIDO2-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0
+SF(zfs-fido2-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)
+-2.5 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne authenticated by a FIDO2 de)
+-2.5 E(vice)-.25 E F1(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108
+124.8 Q F0([)2.5 E F2<ad62>1.666 E/F3 10/Courier-Oblique@0 SF
+(backup-file)6 E F0(])A F3(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0
+2.867 -.8(To n)108 153.6 T 1.267(ormalise the).8 F F3(dataset)3.767 E F0
+(,)A F2(zfs-fido2-add-backup)3.766 E F0 1.266
+(will open its encryption root in its stead.)3.766 F F2
+(zfs-fido2-add-backup)108 165.6 Q F0(will)14.654 E/F4 10/Times-Italic@0
+SF(ne)14.654 E(ver)-.15 E F0 12.154(create or destro)14.654 F 14.655(ye)
+-.1 G 12.155(ncryption roots; use)-14.655 F/F5 10/Courier@0 SF
+(zfs-change-key)108 177.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the FIDO2 de)108 194.4 Q(vice, which)
+-.25 E F4(must)2.5 E F0(support the)2.5 E F5(hmac-secret)2.5 E F0 -.15
+(ex)2.5 G(tension.).15 E(If)108 211.2 Q F3(dataset)3.244 E F0 -.1(wa)
+3.244 G 3.244(sp).1 G(re)-3.244 E .743(viously encrypted with)-.25 F F2
+(fzifdso)3.243 E F0 .743(and the)3.243 F F1(FIDO2)3.243 E F0 .743
+(back-end w)3.243 F .743(as used, the meta-)-.1 F .926
+(data will be silently cleared.)108 223.2 R .926
+(Otherwise, or in case of an error)5.926 F 3.426(,d)-.4 G .926
+(ata required for manual interv)-3.426 F(ention)-.15 E
+(will be written to the standard error stream.)108 235.2 Q(Ne)108 252 Q
+.465(xt, a ne)-.15 F 2.965(wc)-.25 G .465
+(redential of type ES256 is generated on the de)-2.965 F .464
+(vice \(with relying party ID)-.25 F F5(fzifdso)2.964 E F0(and)2.964 E
+.499(name equal to the dataset name\) with the)108 264 R F5(hmac-secret)
+2.999 E F0 -.15(ex)2.999 G .499(tension requested; the de).15 F .499
+(vice PIN, if an)-.25 F -.65(y,)-.15 G(is prompted for here.)108 276 Q
+(This mimicks a W)5 E(ebAuthn re)-.8 E(gistration step.)-.15 E .962(The\
+n, the credential is asserted with a 32-byte random salt, which hashes \
+it with de)108 292.8 R(vice-pri)-.25 E -.25(va)-.25 G .962(te data,).25
+F .137(and thus generates the wrapping k)108 304.8 R .438 -.15(ey \()-.1
+H .138(which is optionally back).15 F .138(ed up \(see)-.1 F F1(OPTIONS)
+2.638 E F0 2.638(\)\). This)B .138(mimicks a)2.638 F -.8(We)108 316.8 S
+(bAuthn login step.).8 E(The follo)108 333.6 Q
+(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>128
+345.6 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(FIDO2)A<83>
+128 357.6 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(salt)A F2
+(:)A F3(credential-ID)A F2(:)A F3(credential-public-key)139 369.6 Q F0
+([)A F2(.)A F0 1.666(...)1.666 G 1.666(]...)-1.666 G F5(tzpfms.backend)
+108 386.4 Q F0 2.708(identi\214es this dataset for w)5.208 F 2.707
+(ork with)-.1 F F1(FIDO2)5.207 E F0(-back-ended)A F2(tzpfms)5.207 E F0
+2.707(tools \(i.e.)5.207 F F2(fzifdso)108 398.4 Q F5
+(zfs-fido2-change-key)60.227 E F0(\(8\),)A F5(zfs-fido2-load-key)56.728
+E F0(\(8\),)A F5(zfs-fido2-add-backup)108 410.4 Q F0(\(8\), and)A F5
+(zfs-fido2-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 427.2 Q F0
+.486(is a colon-separated tuple of unpadded URL-safe base64 blobs; the \
+\214rst one is the ran-)2.986 F .217(dom salt; the second represents th\
+e ID of created credential, and the third \211 its public k)108 439.2 R
+-.15(ey)-.1 G 5.217(.T)-.5 G .217(here e)-5.217 F(xists)-.15 E
+(no other user)108 451.2 Q
+(-land tool for deciphering this; perhaps there should be.)-.2 E
+(Finally)108 468 Q 12.006(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25
+G 9.506(lent of).25 F F2 9.505(zfs change-key)12.005 F<ad6f>17.171 E F5
+(keylocation=prompt)15.505 E F2<ad6f>17.171 E F5(keyformat=raw)108 480 Q
+F3(dataset)6.106 E F0 .106(is performed with the ne)2.606 F 2.606(wk)
+-.25 G -.15(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606
+G .107(rror occurred, best ef)-2.606 F .107(fort is made)-.25 F
+(to clean up the properties, or to issue a note for manual interv)108
+492 Q(ention into the standard error stream.)-.15 E 4.056<418c>108 508.8
+S 1.556(nal v)-4.056 F 1.556(eri\214cation should be made by running)
+-.15 F F2 3.222(zfs-fido2-load-key \255n)4.056 F F3(dataset)7.555 E F0
+6.555(.I)C 4.055(ft)-6.555 G(hat)-4.055 E .729
+(command succeeds, all is well, b)108 520.8 R .729
+(ut otherwise the dataset can be manually rolled back to a passphrase)
+-.2 F(with)108 532.8 Q F2(zfs-fido2-clear-key)5.147 E F3(dataset)8.647 E
+F0(\(or)5.147 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
+2.646(ails to w)-.1 F(ork,)-.1 E F2 2.646(zfs change-key)5.146 F<ad6f>
+10.312 E F5(keyformat=passphrase)108 544.8 Q F3(dataset)6 E F0
+(\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
+F2(zfs-fido2-clear-key)108 561.6 Q F3(dataset)7.606 E F0 1.607
+(can be used to clear the properties and go back to using a)4.106 F
+(passphrase.)108 573.6 Q F1(OPTIONS)72 590.4 Q F2<ad62>109.666 602.4 Q
+F3(backup-file)6 E F0(Sa)203 602.4 Q .353 -.15(ve a b)-.2 H .052
+(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .052(xist beforehand.)-.15
+F .693(This back-up)203 614.4 R F4(must)3.193 E F0 .694
+(be stored securely)3.193 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .694(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 626.4 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 638.4 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F1(ENVIR)72 655.2 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35
+E F5(TZPFMS_PASSPHRASE_HELPER)108 667.2 Q F0 .046(By def)133 679.2 R
+.045(ault, passphrases are prompted for and read in on the standard out\
+put and input streams.)-.1 F(If)5.045 E F5(TZPFMS_PASSPHRASE_HELPER)133
+691.2 Q F0 1.595(is set and nonempty)4.095 F 4.096(,i)-.65 G 4.096(tw)
+-4.096 G 1.596(ill be run via)-4.096 F F5(/bin/)4.096 E F2 3.262
+(sh \255c)B F0(to)4.096 E(pro)133 703.2 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 720 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 732 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F5($1)143 744 Q F0
+(Pre-formatted noun phrase with all the information belo)160 744 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E(fzifdso 0)72 817.889 Q
+(February 29, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 2 3
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 41.363(ZFS-FIDO2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 38.862(anual ZFS-FIDO2-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Courier@0 SF($2)143 84 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 84 Q 2.5
+(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 96 Q F0("ne)160 96 Q
+(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
+-2.5 E F1($4)143 108 Q F0("ag)160 108 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 124.8 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F/F2 10/Times-Bold@0 SF
+(127)2.677 E F0 .178(\), a diagnostic is issued and the normal prompt)B
+(is used as f)133 136.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
+-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F2
+1.666(FIDO2 back-end con\214guration)72 153.6 R(En)87 165.6 Q(vir)-.4 E
+.625(onment v)-.18 F(ariables)-.1 E F1(FIDO_DEBUG)108 177.6 Q F0
+(If set, enables lib\214do2 deb)173 177.6 Q
+(ug logging to the standard error stream.)-.2 E F2(De)87 194.4 Q .625
+(vice selection)-.15 F F0 .727(When creating, the \214rst de)108 206.4 R
+.727(vice which supports the)-.25 F F1(hmac-secret)3.226 E F0 -.15(ex)
+3.226 G .726(tension is used.).15 F .726(When loading,)5.726 F
+(the assertion is shopped around to e)108 218.4 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F2 .625(See also)87 235.2 R F0
+(The lib\214do2 documentation at https://de)108 247.2 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F2 1.666(SPECIAL THANKS)72 264 R
+F0 1.6 -.8(To a)108 276 T(ll who support further de).8 E -.15(ve)-.25 G
+(lopment, in particular:).15 E F2<83>128 288 Q F0(ThePhD)7.5 E F2<83>128
+300 Q F0(Embark Studios)7.5 E F2<83>128 312 Q F0(Jasper Bekk)7.5 E(ers)
+-.1 E F2<83>128 324 Q F0(EvModder)7.5 E F2(REPOR)72 340.8 Q 1.666
+(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 352.8 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F1
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 369.6 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 381.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 29, 2024)153.568 E(2)183.837 E 0 Cg EP
+%%Page: 1 4
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 50.243(ZFS-FIDO2-CLEAR-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 47.742(anual ZFS-FIDO2-CLEAR-KEY\(8\))-2.5
+F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
+(zfs-fido2-clear-key)108 96 Q F0 3.587<8a72>3.588 G -.25(ew)-3.587 G
+1.087(rap ZFS dataset k).25 F 1.387 -.15(ey i)-.1 H 3.587(np).15 G
+(asssw)-3.587 E 1.087(ord and clear tzpfms FIDO2 meta-)-.1 F(data)108
+108 Q F1(SYNOPSIS)72 124.8 Q F2(zfs-fido2-add-backup)108 136.8 Q/F3 10
+/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0
+(After v)108 165.6 Q(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E
+F1(FIDO2)2.5 E F0(:)A 5(1. performs)118 177.6 R 5.641(the equi)8.141 F
+-.25(va)-.25 G 5.641(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>
+13.308 E/F4 10/Courier@0 SF(keylocation=prompt)11.642 E F2<ad6f>13.308 E
+F4(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
+201.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F4
+(xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A F0(,)A F4(key)
+14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
+213.6 Q F0(.)A(See)108 230.4 Q F4(zfs-fido2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(ENVIR)72 247.2 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 259.2 Q F0 .045
+(By def)133 271.2 R .045(ault, passphrases are prompted for and read in\
+ on the standard output and input streams.)-.1 F(If)5.046 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F0 1.596(is set and nonempty)4.096
+F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 295.2 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 312 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 324 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 336 Q F0
+(Pre-formatted noun phrase with all the information belo)160 336 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 348 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 348 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 360 Q F0("ne)160 360 Q
+(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
+-2.5 E F4($4)143 372 Q F0("ag)160 372 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .178
+(If the helper doesn')133 388.8 R 2.678(te)-.18 G .178
+(xist \(the shell e)-2.828 F .177(xits with)-.15 F F1(127)2.677 E F0
+.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+400.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
+(FIDO2 back-end con\214guration)72 417.6 R(En)87 429.6 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F4(FIDO_DEBUG)108 441.6 Q F0
+(If set, enables lib\214do2 deb)173 441.6 Q
+(ug logging to the standard error stream.)-.2 E F1(De)87 458.4 Q .625
+(vice selection)-.15 F F0 .726(When creating, the \214rst de)108 470.4 R
+.726(vice which supports the)-.25 F F4(hmac-secret)3.227 E F0 -.15(ex)
+3.227 G .727(tension is used.).15 F .727(When loading,)5.727 F
+(the assertion is shopped around to e)108 482.4 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F1 .625(See also)87 499.2 R F0
+(The lib\214do2 documentation at https://de)108 511.2 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F1 1.666(SPECIAL THANKS)72 528 R
+F0 1.6 -.8(To a)108 540 T(ll who support further de).8 E -.15(ve)-.25 G
+(lopment, in particular:).15 E F1<83>128 552 Q F0(ThePhD)7.5 E F1<83>128
+564 Q F0(Embark Studios)7.5 E F1<83>128 576 Q F0(Jasper Bekk)7.5 E(ers)
+-.1 E F1<83>128 588 Q F0(EvModder)7.5 E F1(REPOR)72 604.8 Q 1.666
+(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 616.8 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 633.6 Q F0 83.763(,a)C(rchi)
+-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E(https://lists.sr)
+108 645.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 28, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 1 5
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF(ZFS-FIDO2-LO)72 48 Q 55.603(AD-KEY\(8\) System)
+-.35 F(Manager')2.5 E 2.5(sM)-.55 G 53.102(anual ZFS-FIDO2-LO)-2.5 F
+(AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
+/Courier-Bold@0 SF(zfs-fido2-load-key)108 96 Q F0 2.5<8a6c>2.5 G
+(oad FIDO2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 1.141(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.641 E F0 -.1
+(wa)3.641 G 3.641(se).1 G 1.141(ncrypted with)-3.641 F F2(tzpfms)3.641 E
+F0(back)3.641 E(end)-.1 E F1(FIDO2)3.641 E F0 3.641(,a)C 1.142
+(sserts the preserv)-3.641 F 1.142(ed chal-)-.15 F(lenge, HMA)108 165.6
+Q(Cking the salt with the on-de)-.4 E
+(vice secret, and loads the resulting k)-.25 E .3 -.15(ey i)-.1 H(nto)
+.15 E F3(dataset)2.5 E F0(.)A(See)108 182.4 Q/F4 10/Courier@0 SF
+(zfs-fido2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
+(OPTIONS)72 199.2 Q F2<ad6e>109.666 211.2 Q F0 3.208
+(Do a no-op/dry run, can be used e)131 211.2 R -.15(ve)-.25 G 5.708(ni)
+.15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)-.1 H 5.708
+(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.207 E -.25(va)-.25 G
+3.207(lent to).25 F F2(zfs)5.707 E(load-key)131 223.2 Q F0 -.55('s)C F2
+<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 240 Q 1.666(ONMENT V)-.3 F
+(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 252 Q F0 .045(By def)
+133 264 R .045(ault, passphrases are prompted for and read in on the st\
+andard output and input streams.)-.1 F(If)5.046 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 276 Q F0 1.596(is set and nonempty)4.096 F
+4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 288 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 304.8 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 316.8 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 328.8 Q F0
+(Pre-formatted noun phrase with all the information belo)160 328.8 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 340.8 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 340.8 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 352.8 Q F0("ne)160
+352.8 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 364.8 Q F0("ag)160 364.8 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .178
+(If the helper doesn')133 381.6 R 2.678(te)-.18 G .178
+(xist \(the shell e)-2.828 F .177(xits with)-.15 F F1(127)2.677 E F0
+.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+393.6 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666(SPECIAL THANKS)
+72 410.4 R F0 1.6 -.8(To a)108 422.4 T(ll who support further de).8 E
+-.15(ve)-.25 G(lopment, in particular:).15 E F1<83>128 434.4 Q F0
+(ThePhD)7.5 E F1<83>128 446.4 Q F0(Embark Studios)7.5 E F1<83>128 458.4
+Q F0(Jasper Bekk)7.5 E(ers)-.1 E F1<83>128 470.4 Q F0(EvModder)7.5 E F1
+(REPOR)72 487.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+499.2 Q(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 516 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 528 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 28, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 1 6
+%%BeginPageSetup
+BP
+%%EndPageSetup
 /F0 10/Times-Roman@0 SF 93.563(ZFS-TPM-LIST\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 91.062(anual ZFS-TPM-LIST\(8\))-2.5 F/F1
 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm-list)108 96 Q F0 2.5<8a70>2.5 G(rint dataset tzpfms metadata)
--2.5 E F1(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2
-<ad48>1.666 E F0 2.5(][)C F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E/F3 10
-/Courier-Oblique@0 SF(depth)6 E F0 2.5(][)C F2<ad61>-.834 E F0(|)A F2
-<ad62>1.666 E F3(back-end)6 E F0 2.5(][)C F2<ad75>-.834 E F0(|)A F2
-<ad6c>1.666 E F0(])A([)186 136.8 Q F3(filesystem)A F0(|)A F3(volume)A F0
+-2.5 E F1(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)
+2.5 E F2<ad48>1.666 E F0 2.5(][)C F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E
+/F3 10/Courier-Oblique@0 SF(depth)6 E F0 2.5(][)C F2<ad61>-.834 E F0(|)A
+F2<ad62>1.666 E F3(back-end)6 E F0 2.5(][)C F2<ad75>-.834 E F0(|)A F2
+<ad6c>1.666 E F0(])A([)234 136.8 Q F3(filesystem)A F0(|)A F3(volume)A F0
 1.666(]...)C F1(DESCRIPTION)72 153.6 Q F0(Lists the follo)108 165.6 Q
 (wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)128
 177.6 Q(back-end)128 189.6 Q F0(the)187 189.6 Q F2(tzpfms)2.979 E F0
@@ -326,26 +683,28 @@ listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F2
 G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2<ad6c>109.666 446.4 Q F0
 (List only encryption roots whose k)185 446.4 Q -.15(ey)-.1 G 2.5(sa).15
 G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 463.2 Q F4($)
-108 475.2 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)108 487.2 R 18
-(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
+108 475.2 Q F2(zfs-fido2-add-backup)6 E F4 72(NAME BACK-END)108 487.2 R
+18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
 (available yes)24 F 6(tarta-zoot/home TPM2)108 511.2 R 6
-(unavailable yes)36 F($)108 535.2 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4
-24(NAME BACK-END)108 547.2 R 6(KEYSTATUS COHERENT)12 F 6(filling -)108
-559.2 R 6(available yes)54 F($)108 583.2 Q F2 1.666(zfs-tpm-list \255b)6
-F F1(TPM2)6 E F4 72(NAME BACK-END)108 595.2 R 18(KEYSTATUS COHERENT)12 F
-6(tarta-zoot/home TPM2)108 607.2 R 6(unavailable yes)36 F($)108 631.2 Q
-F2 1.666(zfs-tpm-list \255ra)6 F F3(tarta-zoot)6 E F4 72(NAME BACK-END)
-108 643.2 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 655.2 R
-18(available yes)24 F 6(tarta-zoot/home TPM2)108 667.2 R 6
-(unavailable yes)36 F 12(tarta-zoot/bkp -)108 679.2 R 18(available yes)
-54 F 18(tarta-zoot/vm -)108 691.2 R 18(available yes)54 F($)108 715.2 Q
-F2 1.666(zfs-tpm-list \255al)6 F F4 72(NAME BACK-END)108 727.2 R 6
+(unavailable yes)36 F($)108 535.2 Q F2 1.666
+(zfs-fido2-add-backup \255ad0)6 F F4 24(NAME BACK-END)108 547.2 R 6
+(KEYSTATUS COHERENT)12 F 6(filling -)108 559.2 R 6(available yes)54 F($)
+108 583.2 Q F2 1.666(zfs-fido2-add-backup \255b)6 F F1(TPM2)6 E F4 72
+(NAME BACK-END)108 595.2 R 18(KEYSTATUS COHERENT)12 F 6
+(tarta-zoot/home TPM2)108 607.2 R 6(unavailable yes)36 F($)108 631.2 Q
+F2 1.666(zfs-fido2-add-backup \255ra)6 F F3(tarta-zoot)6 E F4 72
+(NAME BACK-END)108 643.2 R 18(KEYSTATUS COHERENT)12 F 36
+(tarta-zoot TPM1.X)108 655.2 R 18(available yes)24 F 6
+(tarta-zoot/home TPM2)108 667.2 R 6(unavailable yes)36 F 12
+(tarta-zoot/bkp -)108 679.2 R 18(available yes)54 F 18(tarta-zoot/vm -)
+108 691.2 R 18(available yes)54 F($)108 715.2 Q F2 1.666
+(zfs-fido2-add-backup \255al)6 F F4 72(NAME BACK-END)108 727.2 R 6
 (KEYSTATUS COHERENT)12 F 54(filling -)108 739.2 R 6(available yes)54 F
 36(tarta-zoot TPM1.X)108 751.2 R 6(available yes)24 F 12
 (tarta-zoot/bkp -)108 763.2 R 6(available yes)54 F 18(tarta-zoot/vm -)
 108 775.2 R 6(available yes)54 F F0(tzpfms 0.3.4-22-g7c0393e)72 817.889
 Q(December 4, 2022)83.583 E(1)183.842 E 0 Cg EP
-%%Page: 2 2
+%%Page: 2 7
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -362,7 +721,7 @@ F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 201.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
 -.25 E(tzpfms 0.3.4-22-g7c0393e)72 817.889 Q(December 4, 2022)83.583 E
 (2)183.842 E 0 Cg EP
-%%Page: 1 3
+%%Page: 1 8
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -371,192 +730,193 @@ BP
 -2.5 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0
 SF(zfs-tpm1x-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)
 -2.5 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne stored on the TPM)-2.5 E F1
-(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>
-1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>
--.834 E F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-1.666 E F3
-(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 6.867 -.8(To n)108 153.6 T
-5.267(ormalise the).8 F F3(dataset)7.767 E F0(,)A F2(zfs-tpm-list)7.766
-E F0 5.266(will open its encryption root in its stead.)7.766 F F2
-(zfs-tpm-list)108 165.6 Q F0(will)2.5 E/F4 10/Times-Italic@0 SF(ne)2.5 E
-(ver)-.15 E F0(create or destro)2.5 E 2.5(ye)-.1 G(ncryption roots; use)
--2.5 E/F5 10/Courier@0 SF(zfs-change-key)2.5 E F0(\(8\) for that.)A
-(First, a connection is made to the TPM, which)108 182.4 Q F4(must)2.5 E
-F0(be TPM-1.X-compatible.)2.5 E(If)108 199.2 Q F3(dataset)3.176 E F0 -.1
+(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2
+<ad62>1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2
+<ad50>-.834 E F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-1.666
+E F3(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 2.867 -.8(To n)108 153.6
+T 1.267(ormalise the).8 F F3(dataset)3.767 E F0(,)A F2
+(zfs-fido2-add-backup)3.766 E F0 1.266
+(will open its encryption root in its stead.)3.766 F F2
+(zfs-fido2-add-backup)108 165.6 Q F0(will)14.654 E/F4 10/Times-Italic@0
+SF(ne)14.654 E(ver)-.15 E F0 12.154(create or destro)14.654 F 14.655(ye)
+-.1 G 12.155(ncryption roots; use)-14.655 F/F5 10/Courier@0 SF
+(zfs-change-key)108 177.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 194.4 Q F4(must)2.5 E
+F0(be TPM-1.X-compatible.)2.5 E(If)108 211.2 Q F3(dataset)3.177 E F0 -.1
 (wa)3.176 G 3.176(sp).1 G(re)-3.176 E .676(viously encrypted with)-.25 F
 F2(tzpfms)3.176 E F0 .676(and the)3.176 F F1(TPM1.X)3.176 E F0 .676
 (back-end w)3.176 F .676(as used, the meta-)-.1 F .926
-(data will be silently cleared.)108 211.2 R .926
+(data will be silently cleared.)108 223.2 R .926
 (Otherwise, or in case of an error)5.926 F 3.426(,d)-.4 G .926
 (ata required for manual interv)-3.426 F(ention)-.15 E
-(will be written to the standard error stream.)108 223.2 Q(Ne)108 240 Q
-.294(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594 -.15
+(will be written to the standard error stream.)108 235.2 Q(Ne)108 252 Q
+.295(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594 -.15
 (ey i)-.1 H 2.794(sg).15 G .294(enerated on the TPM, optionally back)
 -2.794 F .294(ed up \(see)-.1 F F1(OPTIONS)2.794 E F0 .294
-(\), and sealed)B .586(on the TPM; the user is prompted for an optional\
- passphrase to protect the k)108 252 R .885 -.15(ey w)-.1 H .585
-(ith, and for the SRK).15 F(passphrase, set when taking o)108 264 Q
+(\), and sealed)B .585(on the TPM; the user is prompted for an optional\
+ passphrase to protect the k)108 264 R .886 -.15(ey w)-.1 H .586
+(ith, and for the SRK).15 F(passphrase, set when taking o)108 276 Q
 (wnership, if not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E(The follo)
-108 280.8 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
-<83>128 292.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
-(TPM1.X)A<83>128 304.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A
+108 292.8 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
+<83>128 304.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
+(TPM1.X)A<83>128 316.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A
 F3(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)
-108 321.6 Q F0 .291(identi\214es this dataset for w)2.791 F .292
-(ork with)-.1 F F1(TPM1.X)2.792 E F0(-back-ended)A F2(tzpfms)2.792 E F0
-.292(tools \(namely)2.792 F F5(zfs-tpm1x-change-key)108 333.6 Q F0
+108 333.6 Q F0 .292(identi\214es this dataset for w)2.792 F .291
+(ork with)-.1 F F1(TPM1.X)2.791 E F0(-back-ended)A F2(tzpfms)2.791 E F0
+.291(tools \(namely)2.791 F F5(zfs-tpm1x-change-key)108 345.6 Q F0
 (\(8\),)A F5(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5
-(zfs-tpm1x-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 350.4 Q F0
-1.412(is a colon-separated pair of he)3.913 F 1.412
-(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the)-.15 F .867
-(\214rst one represents the RSA k)108 362.4 R 1.167 -.15(ey p)-.1 H .868
+(zfs-tpm1x-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 362.4 Q F0
+1.412(is a colon-separated pair of he)3.912 F 1.412
+(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the)-.15 F .868
+(\214rst one represents the RSA k)108 374.4 R 1.168 -.15(ey p)-.1 H .867
 (rotecting the blob, and it is protected with either the passphrase, if)
-.15 F(pro)108 374.4 Q 1.414(vided, or the SHA1 constant)-.15 F F5
-(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)3.913 E F0 3.913(;t)C 1.413
-(he sec-)-3.913 F .379
-(ond represents the sealed object containing the wrapping k)108 386.4 R
+.15 F(pro)108 386.4 Q 1.413(vided, or the SHA1 constant)-.15 F F5
+(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)3.914 E F0 3.914(;t)C 1.414
+(he sec-)-3.914 F .379
+(ond represents the sealed object containing the wrapping k)108 398.4 R
 -.15(ey)-.1 G 2.879(,a)-.5 G .379
 (nd is protected with the SHA1 constant)-2.879 F F5
-(B9EE715DBE4B243FAA81EA04306E063710383E35)108 398.4 Q F0 6.721(.T)C
-1.721(here e)-6.721 F 1.721(xists no other user)-.15 F 1.72
-(-land tool for)-.2 F(decrypting this; perhaps there should be.)108
-410.4 Q(Finally)108 427.2 Q 12.005(,t)-.65 G 9.505(he equi)-12.005 F
--.25(va)-.25 G 9.505(lent of).25 F F2 9.505(zfs change-key)12.005 F
-<ad6f>17.172 E F5(keylocation=prompt)15.506 E F2<ad6f>17.172 E F5
-(keyformat=raw)108 439.2 Q F3(dataset)6.107 E F0 .107
-(is performed with the ne)2.607 F 2.606(wk)-.25 G -.15(ey)-2.706 G 5.106
-(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .106
-(rror occurred, best ef)-2.606 F .106(fort is made)-.25 F
+(B9EE715DBE4B243FAA81EA04306E063710383E35)108 410.4 Q F0 6.72(.T)C 1.72
+(here e)-6.72 F 1.721(xists no other user)-.15 F 1.721(-land tool for)
+-.2 F(decrypting this; perhaps there should be.)108 422.4 Q(Finally)108
+439.2 Q 12.006(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506
+(lent of).25 F F2 9.505(zfs change-key)12.005 F<ad6f>17.171 E F5
+(keylocation=prompt)15.505 E F2<ad6f>17.171 E F5(keyformat=raw)108 451.2
+Q F3(dataset)6.106 E F0 .106(is performed with the ne)2.606 F 2.606(wk)
+-.25 G -.15(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606
+G .107(rror occurred, best ef)-2.606 F .107(fort is made)-.25 F
 (to clean up the properties, or to issue a note for manual interv)108
-451.2 Q(ention into the standard error stream.)-.15 E 4.055<418c>108 468
-S 1.555(nal v)-4.055 F 1.556(eri\214cation should be made by running)
--.15 F F2 3.222(zfs-tpm1x-load-key \255n)4.056 F F3(dataset)7.556 E F0
-6.556(.I)C 4.056(ft)-6.556 G(hat)-4.056 E .729
-(command succeeds, all is well, b)108 480 R .729
+463.2 Q(ention into the standard error stream.)-.15 E 4.056<418c>108 480
+S 1.556(nal v)-4.056 F 1.556(eri\214cation should be made by running)
+-.15 F F2 3.222(zfs-tpm1x-load-key \255n)4.056 F F3(dataset)7.555 E F0
+6.555(.I)C 4.055(ft)-6.555 G(hat)-4.055 E .729
+(command succeeds, all is well, b)108 492 R .729
 (ut otherwise the dataset can be manually rolled back to a passphrase)
--.2 F(with)108 492 Q F2(zfs-tpm1x-clear-key)5.146 E F3(dataset)8.646 E
-F0(\(or)5.146 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
-2.646(ails to w)-.1 F(ork,)-.1 E F2 2.647(zfs change-key)5.147 F<ad6f>
-10.313 E F5(keyformat=passphrase)108 504 Q F3(dataset)6 E F0
+-.2 F(with)108 504 Q F2(zfs-tpm1x-clear-key)5.147 E F3(dataset)8.647 E
+F0(\(or)5.147 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
+2.646(ails to w)-.1 F(ork,)-.1 E F2 2.646(zfs change-key)5.146 F<ad6f>
+10.312 E F5(keyformat=passphrase)108 516 Q F3(dataset)6 E F0
 (\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F2(zfs-tpm1x-clear-key)108 520.8 Q F3(dataset)7.607 E F0 1.607
-(can be used to clear the properties and go back to using a)4.107 F
-(passphrase.)108 532.8 Q F1(OPTIONS)72 549.6 Q F2<ad62>109.666 561.6 Q
-F3(backup-file)6 E F0(Sa)203 561.6 Q .352 -.15(ve a b)-.2 H .052
+F2(zfs-tpm1x-clear-key)108 532.8 Q F3(dataset)7.606 E F0 1.607
+(can be used to clear the properties and go back to using a)4.106 F
+(passphrase.)108 544.8 Q F1(OPTIONS)72 561.6 Q F2<ad62>109.666 573.6 Q
+F3(backup-file)6 E F0(Sa)203 573.6 Q .353 -.15(ve a b)-.2 H .052
 (ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
-E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
-F .694(This back-up)203 573.6 R F4(must)3.194 E F0 .694
-(be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
-(-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
-(nt,).15 E(the k)203 585.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)233 597.6 Q F3(dataset)6 E F5(<)6 E F3
-(backup-file)6 E F2<ad50>109.666 614.4 Q F3(PCR)6 E F0([)A F2(,)A F3
-(PCR)A F0 1.666(]...)C .638(Bind the k)203 614.4 R .939 -.15(ey t)-.1 H
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .052(xist beforehand.)-.15
+F .693(This back-up)203 585.6 R F4(must)3.193 E F0 .694
+(be stored securely)3.193 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .694(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 597.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 609.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 626.4 Q F3(PCR)6 E F0([)A F2(,)A F3
+(PCR)A F0 1.666(]...)C .639(Bind the k)203 626.4 R .939 -.15(ey t)-.1 H
 3.139(os).15 G .639(pace- or comma-separated)-3.139 F F3(PCR)3.139 E F0
-3.139(s\212i)C 3.139(ft)-3.139 G(he)-3.139 E 3.139(yc)-.15 G .639
-(hange, the wrap-)-3.139 F .463(ping k)203 626.4 R .763 -.15(ey w)-.1 H
-.463(ill not be able to be unsealed.).15 F .462
-(The minimum number of PCRs for a)5.462 F(PC TPM is)203 638.4 Q F1(24)
+3.139(s\212i)C 3.139(ft)-3.139 G(he)-3.139 E 3.139(yc)-.15 G .638
+(hange, the wrap-)-3.139 F .462(ping k)203 638.4 R .762 -.15(ey w)-.1 H
+.462(ill not be able to be unsealed.).15 F .463
+(The minimum number of PCRs for a)5.462 F(PC TPM is)203 650.4 Q F1(24)
 2.5 E F0(\(numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0 2.5(]\). F)B
-(or most, this is also the maximum.)-.15 E F1(ENVIR)72 655.2 Q 1.666
-(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108 667.2 Q
-F0 .045(By def)133 679.2 R .045(ault, passphrases are prompted for and \
-read in on the standard output and input streams.)-.1 F(If)5.046 E F5
-(TZPFMS_PASSPHRASE_HELPER)133 691.2 Q F0 1.596(is set and nonempty)4.096
+(or most, this is also the maximum.)-.15 E F1(ENVIR)72 667.2 Q 1.666
+(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108 679.2 Q
+F0 .046(By def)133 691.2 R .045(ault, passphrases are prompted for and \
+read in on the standard output and input streams.)-.1 F(If)5.045 E F5
+(TZPFMS_PASSPHRASE_HELPER)133 703.2 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F5
-(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 703.2 Q
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 715.2 Q
 (vide each passphrase, instead.)-.15 E .643
-(The standard output stream of the helper is tied to an anon)133 720 R
+(The standard output stream of the helper is tied to an anon)133 732 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
-133 732 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F5($1)143 744 Q F0
-(Pre-formatted noun phrase with all the information belo)160 744 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E(tzpfms 0.3.4-22-g7c0393e)72
+133 744 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E(tzpfms 0.3.4-22-g7c0393e)72
 817.889 Q(February 28, 2024)83.578 E(1)183.837 E 0 Cg EP
-%%Page: 2 4
+%%Page: 2 9
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF 36.913(ZFS-TPM1X-CHANGE-KEY\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 34.412(anual ZFS-TPM1X-CHANGE-KEY\(8\))
--2.5 F/F1 10/Courier@0 SF($2)143 84 Q F0
-(Either the dataset name or the element of the TPM hierarch)160 84 Q 2.5
-(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 96 Q F0("ne)160 96 Q
+-2.5 F/F1 10/Courier@0 SF($1)143 84 Q F0
+(Pre-formatted noun phrase with all the information belo)160 84 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F1($2)143 96 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 96 Q 2.5
+(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 108 Q F0("ne)160 108 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F1($4)143 108 Q F0("ag)160 108 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 124.8 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F/F2 10/Times-Bold@0 SF
-(127)2.677 E F0 .177(\), a diagnostic is issued and the normal prompt)B
-(is used as f)133 136.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
+-2.5 E F1($4)143 120 Q F0("ag)160 120 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 136.8 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F/F2 10/Times-Bold@0 SF
+(127)2.677 E F0 .178(\), a diagnostic is issued and the normal prompt)B
+(is used as f)133 148.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
 -.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F2
-1.666(TPM1.X back-end con\214guration)72 153.6 R .625(TPM selection)87
-165.6 R F0(The)108 177.6 Q/F3 10/Courier-Bold@0 SF(tzpfms)2.729 E F0
-.229(suite connects to a local)2.729 F F1(tcsd)2.73 E F0 .23
-(\(8\) process \(at)B F1(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
--2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 189.6 Q
-(vironment v)-.4 E(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .111(The T)108 206.4 R(rouSerS)
--.35 E F1(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F1(/dev/tpm0)2.61
-E F0 2.61(,t)C(hen)-2.61 E F1(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
-F1(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
-218.4 S(ing one of the earlier ones with, for e).1 E
+1.666(TPM1.X back-end con\214guration)72 165.6 R .625(TPM selection)87
+177.6 R F0(The)108 189.6 Q/F3 10/Courier-Bold@0 SF(tzpfms)2.73 E F0 .23
+(suite connects to a local)2.73 F F1(tcsd)2.73 E F0 .23
+(\(8\) process \(at)B F1(localhost:30003)2.729 E F0 2.729(\)b)C 2.729
+(yd)-2.729 G(ef)-2.729 E 2.729(ault. Use)-.1 F(the)2.729 E(en)108 201.6
+Q(vironment v)-.4 E(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0
+(to specify a remote TCS hostname.)2.5 E .11(The T)108 218.4 R(rouSerS)
+-.35 E F1(tcsd)2.61 E F0 .11(\(8\) daemon will try)B F1(/dev/tpm0)2.61 E
+F0 2.61(,t)C(hen)-2.61 E F1(/udev/tpm0)2.611 E F0 2.611(,t)C(hen)-2.611
+E F1(/dev/tpm)2.611 E F0 2.611(;b)C 2.611(yo)-2.611 G(ccu-)-2.611 E -.1
+(py)108 230.4 S(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F2 .625
-(See also)87 235.2 R F0(The T)108 247.2 Q
+(See also)87 247.2 R F0(The T)108 259.2 Q
 (rouSerS project page at https://sourcefor)-.35 E
 (ge.net/projects/trousers.)-.18 E 4.415
-(The TPM 1.2 main speci\214cation inde)108 264 R 6.915(xa)-.15 G 6.915
+(The TPM 1.2 main speci\214cation inde)108 276 R 6.915(xa)-.15 G 6.915
 (th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
-(g/resource/tpm-main-)-.18 E(speci\214cation.)108 276 Q F2 1.666
-(SPECIAL THANKS)72 292.8 R F0 1.6 -.8(To a)108 304.8 T
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 288 Q F2 1.666
+(SPECIAL THANKS)72 304.8 R F0 1.6 -.8(To a)108 316.8 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F2<83>128 316.8 Q F0(ThePhD)7.5 E F2<83>128 328.8 Q F0
-(Embark Studios)7.5 E F2<83>128 340.8 Q F0(Jasper Bekk)7.5 E(ers)-.1 E
-F2<83>128 352.8 Q F0(EvModder)7.5 E F2(REPOR)72 369.6 Q 1.666(TING B)-.4
-F(UGS)-.1 E F0(https://todo.sr)108 381.6 Q(.ht/\001nabijaczle)-.55 E
-(weli/tzpfms)-.25 E F1(\001nabijaczleweli/tzpfms@lists.sr.ht)108 398.4 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
-(https://lists.sr)108 410.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
--.25 E F2 1.666(SEE ALSO)72 427.2 R F0
-(PCR allocations: https://wiki.archlinux.or)108 439.2 Q(g/title/T)-.18 E
+.15 E F2<83>128 328.8 Q F0(ThePhD)7.5 E F2<83>128 340.8 Q F0
+(Embark Studios)7.5 E F2<83>128 352.8 Q F0(Jasper Bekk)7.5 E(ers)-.1 E
+F2<83>128 364.8 Q F0(EvModder)7.5 E F2(REPOR)72 381.6 Q 1.666(TING B)-.4
+F(UGS)-.1 E F0(https://todo.sr)108 393.6 Q(.ht/\001nabijaczle)-.55 E
+(weli/tzpfms)-.25 E F1(\001nabijaczleweli/tzpfms@lists.sr.ht)108 410.4 Q
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
+(https://lists.sr)108 422.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
+-.25 E F2 1.666(SEE ALSO)72 439.2 R F0
+(PCR allocations: https://wiki.archlinux.or)108 451.2 Q(g/title/T)-.18 E
 (rusted_Platform_Module#Accessing_PCR_re)-.35 E(gisters)-.15 E
-(and https://trustedcomputinggroup.or)108 451.2 Q
+(and https://trustedcomputinggroup.or)108 463.2 Q
 (g/wp-content/uploads/PC-)-.18 E(ClientSpeci\214c_Platform_Pro\214le_fo\
-r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 463.2 Q
-(able)-.8 E(1.)108 475.2 Q(tzpfms 0.3.4-22-g7c0393e)72 817.889 Q
+r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 475.2 Q
+(able)-.8 E(1.)108 487.2 Q(tzpfms 0.3.4-22-g7c0393e)72 817.889 Q
 (February 28, 2024)83.578 E(2)183.837 E 0 Cg EP
-%%Page: 1 5
+%%Page: 1 10
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF 45.793(ZFS-TPM1X-CLEAR-KEY\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 43.292(anual ZFS-TPM1X-CLEAR-KEY\(8\))-2.5
 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
-(zfs-tpm1x-clear-key)108 96 Q F0 3.008<8a72>3.007 G -.25(ew)-3.008 G
+(zfs-tpm1x-clear-key)108 96 Q F0 3.008<8a72>3.008 G -.25(ew)-3.008 G
 .508(rap ZFS dataset k).25 F .808 -.15(ey i)-.1 H 3.008(np).15 G(asssw)
 -3.008 E .508(ord and clear tzpfms TPM1.X meta-)-.1 F(data)108 108 Q F1
-(SYNOPSIS)72 124.8 Q F2(zfs-tpm-list)108 136.8 Q/F3 10/Courier-Oblique@0
-SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0(After v)108 165.6 Q
-(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G
-(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM1.X)
-2.5 E F0(:)A 5(1. performs)118 177.6 R 5.642(the equi)8.142 F -.25(va)
--.25 G 5.642(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.307 E
-/F4 10/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E F4
-(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
+(SYNOPSIS)72 124.8 Q F2(zfs-fido2-add-backup)108 136.8 Q/F3 10
+/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0
+(After v)108 165.6 Q(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E
+F1(TPM1.X)2.5 E F0(:)A 5(1. performs)118 177.6 R 5.641(the equi)8.141 F
+-.25(va)-.25 G 5.641(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>
+13.308 E/F4 10/Courier@0 SF(keylocation=prompt)11.642 E F2<ad6f>13.308 E
+F4(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
 201.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F4
 (xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A F0(,)A F4(key)
 14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
 213.6 Q F0(.)A(See)108 230.4 Q F4(zfs-tpm1x-change-key)2.5 E F0
 (\(8\) for a detailed description.)A F1 1.666
 (TPM1.X back-end con\214guration)72 247.2 R .625(TPM selection)87 259.2
-R F0(The)108 271.2 Q F2(tzpfms)2.73 E F0 .23(suite connects to a local)
-2.73 F F4(tcsd)2.73 E F0 .23(\(8\) process \(at)B F4(localhost:30003)
-2.729 E F0 2.729(\)b)C 2.729(yd)-2.729 G(ef)-2.729 E 2.729(ault. Use)-.1
-F(the)2.729 E(en)108 283.2 Q(vironment v)-.4 E(ariable)-.25 E F4
-(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .11
-(The T)108 300 R(rouSerS)-.35 E F4(tcsd)2.61 E F0 .11
-(\(8\) daemon will try)B F4(/dev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E F4
-(/udev/tpm0)2.611 E F0 2.611(,t)C(hen)-2.611 E F4(/dev/tpm)2.611 E F0
-2.611(;b)C 2.611(yo)-2.611 G(ccu-)-2.611 E -.1(py)108 312 S
-(ing one of the earlier ones with, for e).1 E
+R F0(The)108 271.2 Q F2(tzpfms)2.729 E F0 .229
+(suite connects to a local)2.729 F F4(tcsd)2.73 E F0 .23
+(\(8\) process \(at)B F4(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
+-2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 283.2 Q
+(vironment v)-.4 E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
+(to specify a remote TCS hostname.)2.5 E .111(The T)108 300 R(rouSerS)
+-.35 E F4(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F4(/dev/tpm0)2.61
+E F0 2.61(,t)C(hen)-2.61 E F4(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
+F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
+312 S(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F1 .625
 (See also)87 328.8 R F0(The T)108 340.8 Q
 (rouSerS project page at https://sourcefor)-.35 E
@@ -571,11 +931,11 @@ F(the)2.729 E(en)108 283.2 Q(vironment v)-.4 E(ariable)-.25 E F4
 F1<83>128 446.4 Q F0(EvModder)7.5 E F1(REPOR)72 463.2 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 475.2 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 492 Q
-F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
+F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
 (https://lists.sr)108 504 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-22-g7c0393e)72 817.889 Q(December 4, 2022)83.583 E(1)
 183.842 E 0 Cg EP
-%%Page: 1 6
+%%Page: 1 11
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -584,15 +944,15 @@ BP
 (AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
 /Courier-Bold@0 SF(zfs-tpm1x-load-key)108 96 Q F0 2.5<8a6c>2.5 G
 (oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E F0(])A/F3
-10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 .191
-(After v)108 153.6 R(erifying)-.15 E F3(dataset)2.691 E F0 -.1(wa)2.691
-G 2.691(se).1 G .191(ncrypted with)-2.691 F F2(tzpfms)2.69 E F0(back)
-2.69 E(end)-.1 E F1(TPM1.X)2.69 E F0 .19(will unseal the k)2.69 F .49
--.15(ey a)-.1 H .19(nd load).15 F(it into)108 165.6 Q F3(dataset)2.5 E
-F0(.)A .236
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 .19(After v)108 153.6 R(erifying)-.15 E F3(dataset)2.69 E F0 -.1
+(wa)2.69 G 2.69(se).1 G .19(ncrypted with)-2.69 F F2(tzpfms)2.69 E F0
+(back)2.69 E(end)-.1 E F1(TPM1.X)2.69 E F0 .191(will unseal the k)2.69 F
+.491 -.15(ey a)-.1 H .191(nd load).15 F(it into)108 165.6 Q F3(dataset)
+2.5 E F0(.)A .236
 (The user is \214rst prompted for the SRK passphrase, set when taking o)
-108 182.4 R .236(wnership, if not "well-kno)-.25 F .236(wn" \(all)-.25 F
+108 182.4 R .236(wnership, if not "well-kno)-.25 F .235(wn" \(all)-.25 F
 (zeroes\); then for the additional passphrase, set when creating the k)
 108 194.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E
 (as set.)-.1 E(See)108 211.2 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)
@@ -600,14 +960,14 @@ F0(.)A .236
 <ad6e>109.666 240 Q F0 3.208(Do a no-op/dry run, can be used e)131 240 R
 -.15(ve)-.25 G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F
 3.508 -.15(ey i)-.1 H 5.708(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)
-8.207 E -.25(va)-.25 G 3.207(lent to).25 F F2(zfs)5.707 E(load-key)131
+8.208 E -.25(va)-.25 G 3.208(lent to).25 F F2(zfs)5.708 E(load-key)131
 252 Q F0 -.55('s)C F2<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 268.8 Q
 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108
-280.8 Q F0 .045(By def)133 292.8 R .045(ault, passphrases are prompted \
-for and read in on the standard output and input streams.)-.1 F(If)5.046
-E F4(TZPFMS_PASSPHRASE_HELPER)133 304.8 Q F0 1.596(is set and nonempty)
-4.096 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F
-F4(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 316.8 Q
+280.8 Q F0 .046(By def)133 292.8 R .045(ault, passphrases are prompted \
+for and read in on the standard output and input streams.)-.1 F(If)5.045
+E F4(TZPFMS_PASSPHRASE_HELPER)133 304.8 Q F0 1.595(is set and nonempty)
+4.095 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F
+F4(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 316.8 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 333.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -620,23 +980,23 @@ F4(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 316.8 Q
 381.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
 (assphrase, otherwise blank)-2.5 E F4($4)143 393.6 Q F0("ag)160 393.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 410.4 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F1(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 410.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 422.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM1.X back-end con\214guration)72 439.2 R .625(TPM selection)87 451.2
-R F0(The)108 463.2 Q F2(tzpfms)2.729 E F0 .229
-(suite connects to a local)2.729 F F4(tcsd)2.73 E F0 .23
-(\(8\) process \(at)B F4(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
--2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 475.2 Q
-(vironment v)-.4 E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .111(The T)108 492 R(rouSerS)
--.35 E F4(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F4(/dev/tpm0)2.61
-E F0 2.61(,t)C(hen)-2.61 E F4(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
-F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
-504 S(ing one of the earlier ones with, for e).1 E
+R F0(The)108 463.2 Q F2(tzpfms)2.73 E F0 .23(suite connects to a local)
+2.73 F F4(tcsd)2.73 E F0 .23(\(8\) process \(at)B F4(localhost:30003)
+2.729 E F0 2.729(\)b)C 2.729(yd)-2.729 G(ef)-2.729 E 2.729(ault. Use)-.1
+F(the)2.729 E(en)108 475.2 Q(vironment v)-.4 E(ariable)-.25 E F4
+(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .11
+(The T)108 492 R(rouSerS)-.35 E F4(tcsd)2.61 E F0 .11
+(\(8\) daemon will try)B F4(/dev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E F4
+(/udev/tpm0)2.611 E F0 2.611(,t)C(hen)-2.611 E F4(/dev/tpm)2.611 E F0
+2.611(;b)C 2.611(yo)-2.611 G(ccu-)-2.611 E -.1(py)108 504 S
+(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F1 .625
 (See also)87 520.8 R F0(The T)108 532.8 Q
 (rouSerS project page at https://sourcefor)-.35 E
@@ -651,11 +1011,11 @@ F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
 F1<83>128 638.4 Q F0(EvModder)7.5 E F1(REPOR)72 655.2 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 667.2 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 684 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 696 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-22-g7c0393e)72 817.889 Q(December 4, 2022)83.583 E(1)
 183.842 E 0 Cg EP
-%%Page: 1 7
+%%Page: 1 12
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -664,112 +1024,112 @@ BP
 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm2-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5
 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne stored on the TPM)-2.5 E F1
-(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>
-1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>
--.834 E F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666
-(]...)C([)186 136.8 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)
-A F3(PCR)A F0 1.666(]...)C -3.332 1.666(]... [)-1.666 H F2<ad41>A F0(]])
-A F3(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0 1.676 -.8(To n)108 165.6
-T(ormalise).8 E F3(dataset)2.576 E F0(,)A F2(zfs-tpm-list)2.576 E F0
-.076(will open its encryption root in its stead.)2.576 F F2
-(zfs-tpm-list)5.077 E F0(will)108 177.6 Q/F4 10/Times-Italic@0 SF(ne)2.5
-E(ver)-.15 E F0(create or destro)2.5 E 2.5(ye)-.1 G
-(ncryption roots; use)-2.5 E/F5 10/Courier@0 SF(zfs-change-key)2.5 E F0
-(\(8\) for that.)A(First, a connection is made to the TPM, which)108
-194.4 Q F4(must)2.5 E F0(be TPM-2.0-compatible.)2.5 E(If)108 211.2 Q F3
-(dataset)3.055 E F0 -.1(wa)3.055 G 3.055(sp).1 G(re)-3.055 E .555
-(viously encrypted with)-.25 F F2(tzpfms)3.055 E F0 .555(and the)3.055 F
-F1(TPM2)3.055 E F0 .554(back-end w)3.054 F .554(as used, the pre)-.1 F
-(vious)-.25 E -.1(ke)108 223.2 S 3.059(yw)-.05 G .559
-(ill be freed from the TPM.)-3.059 F .56
+(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2
+<ad62>1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2
+<ad50>-.834 E F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0
+1.666(]...)C([)234 136.8 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A
+F2(,)A F3(PCR)A F0 1.666(]...)C -3.332 1.666(]... [)-1.666 H F2<ad41>A
+F0(]])A F3(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0 4.32 -.8(To n)108
+165.6 T(ormalise).8 E F3(dataset)5.22 E F0(,)A F2(zfs-fido2-add-backup)
+5.22 E F0 2.719(will open its encryption root in its stead.)5.22 F F2
+(zfs-fido2-add-backup)108 177.6 Q F0(will)14.654 E/F4 10/Times-Italic@0
+SF(ne)14.654 E(ver)-.15 E F0 12.154(create or destro)14.654 F 14.655(ye)
+-.1 G 12.155(ncryption roots; use)-14.655 F/F5 10/Courier@0 SF
+(zfs-change-key)108 189.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 206.4 Q F4(must)2.5 E
+F0(be TPM-2.0-compatible.)2.5 E(If)108 223.2 Q F3(dataset)3.055 E F0 -.1
+(wa)3.055 G 3.055(sp).1 G(re)-3.055 E .555(viously encrypted with)-.25 F
+F2(tzpfms)3.055 E F0 .555(and the)3.055 F F1(TPM2)3.055 E F0 .554
+(back-end w)3.054 F .554(as used, the pre)-.1 F(vious)-.25 E -.1(ke)108
+235.2 S 3.059(yw)-.05 G .559(ill be freed from the TPM.)-3.059 F .56
 (Otherwise, or in case of an error)5.56 F 3.06(,d)-.4 G .56
 (ata required for manual interv)-3.06 F(en-)-.15 E
-(tion will be written to the standard error stream.)108 235.2 Q(Ne)108
-252 Q .295(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594
+(tion will be written to the standard error stream.)108 247.2 Q(Ne)108
+264 Q .295(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594
 -.15(ey i)-.1 H 2.794(sg).15 G .294
 (enerated on the TPM, optionally back)-2.794 F .294(ed up \(see)-.1 F F1
 (OPTIONS)2.794 E F0 .294(\), and sealed)B .588
-(to a persistent object on the TPM under the o)108 264 R .589
+(to a persistent object on the TPM under the o)108 276 R .589
 (wner hierarch)-.25 F .589(y; if there is a passphrase set on the o)-.05
-F(wner)-.25 E(hierarch)108 276 Q 1.603 -.65(y, t)-.05 H .302
+F(wner)-.25 E(hierarch)108 288 Q 1.603 -.65(y, t)-.05 H .302
 (he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .302
 (ys prompted for an optional passphrase to protect).1 F
-(the sealed object with.)108 288 Q(The follo)108 304.8 Q
+(the sealed object with.)108 300 Q(The follo)108 316.8 Q
 (wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>128
-316.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>
-128 328.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
-(persistent-object-ID)A F0([)139 340.8 Q F2(;)A F3(algorithm)A F2(:)A F3
+328.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>
+128 340.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
+(persistent-object-ID)A F0([)139 352.8 Q F2(;)A F3(algorithm)A F2(:)A F3
 (PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3
 (algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C
-1.666(]...)-1.666 G(])-1.666 E F5(tzpfms.backend)108 357.6 Q F0 1.263
+1.666(]...)-1.666 G(])-1.666 E F5(tzpfms.backend)108 369.6 Q F0 1.263
 (identi\214es this dataset for w)3.763 F 1.264(ork with)-.1 F F1(TPM2)
 3.764 E F0(-back-ended)A F2(tzpfms)3.764 E F0 1.264(tools \(namely)3.764
-F F5(zfs-tpm2-change-key)108 369.6 Q F0(\(8\),)A F5(zfs-tpm2-load-key)
+F F5(zfs-tpm2-change-key)108 381.6 Q F0(\(8\),)A F5(zfs-tpm2-load-key)
 2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0(\(8\)\).)A F5
-(tzpfms.key)108 386.4 Q F0 1.509(is an inte)4.009 F 1.509
+(tzpfms.key)108 398.4 Q F0 1.509(is an inte)4.009 F 1.509
 (ger representing the sealed object, optionally follo)-.15 F 1.509
 (wed by a semicolon and)-.25 F .822(PCR list as speci\214ed with)108
-398.4 R F2<ad50>4.988 E F0 3.322(,n)C .822(ormalised to be)-3.322 F F2
+410.4 R F2<ad50>4.988 E F0 3.322(,n)C .822(ormalised to be)-3.322 F F2
 (tpm-tools)3.322 E F0 .823(-toolchain-compatible; if needed, it can)B
-.866(be passed to)108 410.4 R F2 2.532(tpm2_unseal \255c)3.366 F F5
+.866(be passed to)108 422.4 R F2 2.532(tpm2_unseal \255c)3.366 F F5
 (${tzpfms.key)6.866 E F2(%%)A F5(;)A/F6 10/Symbol SF(*)A F5(})A F0(with)
 3.366 E F2<ad70>5.032 E F0(")6.866 E F5(str:${passphrase})A F0 3.365("o)
-C(r)-3.365 E F2<ad70>109.666 422.4 Q F0(")6.727 E F5(pcr:${tzpfms.key)A
+C(r)-3.365 E F2<ad70>109.666 434.4 Q F0(")6.727 E F5(pcr:${tzpfms.key)A
 F2(#)A F6(*)A F5(;})A F0 .727(", as the case may be, or equi)B -.25(va)
 -.25 G .728(lent, for back-up \(see).25 F F1(OPTIONS)3.228 E F0(\).)A
-.448(If you ha)108 434.4 R .748 -.15(ve a s)-.2 H .448(ealed k).15 F
+.448(If you ha)108 446.4 R .748 -.15(ve a s)-.2 H .448(ealed k).15 F
 .748 -.15(ey y)-.1 H .448(ou can access with that or equi).15 F -.25(va)
 -.25 G .447(lent tool and set both of these properties, it).25 F
-(will funxion seamlessly)108 446.4 Q(.)-.65 E(Finally)108 463.2 Q 12.005
+(will funxion seamlessly)108 458.4 Q(.)-.65 E(Finally)108 475.2 Q 12.005
 (,t)-.65 G 9.505(he equi)-12.005 F -.25(va)-.25 G 9.505(lent of).25 F F2
 9.505(zfs change-key)12.005 F<ad6f>17.172 E F5(keylocation=prompt)15.506
-E F2<ad6f>17.172 E F5(keyformat=raw)108 475.2 Q F3(dataset)6.107 E F0
+E F2<ad6f>17.172 E F5(keyformat=raw)108 487.2 Q F3(dataset)6.107 E F0
 .107(is performed with the ne)2.607 F 2.606(wk)-.25 G -.15(ey)-2.706 G
 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .106
 (rror occurred, best ef)-2.606 F .106(fort is made)-.25 F .289(to clean\
  up the persistent object and properties, or to issue a note for manual\
- interv)108 487.2 R .29(ention into the stan-)-.15 F(dard error stream.)
-108 499.2 Q 2.625<418c>108 516 S .125(nal v)-2.625 F .125
+ interv)108 499.2 R .29(ention into the stan-)-.15 F(dard error stream.)
+108 511.2 Q 2.625<418c>108 528 S .125(nal v)-2.625 F .125
 (eri\214cation should be made by running)-.15 F F2 1.79
 (zfs-tpm2-load-key \255n)2.624 F F3(dataset)6.124 E F0 5.124(.I)C 2.624
 (ft)-5.124 G .124(hat com-)-2.624 F .506(mand succeeds, all is well, b)
-108 528 R .506(ut otherwise the dataset can be manually rolled back to \
-a passphrase with)-.2 F F2(zfs-tpm2-clear-key)108 540 Q F3(dataset)
+108 540 R .506(ut otherwise the dataset can be manually rolled back to \
+a passphrase with)-.2 F F2(zfs-tpm2-clear-key)108 552 Q F3(dataset)
 11.539 E F0(\(or)8.039 E 8.039(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)
 -8.039 F 5.539(ails to w)-.1 F(ork,)-.1 E F2 5.539(zfs change-key)8.039
-F<ad6f>13.204 E F5(keyformat=passphrase)108 552 Q F3(dataset)6 E F0
+F<ad6f>13.204 E F5(keyformat=passphrase)108 564 Q F3(dataset)6 E F0
 (\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F2(zfs-tpm2-clear-key)108 568.8 Q F3(dataset)6.029 E F0 .029
+F2(zfs-tpm2-clear-key)108 580.8 Q F3(dataset)6.029 E F0 .029
 (can be used to free the TPM persistent object and go back to us-)2.529
-F(ing a passphrase.)108 580.8 Q F1(OPTIONS)72 597.6 Q F2<ad62>109.666
-609.6 Q F3(backup-file)6 E F0(Sa)203 609.6 Q .353 -.15(ve a b)-.2 H .052
+F(ing a passphrase.)108 592.8 Q F1(OPTIONS)72 609.6 Q F2<ad62>109.666
+621.6 Q F3(backup-file)6 E F0(Sa)203 621.6 Q .353 -.15(ve a b)-.2 H .052
 (ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
 E F0 2.552(,w)C .052(hich must not e)-2.552 F .052(xist beforehand.)-.15
-F .693(This back-up)203 621.6 R F4(must)3.193 E F0 .694
+F .693(This back-up)203 633.6 R F4(must)3.193 E F0 .694
 (be stored securely)3.193 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
 (-site. In).25 F .694(case of a catastrophic e)3.194 F -.15(ve)-.25 G
-(nt,).15 E(the k)203 633.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)233 645.6 Q F3(dataset)6 E F5(<)6 E F3
-(backup-file)6 E F2<ad50>109.666 662.4 Q F3(algorithm)6 E F2(:)A F3(PCR)
+(nt,).15 E(the k)203 645.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 657.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 674.4 Q F3(algorithm)6 E F2(:)A F3(PCR)
 A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)
 A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)
--1.666 G 1.425(Bind the k)203 674.4 R 1.725 -.15(ey t)-.1 H 3.925(os).15
+-1.666 G 1.425(Bind the k)203 686.4 R 1.725 -.15(ey t)-.1 H 3.925(os).15
 G 1.425(pace- or comma-separated)-3.925 F F3(PCR)3.924 E F0 3.924(sw)C
-1.424(ithin their corresponding)-3.924 F(hashing)203 686.4 Q F3
+1.424(ithin their corresponding)-3.924 F(hashing)203 698.4 Q F3
 (algorithm)2.523 E F0 2.523<8a69>2.523 G 2.523(ft)-2.523 G(he)-2.523 E
 2.523(yc)-.15 G .023(hange, the wrapping k)-2.523 F .323 -.15(ey w)-.1 H
-.024(ill not be able to be).15 F 2.5(unsealed. There)203 698.4 R(are)2.5
+.024(ill not be able to be).15 F 2.5(unsealed. There)203 710.4 R(are)2.5
 E F1(24)2.5 E F0(PCRs, numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0(].)
-A F3(algorithm)203 715.2 Q F0 2.968(may be an)5.469 F 5.468(yo)-.15 G
+A F3(algorithm)203 727.2 Q F0 2.968(may be an)5.469 F 5.468(yo)-.15 G
 5.468(fc)-5.468 G(ase-insensiti)-5.468 E 3.268 -.15(ve ")-.25 H F1(sha1)
 .15 E F0 2.968(", ")B F1(sha256)A F0 2.968(", ")B F1(sha384)A F0(",)A(")
-203 727.2 Q F1(sha512)A F0 4.983(", ")B F1(sm3_256)A F0 4.983(", ")B F1
+203 739.2 Q F1(sha512)A F0 4.983(", ")B F1(sm3_256)A F0 4.983(", ")B F1
 (sm3-256)A F0 4.983(", ")B F1(sha3_256)A F0 4.983(", ")B F1(sha3-256)A
-F0 4.983(", ")B F1(sha3_384)A F0(",)A(")203 739.2 Q F1(sha3-384)A F0
+F0 4.983(", ")B F1(sha3_384)A F0(",)A(")203 751.2 Q F1(sha3-384)A F0
 (", ")A F1(sha3_512)A F0(", or ")A F1(sha3-512)A F0
 (", and must be supported by the TPM.)A(tzpfms 0.3.4-22-g7c0393e)72
 817.889 Q(February 28, 2024)83.578 E(1)183.837 E 0 Cg EP
-%%Page: 2 8
+%%Page: 2 13
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -847,7 +1207,7 @@ E F3 1.666(SEE ALSO)72 616.8 R F4(tpm2_unseal)108 628.8 Q F0(\(1\))A
 r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 669.6 Q
 (able)-.8 E(1.)108 681.6 Q(tzpfms 0.3.4-22-g7c0393e)72 817.889 Q
 (February 28, 2024)83.578 E(2)183.837 E 0 Cg EP
-%%Page: 1 9
+%%Page: 1 14
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -857,8 +1217,8 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm2-clear-key)108 96 Q F0 2.5<8a72>2.5 G -.25(ew)-2.5 G
 (rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G(asssw)-2.5 E
 (ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72 112.8 Q F2
-(zfs-tpm-list)108 124.8 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1
-(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q(erifying)-.15 E F3
+(zfs-fido2-add-backup)108 124.8 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5
+E F1(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q(erifying)-.15 E F3
 (dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2
 (tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 5
 (1. performs)118 165.6 R 5.641(the equi)8.141 F -.25(va)-.25 G 5.641
@@ -928,7 +1288,7 @@ F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
 (https://lists.sr)108 710.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
 -.25 E(tzpfms 0.3.4-22-g7c0393e)72 817.889 Q(December 4, 2022)83.583 E
 (1)183.842 E 0 Cg EP
-%%Page: 1 10
+%%Page: 1 15
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -937,23 +1297,23 @@ BP
 (AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
 /Courier-Bold@0 SF(zfs-tpm2-load-key)108 96 Q F0 2.5<8a6c>2.5 G
 (oad TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E F0(])A/F3
-10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 .864
-(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.364 E F0 -.1(wa)3.364
-G 3.364(se).1 G .864(ncrypted with)-3.364 F F2(tzpfms)3.365 E F0(back)
-3.365 E(end)-.1 E F1(TPM2)3.365 E F0 3.365(,u)C .865(nseals the k)-3.365
-F 1.165 -.15(ey a)-.1 H .865(nd loads it).15 F(into)108 165.6 Q F3
-(dataset)2.5 E F0(.)A(The user is prompted for the additional passphras\
-e, set when creating the k)108 182.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5
-(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q/F4 10/Courier@0 SF
-(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
-(OPTIONS)72 216 Q F2<ad6e>109.666 228 Q F0 3.208
-(Do a no-op/dry run, can be used e)131 228 R -.15(ve)-.25 G 5.708(ni).15
-G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)-.1 H 5.708(sa)
-.15 G 3.208(lready loaded.)-5.708 F(Equi)8.207 E -.25(va)-.25 G 3.207
-(lent to).25 F F2(zfs)5.707 E(load-key)131 240 Q F0 -.55('s)C F2<ad6e>
-4.716 E F0(option.)2.5 E F1(ENVIR)72 256.8 Q 1.666(ONMENT V)-.3 F
-(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 268.8 Q F0 .045
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 .864(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.364 E F0 -.1
+(wa)3.364 G 3.364(se).1 G .864(ncrypted with)-3.364 F F2(tzpfms)3.365 E
+F0(back)3.365 E(end)-.1 E F1(TPM2)3.365 E F0 3.365(,u)C .865
+(nseals the k)-3.365 F 1.165 -.15(ey a)-.1 H .865(nd loads it).15 F
+(into)108 165.6 Q F3(dataset)2.5 E F0(.)A(The user is prompted for the \
+additional passphrase, set when creating the k)108 182.4 Q -.15(ey)-.1 G
+2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q/F4
+10/Courier@0 SF(zfs-tpm2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(OPTIONS)72 216 Q F2<ad6e>109.666
+228 Q F0 3.208(Do a no-op/dry run, can be used e)131 228 R -.15(ve)-.25
+G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)
+-.1 H 5.708(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.207 E -.25(va)
+-.25 G 3.207(lent to).25 F F2(zfs)5.707 E(load-key)131 240 Q F0 -.55('s)
+C F2<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 256.8 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 268.8 Q F0 .045
 (By def)133 280.8 R .045(ault, passphrases are prompted for and read in\
  on the standard output and input streams.)-.1 F(If)5.046 E F4
 (TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F0 1.596(is set and nonempty)4.096
diff --git a/zfs-fido2-add-backup.8 b/zfs-fido2-add-backup.8
new file mode 100644
index 0000000..08a80cb
--- /dev/null
+++ b/zfs-fido2-add-backup.8
@@ -0,0 +1,125 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 29, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-ADD-BACKUP 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-add-backup
+.Nd allow another FIDO2 device to unlock ZFS dataset
+.Sh SYNOPSIS
+.Nm
+.Ar dataset
+.
+.Sh DESCRIPTION
+After
+.Xr zfs-fido2-change-key 8
+derives the key for a dataset from a FIDO2 device,
+.Nm
+may be executed to extend this to any number of additional devices.
+.Pp
+First, the wrapping key is extracted as normally during
+.Xr zfs-fido2-load-key 8 ,
+then a credential is made as-if during
+.Xr zfs-fido2-change-key 8
+(except the "primary" device and all the ones holding backups are excluded from the search);
+however, the
+.Ql hmac-secret
+is instead used as a symmetric AES-256-GCM
+.Pq Xr EVP_CIPHER-AES 7ssl
+key to encrypt the wrapping key directly with a random IV.
+.Pp
+This turns the
+.Li xyz.nabijaczleweli:tzpfms.key
+variable into
+.br
+.Ar salt Ns Cm :\:\& Ns Ar credential-ID Ns Cm :\:\& Ns Ar credential-public-key Ns Oo Cm \&. Ns Ar backup-salt Ns Cm :\:\& Ns Ar backup-credential-ID Ns Cm :\:\& Ns Ar backup-credential-public-key Ns Cm :\:\& Ns Ar IV Ns Cm :\:\& Ns Ar encrypted-key Oc Ns …
+.Pp
+.Li tzpfms.key
+is actually a dot-separated list of device bundles.
+The first one is as-described in
+.Xr zfs-fido2-change-key 8 .
+Subsequent ones also include (identically-encoded) IVs and encrypted blobs.
+.Pp
+.Xr zfs-fido2-load-key 8
+shops assertions around devices in a device-major order \(em
+depending on device numbering, a backup may be loaded even if the primary device is present.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-add-backup.8.html b/zfs-fido2-add-backup.8.html
new file mode 100644
index 0000000..e6d3444
--- /dev/null
+++ b/zfs-fido2-add-backup.8.html
@@ -0,0 +1,153 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-ADD-BACKUP(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-ADD-BACKUP(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-ADD-BACKUP(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-add-backup</code> &#x2014;
+    <span class="Nd">allow another FIDO2 device to unlock ZFS dataset</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-add-backup</code></td>
+    <td><var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    derives the key for a dataset from a FIDO2 device,
+    <code class="Nm">zfs-fido2-add-backup</code> may be executed to extend this
+    to any number of additional devices.</p>
+<p class="Pp">First, the wrapping key is extracted as normally during
+    <a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>,
+    then a credential is made as-if during
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    (except the &quot;primary&quot; device and all the ones holding backups are
+    excluded from the search); however, the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; is instead used as a
+    symmetric AES-256-GCM
+    (<a class="Xr" href="https://manpages.debian.org/bookworm/EVP_CIPHER-AES.7ssl">EVP_CIPHER-AES(7ssl)</a>)
+    key to encrypt the wrapping key directly with a random IV.</p>
+<p class="Pp">This turns the
+    <code class="Li">xyz.nabijaczleweli:tzpfms.key</code> variable into
+  <br/>
+  <var class="Ar">salt</var><code class="Cm">:</code><var class="Ar">credential-ID</var><code class="Cm">:</code><var class="Ar">credential-public-key</var>[<code class="Cm">.</code><var class="Ar">backup-salt</var><code class="Cm">:</code><var class="Ar">backup-credential-ID</var><code class="Cm">:</code><var class="Ar">backup-credential-public-key</var><code class="Cm">:</code><var class="Ar">IV</var><code class="Cm">:</code><var class="Ar">encrypted-key</var>]&#x2026;</p>
+<p class="Pp"><code class="Li">tzpfms.key</code> is actually a dot-separated
+    list of device bundles. The first one is as-described in
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>.
+    Subsequent ones also include (identically-encoded) IVs and encrypted
+  blobs.</p>
+<p class="Pp"><a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>
+    shops assertions around devices in a device-major order &#x2014; depending
+    on device numbering, a backup may be loaded even if the primary device is
+    present.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 29, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-change-key.8 b/zfs-fido2-change-key.8
new file mode 100644
index 0000000..6bd3f57
--- /dev/null
+++ b/zfs-fido2-change-key.8
@@ -0,0 +1,186 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 29, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-CHANGE-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-change-key
+.Nd change ZFS dataset key to one authenticated by a FIDO2 device
+.Sh SYNOPSIS
+.Nm
+.Op Fl b Ar backup-file
+.Ar dataset
+.
+.Sh DESCRIPTION
+To normalise the
+.Ar dataset ,
+.Nm
+will open its encryption root in its stead.
+.Nm
+will
+.Em never
+create or destroy encryption roots; use
+.Xr zfs-change-key 8
+for that.
+.Pp
+First, a connection is made to the FIDO2 device, which
+.Em must
+support the
+.Ql hmac-secret
+extension.
+.Pp
+If
+.Ar dataset
+was previously encrypted with
+.Nm fzifdso
+and the
+.Sy FIDO2
+back-end was used, the metadata will be silently cleared.
+Otherwise, or in case of an error, data required for manual intervention will be written to the standard error stream.
+.Pp
+Next, a new credential of type ES256 is generated on the device (with relying party ID
+.Li fzifdso
+and name equal to the dataset name)
+with the
+.Ql hmac-secret
+extension requested; the device PIN, if any, is prompted for here.
+This mimicks a WebAuthn registration step.
+.Pp
+Then, the credential is asserted with a 32-byte random salt,
+which hashes it with device-private data, and thus generates the wrapping key
+.Pq which is optionally backed up Pq see Sx OPTIONS .
+This mimicks a WebAuthn login step.
+.Pp
+The following properties are set on
+.Ar dataset :
+.Bl -bullet -compact -offset 4n -width "@"
+.It
+.Li xyz.nabijaczleweli:tzpfms.backend Ns = Ns Sy FIDO2
+.It
+.Li xyz.nabijaczleweli:tzpfms.key Ns = Ns Ar salt Ns Cm :\:\& Ns Ar credential-ID Ns Cm :\:\& Ns Ar credential-public-key Ns Oo Cm \&. Ns … Oc Ns …
+.El
+.Pp
+.Li tzpfms.backend
+identifies this dataset for work with
+.Sy FIDO2 Ns -back-ended
+.Nm tzpfms
+tools
+.Pq i.e. Nm fzifdso Xr zfs-fido2-change-key 8 , Xr zfs-fido2-load-key 8 , Xr zfs-fido2-add-backup 8 , and Xr zfs-fido2-clear-key 8 .
+.Pp
+.Li tzpfms.key
+is a colon-separated tuple of unpadded URL-safe base64 blobs;
+the first one is the random salt;
+the second represents the ID of created credential,
+and the third \(en its public key.
+There exists no other user-land tool for deciphering this; perhaps there should be.
+.\"" TODO: make an LD_PRELOADable for extracting the key maybe?
+.Pp
+Finally, the equivalent of
+.Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=raw Ar dataset
+is performed with the new key.
+If an error occurred, best effort is made to clean up the properties,
+or to issue a note for manual intervention into the standard error stream.
+.Pp
+A final verification should be made by running
+.Nm zfs-fido2-load-key Fl n Ar dataset .
+If that command succeeds, all is well,
+but otherwise the dataset can be manually rolled back to a passphrase with
+.Nm zfs-fido2-clear-key Ar dataset
+.Pq or, if that fails to work, Nm zfs Cm change-key Fl o Li keyformat=passphrase Ar dataset ,
+and you are hereby asked to report a bug, please.
+.Pp
+.Nm zfs-fido2-clear-key Ar dataset
+can be used to clear the properties and go back to using a passphrase.
+.
+.Sh OPTIONS
+.Bl -tag -compact -width ".Fl b Ar backup-file"
+.It Fl b Ar backup-file
+Save a back-up of the key to
+.Ar backup-file ,
+which must not exist beforehand.
+This back-up
+.Em must
+be stored securely, off-site.
+In case of a catastrophic event, the key can be loaded by running
+.Dl Nm zfs Cm load-key Ar dataset Li < Ar backup-file
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-change-key.8.html b/zfs-fido2-change-key.8.html
new file mode 100644
index 0000000..68ea232
--- /dev/null
+++ b/zfs-fido2-change-key.8.html
@@ -0,0 +1,206 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-CHANGE-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-CHANGE-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-CHANGE-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-change-key</code> &#x2014;
+    <span class="Nd">change ZFS dataset key to one authenticated by a FIDO2
+    device</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-change-key</code></td>
+    <td>[<code class="Fl">-b</code> <var class="Ar">backup-file</var>]
+      <var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">To normalise the <var class="Ar">dataset</var>,
+    <code class="Nm">zfs-fido2-change-key</code> will open its encryption root
+    in its stead. <code class="Nm">zfs-fido2-change-key</code> will
+    <a class="permalink" href="#never"><i class="Em" id="never">never</i></a>
+    create or destroy encryption roots; use
+    <a class="Xr" href="https://manpages.debian.org/bookworm/zfs-change-key.8">zfs-change-key(8)</a>
+    for that.</p>
+<p class="Pp">First, a connection is made to the FIDO2 device, which
+    <i class="Em">must</i> support the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension.</p>
+<p class="Pp">If <var class="Ar">dataset</var> was previously encrypted with
+    <code class="Nm">fzifdso</code> and the <b class="Sy">FIDO2</b> back-end was
+    used, the metadata will be silently cleared. Otherwise, or in case of an
+    error, data required for manual intervention will be written to the standard
+    error stream.</p>
+<p class="Pp">Next, a new credential of type ES256 is generated on the device
+    (with relying party ID <code class="Li">fzifdso</code> and name equal to the
+    dataset name) with the &#x2018;<code class="Li">hmac-secret</code>&#x2019;
+    extension requested; the device PIN, if any, is prompted for here. This
+    mimicks a WebAuthn registration step.</p>
+<p class="Pp">Then, the credential is asserted with a 32-byte random salt, which
+    hashes it with device-private data, and thus generates the wrapping key
+    (which is optionally backed up (see
+    <a class="Sx" href="#OPTIONS">OPTIONS</a>)). This mimicks a WebAuthn login
+    step.</p>
+<p class="Pp">The following properties are set on
+  <var class="Ar">dataset</var>:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li id="xyz.nabijaczleweli:tzpfms.backend"><a class="permalink" href="#xyz.nabijaczleweli:tzpfms.backend"><code class="Li">xyz.nabijaczleweli:tzpfms.backend</code></a>=<b class="Sy">FIDO2</b></li>
+  <li id="xyz.nabijaczleweli:tzpfms.key"><a class="permalink" href="#xyz.nabijaczleweli:tzpfms.key"><code class="Li">xyz.nabijaczleweli:tzpfms.key</code></a>=<var class="Ar">salt</var><code class="Cm">:</code><var class="Ar">credential-ID</var><code class="Cm">:</code><var class="Ar">credential-public-key</var>[<code class="Cm">.</code>&#x2026;]&#x2026;</li>
+</ul>
+<p class="Pp"><code class="Li">tzpfms.backend</code> identifies this dataset for
+    work with <b class="Sy">FIDO2</b>-back-ended <code class="Nm">tzpfms</code>
+    tools (i.e. <code class="Nm">fzifdso</code>
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>,
+    <a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>,
+    <a class="Xr" href="zfs-fido2-add-backup.8.html">zfs-fido2-add-backup(8)</a>,
+    and
+    <a class="Xr" href="zfs-fido2-clear-key.8.html">zfs-fido2-clear-key(8)</a>).</p>
+<p class="Pp"><code class="Li">tzpfms.key</code> is a colon-separated tuple of
+    unpadded URL-safe base64 blobs; the first one is the random salt; the second
+    represents the ID of created credential, and the third &#x2013; its public
+    key. There exists no other user-land tool for deciphering this; perhaps
+    there should be.</p>
+<p class="Pp">Finally, the equivalent of <code class="Nm">zfs</code>
+    <code class="Cm">change-key</code> <code class="Fl">-o</code>
+    <code class="Li">keylocation=prompt</code> <code class="Fl">-o</code>
+    <code class="Li">keyformat=raw</code> <var class="Ar">dataset</var> is
+    performed with the new key. If an error occurred, best effort is made to
+    clean up the properties, or to issue a note for manual intervention into the
+    standard error stream.</p>
+<p class="Pp">A final verification should be made by running
+    <code class="Nm">zfs-fido2-load-key</code> <code class="Fl">-n</code>
+    <var class="Ar">dataset</var>. If that command succeeds, all is well, but
+    otherwise the dataset can be manually rolled back to a passphrase with
+    <code class="Nm">zfs-fido2-clear-key</code> <var class="Ar">dataset</var>
+    (or, if that fails to work, <code class="Nm">zfs</code>
+    <code class="Cm">change-key</code> <code class="Fl">-o</code>
+    <code class="Li">keyformat=passphrase</code> <var class="Ar">dataset</var>),
+    and you are hereby asked to report a bug, please.</p>
+<p class="Pp"><code class="Nm">zfs-fido2-clear-key</code>
+    <var class="Ar">dataset</var> can be used to clear the properties and go
+    back to using a passphrase.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="b"><a class="permalink" href="#b"><code class="Fl">-b</code></a>
+    <var class="Ar">backup-file</var></dt>
+  <dd>Save a back-up of the key to <var class="Ar">backup-file</var>, which must
+      not exist beforehand. This back-up <i class="Em">must</i> be stored
+      securely, off-site. In case of a catastrophic event, the key can be loaded
+      by running
+    <div class="Bd Bd-indent"><code class="Li"><code class="Nm">zfs</code>
+      <code class="Cm">load-key</code> <var class="Ar">dataset</var>
+      <code class="Li">&lt;</code>
+      <var class="Ar">backup-file</var></code></div>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 29, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-clear-key.8 b/zfs-fido2-clear-key.8
new file mode 100644
index 0000000..dd2a76c
--- /dev/null
+++ b/zfs-fido2-clear-key.8
@@ -0,0 +1,113 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 28, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-CLEAR-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-clear-key
+.Nd rewrap ZFS dataset key in passsword and clear tzpfms FIDO2 metadata
+.Sh SYNOPSIS
+.Nm
+.Ar dataset
+.
+.Sh DESCRIPTION
+After verifying
+.Ar dataset
+was encrypted with
+.Nm tzpfms
+backend
+.Sy FIDO2 :
+.Bl -enum -compact -offset 2n -width 2n
+.It
+performs the equivalent of
+.Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=passphrase Ar dataset ,
+.It
+removes the
+.Li xyz.nabijaczleweli:tzpfms.\& Ns Brq Li backend , key
+properties from
+.Ar dataset .
+.El
+.Pp
+See
+.Xr zfs-fido2-change-key 8
+for a detailed description.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-clear-key.8.html b/zfs-fido2-clear-key.8.html
new file mode 100644
index 0000000..46e553e
--- /dev/null
+++ b/zfs-fido2-clear-key.8.html
@@ -0,0 +1,143 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-CLEAR-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-CLEAR-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-CLEAR-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-clear-key</code> &#x2014;
+    <span class="Nd">rewrap ZFS dataset key in passsword and clear tzpfms FIDO2
+    metadata</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-clear-key</code></td>
+    <td><var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
+    <code class="Nm">tzpfms</code> backend
+    <a class="permalink" href="#FIDO2"><b class="Sy" id="FIDO2">FIDO2</b></a>:</p>
+<ol class="Bl-enum Bd-indent Bl-compact">
+  <li>performs the equivalent of <code class="Nm">zfs</code>
+      <code class="Cm">change-key</code> <code class="Fl">-o</code>
+      <code class="Li">keylocation=prompt</code> <code class="Fl">-o</code>
+      <code class="Li">keyformat=passphrase</code>
+      <var class="Ar">dataset</var>,</li>
+  <li>removes the
+      <code class="Li">xyz.nabijaczleweli:tzpfms.</code>{<code class="Li">backend</code>,
+      <code class="Li">key</code>} properties from
+      <var class="Ar">dataset</var>.</li>
+</ol>
+<p class="Pp">See
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    for a detailed description.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 28, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-load-key.8 b/zfs-fido2-load-key.8
new file mode 100644
index 0000000..247ca04
--- /dev/null
+++ b/zfs-fido2-load-key.8
@@ -0,0 +1,98 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 28, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-LOAD-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-load-key
+.Nd load FIDO2-encrypted ZFS dataset key
+.Sh SYNOPSIS
+.Nm
+.Op Fl n
+.Ar dataset
+.
+.Sh DESCRIPTION
+After verifying
+.Ar dataset
+was encrypted with
+.Nm tzpfms
+backend
+.Sy FIDO2 ,
+asserts the preserved challenge, HMACking the salt with the on-device secret, and loads the resulting key into
+.Ar dataset .
+.Pp
+See
+.Xr zfs-fido2-change-key 8
+for a detailed description.
+.
+.Sh OPTIONS
+.Bl -tag -compact -width ".Fl n"
+.It Fl n
+Do a no-op/dry run, can be used even if the key is already loaded.
+Equivalent to
+.Nm zfs Cm load-key Ns 's
+.Fl n
+option.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-load-key.8.html b/zfs-fido2-load-key.8.html
new file mode 100644
index 0000000..ffc6446
--- /dev/null
+++ b/zfs-fido2-load-key.8.html
@@ -0,0 +1,117 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-LOAD-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-LOAD-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-LOAD-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-load-key</code> &#x2014;
+    <span class="Nd">load FIDO2-encrypted ZFS dataset key</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-load-key</code></td>
+    <td>[<code class="Fl">-n</code>] <var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
+    <code class="Nm">tzpfms</code> backend
+    <a class="permalink" href="#FIDO2"><b class="Sy" id="FIDO2">FIDO2</b></a>,
+    asserts the preserved challenge, HMACking the salt with the on-device
+    secret, and loads the resulting key into <var class="Ar">dataset</var>.</p>
+<p class="Pp">See
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    for a detailed description.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="n"><a class="permalink" href="#n"><code class="Fl">-n</code></a></dt>
+  <dd>Do a no-op/dry run, can be used even if the key is already loaded.
+      Equivalent to <code class="Nm">zfs</code>
+      <code class="Cm">load-key</code>'s <code class="Fl">-n</code> option.</dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 28, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>