From 536eece5590fc9dd1449f04559d440aecdd7dc3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1=20autouploader?=
 <nabijaczleweli/autouploader@nabijaczleweli.xyz>
Date: Mon, 11 Mar 2024 12:13:35 +0000
Subject: [PATCH] Manpage update by job 1166273

---
 tzpfms.pdf                  | Bin 65637 -> 81723 bytes
 tzpfms.ps                   | 899 +++++++++++++++++++++++++-----------
 zfs-fido2-add-backup.8      | 125 +++++
 zfs-fido2-add-backup.8.html | 153 ++++++
 zfs-fido2-change-key.8      | 188 ++++++++
 zfs-fido2-change-key.8.html | 207 +++++++++
 zfs-fido2-clear-key.8       | 121 +++++
 zfs-fido2-clear-key.8.html  | 151 ++++++
 zfs-fido2-load-key.8        |  98 ++++
 zfs-fido2-load-key.8.html   | 117 +++++
 10 files changed, 1796 insertions(+), 263 deletions(-)
 create mode 100644 zfs-fido2-add-backup.8
 create mode 100644 zfs-fido2-add-backup.8.html
 create mode 100644 zfs-fido2-change-key.8
 create mode 100644 zfs-fido2-change-key.8.html
 create mode 100644 zfs-fido2-clear-key.8
 create mode 100644 zfs-fido2-clear-key.8.html
 create mode 100644 zfs-fido2-load-key.8
 create mode 100644 zfs-fido2-load-key.8.html

diff --git a/tzpfms.pdf b/tzpfms.pdf
index 4ac1688bd9bdc52848fecdff833a68c83903119b..3495353f8c16d8e4e38c602daab90e27a169bf26 100644
GIT binary patch
delta 58259
zcmZUaW0$5~qNLNdZQHhO+jb=?`J`>zW~FW0W~FU&-tIGfX4dLYd$0HbcSKw}?jwJ&
z&Tp_ku)u&6?M;_W36z?ybJ|k93YIqVXr`df7jyHdmK3c94YRK1gcdy_E;Qr-pr9zS
zceh=Y@0736tK9xQ2^#l_3Kuye3$G5vJb~@k9Ia$z*dI2)XclSI7XFvt&|zKi8|_Z~
z>O)bIEg>MiE_P`$`ZfEtKt3pbic@l=&e8IC^8wHpx5dZL%W9~2+>4)q;Wox60AqK)
zfx(c)7#F?B`8qWKIaR8F1aTfPNZn}10^nou`#w5ffpVZUYoVpB?|;caSDLxBh>N0%
zx)!@b$#Xj2H*goS#|WK<Jref_m-Wn7Y!yA%)+0bMcS}wbWX|FiI3oTDU9YL1R*7}Y
z)&qpaG|GkbCrpu-UX8CZDt7wfO<cL>MNtcIwOdqcPhdaIYb80q4Wy}C*Cv|JOk1_H
zVJiC=I(j3Vf`=a{+N=r|UUS8TZaZ6NzF@Gzc3GZv3P||kW|R?XownhUPF6Kjg}dTv
zM?!m4n7_5$#SaClaaT05#of#|n_;UfQv)i;0mp(*IUoUr#6ek}Z1I#c-@b2mHtqtr
z?La=yHJgK*&jH>SK}WdT?G8YWuA{l~mX5Wvb;l=!jLTWy-~DA(GHBD%wFvS;{Im1n
z*K$#-%I=g?-u1W+qirQS;EJBH!FeFBDrnN6c%?>{N@<%sQivdg?@Ld1K3E`$gMhwy
zth!LCePNH#iK1qrm!NH6l>&3tuiWh}N_Vs6>*2pgMu565q67p=ZS*&Y?{yL&RJ4X+
zi<-YcAqUD#^1P2!rZXPFk3fm!&(ZQtq_Dz6bCwM7Zd-X`-U$J%4$*D3Lnwc#DfVia
z4tws@BH;XVD9OJG%u!0^C5S}2Qvr(Z+9ww)#kfT~bVSJa=mD@~>WP+pR6N83LS6;M
zE}E!ZP*Bx_1fP?dxxQIw=5BBnQ1@D5oA!y@F#{M}OD=&Utr%{;l4119+?OBlrt^K)
z#@g<+{*MUyyi2&Z7C~i|;U<qVYKe4=9Lky3V+{;_fyjH<P6m5k-u{XYRsc_+>(r3|
zvGy)qh~E*g^=R5DVijGv_Mn5nN1VTngr+AL!bd4|V3;Q5G{WFvh(Oy%f4m@e*fKn9
zfe@G!wwQBG>TAq^4D6!JP|-Uvu_U5#P5ZEfe>pcP4a=$MgY5yQjfZ$r$hc7>s0TGy
z$BZA+Z0Mbwp_o?r8zhz^!2>Wr!vf%~yMvX+mIm-;k<sto-S0gbX3&}Fvo>NO-Vc}{
zv5FKV_YmI;8q=Ws!OY{8h4kK`phYAHed$N;!uF@0<}c*YvP%4|G(;)Ak&^qChedYr
z1~bf*#)`-*WJ6lQlRIN7@F0|Lw-LZ<t2FGz)XA8+b7thOy^cFMF#$-8_1YLq^uA|j
zWmU6|Gj%(Pb@EzlP1WSnx`T|9kM1B)ZM&ofljb~g!lvMd>0M-I`4=4OO%Gx_vdl=}
zHK3ikX3q7tf1c!A!tj*bZuiVvxx;ZS0T0DU&fwG^>1wtp)Q%m*&4VjB^1}>3l|WSw
zil`7Juz!rGG*rwU{{qI+Wf7{Qs>M_(89x-<zgj8<u6pL^bjW(e@6y!xBH29Eeb;L_
z$n8-Oz~{7LUJW|GiO=g<FP0lfA}}g|($(I|%d@uXsbMz@l_jj%F=V{bG>e)u>v(pU
zXJ;j%zV<#a9WTT)hr-6hdwp0jn3h^<QsK{7C8;Es5cQ@Xasl-Ur7_zsWjp(`4jU?a
zjhfrLW<CcFtT(!Tpnqa!e@0*m62+U)!Cx`(n1obuYk!nvbeW#!B58`sZbNS`l~Y80
zHyv3bRg?8tREgm8$yORr0(Zt~i8}1n#I(p4i>v>vUBDowh^_>LOqBR5N3nbKZy&`<
z<j|`k0h`rwEd#*c{qe45;E!|-VYhgK;Hc`)>BX@z$3bS~8jz1N=A?~hn;8pxM12Bd
za$bwgG#F*>yy5FpSy1oglBk_j9%wK)%3aJ6O2<&Z>9VDM51o>s2BwN`g9z~ds7)kN
zv4~&Nso_3Xj9HP$VOaN2ot-*_1rJY(b_^7zvM6dkxBzlY#pz|0^Wg^fGlNdd%W>){
zhq3fP1~-=62_th)Jaq3{TC%cEIhDFRfkARUfni(n(Gog;VIwAe1nBV;uR~x>!J{*=
zR3I9!GviezMzO(Q+(0@gg}SQaiJ5FtRgu&lohnUPKySgK*;wJyF6*E1AP4J!Z{>eG
zK1Pqw{Q~fr<Lue#hNJ9DjZR~G;EA{Kgq5b{&D70f%-I@mnsSaqBYgb!WbV#J&A4H}
zTiD;^>J||6{SwAJKp12=S8fHp`&_MR#cZ6_ENfg}{<v6Ne|-2j3#&SNLK^F$wapJ(
zUaz~eY4H4O<gnL*v+AN26Mc?0^n{ULua7y`MFrSy22UY(ZX4)<@K?#_0d_jfKruxB
z#6p)%TwQLdJ*1Tm{n6C8J(mz(4YhmLWp?V>kX`Nz-O2kJwq>ErPj#@$Ukj^=99V&+
zA19*j|I{ay6RFE+@OL-jc^(}fsu!87ZBgcThx$vT>f_*%MaxM+WD1-jo|6zphO-Sy
z76O>vXxTSQFrz$RS!IfrS57(zJ<9xKBzRhyBkG_BREZ!m?3ZUrM1cLZ&T4`*!X+vE
zy$!oxkC6=1h4F+}F?j;$1g35z6hLP?bb!0oDb|&;RpX1WfhIKqce2?;y5#WGPpqq0
zcvWcv;Yh3`lk&;;F5pUz6y-XnlqHPad;v^fK4mtH#ygSDxsy{jNUxY56+!pz4Qq5D
zgKONXts+F%>EdTqHZ%l9E{uy3dM(e#L%>BuLJL6KJ8UiE{?Rk}QBS(TmunxAj#?mG
zhl+z2#nB95(p;m^Naw~zqEmjc1G8F$A<yuF{*A>{G9tIF&m}_wFSsnnPw+B=cnYZV
z8%0C_{i(_oHoxMU<Z?o|NuG=Q#C|A?z|$>=@QO_k$F<sCawI`NC52CXTL#yrEbODG
z9v#F}+Jed0-tSZEL&91Y=)c6i^u(H7G5Yw^&p8rRja$p#BV;wE4gOi?lpN7N6etR9
zd*U6p*(3Yqz_uY;mVLlav9}|RV-9#R<;5PNIbFMuJkjPY>WpAX!c|U`mQ6Z0-{qpx
z=;F-1!cja0?fR3`Fww&~LwuGDdL&-urUu_|?!RpT<bvh6i~EOZHw}r0u=tAw(|koP
zmfwdILK)hY-d=B+koYYYv+2c01o$^?QdjV{%0e^}5uc(ILOMi|4GzT8%{#zm<SPO3
z$rUzQJtF1+MTtt<HSLHzoQ?$4U}cSS(m2IRg1y_0DS>!^0g_Ii$+eSy5q6?uxgi)1
zHg%LOC5cl;?af7LHTbW;3<}g>uy$mbe>=`A{D?V2P!p6}<<-4t1o0wbc-s^!`?U&Z
zpR4eC=NPOM77xz4OX$HYLp31hQfX0=ZD)v?ApiJ6Utek`VOq2b!y($5qh6Wb8RDo|
z$$j%HN<^R|W-Ep4mdF=)+HTVgH{o1)(mB=08-~179+mClVg2!m@kRnajMs_A9|a4F
zMvTHE<k;j6J(#gPV>nnBM(qjzbf}Zp6$z~(fB{(?m|4lqUa=qi3juH{7h_ql()v(v
z-Jt@TD&$-5u50N;)$8I~f?XV2XZM2{`;adiO;ce%&$QkbjaxM824db>-Kq;!lSvnC
zgV^fS^*m)%kuuCr2@>OKDtPDmdo8NeYhp>pj2xqo0{e8x)mO+2t6Vl8Zj|>Fn?AmC
zIMh10)fN|a3(`A={uq#A!+a>_$rSl(&%Ypim-B7}NZDXzkKl~$tgf4jg~_eYipP$X
z*i4aQVU%=I8M^t;gef(!nl^-hzUFd^kDE&a9`?=Ow0uV_$6{_KYiW-sl89e8Cs|3y
z*-71x&3ax;-j<q+oF`?3W1nAVN3)G1p+;C&*R*ies+tqhH=BTD#kai+Ag22Ro>hO+
zs*d<%)((^KBFYQz>u?0o3g}_TLc&#RwJscha^T0CKK;*4_|6kGQe@TB`fvJ=<Bl^6
zWb_v^jpa!)#-ICl+=H_6p~4rPtzFO%T%>0Hc;7H|M9eprir&CxTJxVO>tipkCuQ~s
zgsYJw`9CKoX*YoI&o&$H<gnbG*EEkJ?i%PSP@f%@))DIz#$P%ZsIAt2&N_JB3bMo}
zI0T*WLBkR$s~E>^w2w_&tVeSM;lk1>ZDbx1@otlypf346Bj8hR?ubd+Oa3}<;hKZ&
zHWhiqM-4K1ah2g3$zOZ#dG9o|lCr5>dGLrP6b$}Rb$J2s7uDpp$yeQ#)mlTCMBXy>
z^FjFj8uKctxFe{ip!iik3Lo8SqP)Z<x%Zd(uh8u+Rp0XpXZn^6kKjAy=bK>XyNS2C
zgV`@v7jt8Kn161LCN?k}L`+2gI$2rR*#4t2bN^qFkB?E#+`-b-iim}Yh$#t_j1-_F
zpR_rG+<jA*t~-VXYz(pM?xUq!^&8c?<dVgGJ#i8|agdx2B_G&{`aDxr<(>9D&XYd~
z+sBD~Q~JyZ8qA`!)3DcX`@k^c#N~KC@40t!J7n~l(XV^&oZ9xMajU-W1XIz$)Qic`
z@HCA(3Oq`6S6+o<S08Nai8OCI4ik_>n77S6TbtK|Hp97Vu=Dve@%FKd=twc1Mcv7}
z9J3{V(yIr>=o)fkn)7yUa!*3r;H~{7{k0!z*VA>2x_V;0(WBIxpU3wea4<M@@DACP
zA|`T`i5_M*DbUX8d-J<CpFDS~w1zqssvczK?`y)w>2bp*RUh=?5Z+y+-*14+q~}M)
zo&%m|Ah%vQ=1!fhWlo*UUph{0XU3e?`=!RR69M74$I2gV_f2sJo7RV9X&Zc&h?)k9
zD)Yge77M3livjQ2TfHk^PZN1ZLoH;9l{oYDD@(-!4sU*HvPpz#2@Lt3DV%nbDAdVx
z7Yg0+3Ml<q*`#sNp5(>6V*mj6H}l;#R|qW$r}D?vm(#=j^7hmAn5ENwduPM)gtpma
zYgo762eV)|0X<rqHIC;<Wn9#=<*tuSVd?6ygf6!pU*ra-AC4~$2tux9kK<SE?peTy
zhcEKerLULU%k<S#)!Wl#7Kg|<(`n8TNO+8T@i94Vhf{Ga=BSr$a5KQSq}qL*qmEou
zZv+xvFBjsoJ}6TjbpD$Mx1DhSB3S>%BMjt@ouOz^{M>car_=n%0E5oah9b(`ZG+QO
z`%fhuZtBJ8*sI-9EW%zmk*n|Q52@2FC?`zN^Hfvwx4xDWac8?TRKF)o<?U}Ic>=R#
zk`~x7++VwGx<q*(=JSAtM1KKVTB05YniTr%=jAsDCol*cN^4U}kX6~BrdFMD4P2h$
z??ikX)Zsa<fs-wGaW1E!c%cqeO5r?wwvt-s6^kVHi9v*&KlwiVo~fE{tfDB4lZElJ
zZi!tMop#_tDZv#6UZf?7OiE|`rlaybTTKFu2pB@bW<agHOQe9N0Hm*>dvo8lo5{*E
z;MH`zq3|U0;%Nq5p61|#Ea28B74~{IqFwF0vizPUF0+NP!ceyjXunJ1>+Z`ggSa<g
z;iCkyva7I8&@y8zoT@nN?xRK0l%{a~G|8tP#adw_B<6}_SQF0R^#QVkRgr6AM#QIQ
zvjxa5@2RY5Dnq~mR`B4o*Tu`5mwH-}Sy|BgaZ0t8TP^3%ktzmmmHJ_r?5m$+#A+lT
zend#Dsse%hptJ^Rs3vPmohz~wY1*$Hio_Q2QJ?{$dk|1tCkZ;&4B=u;HPZ(BX|w=3
zvfI`av$qZ!57*1ChWJMj@bS#<{$qt63q;QqkVO)i*DZkj!DIAHs&0n*iS>}DQ3l;}
zr=AyU4zpc6c16A$)NdN-=?z3}ME@?xKA$Z5mWE-&b87#lmIJ~HgeTc_4SeAfRuin-
z1C%yX@)o-E>dJ<Ny?Yfy<1x&>wsoVH^FDFf_tNu4!xYm16OD00L{IVDAqZaji2K5X
z<-ugt>1aR^^cw-6kshG>9%9|}HQ&KMyIO}Dlb27ZSwx*B)ha-kayTk~B8NrmWc^n-
zCHGg-1hj+8z^@>w&2I%{W#VQw=`-qZR`KTM0N&>zBreU@i0M2G=EJJvrnJj*g<xdo
z^=>+|k|h{B5>O2r$lM{W-#19cS+=s!M9P8v>YD&ngRMqi4R%WRFV`UzJnGAc+eU26
zczo$JXPWnbu>BiI{YOxzoJxpw1(qR5i>4Wl%2+?(lq%Dl2Xaat)|O9!9=S!bH~0x3
zdoERDh+&1=9ySEDQisG&1O468CMq@xKF)<L%)eR*0VmcLtpSiIoToB6w2a8r{0q9w
zcm)8|3V$DGk=d*%PPLSK{T?4(P_kXc12s(2_O@V>5>lGig`y9<u}QRG=i}}wgd<|4
z4%l?j-kD^4{8=Q0hK|$}V$I9Hu$ImuC3Q#~P6|2pSuN-F@*0kPoSsFy`pD(JiL@(a
zhnSXzN1}y7YlFM_&^%=n*%Fd~QfSZt5+r~$BsRk7MQ*6p=Uji6Mk#)kT`%P&!X_|+
zdQvFH!xhdc<c=J~wklQ@!=T-xSD}1Zkqo(313eAO-49xVlz6h-UdJE-?XpYtcR~Bs
zP^y2L4A^eYGR3S*pcAQKm2RP4n(`z19r&CX@J(!~VME&~tnJe8r3RwrhO-Za7-s;J
z)hc=gyAGE9<i}QDC<d$JGa2eFsH;P3i9#R~xHgisT70{D5-E^2c&gY!Y6!KchB}!3
z;JqjR_i%Z^9&!hp?PTvvdHL7n_F1>CS=48m-J2h6oJ$s9zH7J6qgl2fG1K46Z6>n5
zF7zWLTu8H{8p#Q4-r@Eq`=D!Oq#tk#*DX;6fRgER4#J1)Ht%Jt(M|gsTjKaoAMm<9
zda8cVlh7^x95&2hC{TzQyzaaeS_ps19@T->f$S#fD-wH_ApCO?anYelAWpS)cS!jj
zX2SF(y^48DRZ7rWW+I4bvvxSj@sy;M)~TocEL;zvvYCu)vRlMMYtt;P_YR=3@t$er
zhqh@pl}o}97?D%t^SW}3osV&0chRKU;%deZZn12Vg5f1eq8RJ=pxI1#p49hT5q&4-
z32Hm=7f!fVx)7FtMlDj5w|<}J2&Gcy!le&0$tGhK)OFCcsFK8J-23gyoGc^e9|o|Z
z+0S7QP||=va<{g6JKZ|oMFI>-Kz1Jdg2}%_rpv8CgRWf2xt3uoE(a=t-cAKCh6PJQ
zv70vTRX=}Gx-_QG{d{<CSGBZ_m{65HJT=i}u&I#|$WH=4lA%$4bX>BRbWUBLUs33H
z+h#J?2Otis6{c&T#K^`}&sFIOmVCJ__MTHi94S3Ppp@y<1FED$j{#xI^G~8EKoIpC
zgaraa_axX(*}ONa<zj17sCu0dWXOv!+)9YL9U+Iz`snb`qZ5@>+R{1T%@)haN$xPO
zL+doS6E0OKe&lIy1dPh;q#Un_1^M<3-7a7$P4b>=wR6Z;0-1c1DNsbhh{TuFy5K@{
zZm*4{tdR8G@ZRU427t8<Q7;d&q<r|!m5-#aC5!+eyAe~tIX%uq@Y;2zC~lpiF}ZmP
z!cjH<hXbq9?LN*;mx|&;O`VKb_k(z#Ets3e<@hcEoUz(uqkeYy%gnmUOD-B-={=WO
zyh~?i|BVZ6skuq}V<Ls7>iODWnMDclTpD(28S%OpoC=XK8US((@WfLZslNeYY6vSZ
z2QPw_r7G|=A%(#7irqX4$cFmsc0Xy1%rbfE<WWJTmC+xesQyEpxP&0rhSI-EywM9W
z;P45;-=t1O>Le>PQof02IVh^~Y<@Er??e@?bhvL?yPF)W_PbGKg9>TzAKE-JdtP2W
ztnHuvV7D80K7jo&cQ4dTWI_%vB?HieEcXPz*bM{jpFeh;=t)Li-z{AA=SpZ&qs-@p
zJJskws2%m(b!?ZW%mlXcTC9F%)#zuS@W(nPNUkj0Hk6v(o}(RU2jMk2nT`#m_U^t<
z1?Ib2#aHQNTUX)!=YuZPM=<jsIZA!RnEiE86}PT>2!I%iI#b@`78dh}d|F3kw)t4K
z_#;=^fI=zb*}3-BCqLD{=IHD^0}rsvTclRL#1Sa-=6#e^#wQX!NZ|99N$l><?haL@
z1lz%ne{x_WbN9237UQpt<GG!z(zxd$rB~6w?f3gy?P}f`6kn6*c2~@<m3=Ww_gaT8
zVM{o2F9Cy96~sb1tQ>pT%;e~a4lZxh4p9VuTXI)N9X`4yqiN<eS}H?wCW34#%Aw{%
zRKGOfal6;bQc**T%uv<Me8;wCv6?`io#YWM#EIh)a~0nB`;YN&{Pqu(N4MY2-PH5{
zN*^e#B&xBSP?_)fS`&MhSG=D~q(1U*=wIy3)Bvu_xgS3UZ08I-e8X*+FLizfeYNlk
z8!~yE(%@;N&Nn=Pne%aqrO}bRf%mHtG(Qqod&KO4w6ZMRohJX#6vV$u?72>6cFNAq
z09{RW;$;M@5V){jVQq#8@Szn|qywK^uH`L6tzFLL=*Ebg`US~Eu9zZw_-?k(WqC!4
zP5|JDge;`Y(t3_u#IOpd&!`v5@qa3rS4F(VbxrFu2B1n9-=?-<*wX*$-ZTc}@}31Y
zh-{-vzf5y03vB4#ZHzP!4ly-HnQ?1YS1^&yGDhv!|6XO}@HiGv)~Z(&yd~;qVBBxY
zS(UBj+Z8K<eh!9gIOB&CMRtDQ72vMIF#=p7OYtK-#r*r7?tKtQ!?(wF$e$egAXm=^
z2o-`{_f@c$)3)MPjVX&g4eFRp2QlhI_lweox82g--WV;X9x94288R2YOWv2KJyu(3
z5VquNmaqB(YB3!Q^tPwgJu1<JpR}$x+Pk`YKHuM#w@<AQywcd<IuX3S52`E~uK|93
zZk`@5=bM|8omF|g-Cp14=k8!5JIkS%!I`tY0tLfL=CIR{6Dt7_mG~8B?dwKB*%f|t
zy7S^vyj`uC)qHH;P@rDqjHiw|xyzY1U%?C{@Tr$q1|DS_-`}HCBAWYN72Ssjs+*mO
zI0Z#$Rzl9-s<i1U^acIC?uC^$z5t+0l^Vy`Zk?M>VLP?^;%;x?+a<S^+t>0tW=slK
zMGVh7Gr5;s^{_oM9<y#^!n7h~7_X8!l6>k-Y1Sn#9tR?13}1e-{c%wQXBt)}Bg`)B
zz&V2h+Jfbs7k^-o6z2!Qi~ch%A0DexAiF~hH)ZzQ_Sy`oAvghblx@`hLqHQPBKyam
zl!?vChU4QOdaHXGj$%YFomtkbs)kM8+NR?!-HGnp-{#d7M5W~*nA_;1^ZlrAr{H0?
z@j3&)br2U787|oGoE1fzYlnnc9{1QfABGRV|EM-X82!L59x6c&XJgS)P&@L{^0%4n
zEd4bO)QOifFhdvVdy9tt4WTrf6#Pw?1+6)$H_iARAov5WST^hWU#<3Eb@hL0EhiJ_
ze`+lY`+wJ3jwE0*GC+!^zT+kb+OWYFZMcb$d0(OUd8eW+POI!@llH#JTB312`GyK<
zRISvgyy43RVYjSGqB*5KXR(k{Lf6aIuj_U*0b)ed!?V0+j}`(?EB1Fbl4DvMfVr(J
z3!yxt>6dX2-ug7yFxqfMToT&!YLUN@;QhQ0r^~mG=TQ$IFThuE8?#pc@M3e^lkw$z
zK*nk6>c)s}7<WP_xdhAn<QvX9D>=hmwI0c-I1Pg^&xiX4{Vbi?f_vC*aQ_Gr5ELPK
z334ezV$;yzHA(Y0z4iY2m>6si&me7*4Ft3rCl{I*u|1E8y$P2K?Kkh_L7mC28hKKV
zv58|J87dv?4k)2Ps-h`|iJjPRpb?M3=tAKszW6()CRP#G85ux_>cJ^I>1z(G5GE}i
z)Dj;cJv3K}d=bOL5Ez;%eu!dYn;*BjHw8rI2se~X?O&rby@Ch*5u@odZ5uMQ@af^_
z92=R)Sv?*ZK(Z9aOxA#WgXz8Iwe5Fg-fdF=BHuR*3g}Y~7Oo@s^TV}gdm=qO$~KgX
z`7v`1O~c-xLh=f!9Du0xZTsC3l&W$`ZoN>rW*?e7^1)!DqO(jPWhLTHKG#{U<@=G(
zD^wMH=?t+uG_GL^o5WLH4Zonmj~@uDA_tjM?d3#Gp`7U+4RV)gSvaE$B41Ex1Y_S5
zw<#}j3Ai}dNBKL{gh=6RqH{V$qjPHm`hF5P*}<+|>|s`fWtR#@4>k<Bwoi1&qc51I
zQh+NNmWWg(Vqq$l|0mzAa0WXoJ5QE8hMvySdJ@}Jam|v1O~9l{){QmSzsqx6qdC5E
zDqdONp&$>-sfc)K!*sb1h2aTG!JAO)rH|W55m0+&N{0cq7S)w%PZ~pjqkhDo<sLPk
zv0Z#3&ExvFSv3&Nbl*4*4B1MrnO+N#9RXU4^y<=`k$^R<-e@ob?P+Mq7<MidxY~{w
zhY4PQY`O%@D(ZOw1y4L7z@ZdxVNV}nNa(~z-yWCM+ZB$espMcIW7$-2c+O_1ofbE0
z6F`UoliTDIz5y4=I~WpXjr6!<Ez?ro#^)}xXDSj{+!`7B^m2B2I9MebP;~3BW+j&{
zf;wc2imraNZ_7Y6@n#~&fAMhzqi)i?07h+$l?3DE&(6Is4~ioN?pj+<ZPlmEvNy@i
zULymAAWiw*v(?G6SX=dbWxfS6dml&+9q=e0Vv3`E*^AjFfnB_^p-tV(VHA%ip^<ML
zYrm(jYyqCQISo;q;$;}sWEtlLjc^dVZ!*n-X(2SI?(K}Us0WH-oIF=M`FawdThV{+
zCS@9>cBgaRS^fk<&}l4ZOtOJO)9<1mAbh0KhSbf*!<JABUyA6chAV+#(l}ph1K2~D
zYG(KZqJ_@?yP2@JbvKG^z&p)<3vy^RAu_lEiVjW0pKhIFrHRL+u7WoqK2ChkO>~nb
zW2U>k`fL&!p+nW2Fk8C#3FULxUvvPumm||hm-6b@NyQq#TA$nES&BFX8<#EF?d`_w
z?fm>npE-zoG_4**%)PX6Q{w-t1wa<C=J#hP9fAI+Pi+Ui(3Z1li^F0MFC~4TWU)85
zN4JQ=4ulb>%}?mdPPhJeUD+4xJnE(OO;D1wdlE!N53Ov}avX7XdIff6tB|&NT9)|d
z<<0hlJ?VXe_it+}Qy;$4m2lD*B$~$w$*kwEWWh*C(PJ0)yKfc8ThO@)UI3c6-}5y(
z4|5fAsr3^0_wD&PQweMtYWEJ}b**B`7<lS5R<1Vzv??T~%{!{x%suI3kDB`>nepD`
zZ*_$<!wGYQXRb_kjLXdgRxYdOD#olMoo|(Xd`4pEAp${sa)H>VUw&%|OBWla4L5^m
zBQdL45C+jl1toj-E^~GiOaR|C=QpC_IBU)-d|nvPHpw71pE0>GFT9qdm(Ha%m8<f3
zL;$D1dF7A)8DnWG|6z<i3I%aI1RzI9J3Jm5L<`tQ5k)^lR6cv%=Mnew6V~?Dt@*z_
z;XkO8nT?C}e?8$}s1xa50QCQ{PFAM>F$FDq$1M&NiQacjB=G<%*eHyO7a;H%YmS=D
zwL8yN{-&9NJsG_^o0_JCrX4$km$M%Hd(C%3$56B<i?VhS@I(f2m*Wgii`>7w`$`gc
zpNro)c8Yi|9{1P56^7CunhoTPsg#zS#NU7P@=oKhp}C<=(<GR+9Ta`STxQ890fP}w
z7gZr&=le&v4uB6YKR?qSuAieC^zNL5;d+Nd_m<DEU|xZvTG&y#Mbrxww0#AQ*(I2#
zaTac8((?u`2f=bi=kb1U2wc*zGjPV@g3;xY!nLSupL3fnhoF$(1MBizJSM*c3z5@}
zI|DjS&bxX?K|v43w75n?8gWN905#e3Oio<&*qVesTC2}Iva$}8?Pw{!jB#y)C4Ok<
zvb>L4<$g<$KdmgK)UDb=rVwrC;-06|#!IFOoqgp&Wr3?HYX!4p=rQHyqSu>?={)qV
z6(>CP>xV5_hY4n+2SAH`oEYex-zrbyQO)G%9U2hMnEA}ar}orU$>AjA02rVJpS7A+
zcIAE|-E}D4j1f_ZA_9&kUDC~AFcD)=xC9-;PnV}-FX#I7{JNeD5XOZigNQ@FUfW)G
z_<g*ji8BVUd<qYiF;IZh)#Tg$W>(b2(Qp>+m-*|d38ZgN^UP{Y_1IwaTWWQ~6Ep3#
z#gE=MQ<uOV+o=dA8_)q8U<Q8n0**f%7?<eXZw_C1Qa}XZunsyzoov~8bu1aL!Gbkl
z3bGOmzrfX%qDTDrUKiFmdzdZO6G^*4N;ePAs8(?>H-}~<sWIFAsy)^V><kz8)F*`@
zIx(ku#k}O|*0h|k%MJOyzQnCDL9A!fk~FoA*iAoZB<OT5oH}YBFlLMCqRm#Ur>II9
zYV{j}d5j>@PRyAS-jrB{?K#>OkbLF7d%FX^IOVXGm=<Bx(C})ZnX;+R+8!;O;goZ$
z8n*6$rA+Xy&oUSQ6>inD4!r4}C3C73m&pB_CZ!XO<xe)vkk(<W@=5Yxi4^)Fka$#z
z=wMrrx2CzSGCq15;HWLvshn89g?|kA)(431a+!}znp`zpgyLS+4UbE*Sc;=~hccr2
zLN&1ldMBf@kqZqE<B5XVd{H!2Dlu7{v;pK)oJF3%3Nal)lt<^uua&l{bcB^s>m#}$
zH^ge~Xxklx;PFo^uq}0_FL}y3t}?1{En_Xzp07+MO_Gy109xauAz>n5N3|hTj!D5e
zk4FKInot2f!VW^6!swv9Em_S)H?|KV)|0e2-~#x0gL=ztF%6U`)Y0Vy84NErH0J95
z;{Z}8T>ZIIO5pIG=;5-x7RD70=0Seo%hn}VQr>&W$u#9PNe%B(6sYjGP+`4CP}TI?
z&$TxS*I&0R04Z6QLohj762w8^ts<9cClchN>6*KMJU&lk5Popb%&iRgcv%8r>r<=a
zqy~E_tQjj3-#47T9y-g>pmRF7eMM00oN0-zzQ;%LPED8%F-(U($)r4mV`GN|f_2Yu
ze2z1chdUVmu77#@O(BuCGUu{DKS|kZ=d#R2LJ6D#;KJ?<4nFtKuY8-^D1@FKYd7$P
zUwo%*2AEviXIUr>_IO?S@+$g}J34TO78-+qCxcR+{C+8|F=}2VuctuA{1b^Q<M`~Y
zM=p8?WL)4rk&KA~@UjMlO1rQ>^A#IV^}}${8HQgz&P6mVpl_HSf%H(WVmo^JGj*wl
zmLb$bfa;Uix9Q=xsMUvIG|qCf`Wp}YRh@6IuXC5X&8IgL=dZ8nH<RzpmxtBWhpc+p
zAQu^Y#oe!csM_+WeIo}mhY>{AE0hmB8<X9-d^L?Vu|N1S`uEHaG}J0%<RIF?&Gim@
zlE9JmTb!M~MFQh6pO|J@X!htXU;d$6QiV}ZfF*g(K=-LNL)Rov<il=9rDxMCsA5<d
ztEOTqSm@)baPKi>IgK{jdtVEjA#09@Y^=32ooV3|cl|t}UtwEUh^tH%o(dX?Y9E1o
zW+oe1CUP#KtBvX!+4Aa9rcx82^wH<=Z=@OF4F8bG@jZ#f#TYIrMn@7|Vm{V%C!yUC
zK;MhndF>YDo!UHsh(wAdkE)^Q5-9%xeQ!^5s$#G*B%)dx%)P|1Qc6OYQikefx{@N8
zKdcM(JIPD+LCe<ap=oW^VoxfKB+KdEnjG!AKU_sKv>vt*gQkeNQSIfHXWp3pVncm}
zf3(&O%ywi3rWPcwUxJKhxJav+)8uM50Gw+Sej#DtO={d_&G4Yspjj!9xG?jt%%#hP
zLofIwI%IB^aK5Z&?S0AQO5GY6V~kQ)ZE=ko5lcB0v2|0P%o-|id+@hq$Tt-2gUoR$
zUTcpKNryhpdH<)A3<N*OEzXJ@5Zo=L%z5;Xonud&sJElQPw?9>CX|6%G9}(L0ES7G
zS7hQt`<9J$?YD=guQW$SwOEQB1Sw*eokb}to@V#@7ab*Y!=T8+*d9^eZ+D1JMO+_S
z-}U1#)Q*+Evh*_QFIEpwsm!T0*34lUtruuv+ei!jT5Mx8D8SriKsPj)!(U4Z5cQGo
zG|wq7(!9gla#`aARhSbC)t(&xe1AcmnSXPgH50QLr~kkej_E@e^4J5b#d6@zM{7L=
zZ@V83A|Xloet@*2o@4q)Azv-3tcZV<q6VKA0FU5f5p@u|mWPWlhVuySTDpnu&?K%p
z>BK%d3_cJ<1!X#pl3L^S_svb)M~A7R+rDGKve)m<DAXHT?$=UXP{?|<1M+Q<cl3$6
z?}2gcs*#*$fk)X8)Z6`eA`O^^dG%A2jQcq<PR`u|QMO0&A;q`(c2X1J2ADvlE6&l>
zYB|0ljeVSB|JE05)cZtYMfxd)Uo>!$dlic!F5QAX8uW)RMHc?m#p;oTCsSb*e8fe-
zag_DhrH+d8_>ft~FWKT<1~}PHM`cvy!ece1$ZTFA;DZa;@J)!I2SA2^_u#wNqpDMA
zv{w^a3u7S^xOuP%H~M*V1MU_*P^nMjghGndRI})oD#&Iv2!&SzDz&GL(v_r}dxI)o
zuMvO)DcBb%8!Cw)I_l=7XV&MHRC<<FaUMS%NKUua3p+v=(y-RN070hNR)sy{L5I-I
zS3hfGAd<2H^@|0cTEOg6X3+R*_&#f9Hsu6zy-7QRIZ!%r((%(8WE{7>=Y)lycc<t=
z*nfpzklwz}*1_fBn<`@HZ0yA7u}`O-g^%BvK4>U!=Yf6a;L{|Pw(vPhk-Z?BAxF7<
z6}qWCcn{UV@s-BI0OLMK{or}tF>S;3l{=t(Fl-^KMO=j>gz9Xl99XFN+bc(6l!|nc
z<Vz*$8C1~un=DI<@{5<}Czh6HL$7@W*OqxIE_k-KUR!ky#l_O?{I)mT-eQKMWr__R
z&ip^m`=9LEegMCxgTiKF9LY|=O0e$+`J9dD`e0abLp}*1fTKj3t6@j8@=#7M+WGq9
z^B3}KxPQT6@G<DT;&Xd>u3{L)E#sy48-U_ydkdtXZKo^y+B|QYbGKH^O%Y>SV0z-6
z@us)g4~d<l8}t5~K&A~`**n?n=bxEDntA4gjmys|_`ZeTmjq%I0eorF{{8+r@4ZM3
zMDl0=_iNb=0ONqxehq*4ix=&5jYBbuh2C0!+G)<r&u(7+*R%MK65ByOF6nOL?eMAH
z7qM=cP@Hr#^F!d%@N3AKTrblXeb~3bAi2}?B{qVFao;HRIDQgAS<s7qIp>$DY{U3S
zG>9?F1iM@92iM<){s<-|ZhUw*=0_|Axo=am=w;Sk06zOS8qPy{DNHU2mTHLKT&B)r
zIBU=?3#3pZgE9o_O|lc!_3f`Iz1snk^Ypj-!<*X^fY~Xv;eQ2h*8jj57A|&{{{(MV
z*8hSrtZe^CDvT1=cCO|wL`m>uSb!8Qea8b1jNzVtXYd3}WYWa<?6PTBzMQ6{AzW|R
zri?-(Ivx#DS%Qez(T5Jls4v>DIB)4llo~VlRw;in4Dnp=8}1W>V^kO>;ehvZzuJ~0
zAbvRk`S5QvH$e^EM+<K5Uil@+$)_PY3aSFCaV!ParY(go!yWohk2FVsWBJcti;hoU
z6v^~~26KT35<EyadPLNl{hFVH%ab^RcjriqQH{tN9hm_j$mopa9rU`_AS;6kN;FBU
z_RK$Mtcm8^fzLAhFiW5yVa32_Gsfv)YI%cI{EYKhDA3dh2M8%q;{1=GeXzQ@yB7M{
zeppCyjZklND~@`GaFAhu^ai@-c+2ztH+tgjs^mQ~2s(iRul_W*i@K<;Qa|m7EdZJ%
zB@bmInSb0=?hlP&EXy450K-@?MWy<$E$M_RC*>J(#}KhNeJL^)D^k3T&&<Xk<!U-9
zCUPLIkqU#B*SB|zo;JN`k{~rc#K@C&z^rE6M~?RPsHipJ?6wu42+2|#Z!Pm%IcE2g
z;B%vUqyrLJK^tjp$m4G&yDuFXdHVbs^zoJ5-S*XykEiD^U#}S?gnl7J(S>F-c&`QY
z38!S`C~>yocP%wUQYpFty8Kz>ipRVa%n78hFL%gV4dz!VMp7_I=UzqH(0kNu@?zTF
zKxwwAp6f6X2Z?b&jIdI|wv69;P3slawH#p;=9Xur`yw2S$iWh-y1<v)TTqe`gf*T_
ziM2=I);h;2M$R3ufD=!%<F2PYEzUYgJF?X()a!vY%qK!1(*sfJa%ftQz>XynCq7%T
zC*UNd&<n}(^lN!otsNqQ<)%}zJYwh1QOVNT9AG)+pJ6*dU92eLMXlN>K#N@@m)PJ)
zih6zz2<t<oQl4OXUV{_vPa{LjZI(hOSK&Z&0M&I&MdDL94&?;Dx$P{pE=4u>ph~3l
z{<%`P!{V3&&Vk)+u5d^^?^p~wrlxFwE&hn_s#_4(M985ywCAjNr%hxI-8oF$a<Wo(
z2tpxlO_3#FBz}*JV9J=z%1LZQBq&H&Up3~)9-gRjqt4^R^Ox9k505CVL4kL`GkqUQ
z83zVA7qEU-U*6*&6s1kwGFgzErL~o{2Kpiuw3AGDYidVjhmo2!djojTMjj41xJ*ce
zIJO&={rE>C)Si@z?n-K>50qA7%pe_Z|3i^Q_Lv*M?*I+5KE~|X+HeiS3`E|UPwmxu
zO>oc*O2t~ZF!z@)v4~tlI@}{umrTAXxwRo-D`J29d^zem+3z}?GTlc@e+Cr{-{r2s
zou`X5>S3xs{p_dfPl{=+8)|)*?;471C2A0kwRIM&vX4m&plicUuftdWbTq`qVJR{{
zv^_dNpgPCi5#xi0X4LL6X4LTK*VVAe^XA8T*xRMM*kbt$u2CTO$29U`{mK>4Ug@)0
zGZD)oMB6C##$C&{J&w}vsNY3fH9Izd6&27yWilag@E)@%nSrpbapmr`&h91INSUt{
z8LbX`w-qfk&=Y$e#?=ERZ5R%@u{^k>;J#h}U4wQk3#!yS2|FJZnYuo-f885!@r=nZ
z5EpGsVUK+_`d<GWvFh=7P!V(JU~q%+ucVPex|CYsgVTz=f6NMwa)^WM=Ch}KX0!>x
zOMSRhu@(1m)MjY~WvXz<WmQU4*QOkQ%AQOqm-@_Glp%hvDn@mPl?no`9PhD`gjEjk
z1*9G)x($^I=zd6LOrA$WT(;FejG^*ik`pp92Ud&U^Fa4mO|kZ3dyL)m+ARd6iInMg
z5;zt6V?duX<m=)iJHmri0<R6aLAvcl3S`gH)+gl*PC~#LG`GO$5aUS?tnt3yM!-11
zTW-W+dO$#B7I7?&bjM=RLx#yZttbMh^=W{i981roN6KIR?1H$|1gvfoG0&yg^gP;q
zrAGhGa4pH=90&ty(W3!ZXOABlvfki@WT<$JnxF%T19nJpJF(EG6B1iloO8Vy#MbF_
z$Z5|(MuB(>a~0i*_8PS*+T-uLBoO$5`NZ}QZlDc!C#ieIkU)9JpbD8tARh;~_=RwU
zSp9C?;CcapvAaImJNN?f#;OddthQyF1sbidv_wqrhI^g)C_RvjXS%tKDGc2Lvi-Yx
z3q??+<37g{8Pw#c6qb{<VAfW_eOaw8f&gCp(sQ_cfJGUgQxX*Ai|dC@2}s9DUpf#k
zNx-;Ifn^9*?rW!)Y4slXW5EjOm_IOrFJy&Y3YdUTqpb7-Zp|A&Dk!|!#EeFiE~Iw#
zB>CvVuwT|UGi^3um)@h<{HODyA+(W2FAB`eiqp<Z(%)ma)24KF-uq}A=ZAeSGV{wi
zCx*D&iX<r`kZ!h0nFN11dzD)B1q!OU(MF*!fIGejkspblU&@SExh?_rXv4-J;K5p)
ztxiDBtUN>JSiI8a%$4mM=$`12Nf-Y~o+V$mTiVjV=IM!juV`GFlD!i(j$j@{nc5Zj
z7iqx-N01U*D@@9nouQFJ<KTbpKROb&$&RDR(dg)0N)wGgwWch0^$mQ4CSNdD1sQnK
zq$NEFPiU-nbOJX!N2~#xZR6NWkAEtZJ9n>u;B{_r;dumeJXzWApE$!Q(-@cV!7p-L
z(3YG0d*IQ28Qvd1{l11V3dY~s%Oee3Q_ZiL=5!prN&I=+vGbnIl5C3q=qle7{QAy$
z0d-8V+X)|)Bm&-Q-9#S#VMJ5ZbjyvhaP_-1sC2M=z-4s^<stygW=>9C+|1*Cv5mN5
zmHga&?LSHp?kFrjAfUL4P<vcmJp9r=VRy)?z)@dDM|V7YGo<k|{G8D=l=($1Uo^)X
z-oRxDpkDFRjq@(a;o>_H@7~!u`OydzZTi;+)3-#Tk<6kjx;UUD>=*tlNZT+IE~;zx
zez2nv%Vn^gmnq;q+qu1wd=c|W!PBcVzC450D;GP;3&(A60w5m)jqdS-1QY-ag4NGD
z%G_~TV04}&B|lm5qOis3jqoC!nM*8$F;JuiKM^7MsL^=zPeOVkRJ76>`0s@DujKPD
z2+6|2_P@_nteiwB|D*nYXp-ySXmVQX-#?=Ho@mOIsF+ic3#Iq-J4Q~^+mepQj@8Jd
zJ`W;cMTR>U04u?%e}FUmME)@IgH9O%CF<y|*K98Ykr|bKJYKnS3Xp6Lj2#PZ-*Dxv
zo%-E72M(()eMSCyT=a2q#=M1mST5#|Ru)o1;?}?_@DvCT<l7Z~*dBTXoa|a0e_q9S
z`m$&BvJQAyTD8>Srshop@{l$g!w>qtJXx3>tb}j0pG3Oq`Pkwp6|A_qB0E5z-~r|j
zm{<&<91ezJYYo06P4gzQtgiV<yR7z6w^f)P%8=V+238^YyRJS3d(RD;dms%|$#bQj
z!^8L^+v<TeeXY<e%*c=c0?p=iI~P{j3yHzqPHLyW(zKV0rK>1oWi9@OCE`IS8*`cL
z<(^yB_c%w@1)s`MLdK(HU{^ipFd2=z4!d1B`qL6j{S5ejY2;;07RZ>>*uMX4H<hWA
zK`Ucnk_y+Ni}%oj-W@$D;|i;Oe1C~(myh?gpraV(zNy4CdoX?j*jxJVeXq~2br!na
z5Baf+g6%V(l=Wi2=-W;ooahz*?$>f?C*Xw~hwg&dfACqYN7&woYa`+5DDRbvX-C63
z(~Z{KNBl~$sMY}Af_=I|#_-gq@uq6DpLvy?nvWqll$A;~w~jrfT|QxI3I?#}ba!=n
z@%DQC;sskM`y6NkgxXXqH(FS!TWEVq5XFdM;&wK*NoG}U{i&4Jj+p?dC#ikTq6iVJ
zYOp&eoZXrInYp?x#&5Y-66O`%+qI?dV`Rh1twx^{h(vJ0)R<bpcpC#Fi2p<S&sHT!
zDL!Z^Xa{?$qczlLZ!;COTn_l2lr*EI)K%SmxU3qq;~_@~U~;_{oqm^z@iO(<_gsWF
z;Na0z;!3SpNSuq_?zdFbzfva(O%Xv7US5{%g@$_F*ftpa!v!C?#*+qPb~7^rjQ8#U
zH5<TpI+QtzEjs%aa;Fbdfhv6cd!!O6g7`kkDUZhAykAMDsEtlw*O4|gx;nrjh@MgH
z8RWC0V7lcWHyp<;?UEx(5)#CyxdK-1=6_49T8w63<#+@KBf8vN<>JfMz+2~!u@~lr
zYqPB>sPnoOtz%VDSY&^OFd1#l7ncG(aG9pjVC%RPeTe2?MC0<;wpb~r%D?|2x^xHt
z4pzk3OLYy=f)Up!Fkip#4W)jh%L2>k6MT--5KcP-+_3pgt;L$3#o0e;cQx>YuINF@
zB#U6tA%L9sAtBjd`{;ZdS3-RMxm%0`Ca%Z%9DZO|yujf)_rc;wue=l}7w1ldcKmRm
zZkKhprtgA%fRA^W%`HH0yK;3`A7dJ?FOoq2Xp;w4%sio!wjM;Hl-U4c*kE%)le)*d
z>N{HiJY*Z6g`(OF&&Itfq}J|9O5z;I6bnYjPBw8IM9-i9net7aLgO94TB#?s>aDY?
zEiX@lG=BWb6`!O24!4_p?i%!`-GOMWsGR{X0msUV1j9_1KqZ_XqK{TQ%a8@39SW$o
zVMBnXTYWN%3?vjB^FsCk;_<COJp>Q<lXCUX2)8T{$>K`LD+yYJRUel^R`;kBUXst5
zo#B_&?@ba~>w&~yOU;zIyduU@)lgM*8#ke-t&(P{_rGCJj?&C&jEMlm(&bi#Rh3f-
zr&^maR_a)%v%?Fxbp_a>_8S4Fm+7~mEEzy=mGe8ljdBFHQi<~~$wiGO&xF*BBoWa>
z0d$|B`L=t<UiuD=VCZ&xrg3qyX65l8gMxEbY9+NJ5k8)@v8~H{1dPo)aVMMK2Cx-X
z##p5r5PM<-VKpEWOsh!M7SmxV_;qt`+UjR4n??HS_m*8Co@e7B1$kCFaZxtC5QJj(
zw<m&h(N*X)6Fn>3H%qt}WqF<~N>COGfGn+YJVmj6x?M-DK!JiI0&+Vyh?TXqC-{zO
zoLo8cX(5o^0~9V2ODc8YtG=aazW26bh`xC(QwTBK_nmOh8>4aPAt7q(HhqOAp2z%}
z^5nY#cjfG1b(oQW9M23Urg9TcZaRKk1zEkm$L(Rr&=s#MZs1t2zw}is<ux#P0EkAN
zX^y6Sy!Q-q>FI3=<g(}Jf>4G4k-j`O;Uk&T5v<H=e1t}#<D_50;95`~I}klPb8WCq
z$FPl!Eidc8XBW1Ox0uItp|GoSO2YjH&arri>4|oZWJ*G1(ih*yR%<OcqVezoL~z5U
zI>l^Fd<-c=NE`5)I~m|owxLah00O0!n<G`q4HIt$Pa3l@cFVd~$aBUn&nu`}7o;ps
zoW29wK7_~)1gk6DCPiBZL6iOo9oTMTk|86KU-t$;gP7(;nEOba@qB0FXQwdxc`WMz
z6{~km;eh3RZ<5miVsqeR_dbruZ8L<}PG_WkFQ=hkKWF$9$yib4$(Moz07JY5TlmHE
z?(kDEb|8wR{B}gX{8(tWAojLS)(a#mFOsuhQ)?7xb&CPvLjO`Md&1SBU;3yY6m|hP
z`^Qg%yA`cpXw6p|Sox#Uk1NO5)BW+)lbSnvT^-O_%*|*;*-i0iZ-upP!n+h!6a3-x
zy+x#7htFFhcen5I^O*txz=3i-udH|aIPC#2H8;swSLU&}>A8vPLq2XTnHj19&raC?
zP;OX1x^N0=k00<{O#qAHf{~dY#U70(<s;x<0{k2G-j2w>kphXp@nAO!!EZ0+`eEj}
z&3g_rbFIvGNSyE~;d5_K@T^cE1oKl?eMGku8om!)7UAl5E%@X-faA(*Kal_Zv2gta
zULyHNkA#oWZ??I!(6sX9kA-L4exKj&+s)dKAVaWw?ywoyzR8<0sP)VKCJ|hd;GyE-
zm0@-7C8N^P;?XMZL9^S|>Rv%SWzL;?z!wa6naM+q$v{08a(-QWq3_+{uAzLImLHZe
z`!-|8I(WaDd3))BT>1-fs1x$dR4{=Q9i+r+`jM;#@e3YumXOH)9JGEEmR9kgtH2w$
z-#3_)I>P;b#~rT!jXO-7NvWK|fE2Y!l}#qJ9EUIT4dPiNaYR8fjgUkYE0IO5ZL|)i
zmOcnxjuueWmajXRNKpbhoe@}1*X#C|tuz8)2{5AvcuO5_tS#<1g!)z^t_7HEDNDAv
zsgN!=jS(<0G_gQp2LEcjFVtYTF-yqrPdslIjwgzf`mWH=4e-00TFn$%zzu#Rs2KL5
zPX@PBCS4-$GJzHtxKJs=K{zroM393GksVNB1YQz45!3*2^L*kk3w3{1dMIaRlyHM2
zXlz^TMg80@G|b@K!om9M;@chA7~^P~q3Pf~(>}!>h4J(q6#nm2a@%;jWbtqaTK%;`
zbLiX$9M{RxicNwohD`xY0R7m~UhbM)h|nQB@oTZc7j#bf-ZxOPn`(tP04fsPDzSxe
z!91f$()$frUvoQ7nBucB(2%z!mgE=vq~c5aVP2QBTT&Au(RG@(vd7J_VSiMytt+&`
z(qND*lbZd>cOvGE`W;(Mqg=E1-Jle!=pvgvE8%R<bPVu=TivY#pz-MK2%D?kD!d$O
zH5QOP+)2zoeGEZJrr+OnlXY#yc79PUp??7ZJV1tobo6yPNb-NkdI$DQ04Ccuwr$(C
zopfw;Y}<Ha+qP}nww;dEv2}aq&Uemvp7|G5yVhRSLH#%Bu|$>ODPcbVF;7h^`aSKW
zRolF>OW?@3MINtxWQ*lT6GM0J9BZ@1d*30Hq)BrNRQk?~2Z7U=iYbywr);^@vw_vl
z3$Q+0tz|s+c-?QR!+>3wj_}gsdWst9gWOF&t=)oq1_OojrC=IQAG0CNxU5!iLXDkz
z22(5hcsLw?!+f&im}r6x|2vLV7CESlMr|b~m*xk_B4hap%6wZAP5IKDF6ZX`1J(kb
zeIm(95(k8XDJe`+B&i+_4De6n&~vFF`-b8W<<A^+W8xf-=XJQVzA96#ib9<dIGzxm
z4u%E9Mz8<Udfb=z(_UxJ6oe?fTm0O39ApcUeSYru_3nxYFzy}8PylrHX>_6H?c{vA
z4X%_`e^|E|n@=U3VnX}Yck?eWI;TRVngpbo*>vzi8!;XN>kuep1M>9rI;S4iJ|SO5
z+RE&|TOEEHUhg)g>&&n2do7RcT0ft}UK1z-fiCIRC}%Ibr*BNYLcIQn+jQ_iD>LqE
zt@g}!mr4ro@4p&dIDZjA^~A%rSnCno(|bGFzxQ5x2c~-XCAdmDiYI$fUpWM6+CH8%
z?@<MZXj#ero)0?31Z2DGqi_E*(q~G09)l&c$8FoWd4+UunV8}|?@f9MdVt%eJR|M7
z=+pRebI9MB)sR%aoKINiv44<gz0!4ut6i0S>qqY`>tVdn;$6oq3pctPtGsw=Qa_uK
znaFIdJkC@jx8_V7h<P9HX<F?6#gfhStlYAF9B03qtKZw14QPkx#q&CD)zlcAS+jnj
z(C^{BdfJNXIJ9b1JTuk0!aW4^ofANwR8eqw>Dn}>#C7t;c3}c~8&3&shI|>(8<@7T
z1zTp`qM{<M&rw4m^^jhBJ$drzu;SJZ_259qu$c9~HXgc(A5{{Z9xNJZ2oRpHkXR!O
zkOo;aH^OeS03*jyQ5vUH8uoiG>oQ}dj{|6WGHxKWQ;{h>Y8j`LquxR$FY;<P_qGdC
zgNw_H^M@HoaavYx@FT<SqfN}V`&nfGFunfjn4gAqJFS*9a@x(%2`9C^n=KIkx~fXk
zkZ&x!l)9dY-dZS9ll8oQ_IB#n!hzBEj(RL$+`IZHz#96!edy~uUv$n(WA0b?=LZ#(
zp3&Yvj(|#4UT=lPp1jJcHC0Zh>guG~zWfz9o=M;7Z%Ir#6u%%WeC(*aMXyoVC>UL1
z`@wdU7z@vL`iYm$l7kd&=BvG-Vb_Gtu^OiRBan~QvK+5Dw~m@AwZ>$8p<$N~{F!QK
z#K~1VfLc8(0@gFrqo5#cry#>03Jt$Fb-;dEgyF@{L1V=(uWe*T-6|+JjwT)<+RK$U
zz$Wx4vhkMKBqDkY8Z_G>3vrgYtPSK{iX8THeW+~%@qE3FsYVS5g;4|?Ep+!#jB@p(
zkcVx{J4g@dxxs=HwcV@%@)T>Wnee5p%j_x}K!lr_k#;Gd1g{GQd`kr<UtaAcD7%PO
zcG?iYR1!eju;`c?(BX^B<tgf*J*S4}-Z-NhVxwUatQ<tSHx<mYo#I5VVj1bdPW0F~
zqNSmeQN-rS$~hT~`7rJo1%65TYASywc~XmntiIFOZPHjvn<E^633Kd@JklR{cjL1I
z_|Uz!-SMBXe%mU@=aI_avD8vZuBqOux)SM_Gy(<FgzTol1H-=OZlEq)ut#vJj%o$J
zbn&;-e&wxO+f@F<wCq+<T!#8Y5D}a0RkS$h6$i>LRsYJrFS)YPO{_4%#8w_K`0}_y
zOcxr(^1k%xW1Q@Yi1lAZF|=?MTebxSkSj&E0yPyk9LJp0?tzj|m-a9}!0aZt?#7~l
z7nZbB?2%LkV~WV&fF}g4A$Yr8vnjhBnH!9=M&>{-=%`gOP;!x-G+Vmz2LXVFBu;cX
zRu>`)(7Zv0h?i<*wU&C7e}J^D|K$0?$6D~B0jZ4Iw9aLj^;JOIhEwQS3u|8hs!+=k
z`~R#`TjF4sAs8hkG_hX3{>3kD67VmTn_yu4E>J-BfB&)xZlEn|vzV14Bj5~f{=^6G
z%#5fl$3u=bQ@J{=ZZ{>b+-WM>w%c(h*CWm$N9n$Y0~WGam(<c|?8x<`L7VFP&HXFg
zQOCAzCr}B(#@II-z<Ajj4=)-BsJu=<<ninAhw+Yhd9(UC7OQgzo@oqzsFT+E0})C1
zSJ2DUPvtYSPQZ?QR?Vk^dX6+aAc3M}<78s(@QZ{o6bz9NDVMgqJoG1u7;%zJVXy%i
zl$f*G2(d4fK1J)rOlL>dbC=NjZ@}m>_r5x3A4usC`upbJv3Hx&SKnDzfaL|bU*Q@?
zZoeQpSQI<+0cC#v4w0v9m&of%3(+5t$lDwSwWP;bl({ym+Xfm`I33b4c2kL3%2^`a
zjmyKaNP-LWX--<;Zg<z(J;xxhr`4MQx9j9LdAl3RzcN1gf~?+rE06F`WfAepA`cTz
z$S;Gt`F<U?DRqQe)8pP2fGM!aSr|HTOhgb|GtpUGoL|R}3CHld=i<~~l)n~n5&iEC
za=30;s&L!S=K~TYCc16aI%B|U)oj;K#pPVRMc>!nfHvA_=DFLcBE^{2<PW6d_+j-a
zr1u3?;=P`q&jf=i$=Em}TU*MRKC}}RjIWCn;?wuZBQ|^MOhKzT0FfGu3<{Lha@Qgl
z*i)V_zVXjO737Kx6ei7KlfaUgAS@Z`6iaMjn6?`7XO5Js>2y-P<(y$xx>OtI_ef96
z3by;tIrU+Y&DR1Q>}QYrnP92Z=zF<NiU0DHO=`IVhwaE|%&6OuDK6<nGM*?5bIVlW
zgM0hJrK?ABeIL?6z|uaOT%hLVT6CCk2CWF_Rh{-FE)WCsVm_x5Ep#HE)A0pgQLWe`
zGfcj+E3ux!P*F#e<=;Zl7EdJ{L_)$f780p>Z(I&$Qmn+mWu%yN*IdLac~7$i1to8!
z#-Eel8e+)7iQ;+Asq`4oalPC+!R91zdbzo!K8_b*`&%J|07&SUg9>q^1s;o=VU@p6
zsYAd*NRLobVyC*Qdh`&60r;5<&b6pFq6_^crXw`qyo+3{z$6b%%Z_a_9~vvEPE{(W
z)GuB%%gPv@74Krl-yoJ@oqZE8G|H-PoGXT1p{r`y0k!hde2euKHa;~230%Is9QI+@
z<csC3xQXL&0C+2@$gGK+gvtU-uI!f~p!?=HI#>Ap<a0LYai$A)mEQ_o{^%R&-P~(4
zsd|?$Rwxz)7r_-kud}V%$7Be7tC^0Cw3y3?_hstNqJlzu^K1BY9>1EBo-cU><s-c!
zK~8Zc`H4%2RIg~IB4^Wr&9#;WMftKYNLGO-QI@q10YituSW1rX0@A!Ri&F{@liuvw
zDLmEvnl8uNC#=XxtMC>_!VW6HVmjzB$d7LBlOpU=D^{-M)<zw;&=hHH+Kumn0}<M+
z3{30r{nV%ta3%8Wb;TH>3AHITnOwBh3wUI%YEti#Jc6v53-E-#?;G;5bkGSRlfbj*
zlt%%30C-Q8OIS8{rL`wz;{Z8_a#fSq>L>*qWnb;{fbkjrDnxR}{Dt)|DzKRhYz!bJ
z5iA!4H1Lm}>{(9B&SWw~CG?^G39=O$S9}v5V-3!QLh+M>Yoa#fsda<`jt+uMq_gv^
zRv0pprCd$5uAGY<gsPNe>*26>WU=&4^kMxw0EYOVc`FWHH&zK+9u26bd(06;U9*^4
z@O;V@seoBXbPetV+1FTYSE?mO2~<Cq_rdmK>AU4F<eRYrQad~k#yf+~i9KtoKMXM<
ztavDHTrS7cQCeb$-X<`3o8~a=TZ2-!TvtS3YmHlef0b=;d9Iaw87GA-)Uiav6v`?c
z09LDrK?KSqJh#(Uxq{+GpymoY=zvu<vx@=+bM5z!i+mipN^YspZcolb)$v4s2q-Ql
zGB70(0kO%Q>}%v^39qGUN9lv7z~?xy3|hU9?BhHC;&a;?L|)BBwrE!uRfTq`oZH$)
zMSeC_Tjv_+L$H>fKD&#r3pw-8yM3`DfTc8mKcSo!vT2pDSMwY(BOZl07?2Ss13sMG
zlNiYpL!%~k1;m3jPgIEJs^M{VDKu{ZK@h8=$O5ABYN`7#?!NCrL5H=g>!dIjS&3~=
zc#hk~5=R9#bG`RrsuP~dx~<q5?=fmIWCN%Np;v@wSEBv{GVv>j66CGn1=Gv{1(Mg*
z<b7OAdfLi2K1DrD87@n&jSBOU5<7}o74?2`UC6sJJ<CDg0?WF*Q4B(ek0?yP4a$Ze
ztjJp0wMXMeuWOz};Gj>kG+nF>8QZ9}U99R<J(cLa6XmWOM78VLl*_;$4|wVIyg$V*
zP%4%@zFNc~Qr4@Y8*?uG1~nc4Aq|?o;e-e<&5Irm8a$o;=<2^ec5+xs=+xwCh<vYe
ze!~|OM1<;c;JV-NgAw**H_=&D9qALs&#IhrwdY25OpXgY{Qz#5L5;5RAtm#9`<q1c
zMPx}ZBfl}CicL5sefAm0r*A;6)Erl$8Pxr=&dol2$aNR}WE>tJ!Yk$gP`c`1E|4wW
z0(@sFOP^io;Msl{$Z?Y#F?OsvA5Usgx)yNPA1m`-%R2#2mOoSe9oIpw=JX_Z?B``e
zdRW$}KGkxu`FO!ST2e++Wku&MTn4;NIJ%ZdGsLX-Sv8q~D!R0;ZMF8y<);xt-&vu1
zL{swvHwe7y1a6$l@P7M%WeJ51*MeVX1myUq4{xxU^P&*3*7!2Et9zvp4m@5>DyP<x
zH(_kOnRE#Wl8-vyuOACo&l^X^$g*M15=rNy_otT`V|q01CP8}!uRGUVTWT&h6(=QZ
zSX&&OMeE0e<HAdo3@BEPkmo%f4_~w~5`RsDN(KM^-P`N+?D1#<nC#JpMEo6D)j56q
zvvR)S9yJC1)sEaq8%gJveXMZGsIUL+<mct-`F%Zde*7oR9&;~;kz$(|f@XKkXqmgq
z+`0lLH2nOes4l(WS<Y|$&s9(8LK|cfFJ>m>v32LxC4;3+lN$ae|6?CcUCJZljywCL
zrLfo%8Y;PW(pH=}V1Z~f`)9)Vp6Th+j|Iy#;k>Hil<3!FWir!G?`0Ir4t5X}2`imq
zq5xP?e6f8Ts5BwblGr>W!IrG3Rl!C5i?~1zp7~=EkV<ae9@_B(wdY4G?v--eM*W^f
z(uNlZvni~Kjw>sV%b^xmk9j3+jg44gXsql>Jb%%f>Bg5EK;%hnM~y<0R`t!kHlfsT
zd4RRip0v%|7aUT$x|pTX0pYZgU>mc*xvvTV{sZiSxQ$j=H=WR>S)5+y0v4hs$DSiE
zR;Pr2HY{cP@-i~Jg*}tfXj=I>&746%2~_*4LM>b2Wets&klXyjPHygn02l5$5m?%_
zHkjCxzlc%`K$P7zBtOHK0IHu!3?V0#9#xoIioLeKaOehc_b0>-sokA=Zp|8bW}7Vp
zS^A`V)><t1fg9CfdHUE=MsUNaUE8&R?~U^N6B0K->id61JZzl*6Y;QeasMCKp8Y={
z(7%IL5`_wV69--aWRieBG#E2CD_7DleG$OFBGyqWy13q{#w|Tg|DW(;0bQ_i_ciI9
z>YiG25VAWAaC%3x=2a=}NaGuug|c4sw|~G-51P2IEk{=2ZIJE1KGyxV^IVTl9G`4_
z8K86T-0+}a=g(JQv%b;`Eq^{{*2o3JA|c0C$cC(<m{Kwm9;Jn|<|}Y0VE)AO;1h6v
zy}7fkmz1}iR>#Qrcbkv_;CDG}pJw4}mCQxQd4sVG%VY{SZPOUyJoBp;_5RWg9MU3*
zK{Fa#I?+zlxh9RTM`+*R3b|>YRTg!V=lD1Q^US&S$#HE+RY!A&d`J8@&M;Rf({GGc
zKRX5pK>@JzVUEFHJ@uWW#k?}mu_AytlC*iZp)uRT%6B1wc1z-R7s3(gJcIQIqr+y&
zII(L<<JY~#&{e&x;Pi%ZJsm#81Eed|+cgFcu6gx?)x@>;S*pWGPLYDKSscq6aj>um
zg{y*gUNU*AJTS;~FQx5k=Si>I$~G|$^<6eOTx9U|49SxLRTk0iX~ifYWkSH^b%8Js
z?klAWQe>B{16wpuXT79+m|g$%(%_?2_@SHc*TYQK*3*htDiDTz{oaX|xNffLUr+_Y
zIM=o;t@(<Rlr>(kYBK?7MPjTDU)K&lPj}a@4lie8H;Fv1=f|3xoTwTU6n=W?eW(n3
z1<wwhZ`+5jbzdpRb#r?>e|f-4GC}Vi<omQFI4~I0;I0^HD4wv<hY6P{jY10ww%6>6
zAB0wZz>W3fk-1yjI!~WFTkI4VB{aOTWU`h!B`j8u7a`2Di6;V@d?*YL=R}<G6)UX4
z{9>qqDr`qhaRh}FQ%g3y0~Fvw&WbVK129dwGDuR6F*kZU>@ABT`v*Yw+!Z2{45PNi
z9e^?pEe9bfA?Ytmwe#RaX#+3%$HB<?KChA$Rg>7@y?h21kGe9ss+*>-!ql~VWttZF
zz`*wjU^HW@6m5z2xD646gI(KOQSf=ub42lkY8Tcwa+Ryd(b|N;i!!%gh9&J-PB92P
z(X!7E9R!TfGHY#d4h7hhfaeP~0pq~*W)6dv9U8EE8#*UtcoY4OEhB`zql^69o<~+N
zrVQxW6f}GGv0+~Rw`6?g{EC|u_8k%*kFPzymZ+`y0w6d+rQLoEHJqd)AHcj;IW6SV
z7yG2*r!4?odPhI~eUP>Sb{Mjt^EX1E$WUD^f0Fg!?Sy^esR7s>vd>^ygm6s?r9FT=
zlAy}bJZQ6G&Xq6+g4~9M=U4grS^vsuzeH;np#`XYck)iA{?OO+CjcAbth1IQhe%zQ
z63feYC3Elxy-zNLAOnPZ3UiI~k(Z0hxKCux=4Ea-h|~sJToW)@RZ(kj_=D6or@6$x
zc3E%_piFZkO98_6__byjqKHlHb1Ik4`s^3kp1EVut&%n}UBgZ9A8v2;#W-*2+>}MV
zp}}wvHND8;>Z>H<P*5#zX3-b_j!9I}er$mUs8{gxQrI54dqD_<uT8NOlO;C;&qR*7
zPFg9D^!W<EE<~9G9NVYgM2T&Zn%ZJWWg!r=^zHh3^Z-9S_@kv<5~5*2zu8)(3M@tB
zn_+|tIT+WZid64|m{x>D4DhgDA(cgBHGop{<v0__lGhtkR~+e&yi(y$E+yWMKixcM
zxQ10k2<c&pk1WmTAgB$NOWjf;%Fvhd%@c8Ey}S(Q^WdGZ4?K#Cyp?9H@k+&Dmo8pE
zo<(ndngM$mKem^CHq>vF1}5d6Xgp<B)8n)9nFKp`s)vD6hKyI|$IE3(QSuU*E;s$l
z!IjEFc@nmDr;X!=)qx6fyi?gNf#j)P>Q5vmKKo&vNap1muu}18S`0D8+2{8sliA|b
zj0-_$V3H;t93$=1L0l5kjWpneQ63Abd8p+KRsd0<Rdk6lUV7-8e*DS<wV-wp?~;oX
zpBAgiB3bZlW9Tzc-H%!MedTgB_k1mCrUj^tbS^o~x`K^2GAt-W5Se{y=Y3Dh$x{th
z$NcW;;rmN)7s#bi>Ef_&zrv6HG((V^@L-WI#B*aXMDI?i6uv<f`d@~D+%!@%2!ARY
z5CD93`e3tm<RKlg6tPvtjyg&IdXlk0hJo0UTsL%w!hkcH%dM$24a~ZQ6Glu<!D?QS
z89k*TG=x()w*1RO!(fQRTu406-Jngp%g#g?+c*?Wih@hIliXJD$EL?5tOi%UCp5Jh
z@;f-7Fg(#qg*foE(}z}Q`)vyk;&1EKBtQ+O)cN)I$|v31pN^>^(6l&<npiD8_MeA0
z?^ADtiiEQe51-#Ch`S6k-CW;NXbNj;snFaHg4hOs8SMAATM*?5-5<6sg4;Xa5PB>$
zL_Ma%R&V3>YRVXNYxbnq!(49G8<o}64<s0Z`XA}KHLB`D?-n0x`rRM1J1!u?v;a3w
zy_vB^JFSA4o<%tI@Dv60MixB>)rKl{m@f+-LqiE;?{3L|AE0N1hSr0PYYgA17a9|!
zJ)9A*x7h4O3etlVfE$z;LG}Cg3Izkhm9kq&u=zfW`L~`~)_RT&vj=*o(z~Ld`C2UN
zT?&enr?WLk(8C}Nk^rGZvYpE}(a7s#%fvN1Q!{_+ZXfh{(o5o!daZDXnYmfm{{!x_
z|L1t~f2kC9?*A#wZP{&&VvKmMXut)66u>yMVd^cV9kN*+a=7`>wOHU{j-=yBM^h`4
zQ`1gfdh(9fJrd64V(UpX2Q^FigZ=saY<k_YmMe%nfQI~3_Qkm&52dZ}ovrvqYxN`D
zdUou@(gnSOIJGiNS4w3<70n%M^bgg|-s{zApSt|@9tHR~xpsN;LmB3}HQZszc|}vn
zD>^p(lilY8$o}!V6l+sy=30%}u53yESdVMhy8az0Qf>P5+t+Yia>`_oblMWH4ff*K
zQ$#u9@)#Y-vd=9^d*ZpbSOX?E&XyQ|Xpeu(m}YBv9K(PtK6h7yj-+m!;<OQA2j4tz
z?QB>S|1`h@&y`|sC2Rw}<XT<A5eq5w_vB+>T-Bzno6h^d%&&ybmwO9O^N>`OZHSpS
z{qN>9F<z)LqGO!zkrZ)deD@gHls>BeYRd)v)yXTjmp4dvU(KAF7}r8zSOB6!a41fr
z_v`WU?rGPI{(U$Qp;1LgpFz90+=Dvt<!7$`f&gG%<$bhsi4QyEBGOg<p&8}fLhNhX
z^7t4SL#8Z#C~;k@KKCs^9?9OA?apNE?dfRO)9dcx=`nYJG(yLXuf@?SfXpHGUye7^
zGOaRJua?AcM0EaX;HP;lJAdNC6Z^7+G-N^=<`G5vfMKQ|K92W^obdk=SPQG(hz7Zk
zqycQ1={`8NZLX4PkY2vK$4;)Xg_6}1IhiEL1N6TQz>%$3N_&JMtcxD<hdmL0g%hkC
z@S1qWK8w>AfMmts5i>(EQFiYgwPYP3M+_VTc}ENIv`Zya68Pf9`Amb>&E@FDvs2M#
zIwcce81R7If-(6T@o+W>@P$vu5(o&vM*=_)kXpz+n(KfGwPFO+T!Y-yI##f?Qc|AX
z9Un+HBRY3&Y1+@>Dy;ZyOagEm5%-0Uli%W%N3%tVtGtq~XBAsT#5eNIAu~?@`YK)g
zz6}?K>7-)nPe-u7gWKUDncLzzW2ZEHrK(b1ZCkQW<`%cdT((#>F$K2tT<k7RECeV)
z2*~5W`rrjqJ}x+=RUp<4Eo*U@<_@B{tB*n_DQd17pXaDZxhRfD`TXTARHrcLSvO^F
zAF@G7Y?Le8Ll*TvEFgn4lH(}UoQl=9B_Y1nUUF0A0+TWQcYAM4o#d%#%z=R;Xp({&
z^+;v5X9w_+3?o4f2t^u`1gZCX;sS_bv6<2)7phRAsbt!=XBIEQD}5b9QIzs|V`|YR
zkbT3rzyw(R_|D=45LUD%$U;vHO7h1`{iGbkDw?c9(ST04?z(6^vJC?xFkRK(Yf=<b
zHYRk@uAoRa8<N!;2`KoY$Lvo0D;~?I)Ju7K6?MqY_%ePv<~nyT-G#6dKLAYGgvLBv
z=SPheiuz|R`-V7>E<&Ld@krXPSWj;axJ=uZaoP@;V5gq8t`pw~7W2q2f?Lhqy;~^?
zqLHG6CvL`>|6NB@cZ3PqUO-!kS4Q^ncIEEVF3fYq@#hSknzLt^)$h$<lz2LL2OH}p
zd_iCYbbbGIx*PlNIvU{p#E1Fk@ac2r>C+5M1#lKL%<A69C*oP{(h}66<ldxh&@OfL
za58O_gcBi?%Tfrms!jxCCSh98QSz^frc_e?-&M3UlaP1)o&H7JnxfG!Af~;L2P1a3
zBuPA}kZ(~=>TofX58dRib*@B9l*LpuQ{n-i7(^gfJc~?FK+fgIav^uzuuK!r%s?e`
zY)|~%fdi_<3SvQR!RUf0g@oTLGeX5$fSX$ydJ}WCw7yz^Qri>6S4y;(BNPtVRlT*0
zC?_PNfNkOpp4412&E1H|De*7zM3Rl{=HO}|QwHUs35W`NqRW6X@y~nfCGaszwh7T=
z8A?ymhn(|7fE<LPh5rrAs}6>WVpA~F9Jk#R|Kt4ci+bx-&}b96nEcKr84e<7D`Su)
z2$!^~LtAIlo7ph2znQ5ASujv~Elnbsp_kyZ10njwc5Q`B_+jPD;;2N+c$Xx$>zCmR
zP6q8rV?9FFq7|K1>}vW(v)NC6u&I|g9t)8bz_qf6S|yT~8ZN<8wOx7|i{Oy0g-YnE
z$v`-VW$Hdq@4X22>gnSB%>FgqHXGGX;Qr&@SeX--4x#ECI%BD%2w-r35D!AzGcNEo
za6$h9o4lMf&7})Ml9nvs?vN!(vJe1prwKx#D_E>iXGnvDEg*(~p3woD`|h(%7=&a;
zvj-W05>3F%gZe?FuhmW)nGo;6nkateVQhG+r6IG*;79So9yd-(+i};$@l_TE4Rzgf
zo7Af+#uUzC>K4D6PC9Jys2I&+CSrE@L8;;k-qu*C3(jPLbV8^ylPbLi?KA)pcE>&B
z(Uw?NP`cU4zAzxo7L>0-HBuDB)3-{3f7usV7#;)5Umipu3g6W+J>koaE4#NIeH4%K
zA@i1$$YUL_ymuCoLyEB8zsQg?2YYjJso~QjT$NVkQi*bIy$}_Ze;5B{Q1v`kXK#-r
z{!;)UwZ_HfEPQ@;ABY_HNLK(@D%>Os_hPp-G}**@%%=)JM5PJXFl7gKE%1a%uL{vO
zJk{VYu5YJpF@94uJi7-asr{vxoJrjRS^2wP-BCkbu4<T0YtVnt=T{2c{m`_pl-A8)
zbT|-4-s*=8YMh^PgNbPWryU{?U7B>;IL44@-|o0l5$GK!pR<o$AbbrVA_?27>P3q*
z#T5Lv)}=aVBrEb;`Kl2qN!LRX4?gzV#4lDVp?wssHLG=;B|{-qe3#UVE)Jk#%xt7V
z_zO{tJea9;7pT6RUAc@*`fOt_5`w{UmHF5NU8}~k%U1rT6kV(@69Q<y%1Bb2#kzqD
z<k*OtIPE?<p*Eo5Pb?mCfEq?-6rq7hkk)ijY&nZ#+LYr>q<>6J8c<QwW7nqT=b-SH
zNK!DHEO1!T0vm<UJ<O%)Nt8x2r_TvU9RTqiLJ=C8*s;2NWR(1z@mFGxb)RhqQ#J6x
z6PL4_WYn4@T-mOG!K1x*ADS9MjsBNO5+^$upo=0}lw+7DRa**)&r{bgHh=tfw<-I+
zRYV(%#?AwAO?c?{5H<WJ+f1z=bJognuS{_wsSKLLw(}|qW@APR?u8bp<Z@%B!bnRP
z{{`YaBuGhm0sW(=iew%N=~E*~%F<~PQ03tCl+_}o-yZJ>TR63a-$}EavN?#vl%bq8
zz*6N}_^1q;Ev)AP!Mff$Eaf2K1l63ss@PGoU`(yG{hAb>ZO~#LW31I-TkADR*Yy8y
zw!v%n3iQ1@E`ZSRfS=ql!G6eE$b7^w4evNu@Gu)3)dO#C+_=pj&Rgl9tEcDo7M~H!
zue}7-h@^k@EB-~}tW<(>`W+y)ehMh`V$MB@K+N7AJLn_bSl9uf?%D0exhc`#=G@zj
zxFDd<^vz6p65RcneG^`miS9{$c_E_56WVF#`i}jdnwtv%NjnaU^Wn1X1bJv^;1%51
z)A5PltD+Ag9UhTQ(6^7PXHiX-0J2A#N#E6gehFo5MU~&b{3L{P<_e%6(mu5tbwtWW
zx6|)4$34!M)iP+fJd9`E({i=PJwAgo8%kPGZ!n7p>INew;g#98TLgvRtsZ<%&MS<q
zh$R@1E|4ZTs%4c^t~cYcH!6!+X664v2wB|Zb<vh|vllM)F>G}aS;=9#kgXLcv}Q1O
zysay#T1@>=#_*^f+VT5AhQi4k(&By=i8NYH7w2w#Xu9Bi`_1W|@bv+JPcC))zk)CJ
z|G0BmxY;=VGc$9r{7)M8e`jV6*8iTFueE>umru9%rcQ`jIwOnDU>Yu0-N(U(TM1<=
zvN_G9M8;6s0TTmy9*8Pa{y14@5+MG=tUrf}<wQ=-J(990+yXYgv=mp@_c!AvkjqF|
z_UG|u>RKFcTi3^Z;HWO(+r9(d&)N6x?jhT+T~EI}O)LI^h*4ZMdEn`pM4ALZA?D!Q
zuK9U9g?aGQROj*fb|did-li}p$oKXzC4P6$;^Bxl>gDbEbqyZ36n^MBuA@uWTe*2r
z`&Tegp^)w02pLX-Qcd>+JEZYQRSF45h{3Fah=O4nI3-@?rf(Y<mRdSD#Px^l;PA9$
zS89BTgeG5tilt+AEw95Bg-R2EAu&YxxPN#WeXhVAbx(I9Jl^he5cY%=+eMF<_M+yk
z5mtA3Xu^rQ)c_|*UGVe!pU%6yxoX5oR2jjRN>k04ecAX{`zBC213U|hBsTf{(wIqp
zb%bJZTD#$L+iTmR0K@vy0IRE44_p^F`o$H9v=X0J=h!njZQTI_U3nW2B?$PMX~I;{
z_ec$(E|bvWtcnd=u|nTfpIZCK@!HA^(h<kt%*`jGnWE#E?CV*H3wc|9m6#Y2$$GDz
zXp-%Fy%_xqXoQO@3N+uQd$=kvt(?(a<2?LYRbiETgw6BN&os^R{odYkx$BP=ClkZV
zD$}@04VxdEJsB_+@I?oRC+t{{YhjyKM6I|pepErGe(7%u_80Dl%qGMS)7Iyo4s2NL
z|9iGUdU|c{*PaQk=Q){zJY{62x{Q5k8jm!7pRJ&L7DdS@0Qi2~cv`aWUG31Fc0Wp_
zj%fb7raP}a<B3-?=-*#>*|t)OZKc2o{DP{UvoKSg<S=(ON-z%a?63EHCx(XiS*>$^
zSHJMF;K<6~TCtsv7FBGU`fkU?6_VR?HJ&feQ^KuOJE|dcN+_)V<c%jm5$l4M(bnQW
z<(O22)GV}h13l{!OCP42z_7pgzF&E|F@GK-5Ubq<w_t%Pg{S}M#JSAB3{vBd?g3Mm
zxTLX=SSP0ljcoxusH2RSD$5s_!1$U!V-Y}lUk)upAQ~%8E@cp(w2WHnlBw8ew7A3T
zj(u1qLm=FRMh!A%`C-)s(rCKb>M)j&%ploRso_WGP(x}A9Q11KdXJij6J+4iw|)#n
z(I!hPt<!kXf`{-$4w<&?s2MwVRiudUNsu#8$nfjtnP>uLQJR`8(Nx5<&E-G<r4<vA
zqT=?@@6xFP>kFns_0H@G;-*F~i@y+$l>Q0kI!f`MOV6K&PAo{UO&@?v9!1*7Zkb1H
zKMmV<5u6W+7%8pPuOnso$KV3+oWQfwV<<ryvT@r<zDzuJ$1|~3<2~BNe51577%Bq>
ztz5~!I)(txREt`_2d^Mnk6KG9;K5&YF}ljVb#Zl4AMwf|Z*cPP5Lr`GF-w+y9RLjg
z1sd$EF>Q3-v{JOAX|s|fReVt;?fC?0yn`xUM=ru^HUu9A+2O0&D!%xxS;v^r8!)BQ
z6490^@VW9BQJ!7iJi{Xs$VAr|#mVume&JTYfUE)9YwbiWlgJ=i!cmQ3Q+~5(A$aLS
zE{`D-l_i;B9V}JqQ?uVu3K>_q(G-2g5oJFeOR|t?*#t$W(Tw+|ac@{DC#6LM$1h&E
zrl<2lYRP2-fh+sAY_VVGjNuMcdnRh`reCBD;AL&d_&1TT-q443S>~FA^sU2BtG=vo
z8OH-|(}P>Af_@jocheO$N{M&&TYu=@Ix#P|Nc={<tDXkJ9#z>J-+UdURR>#J&0u6S
zq!4>o)X38I!m|;GK+)4y5U0);_o@mKcXt(JqvE*6a%tNGxuL*;{BToyxn~SH_jfw@
zorF=cc?FyW{}=bF9g+-1<yfnMO90_tfpr_O29~c`i4(fxs{s59Os{Tfg8m^r+Rz8u
zQ|2l09d~Ty3THAT!--f;y$HP<nf4ygt$eh{^eN^L1=kF{p|%_h!e7xQ`YnA`2xl=m
zrp)<JzbWhJU!Xt}Wdu=vN1aZ<UoftS3Z$aa59?tYe2o4GO4pd^=_&q3%5Rk|21N@<
zI(<*$jI!p_bI+1<pP<HCL<u2CKxnxAyS}_GWN%XoI?en({DgNyA)4m_7E4@<hw(i`
zyD)t;`7%aW*xG5^Tazkib0OMeDWG&qsDuEN!arzKw7>M`#T4amX4Oyl46-2gjms_%
z1v-_~0kf*<jQ{&0c#`&DiSZ;+BsC47a=j~eNB9%$1+Vh*d+2V-zS(a1uU0BBj`I_w
zX;yPcf0(728DCvD6TEn~WJoba=zR~ZG|YS-$yzA7|M+iU$0iXb4ndNGG4K9V>=dMT
zsteQyFy94h@%e7$Bxp33zsGCA-G!B%*s2y>YCZS(pyRR5#xu^cjE2QM31G>9&P&=S
zc`7G|Y3L!Z4vQ+=9&WFbNmL_8ih6={4!JQ|3Qe+)zWZX~!(mIC65CEISBX?+<aE(o
zwA!+G*O%d%@>%G)Ik-^{*Oj~^Jy~{NPwY38^Oz(e?gUVa*y~iq6r&QVlty(FUTIXN
z(fjDGG#BnZ(S=Lv_&))K&>=^F;?L>w=qf%(Ejk2`^XG6Y!R0Np4O_+I2?jLl`5Z~p
z11{2e;T5YRb$@kVIH9R9-5xQhJX;bh8k_97P!+a<eLaEA=badcqu)_lFnSK+K-19%
z;-;^y&#9s$=5|;ReIdqcw%r!3LS%#_U|DX9bJ7UQf%__T3(@(PH8eT^>PSjjiqdhk
zIdDe`CnENH)?c!pA(b_fL}&_towlR={p-ajOcy#kyN`#yx4S<SxMpd6uOa%vGpM?`
zV&}kzj9)H`eLuc-Wh^L39aGq+P6X&@Y|-vt!Vo-0yj?y=^br<}c!5PNuScf<XSB;3
z9(j3(Evp9$4p{lbX^REG2WWb*Qk><)BR9LV#{F*1shzZ!z**wr)wB6e=>eg4s(EUI
zC_6SwTrJfSRgLLKd(C`&d2Hgl(2Q#b4$}PmVCDU2!j4wkuR>FJZ5w}VjmAIYFoqwQ
z*lD!F1J2eZh*s7lJFck?b7Z!OV)P#__;_8u4*D})UD5BHTRX>q_hU}>gCtzBf?MX7
zROAXE`&|YnA+y93c>}}Ek;Cq<>0gxcJ)qa|pTaG_SBHoO<mB@Sn7m*vF>aVUn_Y#<
zi*$OK+pmdQlXTY<6>xwC2|{?G^C|M$FgdMAI(FOkRDKYMHth0AEA3Jl&_c9)Hl*sy
zzOzBkOeq48P3*D(uI#gPip85C77K^dE;^LF;_x!-ABDecn{~XQ6OR&@>}bht^VJlM
zg1C_l#y99Vqq?uVn-3D5(hY_=v+T5#Tt8G>?ET<L_KvQIEuoZ<8hv=kcxo%Aqw}6u
z1`bojQ5x2<E&`ru3lfrIC`xUm@vV1~40NeYIkN7gO7T<yCrZ>;SMCH87FkXjTge5=
z<bIw?)9=}5=dv`_S};WmGe)|)_tBxifuUomHy|^pvmr}5DyrO{=c!Y^dn(f1HA+vH
zPvm74!qb@R3l^g_k!-gh^EqA7r)C%ak#cmEB^wdhe{y75sAx;Mg+%ud7Q^^~g`!G7
zrn_N7siW8cT1YSFWLi!SRf;jt+;UYW7j(0-%>pDUcVdJll@qJxf`3jmU&O+ZP8Dh)
zCD_o@>2^5<D~aGjKkWLn7KHv02m>|mzFUE*8S=XjX7a2wtO}5~%t?sO0=V6_JxnH2
z0r%UE@F0QSr(te*21O#G7=?o|_G<`mib&#C!DBLje7<>b?2Fcd(l1lhqb1}Nn6wdf
zkS&6At-5_7AtZ3f&KGzQ$zwMR@{p{=i^p|Ri0NWgueoLsuz|(oBd7Q^f}<2HS}V2u
z6GJ-|=g^{Hvz`}ZFLNCTi$+Nca}_>uV+tG22d9G2cJQzAGMR0ZvaAs`XDuKj7?<?=
z#;G;{pA1WnY$UpCVtmFLn?*8dN96`w^Gwhu11(7c4o6Jwyx_HnE?uK#+VLUHnNKd+
z4=@T3X`a}h4N+0SSC<WzA^FNrwu3??(kFr;>y@h$qk?q)PVB)H80H~k*Upx{E*Q7l
z4Mj;ml7gPhXHCL=qg$SD0W^gUUf}$;<ADr7<Y<qb&>30(tlr$vhOW7>t6=$2ful(#
z#zO>gi|vv@Z1+J9pA0*1HZl_@#>8>?5X%l?kJG+ePFX_z)9FZdCh@^F8^>{M>W;jn
z*1_m&gP(Mg%!nhOTPO<|-Xd1R35Hbll%Cl~zxb&wv@DV7$@KBGTIBL2o2{r5JGU=j
zAIfXZ5~t_9nJJ%CxRN&jEnV7dW;?4A`#TrsU<;>0nRG|}U5rUC;B1@Nq*Q^X)^fh6
zqIENdKSs8RdP=|<Pr6KWl)vqHc1p2`>oOxMJe}ufe4#@}xvTx+#6_*rxB*~m3tVmT
zOyHjio-<T{eM#j(bBUx2nm&JAjm86Df9${@!i8opj2;S}bYKWq7AmsE-fM3<PP7Qz
z!R0|wGdqhfc$}-29}H&*Uzc7xVpzBeL}|l>H}XA<WXZ6q#_>-lxn7B5%fyT`5HNL0
z@Mtw^mssTceuDNFNKQ`r1%~Ef<aP3e+I{-)v(a=2;lTE;$mwC6e?o%_SSklNyD@?)
z)}ok|g>fsG3DFcPFKs0+PVBZh;<Fbi#d_|mZ>df3kYOPFX{#A5*j3}lPt09b5wajY
z@h%hp+6r>pXXUkugMPi9jI<q$h~cxdv2biA7^=0_;1Lv^RTM^bmvz>Me_?RH9w82>
zrQ*iKDTkXRLY0RUY|m2pv6%)~i_lWrATpg!W;h6Y>(BLO8gDuVO3=};3J_xs>Sm~7
z;vt+O_Q7`EXl;U!wTE;@2>-%b&dJ6(U}MS`ftaqc<7~mr3*|$0Q8b9AW+Xx(wO;|_
zhN+Dxop_gQ)81hZ-o-^x3cDb97$&ruxv?RUohNGkxVDuOzcOQ>4Z8tkSFa!LJzUZD
z<aOMt$I|b5Afq%Es;)J`)q6o1Y0%+oNgB?;>|EiM@awF2E#M|c#jCZueXQ%2KB{EX
zt^PxHB(shwpv$ogL4(?;nrHZ$Rt!c|O={C1p1e$S1ss9F!)xA$d`I|H3<xXwVk9*N
zNavEUHwAE4k%pG0i%0;@!pFSea*xR3_xVIVb(I1^55F{A`7?H}UVCLS0Qbix%H9kF
z%C+H|MvB(!k$t&W%G0s)yNtwqDgLVrU;Q_RIjl6(R}Xr?=4|6d+j`C4MELSPWZ&L|
z5x1%rstvEigwUNClVuk<?OUwKlPQ#7G1BKJxyo58#Jw5io=Jemyzpl~$**#f$R%EV
zVn!qqDltouBDGRwy&NPkpff7y5U3j%^%`})9ynOKfL4P$blpg3tS%T2xO^}K^pNm-
z@FbwSqxU}wuP=<ID%g<!D-YoKkLQMsiJANV<N^OtQNsN{fdJ>fK!7}HQj!ngXm&+B
zF!I+Z&pc1uPaK0{97S;E#zU}i-tF-+e7vmu4gF@JYQ@6qItsFCMv9(dylfoN7BASM
zg^(M8qBTZ+EaC3qvZO=%x8lRq_0|2%_NU+XQVsHU?81G*nvI~|7fWGk6g3^B_r!R6
z_`StcW!*9ERiPSRBdARhlMM#o7WQrug%QdJOH-`J0qWU?hBM|~G`V2TmR=xF4|P$@
zKv{<A&c|dkcYA+Hwwj6lDxAMlk(h7G4TsTBmX{F<f#>C7r(d98{W<XDx-2A;w)k<G
zt6(NldKm}7abIaM81k<o_D)Q~9Y~5=1EX~_H4Rz;%b)ITHDq%Sn@$A42$@673d1qf
z_uWS`omSvq0;NHY!=KvTpy;smmcZG1o~pC>m9yB9g#cF7n{-)FSKX^lV3q;Vj?D+%
zj?OJKHzj5j{H9CcN)i0Wl@_m^Q5uwrxEY|eSj!$%+`^F!cA6-<m=Q=0ieA2-`9a}%
zZSPP09kcLA5o`K@0AqAOifN|(g0FL^n6?Axl?TQOaF`s_74paqvlrJtG3yr3G*wt~
zzUZu0a)Sv{nKVDFPHk0_F;jT3TG@dzp$ZB|D0C~hg#3LP^K2KM>baXnlq_75Og0j4
z>>8L3oLd0PgAQFkgH_V1RofPrxF^V*iR(CBf)JKnQ2kLFBmx#-l0Zpsc~K~Hjjpa?
zlWqA9HLKs80HIjnVTy3}SZfO`jGhcAEtk?(Pgif6QR57<0c>)zQ8y-Y<LT{crR%M6
zAhznd%R!T&dht#7tJ}l3;Wwk%)bXF|CmU}4zMMXtX-II1F3tMm@*e$)d(1OXchH_D
z&HdID!SmyYqH-eu{A|7i`67`cdK8Kj1dUS$hThOnxs0M?`IIPqT5-o~)LOmEoav|y
zP%xrig~1%>5Yu)4C;>5mS@sXuI*e|PDW_@x)HLg{wB8ZiKSR+Tcl|1A2!c0wEyE+O
zabhg~0AzsevZOR3jP}37u$B9$8qN|Osz*5jx0h6rFrFPC-1m<Km;BA54-b*(mNKKQ
zEdR)gPnf_+nd62)tFHcG4}(d<Ch&;-SvJ~v4Dc8$1p<QT1umlHAX3zy9qEQL?#B$O
z0TvduiW{(Q{0Yx0dpm!sJc1$~K2@6|;u}r%Mwxia91-eea5Btq^fxS?cvGb@k8MoI
zSOGKHQv6qd%0Ir$87yC#R$Z_#oEEd(MaW)Yn8JGK4XG)0|B^<ARoI#vS7kksE7y_j
zAOgw()LUjr$UV21*9!QgeAb2N;WK=p@{orx44<%4HIP(^9m8HE3ukMHfG-WpgF5DA
zO6@tWl^jbyL0I>FW`Ul@Oa$no90O_+mMXK<SV|87;%8YdPA>yH(4w`V=#C1DzEfDj
zK4OL1d~Our^8^BHg!WIM5;aP-z$=zzVX3%L^YO^~caA*c7iLm<ELi!y#hhY6F0g$R
z-Z=?yMSvT1RUysp(=cp^m0i}yq3&s`$DWIjW20}O=b!r1hzA?|);#yuQICb?u;Z=K
zyAUcsOz3GAPvBbP5AB*rWKC@y!IYoOm;AzGWfKxKcWL}?7v1Ddm>&vPRladUUH05N
zw(Z!YoRyd*1Has5-N&qOQxX5d+S4b}Fb+`h<y-a$xPNU~_=T=&Uj7Ak-%LMx4cFNw
zW;pm>8o7%f$VagOpZ#MwrTQ=_A)2K@OJW@0Df<DR(c<tk{vKyXCf>O|721Py>_Ip_
z$X_^!VMlog=%b)W4)p@j>FlCc+z0$>i`m5`xp;wt(IaP6ihxT{h`K^z4#*Rzt~v}t
zg-LAPuzxW|lm$~rauC*}``<r6K8yv5rs?jeKi<)*xIqMH9)=zw<kWaW>6-ub5-<~R
zKlO2X8F*G&5V~o6hsQ+r=^yTyppYDyfDF~{U$>yE1Z)tR7z`59q32$m^NBPBgwmS@
zhXN}8;OJdWb`6DEj1JE^%18LGSY!yITcT{Y^~D7oOM@@Yz`ZYAIyks&8OKn$c!p5C
zgG7dKrhT@pTc^)({=T!4wdCyf#K#7h@-_kKXwaq<NNS#$S_%fsr=u%0Jv?4H_903Q
z?Cs3W_Pe@}$<^17qb??Mz%Mven`wpL0$<l@wjU&G&v1Y!jV3hrov?Mq>g(m}!!sEW
z$Uw_|nc?d5@qH5e`Eq32o7ImoWootV20XB3+G)O4N31;AT=CEln>$+$^5X-}Z6J9!
zkw32=j=YSSLeOa8ib2$7o-LmZ!l8crAi^{q_u0=4#f88k0?1a&&&X3A&4kz^WzLgJ
z+~*$%AVm-@1{`g#v8pS$%go^2<l+xVl&7N#veA?C9|)=jVA*1et^Yxjo5GNSg%s@)
zG3*b89yoC}SRubFQUCpP1-Ao;7^}P-(aRp&t%*Spp*!4HoA+qY+U5+Zm-?|T5Aqxj
zF^$-Y@~#BgS}wTIVP$~U{c13J!4)Or3^4>7RD~>h3}?VSBeQa_)Y(?7LB{g?a_h4k
zBq(+5sC!PG#D*WY-0;ezq0pU!H{r?V(0yal7l`Imcz)eRsC{sEACClZO}fqh)l<$w
zST3_1dX)Ye;PSSCNW)3YkUav@AfMN@gP+aK?j?Vfjp{#En0ne+Ikx)FTRE5LWysSR
z>c!uS&6^&bp9Ec8!|b%A!#-QOvNW_vqkcs01IIE!v5IqU4(ZiyXxz8dRb^6Kw$NB3
z2XN;MX6*=D{Xz-9%clqQwy!H3zjUwnyFkM7jk}Dk5Z#p3_|ju0lB8bfQ{R^>!PUm>
z*wu49uD)B-K^VW{2%K=yo3K2#9~<qtZ+d`@0TCcGYGwOHA2av_J`;g8C6!-X05$1=
zF!xJA$N_ZF!%%|wzHx{U-ba>>8*|j7F~ew52h!n5sSVCkV)g)H+pFxTfW3h8qp7V(
zD~!$x)2Hi4&CGn#;hFJAMKkf_Tk7DotL<w39L+l6f~eL5|7Ip)_>;nvU?sJz;p~CW
z_*I}sP+5i4cE&-|#tgPJL@hG2V3tjmSjb7GZGC|vuhgiwjkha&?VcQ6zdjqYDuek-
z?LPrG%fi4_&tm}b9cA=PpkHJ7NQ(t@!a)Ty1&PY^hLmk~#8OYsGLs%>RVFZzLzV--
zBdwD1>4+gMeZ~tfj*;YmWcsoK{0JWrdSKDkjb5&Ab?!%QPCmNIJ0+*y<BP$6ruO!*
z_QZd~!Pc#R@iR3I&<OD53LcIOi6@Y~gEV|8|CVo~fA<3PDq>dVGj<=qZ^3{8d6DmV
zrHAHne16Y3jVB@?41cIUv>xk|fuF3br--58cxWj6BuKiSGb(-Rtg14G=aNn>T7Kzt
zY&;lFF?(HlPkpBha19S|q=Ughay<78uyeI+?#_2XhS{yNqza8mrvQ6hC7~p_U6;A0
zKGKP3G}-`i@WdSukTGTdE(KfEm29JOvI0m*0pW7S+<8SCUB@f=H!f6cU{$p%B@gEv
zEjw?kL>GN5vUTR2#Mq8;2tnEl@t0GnTe0W9kt6WnXO%;c!d7HJI8{qL#!D;fb|k8B
z?Rr34;Z+&zs>j5}KiMP9hj>(u@VM1gX6fL^ogo0U^GFTM-+%0WF|A@stNrEzZ++lP
zW0;k-RMF&}Qub(3&EDx~Esu=D)*0HfHrQpSuW5O&Bk%R|$5v53RX*1`<Kb|dhfT<N
z!J~Q{0jn7e$W<}aOv=Ir6LqabMWsS{c`77Wo*?;!1)N}L2Z}-t?K)-#L<gzT<w(pD
z1(l&pWTj+olSqU#Vxeg1-iz~v>-UYAl1&QozlZDpQ06RLT+II&t~vi7%KU%6S8^sH
z<B<bOv~2&$B>xHBPyS2jJ{ck&Rjdb!)_zsnCfAj9WYgwu>!itqVOy0zu9kTCMDTaX
zm-n&mQE)dN?J3npUy-cej6NaT)9fU}{46ga2-@jL;o-&$aFTz$F=sC38<`1M^?o#R
z<<J4U4_Y~q?UPj$QbJ<JldxzJe86&p5(QKpW;`8Umh^Ob{<==HKf#3k*m^^BSNHh$
zT|-4J>dWM53EP!V7CT5+{VwAv)!c`6a&86ns$k_kIwU=T%1W<%cTzIeN65hN4C$-i
zxn8oIC&?T#w=gc7PGbw9)G26##A>^~;-6Tfx;~>Wwxjbb)^VVhiVb4+IA|j<-V8uZ
z&UK3)Y2(S$eQT();o4C4%!A(DOgLO|`U{Z@1cKB1yN*rWGe)17)lcisx|T@&uYIbg
zex=^j?)coo^tEmjb}tJz600(x?^}2mgjHf>%H&5`keBXfd|KMhrE+FPd{^tc%F5Uz
zC`sfeQCddh;U+9<PNlDc^($I3U`c?tlC$O9k$#mu1Xd8Yf03LIUgc1#;BVbMI>t0o
zF=8-ZCQj*Wm8`J_-?=r!utLu)Y$8kRvX%V&J&QSVB%M0<tE#vA<3IOiuAaUndvLjU
zKGwQ6R!W6q(06o76j>^Xwzz=JB;Uv{4!o}>^6w#wE<5YPgqHzIAipkgavs2Kjvs=_
z<-O`MiNsj(Zp{2W$ao)z9}fa)n~3vk4LPxmC{?2e8tKVFeib|R%z-*vf3vq=ZFY$;
zR1}<3?j&=d67i&*o|R5Flu8<ho!7d%Yr!gS!0=p{N&FXGe>AojfoGIduryYP-2)N2
zR?PhjmorItxV2)?k?<w{Tq|Hul~@c`vX=S(qw6hz<5-etQ86=<MHVwNGg!<li<y~5
z%sgUdW?9V47K6nWGgyrNvhVJ`ef#1^Ow7bgpUSGN>gn#R%#-<hxl`)`_Yx=VBW-sg
zo52mwSR-Q;%NF+C5ffPQbk??U<_`pi{D9>H78|OM_=HqQRpolxw%7;a)VD*HwkcBZ
z2~`pa5e~6zqi@t9it(&OlD1&n^y|sn)O)k>6zd?sSPh<xBgcTapcw~4QRw0{MPy$2
z-YUQdnV{-1>?fL)j_(OGu)GX7J3_`V@4;aUcMfc~313wseFf@>8kY8k3TGULyKTf-
ztSuO=E81^h<|bLw>(F<<_*Z}Zdh_^p4F3Jm_ZPYWKx#;-XsoS<mG4`Q2ZhgX!t+C;
zc|jA<@%9(Q7VlFK_m7apMA1tx$;`Lk^N@&uEQhtBd^(~H7ALAH9#l*+*={1!yeZ<6
zIb>i{&nF5<|8r<xWo%=nh%ZCU0d8-OiWzU;kM0}QPa(?)29*%9$rGONqpb8OLg?iA
z%)E(WoxP!^YP)-M%MyvXtj3}Yw;mQjmo@AUHE3_UNNJ>w80Z<WQn48~CsTLFp{h{<
zp8A<-OD7|l%l4_4b_^*KnYGy16HgtrhxT>{QK;_Cs@sMmi{?FC0kn}rRB8BLwv}$W
z*%u!-GnEBYi4YI!_=C^A!hK+Jtr&a~(xJZ)%4uqUiXwev#9J83SFa^Yf32+exk%xd
z4y`69XVAXRM^cCK7#}ZqOyMYcCYB=%_!0H(vvf$2KthU%Cq=IhrW^L=ooPeAR{kOC
zd}+zppeyNF$Ye!aq@;@s>lsv%Yo;|0kWKsnEIAB;pTcJknk_fa8m{q$EHh>;w2+A9
zi|<By#iwUi{*!`4CNSVolNm9V@>zvVA-`Gh)fXXkVIZPEp0S0KPuD4=BU~Q{;Az6R
zif=ys8LHr-Bhp*LU|qY?yuU06+ExM5lTw+=1fo}jnRay__w@kR0xQq-M7xxKhUJ+Y
z6V6Tid;Di<Jy79gY3dX7on(#x8t}=VPA}bU1+Is0+8C}XF|M#fFzqm=?dT}WEwLOv
zq@UJ%)2*xxEw|=fAlM}l=koiX0Ku~r3S$X^@hvUAlkr#RPh>_5tAzK4Z508|^SY}p
z#WV)1HgD0<zvkF-GL=`_Q77QWouu&2OO-XkMH!@j1Hbe@V1TzJXT;7wf<=se7{-V<
zT;iGUGbndj2q56Epmx2sc@#W1{M^v42lH`%qQ^+i=EOcfvvy-sE$2o6RL`0?lz&6Q
zhPg#hdA4odxlo4KP=pRDJWN~o$&QZRM;t`-34Qb9eDE30;e1?rW;;#lzg9`dyF+Tg
z@^dBZGsc}5{uXXjnvAzpe<Zp(U($6pNlrWhvE8NMdC$}g6sqcv9TIRBw4&US|CYY6
zBV9r#cQXAl+@@sk`+iRhPy|IEREDN~N)RazUPe&u-btvs$m+J1AEvcJlqeJq5g?O4
zA^c;ct*pW9%l$q+(|KPW0na%ZvDYwU4N<dSw?YNph9x&lM{z@E=2d6vUS4SQPhFIN
z!OLLQ{65Xcv~F=Qy%l$0`Pnk;mYJs-rF9XQ{-<C<y!{{PbhY0!0Eo>d;boP7@|X|l
zD)Llx8YVeurzn0+uw{{3bO}$eGoA_Rx4T+YO%%eR$jio10Ci?RPW`xJp;ASSCaqEf
zYM4}?Kv6Y3In-h;kWJeBt6v2e^9_e9J}e<>wZ-5jAd!_xO7ohC{JiJ=#JwWTs*?8f
zsl=Qo$5$(t&ogQO8C#Ci7ufx>pQEfppmA_;I92N$E}dT<eQ7Ej6Iu}@Kw6Ba7oDWH
zy4v2YaLlK5=XFiqNU&&{Glg=YZJh-m$dU?KnVp_ao~;DXWKnu!Axj2^&e?bk=qNCV
zVfmNa_1U=BIBbx|H*sUW>_!n8ZwY!m@Cy`4oqpdr`DGOh00XXXeLtA~2vgSY>h>%6
z?YEYxaf6M%k8o3U+3j@_bIN<`-mFQ_K#@}k>dCF46Md1L7Nutl<9El`wy7<m5s4lm
z6L4bog24~x`&9dxs|FLB5U5{0iUukmH?*oMj;uNtVU=rjO;N0pu`W8z8xu@86L`vO
zjMJ&2f!SmYSXqX`W#AuD6G&-HL_@f+W*7oFt2xFSRtamUqZKTWJd}u`PC%?&G({=o
zx+(+3sR$lxkEoK{0JdPTnJtSAJ7XlLicf3TZka&+F@>0y`k{W+XR3NhOLerY&boaf
z(vI8`uKMw|l(;<(i?+THFzYo~gy@3C-};T-u4)Oem#sUK!x=TSixArHbZIeZ!PPEw
zgQ)hUBL|;`YaOe`CRzhzcM8ZV;1+oJzKFi(s?;9j<}Q!>sazqm@AgLr;#}AH3IYSW
zKd!<eh{o`Y-bK~PF~+%+04u4()4;EdiPOr(*WAjV!U58`yipr+7ZeJ^#uocBh)vJ^
zY=}63b>UY5IRs;t5CODrkR=ixQbK<Wp-9r&L>|Vkd1bRTHBl!%96^*FL31f&NxQ<C
zKBqo{DyNk`DwU_UMDZ7`czbVE8(X6xTn4mvwV2%Y7(pX-%ZN)U+^bc?PE4VTb*=r<
zHN8x`DPcjqwr>dp;CJB_B2_?x+b#okac=-h;BjwdJ74b^RuD2%qVW7y%2R$XahzZn
z8uZ&vrpu4-GD`blPSsiU_!4s=rkgfr6v5kd>5nf^lO;WXs!6l*Ol|e8@3A3>JOxm7
zW?`gLp1M=LT?cyy8$SozK|&bTLgDB7p>WPJ)zN-6G)MS?-iRuT<`Wru1=4GVM|l8P
zZ5fD^8O(zN?ZrbzTHepJ78^U$dpbKkg47KRbbUKM>>!7QKX#BSk794dn`6R#&qsN&
zlvrNkB2guODA7#O@*-_IsML^zPANO@X=4NOhg!J#&iEfCkqsaSiFYLX`%kSIc~n7m
zP|uf-6cf5dmxEImiyrh(8?HBR`~XIxnFfJDY5lk3yOt%+&cuO!`0Fc>Nt=iUys*PK
z&Fe>wxPTOiLu9)*teZ@0-?0NDfX_fP7^uHKTgx2Vuc_fJ-zI{_qA1a)&c#mK=R?QX
zN~axa(g?cFO7mP7_XZws;oH%PA6hr$qh<S=xd@jInal4f{amVjn|0(14uDaI?fI{y
z%BAOsU6-Hp@SCH_D~;n#75Q!AjjRmr*`{|kV`q{H%z9@b4$(aO_V^(OHLLe>I@6!P
z!;e-MFpnXAIkifHPH}o5nXQD_nc9o?@1}X7^O_(Xp`9jcM!oTy0C~k1@?A)K{9*LI
z&==fi*M5IT68sG<325Umwc|2zc5(Wz%J-bi|E8!iv2p#!c=&fF*8j6H&zVR@{*j1Y
z=T9Q~;r}F}r%!DE-fdH|+iYph@?(X5)hseF!9pj7t}T&Z`A;JHKfF|Lj|4Gl+;8Gw
zWbstLbh~eS53e})z6SC=8NZjjq=z*(ZkdVkiytVoOV%zm4%w0sRdKR*rR9YeP<`c+
zpYalO_Iq~Pud&}$egI5$JUuUKN!3sDwYg+Z1>!V@=igZ#=ytpH=)FH~Mr=*bo~(Z}
zV$?v--B~gAYPv~D^`Sk%{)IRMs$I$o#T!q?44={RE1A+D9%Q~%kg}IqlYIK;2Rqfm
zD2Z<vx%|fvi+HyS|CjyPsI@_^lV`#{HrV(Hk-MS0eTSMjYFWU}_nl&&`d0EmpFcF!
z50<K8)Am4#<Jv$@yZ8|6gK!r8R@JDN0N<R>d#%T&q(U2X2l0Ly)%>%Mg*b(;IIg|t
zXYE@<0@8ry<Q*oqmy^P-h*GwQ`pcj;lGw$D#kl25J9Ul92m=(DwPLv(wS|4HgUy@U
zpB^)n-tJWA8-TV<o4s8!*e-^AK+-(pR8;Pi`DCX*1ncx^zuo$xwU>d^7pB7e{mIk)
zlc=@I%)7;o(`)V^Uc%S`q0cV!k$C(S5aj+mJ-l)YPX}44YZ20Py@ZH4+GGQQ^0h>U
zSodq$t-3?o3G!%t0b<d@tvC$|4rz~iMb9p|zuY(@ECKPiKkWnwI9|+lY>Yku4o9P>
z(51ltuugxx9^P@P<7kBkaUGo{XyT{y+Q@$X5;oV#g%moG=5|>ATg_)e;;KOST>gvU
z$q2~JsErsC^XU-o_19?_?+AsQvvd+IO~i56BP}t1*aE^z&mZc*ZwWZwqMedbCpU{-
zLss)M^8ka}*16(VD9KnvAqxAM{F-|j-pmShLJ`Y7Tm9r-ap+C9Fg?T(U1F`m(rhXv
zZTL;Fk{noQIka`mE>_ZLoG>ANztj)jiM(&Rl(|Yd*@;vi&D@jwVG>xjN%O8hB$9m*
zq$a&vzUoz(wz^1~CZt}KNEU+0va?qE?!LN<4Zuu|k-3>W<It3eYg}yN2FwT;K~a4Z
zgaDtDVh2O{gY8xx^Bf&3(tjF?BBKF1p3!(1B9wY2WODu#E}DwAg@>-;Ir_xdGeB9t
zz&p7cA%fW)3N_Y3G9&K9)c<pv29GRAnL60G51|-{gh-YguZh1%o42qAj=~MR!%0QZ
zPe89Gti`mXIp|Iy)rG^1X7NYPPuG2xRxOZ%hDI9bg!0EwwBu~biLF@AQa9l+AW2Ky
zz&k8O5Kx|E9P3VefwF&u40a3zLB*FiR%!ikWQmW9GYv&*I-C(tHshI<ET(Q7D8o!;
zcE?wQ1If1XsILzIxK@rvZx@*}6cCet20UIopa1fT>DI6WaUw$M>FjFvxif3aND9OE
z;DR+&JG^=>&1BrF@oQ_-t+wm#?$V_PJb67Gn0fLBSTcpj9iBECWasm7R4nzaxAJN+
z%$y9yiF<!_ln(NsAMP9oKqQAz)Gw$|ot*o26~ByI5qth~rGng(`nR>VX1l%W0zeZ5
z?4ZLz-?qfAAq})NzUP<%hRVThMx0yf+vm0&VpD0YWUxt%M-WBId{XWsx*&f|vP17Y
zduHcVpqeql3##eB0Z+82(r9}qo@5+%?jtA*Zi2jM){w70LrLBJa|N6$?~k(?qGK`n
z&y#^=12qhYFsLqRk$o1mDDFr_<^Xw<5z)_w%+nBPd>b(kB#il(2k9jyF$<jWcQYD#
zH_y55GG-sO1II)cCCEJ~BZE@%IiRV&^}3V4s_zrvNlh1aJ8x=?K>5-I!*v+(_eyPY
zz*O+oio+|fS)iA(<nij-*=N#vx%(*$<+CGfEeTyIPs%Vu|GEh$;-SROkpe(-I+S1$
zI82~?@KMf5tACtE&#q#<6s20A%aoVj>2^!wxHgaQYt~q87atoywJL|C5?1E|VHrLH
z+cULWw|jG18Un}RgbLqO`LTBV$&Ug0Cx6)}1uQmZKA^-6grQyw+<JL2Q%e#1;ozV_
zkD{$4cI{rJixL6eAV0bQPq*j?jD1r19Wga;j8FQ+^8w)^qd2a_0TM{(PD(dC8(Q>`
zkZccf4^Mtf-bdRZlT~tT3J6fwNMQ+w&i9>t?%&O!i1Y`u=FQRY&XE-1d+;Q$v=8Re
zQWVdIx`eWk+@uQgufNS`jrnIe!Cd<GO@x(aLpWg~)7`iImgao|xYbM*Ax+DgT5fjN
z#RPRvSovixsZXQ8nV|fZD8j_ZM#?)z_T;UoFh6rMwjeEf5S@>JWot$g(I{+~rkPDL
zGeO#qbiwMIA$VX_r={B^6^!;41WadQb!mui_S%Ke*#mR7$hpgujQKwGw&Ea)!sgGC
zg$kGIkj;g>`T3CmynD0kCn_v&Fv^2DCH)ikNIl)CCo1bI`jQb65ZJd}`}5P_Wh9eR
zFLh!%WulVC3KTz6OK1-Z1?@0NOQ<G_;vLNBQRRRguw2oezd|vE%@ol#Ip67iE&Cv<
z*wGwOVXDylV^VZi=*&m_0OwTHG;}2weF4Rkxk8rG1|ZM-hJtVqwTx(^#<dUDt%k-!
zZE%9ri4<*+cHk1;dQnn{NE)4*{d~$tMcdfg^+=3QA|Sj`mzt2_YEV)J|71QMC0$M4
z9&vWBkZEJI?xE=4TU=lX66GTk#^fXX!BwefbOR|$oxI^IQ6ic(S=Xe{54(D}dEt(s
zlFxGH09X+g_-(tmtdUbjb=ytll$`e;@$#p<h+#?c6&VC9KH%I38j`*h1b0IcW0B>(
zx~kDI_yq?bN-*bgb$);HB`I0O1jm0E&{;N@Hhg7@HDGh;i4Qs;p7R06L$X-ch|jyj
zrX?#RyAztOBZJ6GK+TNzi&Ptj7skynDy@m71t=-t>s!1SbMzie&t*6=l|tYp$Y|$M
zW)9`JsvOa=T(|lk&#`{tXcK{L&t`<Gh{;nTgu+a#D4n;4@H`%}b<E0P;wHV#;U~rY
zbzLf%hA!aP>i~JfC`3*+7&QB)8{=?%7gl^c+f)nG#aZ&d^2*{4YaBX74+Vz{+-#rs
z1N5DO6&VQ375U}kOdEN33u6585-As=XE}n!ES9=p@TlxLFENwj>SwFQYGK9+vk7;l
zYeJj3!jQY84rEccreaYcfeJ{(_Y2t-Vrr?AjdHW~w$Nw5l5?$6Az4HHfiXPk-VByn
zpqGZ6Ar7y@R$w<g)fDH8hVVg|Ax|sd2OM?Q6vma?-Th)gzrk)qsSuf-aGHAv)aQNT
z`vP<Oy1-0Y&H`GvUpK6|x+H1ws}W=HC)MItc(+e=Y<%iIJ2u!&GZ#`H_fRa2mPuup
z-2feewf^#kI&(Es*T&Zm^AJ%R;QK*x7zd#t1b1#l47qf%sJPzH;Uuskhl<W}0|@bs
z41lsB*~T^{_S^UX3)u2%FC{zR^Y0-=UE|lOBuPdc5$XHux9=v7*)Ab_$9xIidAmGL
zaGWXa+-gg=5(VGv+IkM}z_pu3=xQ^1-rllr5baG^?`8P-gsgvpoRkb*YgBpo=$NLL
zQ67dRxJEd3bb6LDGW!t7+cPa`0G18%HBM~9j~zY|@M~0FC)AkyB0G}{e5wGqPF8Cz
zKl}wI7Ky#t6a`3n75JT8N+eX5<PX{Hj3(aA6f+?9FTxDuw@kz{L>-Z@eOW{yE>6W~
zcWm|>lAc^ATBs$dKEW(`OdNq}tEv1$T4v`|_EVaS#@a&>1lvKSpytO_InZXm-r!M>
z?KDmGm?=!h3%I)=gbjjxQ<>fI(Q{1M(mL|0F<1|qq=w!JXZ8$;Pn3Avr9TMLDq&^5
zsi!{x+lRlM!|@0HpFMoee^=#Z;o{&1u3I^Sasm~tKLZ6F;enS{1{5rR0%(-s1O(t1
zMeXfAN`1RH6EpuI+5G+OL)_oG3BWxoD@v9>?tuS+{w@0be?hr``&O2etbd;V{}=ne
zVp&=K!TuTI|6u>tuljGftQ>!^z)yCVpq!1Yb_!rX>Oh1)8sKyMaY+16^S>;5WjJ8Z
zcdUOfe`{a;-&+1<4SithyzqgyR@#&tf0+0GBZuQpB+-8l<6{p0sK@z-ar8gfzmAdr
z#&WX$!D4d$N5=n|VNRfv1LvoII%N50Y%KqLWBo_+hq}WKBn<5TOgYCtv&r$#L~;Bx
zkDULkoF4IqSXVn2VrF*WF9%+9uK%d<uf=2L1PVD41Fsw@u>LOgzpC*nvoOQ4{FMtN
zal-y{7>wl)k_fouj0(oe{I5oopzQx{4$O2ygk|N1WBuFze_FAz{ks(w+n>Jwf8_&{
zoJoOPPWZq>XDJ|m|3}b{Bi5gONjUz?DpdYY2aNyk2uc2~(Z4(R|3R`~{au~^2lbx;
zb8`GgH*O%a3py~s3m=S&6`12i@aH4mPXzexg$KsM{Be*Ilm*D_fd>q78HG|-Qc;i<
z1uD6&0%HIOVC+mlb~g)fP8Jqmj$1VWI};NzGt<W#6EQnGhaMcGxSg@RiKU%6F&EoE
zqS-z~ivow;31B!GKi1}}vjuS1odHThNkdCprV-l%6BM}Z0RimurThD->zNA51<dyP
z1jfbwx23ulHW1ev14>avR_%*4kkz{ZXzGg!oN<L{eDwAJ`v5!oeFEibjPt_*1LNZS
zr&G?qP2mCvJ{0NQpajYXOrUZ8J*z(c^8Y$RI5~lW{cMc}fuYd<R`N7r2w1fV18j~o
z2DJmCN3nog+L;1HqjZ4U6(VSyf6uZ162SFG0DzO7i%US@U)um4S=k<*x+=@<_pv12
z_Bz&>cyhfIt4mhapDNWVT?cU~4}^u44m^=aNMPfI8WKTBAYkH|rdeTj#6CF?T4m2P
zEAy`Y%vx$LwVoepd(gr6w(Ggvyy*b=2tEc)t$HI)zjS`QqC~mAka7`x$CwUJ1H>1F
zTsSg^8UHwJ!No>mwMM(4affGlCBav@#+k(c`|>l88cD730D+r@dj7-l^Yw(SKVU$s
zZKBkqJGEn42Og`lk()t)pP7`7&-1>4TsCzYNj~@OaMWfwz9_tI<%j)_pt5Me?vAmD
z5%5855TcZ9Do4}3*;`6e=Jw~{Z@>!xFm?Z%Q&1Qs2jAG2bLh!7_Q73lC9##=Qs>uw
z(x-CXd8Erkh>l{SAN2g~lqU8^-E|HRFmY1TRJ9hDIJwD{`Z{mVFV+HSoWH9<-grOi
zfn!6`>nGN$QtD6uQX74Syc=P6*o_$LGd!|aBs&#4h0iFLP@G}icjWqm(g2bkXg9Eo
zJM{gT9+_7pSSa0t6g!{#<5s@Vk-frd7@?vH*^pqN>qL+bau`w9XRio%%AS#>pm&60
z2IF57)@N!;pOL7ef{92uz?%05IFOj3k_J*xpfjRaN8s#`8+~F<4*#rA!GSU#emn@;
zpD=?44NFNH?-2q+`Z$PSL;>g{>2&b9J|r3Rm0u?-l@<nGIJ7u0^28%iBN^PhdX9{7
zo50^O6c_mwza5c2$BoqhiMoir6CRANql{H_OA&f*Ph^KvYveZsn)dg{7%L6ljWR}V
zIZIM`zq>>`JGsp9#&n`RkHc(55U~$<O1wp{vAR#QO}#1zN9PHTVgkOSKEt2)*JhRS
za&im0{_N=7Zx|n1Chr$N{$;W>t|i^rV21hq`F_#0Rv%-QRAUzRTI3qdB8vwL?rf$d
zF5UPr+H>tOKtj#&k>A9y27XS;#YMLszN>r`W(JOYW=jIHD48u8X97-UD9C{YS$nJ-
zlKi>^f*3nc%(A&9HU-d2YQ=|+bwdJ)PZERYsgllTX#RM}l^ZRxtYo*3fMZAg7L8k+
z2Mj%57~5SWxAhlL!|xJ}7NI(q7Y_vx(g#UaCjkN)#M~o8j~Cp94><{=Q!Z91yu|i#
ze8^B`h|(2h(xc6~AZKFC(tB`@sW${nOAHA49SiEEAGtm*Hh>$YlwiI}`f1QHp%R%m
zSW!MQG=lEdL+LqYMS2J~Yo*L?CC0jZXS5S9{o*rwDFkkdHV}Go{fPq$Ctv65v3(9J
zgYIuI3m}zEHP$HIFo*Enl8tM=v<3cOVCGm=QQLL%7N|8r<kzS!MYOK-zwW`}LtM$V
z-aLzXk2U%HTmaM$<wbd#xd(Tee?-RmN=><VX)|*G1uN>yZt;(<eUt1&ON?9zbN1k^
zAlA!ItS)Vuh@dI^{J(KlP?wN&o0vZ-TB<qPVxHeR>oqmqq_Mha@<ellE8@ex&1$?7
z_2spzNbvG^#jm4uuHkwV6Y?h#Bok(JfzP}<IalJ`^8kdXi)+6#R?Q$ELCOn?)?Bw=
zvY6K`JzRl(iYYAqaGtO`Wpsy{8aU@Ca1TndrZNbTvYj6D9l?A8JR(Ns8(zB~VLF--
z0B(1{ZfQutTkN^;wAV6eV)4gY5d}(mh&r7lZw&(cTXGyn_*M)DrAJBh#5ttEDs)3+
zLiHuf!2oPT6f_fyn7yPB%?$<Wq5@P<Sp2r4wrD3s&0pTpGr-MB6+l<TjyI>qwG*SR
z+bjxGa9QZvQSrP~90a~}y_)*orNc(=gHJMc5quH2!0CIuYBYpnOja#5qnZ=KipMpD
ze8=<?hwiniqw#7vOxYlb0?iOB6jcm2>jN2mu>@Sr%NE>@%hjwItApm_U)2$v-1A|+
zvHK&jtzTozIb4L~FBEnaEKyl!*-}Q~L<TTdsGFUTkGvEz?T>vaodd%d2+NRh3es1q
z>W~;HP6CoOG)lNmLUunQy7)W){6=rkb&i^}hf7A7zW`OcaP>u@oGFOq6#n}7*bR8%
z?*ZV;0^5{X6ktDhAz(1lew;ewg}%(zj-!am@|h+3jhKnt>dp~W!h+($8rQ)+IWm(>
z#L7!bh}y<RLxHPtK*V?IftVb+baOHmnai6=Y+CdcjJw<Tm52}5IlUsJhL7Wm-sGWP
zmO(Bv*`C9Mc`pOn+;&Sd?P0CK*)!ZLOgA9b_sG$1O)`8wLLZW?A|XD`DYD^r(HTXE
zQBY{;#U#6*tmAAwV~wd;76$+Ai4G_V=nQ-x?Uvv+euqIl!HgtEnm^qD1M56KcawtQ
zFco$zE72ABsqv)b)nM!;F+)aF$(H8*##P%h5ZoyE@Ih*NB~ey3zajb;%^0)g$NV4g
z%9J14io`t;Q*){$Cnpk?heOR0cXLf)EoONkt{44;C)#{_m66?xh4nbQQYK<^cYc45
zp74Pd+#X2)bp}J9J>}ua@!2Sw4<f_^YYoR+Orep{m}gf^`9iaqN~>;V`3;65@%iBO
zRYFJ<J34BKfzd!>Il=SFb<?9TxD!xGJ;r8ZmM~-YJ;{D}&!oMq{0bJUOU><jkdj>=
zLYgso3qH&EH*Cu^ktRak4NZ%sGCI=ADlrwfBW-JOW1R~A9S7ZUGr{YYq~YxZG>QkQ
z5f`cfI1R8P9%qSo99-(^IPLS2!K9a~-`vV*liR!WD&tMcPgb4#ZRk22c=&)jwye7z
z8&CLRZ-rvr+P<d+v%)3(ebe?1w&)P&@@bd-Ux^RbA|h%{{okv~9Qm9fYr6T-(XX*O
z$EHJSe<c-B=m1Nhtnyf>;1i<~;S)i+mNv{AB~KHk!3PHtK3QT)6KmsOU><g`cfM#f
zP=V7^lgkY~LHUqU8o*P{F4X}R)HxRpSM><>KXv=^l-t^u;-D_?(3mvk39l^AF?r;3
zJ6R&qlK;{_c+i)pB}@My=rr=Wed(i`BrmXlVT!*rf5cB?W&cX?&54lgXU-*F4=xw^
ziJ)uKPb@BEdD-@X4C4v(llvKV6Apyk;`ozqx09-QV7S9BDtUK8O2h{MeGsfd&!ZU~
zMEviU=vyn##xPkB-5?IylJ?MuK~w{#vST4WUNkmJh|DV5+%3$mQ8@PRneh}+O%gE{
zzsJ+UHOpBfr$iD<m+_iz!;a|M8lGl`R5qGKZ4180%7{p)!=Z$Z<JCldot|E}S@m`T
zaa-l?5ez!ab+lzQjEY$YD3(#pZsdPu;*0Zfh;B$Cs$;gQR|3Q`y->Yv?ChYTV~t^b
zP=OfKk2&W?@v}#)9_=M4NcoxJGkpi53$t&osn&TS%bhc7N!}2-#oN)@UP0-B${N39
zRD0tj;NS)=_nb_9WWJF?%}5rm#zp-6d|Q&m6Tq%TBvc4ybuPUH=+NWeM?@@m_uHhQ
zG4Nj9wB%Ny$jbX2{7YqeCGsQpVhzXW#J7i)Z2XJV6h4lfx9k+f+}~<XOSDO}H!E*r
z=absJVbZ<Zr1jA@Q;ik=5M|#gbQgV8Nz>q`P8vE{46y=bqRI!PbP{T#PnI%NgY0{$
z%QOrX@tvc8JW`I70hsp=tYh*}(qyXjt}s0mW?U*~7Hmu+=r7IQ!R==-50S@GO7vl$
z%2!zemQZOF6EcW3uow5kRX^eG!}`Z6NXH7UW3wVeOt^2mFpKUOr%mNzHQ4P=BX0HM
zrzo9s4{-~@nVgWBzA7hCX~F`FgFyV1Ny?hj<kPO)f=pC30Co}m7kb2;lvpyUc_4j0
znkhO}^iV@0il)>jqa*gVsY>jtq-sr!F2Y;zG6hjA@WP-}G}M;8cb_G%5S6t>5%ADa
zGK2!!I<X_Sw;+>8q9NTnA=s0Dl(ugROu|@wnidSb5gdw`IBV-m9mmAO%>z1*Lk-S^
zfr(~NXxYjf0!Y>bgc#S4E>mn|E32y;G!9SUTqx?7s%XI|+Vh**A5=xFQZ0}}ur8#h
zc`y<aDdIp9xWYD|0vV8R)e!ZtxRbrGRZH&Lz6Dhz#@g`(V;Q@~&QhshM*Mm_Qxysu
zX?lpdp?)h4u;XgGWK4xB{Ru-i#Bijnuf)IsMLoux1L(GZ*Cz1~qkelc!ZN`>>DT=z
z`x+`Y-B#t3gZhcXN-v<lphI$?OVxK#P#<6G;iq~$8AQVu*D87NB*Xp$#5F3Su1=4!
zI4PtUup^|0jdp!~mr5ZEQ99KsLEq)^0D9JKVOm_ox$#2i8QK|*D;)WHb~ddw1QA+o
zio%ShA%GPzG@Q7M(Km@|sp&5h45*`44Khtni78o5x-HekAyZxi9iLfP7ZJu;b&!0*
zHc^Pts$*f*_r(riO&w~IBh|2yGT>w<DhA`WC${o_JXr-n?HS^y1M$nVM`zRzhAOk-
zB)+bu>b5$Zfp-t1(8W!|jbaR&-LRC2bfIE^wgZ;4Ts8Uh<;CM9{NNy`x5*xPvYOwI
zJNaJ*-sZ$Mk@zWj!thR26KRyJUG6yQ(k0gY^(uYADo-h`jF4}D+0}$s5EJjQ0G&~u
zGN1!GV*=mRYCgo^ba4yt6yb-29_7@aVrWNkG4c)NnZg;BGcKhNL1sMzm+?d+i<9d~
zCxGC3tqfMFPEjvKXIQyo&gz8I&?9hP)z>bhK?+W~2t8@=)D^NqqUV<)F*xp+chPLa
zplSp`r3DrP-Eqn7D}oTEG+9IfeZ*S})O26l;ou5Vm&&RYbqzb5R>js=54o&%RE8To
z-G1a1w3I!hqanLop_66j7Qu5mwGfObcz{Zz5pD6JkfwoYC3nyMpbTK^Tb*IOf#Nzx
zU8uyXWEAm(hrOq4X<7d8(uz+)&hv;Y04<5NSJepog*HkBBm!+1kt&G!D!wQ9m2SC!
z&G5}DbME_CQjHmRd2iNas+uJrKiv~!l1Q+R_H%xE+Z6soCh^6p;KcdC>m<v0Fdzy4
zA}MK;zE|o3d@9<RHOv#a{c8SZ9(x=U{#US+SijW)eGcZE*nU2?N3zN6i0Kk76kep1
z2|fV+r8QL(ZMR`>ebmweY`(6FHuNc-hkbO&GSw6pgLS#CoGTtRf4$FZlGGQJ3A}xx
z3J$A~Tvf`tGlbn>fpi_eD^$O&1wi05?Y^e)Ey`W#$<tvI1)08e5Sp7CE?GGvB`*^4
zR;E^Ao9)QqWHYFd64@ilk%9JHi%v6^PV*9J(j_tasm_6#Y>zTSx!e&crn_YLDLOc8
zNp{pvF=fNspK$BVUMW+&-YCSe($Gq3x3(BF?h749MVz4xZ4nRmB(DReAi(e=7F4hI
z6M<D^SNvx7d_|YYz=X-YtD1_D^_Rmw8lr7zq@pk}0+?8L$VyAH_C_$}t*suI2xHP)
zl<t8RKAX#S1csp1*13Ij(#^3~Ny^esYf-N8d;Nge>YdNXZ19<Zy&=_6)9q1V8{It5
z<oEu54p?^nV801p25$;h&H;tV+3+Br4wzt|=6MUhKey099EsN{)Uz*A(kf-7Wf2e(
zrd=Q+1@?~DVQuw|=7R18n#Twd@(MrP=2i$mA04V+H>rEHCfvYtU}~(;dEs_MMl~N?
zoG7c=6qoVki>U?p8kw5PnJd2ObLKwwLO6;Tx~176cJZ9Bx&RmK6hF!-|7dPokg4XN
zq2CrjwC^upa4ywcgjaBP^z(vZ)%1=lzSnQ&mi=9tbYN0F?fHGQsa32|xgA)stbTOT
z_xb9pBjCJv>HEYs6c@#1tUV7)U8f^Si3}u%R?RCEupG2qm-}jX?d26EnPM3~Q5@aL
z0aU*_D1jd`CTn<&$rw<SpD-cD0_Hc(LxVXQV_A|!DlFot3(8O##nH~-R*Bq(OD!)Y
zBd0=j;}lX(ZAH$IM~$^#|7}VDHi0<lo)Gr==lj63v1q|XN~HP>VhzF3T3Xy=2pFSi
zB5o46w~nN!l6j7tHHco`^6K2olEpblsW7laVpFCt%hBA=`#V7N4p#`Uk%HR{cvBkG
zIoM=VG;Y4n!NBe<eT|Cw6hwbFm*$i}zm5hIJ45LB6WSfx;J5H?C*LI3L>n*M!}jEO
z-LI}mJm7^f9+YAaWUgM<rNi825UEGN9L@k{#E%@@eh>Acn>(m8-lO+|Gtr%ED!TFv
zn+F1dJPX>U9%8^+!O&J^xpB}GX4i*pi`^_9{YqVJoie8vWB^yX(gDVMQx$b{hC4Z^
zgr8}?8-_C<X}qSyM28_%+TK{&*ODjLNSjYxWN-RLN{~ze>&e*h*aMbXyqY&0V4G8x
zKwj1OQ1~6+5UYJMh<5ZE<N&s3R(S!w6q!i-DAns@8wkLYhEk)SXUfl@@BNs*J79hp
z^WEhchBKIkwyltOWKtfiT=%o~*%<KaCu-)Tqo{y7w*vkIrPUa%3R}-_^M^BEZD0ij
zxVagcd5Y`X+S|*i+jy|t{fNeSRn8DjqUw14ULnQ-Imfq1y8*29$u1emiIu8Sda6Ph
zjPwQBtK$F>(I`?qq#$BT6B`eg=dat~O9&o9VZQFMNT15#na#0^0>!+-w)*5`-E)If
z-o(aCSm6%Ufbw=6zS8N7Ltr#cw%i^RTJ8pJaqvYwKDVdlIm_|ev5!sgVbHzY&+GLy
zv?FoS{XAmyN~W;;FAibBaj`~g`D=sMJ=t9EDo21Jf<5c#4xk7NzvdI&$787a{R+Do
zb?o^BhGuSR*%y_{y&q1xeX10eYF;tx(NXG7?QG-~luzqI_F8&Dt&L63SRP`$Z)d#C
z?^^*uYpMq$#sn7qexu972HCk<fsF~&JhDHLYGkxyxLoMVLr*<+Q>EFpM=Hs!iAyWM
zl%W96XC8#*Itj(vV=~9rg7j0QyoZfSHI`75-x4jK2PDpb?ZGoKfsM19J~2whljvCG
z(N=l+jSUNM31U#j)h6-Gt8R}7+Av*^a)=H*E*4ZhB}4az@mVLcT28_gqvPXA<^>wF
zs-TUL<Lm@#gJx|L!OV1rvUg_u-kx8-BcK4{N|kvoJNY#BgIkf9qO)&KSs$lCFVe7e
zK6pV+V#ac;ox+89a5gGoQpP*rZsPVJHN8C??_yro^4P6110Coalaw}`^VIo-Z$A!o
zOJ{}^GzMJboqKlG<I3*SJW--&>Y`a*&8S}%UbA|$dSaX^&4h}RU07+NTn~Tf1nB~T
z>?O+PFeU5b8;)deSHzpJCXmBN(5bRhb-Q^}bEr&>8Gmpacl@v=Oo=~qqE#bCGT9rX
zHJa&ktO23--xAxLsDV-^sY^}QL4@orU^Km~v_U(;xQKa972bHv>y_yjGiyCh7;-}E
zNMgoEiZBenF~MlB?>S?aEl9pyG}i>Ubg`Y~`RA9dm{e3A*B*h~3b}Hr2jj?`)+l?`
zwddFr^Z9q`ddGx9syYL#_hE$$%AyU(CB7!P<?@*K;Pqgb7o#C4LCVk`q4pcXbvxY7
zwZC=4zI2HlW0T@_3K54->o!GoE9~QRlB3Gl-y=2cJ$<t3;{GfY4M$xqS+Wj5$1WDs
z%^kQJp}~SWbNOyTlT1ulRKBa`Xu<QW?hkR*ku}~)YTM0JDPs$crKqFglM>R$kk4=w
z*|@s=tr}}m;?ohLnT)*Y#o(L1tJcqSpVvrrk?dK``3@|R+G{tga`8#LRv#b4X&He4
zbrsCLeq>uwtedc*s=mo)R`*MQBTfp}E?FD$RORSJhb1k4Ep|T++Ebk1zTQV-*%j+E
zy~a*Q8>_<ICup6EzScNCqDdFLfH#Dp-^VuIM6Ke2Ze5QQJDokgWAZv@_EF;U1|;7r
z7FMdi+w-p@NpqR*4Ksd5rJR-B3ZL8B-nuJC1Sh=x-rJjf>Km4;TYJ(0@KD}kbFvEV
zvEi~o$tn$td(i7zB>Lv6(4Sx%(5l$UdJp9mB|2%=T|cL2#gr<@WB?}T(p1F4EuEM{
zN3Wy()C@C~d)*Vg11_W{xH~gy`JUp<9D@8wX8MO+_VZnzDHoy;HeQWB7-b>u(U7S<
zDK^{P_m_As_o~iIQ6(mAKtyZfEH5luC(OtrF+HbjI%X~bDKhx&v;WK05d3~>#mNxn
zJ&!DUUJq9{ST&}?D8wy4boO*#_DYXrpY}W798$JtPqufaO=v*pn+XEk9tp`0mTQzL
zfzEAM%7pUK^e~I*tuZN#DSV1GLpEfdUB~<U5Z~>1DTs%g`IUz(z!(i5rMwI|QYE1i
zcdiHn_IIPeN9KqKrFz#0Ir_V%DSFsDW}{$&_mSUMVOHM5wTjSfv5&Ii(_c!@dkVQ<
z<5pi717vU0uP%D)_L5){RP;@niY83vPT|Gne};nb&vam5Rx}pwh;)ezZA^-GtGpTj
zm)ZGqv)T|!*Zse90=T}wvjz#)Z1o*U@10$}BA-pA#rf^`+VZahm~<XF*J2HZX>*V+
zVG$H$V#6y^Tr%N)?86~|;DAikVBuniY77uHm~cG>!z=7OH_r-EFyH2#{<`u6k%Kx)
zu4(DXTEkY%Wx-HWX3%tIuVH=HpOf47y<&Z=zI7bfAEuqk2DpbF3sMGvDzt7`!2jMX
zKWMM%i|aXhgzX&z=|+3r?U)W!piq7JM#BP;+sYoyX;-#k_XA`TqSmw~b_>0Sm&fJC
z&kgNck=>;3$kQ)SY@`^u!{z)sfPU~-SK2a|uJy>ww)*{~?nNWZdBGk{lY?)4g|1mW
zas6F|>sV%xzX4cYLRRi&7&$yu%-5RX4u^pgl&@#7cb}Q8?(|nsl-sLM&NeatU3oN%
zdZqcvVC20OEyrOHZNs0rl|1`|!c*>n?KQ7CfxqV7HxG96P*rJ8`faa^s|KnYQkHLD
z*sFAU1p5TP5TI8fsMY4T>@eYIL2>nybKQp#?ymf9kpg^FAu4!}e9QlMAnalCC*s>~
zE=+$F!{Km44IvlEUv)KQ@x^(Y-cMqXDUV*L_ZPmb%pxq?z3(;Z#$V7gg{R^3hy;&8
zdjGOX4R;BxlJ1;Ye0`hyP8p?zPRBL%)hWRr;H7&WCTNkcHX_EA(v^m|CY|&?UEQfe
zMyqjW9Q#3RUL`U-M%K0H56angkg!<si$f8Ub1+rLFHrDsfy|c1gEAKah?|dGwb@C5
zKcXQbGX^-%d{NQ|1Ke_5Y=|gI&75J<2Kt3bejRk=I)>ep`nBTId2->c`v|W+vZbCg
zSKuu)(3EuHEWI&2?#-do<(K5UBv@wGrY5gL#Rfnmh*{Y2v!yLwOU!Bg{1#foqSO;2
zp+mKMb|FP4dK+vPEjMr@Vd&Sx1kRx~<|<@0n_ZMnRBi*l+8rEr9@w-L+%ZYhNGB7m
zV^E!`+D%ya5_V=F^-f}(z~^uS^+3ULW&cXD(FX=b$i)7@b(Kk}OM%oqK1~O+Q9H?<
zhYl#PL8}R=G2lP<1R;b2cmeiY6>^h4=NFX0XeBK)$$UO~(~&&26$1Ee`tGj=MQJdg
z7gk#cD)e!w{1zbrEo3sbq5f?qA@|LXKjx}@tC4(Dc8e;3>`1*~y8Ui!c8%47JS6VN
zyxAi(VvF+gTCyvr4KL07sY{DxYsh$zm=u843klo~ucvJfM$iw#3HrsP6-D5{0D^rr
zqpEUjgV2!nEoY=A#?i85RZ+>Nc!6vvR*^yh@lv7fZClBAOZqyZyZx&JI)W*}a8r@G
ztPIkRI`?kZf|}E+8*{rutS3n6!hSJk$A-a$t|eXJ%dXvO4Nza>?U@=TEf1qWE+_!9
zt!)3xQRw?}%rbX0bmy1?Uq($hXgP6{kd@y<@E}I8_w>p)aNcPN_!BQ08EqlVI%}H7
zZiF&bBIuyJS-)S;H~#&e%W23C;DFbk?Wkv7=@w~yxf5r|q_b1kZ=HH|pQ`h-{0IZA
za}q3G*agN(z9PMTE!cBo#wK(mcFqLAyEElp<uhu5Mtd16J!k~d0qN*vvjgV^g2f1m
z<}3q{EJ99vY?Z7P<PVrpi$uci{XK63yYQDvOw%fi#gv+;4@`tc#xNsDf~1iNw=B7w
zC462z79p=d))Nq(bCK{IYK0k9<+is*xe%OIbNgRw+oE4qpae+OUdS_jQ0oD9M5Lfj
zP!sr@=MSeyJee+#Ef@1SKFH$nJx}Ot+*I_GgL3O2*h0`!y~THIa1#8ljPka_n`U#f
z{5qR=&qxdcDhn1Zk(J{*lb>vI?XqYXjXR^h8sh$V>)*xhh*2rw8_)fPCj3g&jBgS9
z$9MdH2YfRFTg#~a<;?~jl+k<ynxK{ofir)UFUanb0H&9t08=(`fDMu8z?t$%G|s<K
z1pnnj=KkwLX6NAM{%;?$7PPABa=XCiN$wE~x@c(7DS|=?at=CSa#YwnqkL*P6htt*
zavFrL&%`$IECVx@h@eB^pR$z@`Ur(;Hz4GUI_n2h_x1&~GBY3U5k{l6+T6SDmYmuQ
zKN7w9{C;@*Eg^=BlrKh#YK_gXR?qGL2s=1T@8?Qj@(aJp5hifMdVe)8(Tqnbbqb4`
zaR6squk+*U8I^LtN5qyCIing^B-7qLQemF*jVXP)J!U=YZyCB+Y2UvYg>|Msn9QxC
zcI)ruL_Y)n+-wJ%$rSR6f{BCHP0z+eH)m;mM4>eZF>+OR1<PPfSp~aJ3V*!@xV|rK
zNB<3QSH#%AvP?_0edOt|-Mp7|r;E}gJSNsb#XN7JF`GZp1dOzTlnNbAG3W>wG`iZx
z>(qINOCAM=L{(7$UdN0w(;GRyH;3o4aysT%yi2B_Q(2Mje+2DQC@~~qvZp&03zP`t
zl_*-5mnY$~$2gTvQX`*;jst&vTtmun7kI{FGo(FL?ic9B!?b0lN>Y@t7M!e*_JykR
z4wPuipB89NK3lPyN^>j2Q&ElwvlLI3IVPpyDRfCnmp_!FE=Y}s;)%zUEU8E&1+NOl
z<Z~z!n0|>V7F&Qz6c~?BR3aWH>_>3KaT+$v>0<`(n;EE+wV}7m=Rdjxr0q{4x(Q^C
zx*<2=c%6L8boUD7Mxe#JKfK!hxz)qFulLl^6Q{{s;8kQ|GB_$IF%<LcdpkE<8*>&D
zNp6-1F?P&6nf7Mv#f^Lsdu_2RX*@M-hug8dhmLLlgaFb2D@)+zD&=z1=sB$k&Dm>=
z)+?{^M;>B-%X=`3cm${d3@ZYIXcFph)SYQ;X!PYJi;IRvsOPOb>+-B+F_JN<;c$t>
zc3lHSqTejFWW02BBMz*=@z(C2A_iXElZqCvnDkl(as;4DjHEOixw76dks|k9eur#T
zMDqxrm4_<dX-YHt(9msHS!mI4t2vkN*@0gytrzeot{aIg(=<r}B(C4%g$>%fT3*qt
zgcosL>%9wPNoP5*N<&%O??~HAObmT-&I&H+&$H;0Z+Y_R>j|y3sv!e&Wgxm7qQQB?
zF;Xq$YQ7{)c-RQ(;@0gl#ZdlK^I)k$<FuqFrY-Q`6FanlMZD)is~s-if#^bsUJU6C
z3QgaJY^+Q5$j*@jc+sLk8=+N!DI}vJs0@5{rGcHWXZkYad0Jcmd_T;-7}4O&)?4qD
zg>c>7{A@net>@%gfsuM-BOqH@PYIpF6nEUdeRy%wZiyO4xnqSC_?2ZoB7+6bSZmCl
zUa6^1XG)jfCslUr{F>%bi@ZHQ^tTdzZ)(3XQl=co2pZoBV7c57VYsIg>@yDc6MM=P
zuKs#0vQ3HH?-j3cjLHs1KQD(%%q^msBs^5M_;cj^cyJvm)aALw;vr1Tu}BL!MQD<F
zsa;qu5QSin>wq3)Z+b*o#|RwzwDF@X#u;Hlnre0}Db)y`1t^g+#r`Kk*J`~Gg7|qi
zgWQ<zud)f~0PCUcYr|kkFu?h*&H2M3==)^VJhW!ICN2_sXAQ6Rg^gMB5vM_;;aBoH
zA8hbjAd&FxV{D6c02`x3j(Wg~Oh}?Ge{i`RZETdRY{b$aT&-%~3(b+Ltvaq+Aa&oB
zY+{x96-nO}20sD-(9AfInZh^Uwk^L*4ei9>$%9V{IG(p&ZP^l`!|C#X8t{m~MaX@}
zh<o~oupg79xrRCwU9aSor9WV(&wc-ym_yXv;e3<ZiPTwzryc$<ildJHl7#nCP_%+!
zV7T4AP0=0sQb&$nELFb1MFI&P&-$pprF|`9b``B*)mq5mQM}WCtJs_kwVP$o$AnE$
zfBppt@FfExbcHKyXw4PZDsR!(FKZiG`Jl95lN)lyzsb0P(wA+5H13TyZE9h9k%Uad
zw+;dZZVK$kqFQNakV@X%6NKY)9=}b#`LDt5{b;0RUq7!V;wN!U<dkpU?ZJKOw-}Gq
zZAr21$vE8tvi2Z)WF^T<helG1mVW8At_8lP05WC_f;Y4?s1z6|V46Zew2iL8$`0Dm
zcdZoFR&!vUzHj`18%&{1#vH<pOmp(n>H2~i$T$0ZeuH)TLVfap9*XwZ<H#bDP~lj3
zV4v0b*bF>%r2?!;OU)%faGXQG9kO4QT3I7ToQbb^J64&n`@mc}U{a4moI|Rw0%_SE
z05Tb(-CRTfOM=du^Pv~|*{~q%r@ZzlnUQ|aq4c(fIZaa;ZW`mb9Q#(!)AeRKh+p-;
zzWo9n1x!f|qZjU?tEiwij7h&V+flg^aSjcyk(ANw8PaW`tkvBR@vgDno1V$8WU7*g
zDpft4(5FNZAbldrL$}6Uuo_p%gONDx1H`EuJ?+d+LydpqA^cLG<hF*|FdwD5BR28E
zl+rVncmI|u|BaB_r=Z{yzl2^UypL1i)`BtOZ*Y}NeFFT{6g={cAsZW)T1~lT`TkJN
zXu<7s96oF@VBg8}{&<Qt_%I&@ZibN4uEaJ-XuH+$2Zu&jw!JP<-^p}if)zVi4PZO>
z*%Y(5EQ?-NiNefm-=s(y++<>B1Es@gzK@lUia5Mn1xayPN6141QD&$9lQ1aK{VcEu
zmgn~yWDg!cH*U@DFvnR$^7fCCk*EPzHI4bhQpQLx%4eY~Vm|$cRK1W@^g&~C(0-QP
zFrJg7!C=_XB2rQn=&tX@<fTik9e~hUf<yEb5uXmG5L~kQMh{L~*V$eC^1*kSXD5Xh
zZvN|a1u!oIMU=WzEpJ(K`n0>JudMuRTXUlR>FPIZ!;#zR%$l&FJD<HqCTFfKDCHI^
zb+W$fBIoJ6?r$+Z2Zky<BMb$Z!&yfYC48P}3f4)diCdtV$y}s7R(pIDkpf_L%tSey
zz;Q7MyrrNZGSHRwkeB+23x?_`TroHTg4M1PBB>ftl_ogQjOXhUKlSVGE_*S{UqM0o
zPQ1U~_9ja++szG5W*<|f%c+(mVV!-SVodhaa@E}oUb$$VLG1jztJ`h-02OGs`}Ez}
zQ##|0J?>EN-1U$V*zhv$Pz-1^-(wl%d1P;Pb!mC`X`pBA(oz5qwS+atcYhd;%OBCR
z|4KAZ<bt;=z1CMDw0Nct17;3n@j|KdNUM3zu+R-P9z>ZRIubFI`;ET}X|0EpI&1%^
z4k0MS1?}9Yn^lW_P0}uuC}D+Ba_x{O{kgcu2qo-^ZF1<q1NU7ls|K(vm40&JT>2F)
ztzT>|*XyL3X|{Srx@T;rWfkFg;YUo_&9qoHxjql1Bkx+O-0ctVE8udA<rwZrbJSP<
zUBkV~WhOj{%$~tQkFkj2QErnUc=#pB2x3O&TsvF-?9{A`uX4}1ybrhRo{(dbq~#H%
zUi;Za@CWk(g7A7wkOqJispVT)@Sg>^ty#zRjKOqHs-h$<1U;0)g|`K{WwICAc)vpE
z9P9Pf!;Tnu<aX0r(WgV@uVMKuSlcm+Z!??Y!pD4LG~qHKV{bmvUb&DM`b_&kS(3LN
zHhx`?IbEbbd<tUUR}*89QAv_MPXA$PIp^9fpWqhmyH)aXXWs(w@&mYhcF-fq#imza
zBr39u2vL8Wi(o)(4(D751cjaBG#m<m?8JERZH}HLzY*2L4CxY21X}QY66|CB8R5~u
zKpc!RaMa?49H_EV2D$)Wk5m|p{(xo{yYLO-cZLKqjRQUzb1UK&I)K7K5ZzK~*eZDe
zKb6G+=^|olSTziQSHZ>(P^X$9m7(15VC~AEZ=1~#v)}tx4sltiFBgEypPJdtBTdzJ
zz|MM<!5LHdQwNMZ)3UQjE2soHb=~*+_4`I{QIMinIh34zrac`M9?qvUfdxx(ja>Se
zX*ia8zn$s#u<(^Rhh~MPOXNw7K97Fj-S*g6Iw{ofmp52I=2sxH*^YZXY`6f(J0ybj
zi%1~=SL+AvvGQ+4-gMTCU@QYUpYIj_Utw1rR@Jv{rBqswRzg5f@^p|MN<zB3LApDR
zqI3xdB&1V7Y3UTCLkVdSL=XuPkdAlo-gkc&c;EN-Kj(aN&#~5AW6fP_uQfIaH}g!x
z2Ag*n_Ssjf?Ah9$)jOl&R2F+@Pa<VAGIRv(Q@UGihdG|4-8{ww#HDu<jSRptSB|Mv
z_k?XNo(8`dy-EYX?|8bbI`k%N51z!<R&d>HVdPl=`p&hYKU_9$f_?`Q!|`mS^+SR=
zlF0pg<Ym-7^P5AilJoW=HIKD3MNKRPYo<2r!w=%M+91)6ySBpAYeTAcU*X7BsG^)j
zO~`BrVPSY|4CBlWr`w9Xx?1huBG7U#9I9<^m|yP(gx2~@xQzCguM_Vz_mShv?;b!G
zno4h<pu?xe=W3%r3Ns0qUgbDFh2RBk#_AeoZyhQcn3aWedpPM=2qb)Xvv@M@xfV%s
zjM(bV)}Jkn?GBjGmI9Skr5l<H&DH<$oU>ThCZ}gzUE}3h?YiN#wYYoqiazCv&Wd?b
zM{jdWE&m}u-k#AeuJ-oHv-r_K0#ctHTJ+PXEHpzu9g}#+h9fBGaHZeYVQo@IROd6Y
z%}cd1SW&c3rdgtn<1J2brSZV0=leTLosCVMTN5R&KGmN-8{M9)%lqThMo(SWv!nBc
z73}ckR6d8L^Tnek)ui<z0~>uBpTXPhqvR~GfUI@5$+@+rAZnUr{BWbHTZ5kkw-g&2
z2J+B%ODY0OYIC)wkMq_jon@w=IgA69(eWviw*z$sPD>p==)}tPSnp3qLQjHO_oXIc
z7S<Qi;*ukT2@mJF#gqZ{eXYGFUxvU5;9MkhIn1-&x+a)2i9_~JP(}}3_x)2-!=B>E
zXUemG8q^-9Y|pj@s|EMcCJ0bFBs^4;h~q@BNs_L{N2!wAd)Vsevh+u4kW_7!BqjS(
z`hy!N-9FWw$a&OtxU~kvsi)IpDxBM-<k^I!O5jUB@+X9aCls|?DXKxwba=f;wUr=0
z{6&pp+`Gg`D`Z%iUqdi+tJIGoKxJ7f273H~nSQz(N>ZPHDW`4=Xl?Jy58Fg}tYo2!
zG<T#J8F0pOEO~jBq8M?xZTAx_U!sJ!v&;BBUl>2m*^4tMM5Mwc*=;1K@0#qngpp;(
zS{~cA*fc5{kT>w#YKErm4m&b^+P>;tT6&$7+@yqfHe1wL>vv3U+n-LAnz7u6pBL+T
z$zP}^?%Ok!w)mei0`Mf#g~uPB_RSHXw^<%OMH%j(pQKj}Qmb?=%6{X9*wRqVAA3hW
zNplm1xUcI*ClIfEFkE??Sgh-0lyUP^)m-g*kO5a>{(in!oKNsbd#5)!gFb1EV8qL9
z>o=^!uJ0C;BDK_&3;aHM(vdmWeLreF5D&2vx^aYzZuZZ>Gyv8TNdNSQ*ooYzL&tXt
zlhZYF)(LOtx-F%^0z3Bi<k%Fhjvd_57+Q&bKQE38osU&zdz{9ZK=cqH)XdK*$i_)*
zo)jBY_vTG$X`vDk@pD!ukJ-d%w;MK3#FOp0Pz3u+EI}h2xjVxRFnd-{?>mVt&~;gt
zZ&o9%BKn?|la+yTJbJHuOYmjxHlq>v*Xl}OVD!=NU#G`=t-ahhYupUEv9vB3FAg6D
zFA;S@MXIW7Cix6k5VQSq{;iQg(R^OxQ-a0%N1@+7q!r7pdF-F)HmZMov<cQA<y|6q
z{$MYrS6<TU9x?KRVDSF_xVA$ns_dSzhc(I?rD1>71bfd$$)-C$pkLp#yNxC|*@=H?
zfX_o*^%8&^ome+c8O||VakT8+NehpX_V_Z-daOE6IWJyyRm$Oxc)`^7DRO?j^;*9U
z%Xyr)IMDY#P}axKlv4~HA3u1Y+T~;*!|Y%!<PF)&U{1%i{Bm++RJ7w#?m||BQtUSc
z42_>;GdvC$z>^rD%@aW0(WOEwHP!+x45wR1in<Ls<IP9!j&jCJ-T30+_FMOHb73u1
zHCaDY$pU3@GB8800}EfI1y5dMt}T~J9$XC-V)lc)`Vi!;$P(0N^Zgx}D|2du6=5N9
z$rrwAUKeF4+V(h!`<RuFOgl$`H^&6|o?oMt_2{Hp^KG*=wEBWGPdPk<ru2|$`&q?}
zOEj)pmrpYv4v1-QVYYDILGW|Rg(oF$K2LV`GPVn)>dVw<xL$ao&mu5)gH!8Udw_l*
zlAud1YJp&1(yLy6bJJx@SwzK*CYNeH;j0O5NsFYmmeO;oynCXYXifhCd(0y*Z<K(H
zyM=oPAL)};nLl_qj!>bmXlaTa%}43sc}?FcS@~+d?$)CCR!;MpH@hwJT>!dwNi;+K
zHFgV)sWP*XfEYp9AJPWu<*G3auYwsCll*ph`gBb2gv7&^fL+CtzeC0-2308%D13g|
zZ`~QH;WRU|ur%MCVhd1dh#@B`oc3qmmhcrk2qPfA8o`G?U6@SzgXYdX>C4e~A9##o
zGqt=UUC`CfjY$JX3=T*Xgt!sg3i!<(m8I!L>MK3a>%qR0Xv=Rf_k2H#Qld5Pi#?78
z^pb9>%tlu45dTKgITL)S^?Ln;S6+jI<5%CK@%tahPv5a~r<#F>AqDKYZ*pE|G)Ncn
z3K%mNAY`ZHuNQ0(C!wWj@gzGGEP%_PCE0#@p<hgSPjC*HlmLoh%%@$Mz3O8O3ZpQn
zI+OU@*Y}HIHOAtjvI|`UmM>IS!%9h&TTxCpUFpxc3-7P0t-86&yi!_|tA5dunfJ4<
z<LF>!Q%tS<Wj<AB-N6Au=C{dJyZG*a^6ZM?A?4d)nmJ=;a7*-9_eYJFzDur?`PpHR
z!uaLDnEKp11i*K%LkY_Bp|v7!sxqt0$gS7VRuru`ky%7&$MJq72OAsSUCI)S+-BI8
z^Hwh4;B^f@^{eIk%e*uA(2cGv$~g7`*g~Qc*ZTYAUPJ$_D-lMX@^~^w6}9B~h`OLd
zeA#Rd_P{JUSQ6UNx}f1TtD(-s@6j@wkmJr#D7R?%4A6$Gc>{x8ks*+q`wDS=k=)IV
zrZ7``{9)8=LVM;{I&Eo<h2m`zs!oo3szm|{)%vm4LV{|VvniUGq8Hh+YB3zq1H?U;
z(QJ#zu>{{KJyTVcoAV3wf9i80wMRiibXKfC3@ImWP}88}Z$CYnfD^(fS1U`p^*`dH
z9hL7F{GP=1PV*b1pD1;&QrP<Jt<Ja;lSgf_xF%t%A}g!nYo#K`Q$i++$r0me*gASO
zHs;IEZ?|x_F@b?Bwf6DOF{h#8&PEvdp9HB6j*d(-SSUWqpr*d`!Q_zln{o{PTvmyT
zqph?S33CkkMk@W2%Inva7&)EfpL6O__Vk2dB=NiF&F?XpFL_rL3n#IVi=}6;5vCvZ
zvJTx;F5FR)H1;pk^WF>)Yod*}NlP>>_8z$l&$e(aE&T53W~WT3@>puM{pr=DJG21&
zK9Z!DK+_WVy}^&Cc(lVAqOe<oSx$PhbY<7@eAI4}p>vJ#d^!2@58ajvi7Y78<Tb>B
zGD!)JFP~BA(*{P*2?#VHavMrnN=ntd%ZuODP?wQU>GS3n>xr1YwVWYj7LhNGv^9~H
zH4)Q(Z%ki8B!IoEk#JwYFh9Vp{F9CSB4skuH({3N{S3V9Ce8|5V?<hn-}MxLDjB#V
z+MgyI8_;WuGpg0f)Lesn13UwLgZCwDwadyY{atc*d#D9{XS`mG>he%9^~@{!{Ju{2
zd#lml#&LO#M+Z^DgJ9kvR^8$zb!}~pPp*66KWW+x96Tz^oINV5e_I{ez3O;E@tgYn
zLuw;E=ZrXw=4=LcF`(}r;r@ol{hw$Y2R*qu?3gy@M+@SA7g%w$vf;sjV9cXdB^(%b
z3|k3D1GCzSqCoszaQM&2H3B2@9{chU_TR(SnpR3`nl%2T$Hi|cO;?3h$?^=ZL9N>(
zIHEXoC`h<!?u3L$nc@b7l?Tdav<3xPEE8XEEM>cA9~xHg)cWw*)yNKt>2Dw%On)E3
zNd~l(%V*lZW?wp`#wD7!C$2vr{HuP+ch-Z9QtD@iG<$682_d>b2KY(l8;wLqhi@!{
zo!~7_Z<%&u`}v}Edb3ss=99&aFfQ`EcJTn=>9Szg;Zjtj_}2lskK3#ZBo;Z8-3wmK
zBT;0!bRrh3TG;Q^v`6G5j@qb<I7Frclo^vU*N?-!rCgo+etP~{*-ohZG5);0=Eq)K
zMq*9Zh}oZ`=X>~QH^<lB?y?fLeLYL$sf4G^iU5-AFvShUl$f}bSOGy^R*<Q=h1z!E
z*HIgqjyL+W^$7dhZ9GN+NfeK+gJTKJX@JIkCX1vTDPHNnEk%qh0KJJxeLNgbl3MUV
z6-m`e$UZ#_CUAOEA3pFIUE1fE80@ICx=h4^Pc@)=cs&<AbZ5xK3NDx;93Yhud0gXP
zbf}M!k7ryjS#@9nShwupC|*4v6%x52WZ`*q^uBlg8EPJnr$ryd`g3X~Qz50VF+3K&
zU}l!I1^+Ghk!Pr1Dr>>^5XDALR9Rb9n5m&zmKH5#_X53jurukRH4$)Yo0R_DM8~5B
zrWMB+6te=_HOzDB!?x|A<W;-n`b24dnwQD4kH&LW$pjDVKlVgOx~NlyNIeM-SkNpQ
zAN<MJ#5J(cMVG~TTiIuJ8;@|WrDy}xu(RT$85%dnJ9qMl{-8J+z(y!&jOt`$Xb}oH
zX%LQ1<dyc%l(7$w*Bfaq&GSNB89ZTk^%~!dwzRvB?n%tL*TePMC^EtmI}^j8#?{>N
z&}%fx0z;tL%jL#lXOB`&Q=mqml~u01jQrhv^ecHNxm>5Is)+sucE04Z_|A>8H;ZPf
z2C6)KJW(1yirn(N!*k2@MoH{*Eh2tPna2-Q-T}is{GP7anMGYGA#{||x=TVK>Trvz
znS8%;9L=UIYiJkE_I{hHT+WWOD$8#EP6W+cXH4VcZ_3;`>x5Rv3q%_4uYYa9Gno4x
z)_H<vTOX#)=SeJz<$pR+UsIpo=Jzm~E<deCspbT`Sjcf{jgf}!ad32H?K6q5^9M~2
zreZ@{ZnoWUoFZr|5}^7XnJZsoaP`>FfubOcU4RW;ooy~mF)a=ZAfPUvpPA4dvkxtb
zde7~o;N)JW@vTIfp?D`riNobap>7COP}kdyCrvRVKYbQBPO?&!(WnCL$vz%Ae?0OT
znAGUlBEzuPd~lQ)6}RT;&4u7s(Vo!x<c1C^Qv>ZX!rq@YHb497e)j43`-#^9DT2Rk
zu>aaco9(!lSUt}dBY78;p_+jdRulP^Fq49ExYsUOe%m{Lz{HA6GkzQM%b@zOW-*1<
zQ{?A?yUk8irGQALmAtxAAhVrT^8J}O{a_pO;3n(ZrriqPHI8^>^PN<8xI&C!E_h5+
zCmB{~%|H1{H!qGn+j4R>MK99e?rbCP+_z)^nxECr=Bb0Mn~Eu{8EWct67O5&U*zxN
z?x&zG@LgxGGP>h1XnopHL&d;EEk14zq{mg%2erBXaEM6FkKBu$<Z0;V%uT<KVm4zW
z>pSExRbWXz6LF8U-1Ag1w95C&sFoNu9iu=s!asj;d6iNdzO}QPR9Cgi{8ctLLQ7BN
zj8@<DE1>XC$}|Z7Y&)TgQdZl@Z+ZV-AQ-a6HRP#z!<vXyIc3?alW(6P^;6!oZdP3G
zv2Wf=_`L`tjV69}M}_ycC0*@y*I+N{tmcV7wnn*D9pjU7^A0gM-;=s+$k>c*L{&f?
z_(h@zq3I6s$omZUl93zExU8Cb3mFpG-e^{>`R~rIA82$8^D6?mUhqbfHsJej;Nu0>
z&ECaC-&EjawYf+7u8X#AVn8&^YGF6a!6)ZUHVf_}N~0%$g<IUy`Rd)2oSq`?beU_P
zokwsuep*`SWgdYRHgbNHEl=2}X&)Tvy@|K#uj|=V(K9Hj`&9YXm;7a_;ERUBE3^#g
zu)Wn<Ict+%O{2T?3UtlDh6eUhyYG#~1O0Xh_j9cWoK>HRsUDTt&Q0<LH`PrM4Y36i
zx$^ol=hWkp<QO=I;OgMkw+BzJxNk6En#Sb97!Bq<H^tRFBIB7!Cx>aqz7w>~Q7b*!
zz1iGb(oYmYs@>Jra6CPhO6(WfKJ`i({e^J3hHza}^lH1{8#$gF=<!HbBnQ_^5_gM0
z+sfP^0W~JK*8qG89y4CP@2)OV{!!An%f7b+CI<C!Utl`aUpwHAKc7x-DwGrAa@Om!
zWFEO@N>8sCC!x^cX-Ily#I2w#7b9Al+k`Ww+y=ARA_{jy7G`{RQOPr%c&;?}8C@3i
zdFI-F+h?#K-<<f~1A9zI>{yEQhX$R@k|AwdjYj3sJ^d2Z-p*n6TM%TeRbZjWX>16s
z?Uz4>aj*_0qkAoqvi0$5lYAO!X3M=kbk1zMY#Iw67t_7<Gc|M629R>vDuEInHLW7E
zrPsF2v2wSeJ2qy9&B>3OHC~Js4WfBxmK7(y%2RDy?!8_aPS+Et-dfc*NJ~SezPnl6
zG@!9;9ug5)Kb@)?p0}}?YV9DKE|a-d-Fn>3X5@2iSpp}BFgAU%9VejPlj%M3ThkDO
z^_r-BqeM=7FpbNNxzOz>e$OKkaYd%edI{q)5zRlw)0HDEJX=Xy9~zypFPYKp;l~6~
zLXy1Izub<VG`G^y&@`R)eMiZJ-U(A7TNETfEoSt%_c|GmdA*qq7v;7d1k>BPa~72p
z6j%R<oCJwfv9{0!&bANJ*c?@6hIK2<%v33cI1S+aa4sfmr$sic@;`Z5^*DW$k&-16
z51Hk=zRL!H<0<TKu+NTq+vcI?vhc@0R=4F$31!C{<acY)J>{z`)?0-G9eGacy^dd0
ztp+`Q-l?~`Y(8bF4DwdyYLX6$YJzMTkI_ykq|ReT>j=PNi}75ced`L^7KLIDei*d!
zdswe`EoA=+HCUCg43%Qrr`-I)wI1XaI{O+Z!j}I$z2W2sc8b%c-yt13H%y{0f3V^t
zvpjva+j|9LG22a~z|>YV`DS|fsKA_AB;*zmEO)s7kvP0UOx(cfgt9J4vMx@1j>mzD
zlBJ|i#l*?h0wXS>$ILWc6yk{USy}pUnJk9ns_qB=_EjPW&YR|zdYbj-Uz6(46Pc%#
zDai1W?qY&8e_cu0lQ*}}!ztBxFXAmk$X2xIBAbM2otJIXzs~tGk2c|HuqsqqIfwPS
z6{PZ+HS|96{P{isPC-J+?+jL^WK5p<k@RW;V|CwwbN3$9h30LdoZD`BuR(j}udrWk
zaNkpYpfrlCmg<n5&I&eleO+uYlm!pB=BCdB6h~PS-(HYFs|3p?n&x>c4_zOVTLf>t
zmQd;^>JWU&{jrTWx8*%T3HIh)=gt<Mykjk?Wz-iZ$ALxmuZ!1DF=6BRIf>%HF|V|T
zj*^fHL8Xeej{9lwgIMUMe#q?~+9K+D3UW&%bSoo^RbOHb<5;co`$DqTk~R-dndkLh
zAWles=yM3PcxL(iLcbK&s(lB%+w{?*!uQIuiNmK%v1glU1a7Mn(*g0L<0@*{YY5bu
z<d$Pu=Esb5Nj`3S<ma0YH)u<f$V`YC+wF>Wc%$^<n@noCR-{daI}t=BqY@?M`!s4w
zr5dll+Sb2glo?zZ7$6@S2}Qrf8!TiTm8LUd^lV?4YXzL*y~V@Fd0heM55=KG{1uh>
zuiInbUv+`g0ihd|h`;I<|FsYFci+=lb84(`!O}JxE<RWQ48@S`g8ubKVz-423PqTL
zAxH!-5N=||3j|si^I~-t0K9M{%ot{dv@ijfV$yf+S19eh$H4<*(bNabe}CZzaI7eT
z!@(^S1Pn)DMGww47JC+=zkjgsGqH_xHV7C7!p=)MZv#T$KuqreI~oiHVYNKY?}UPp
z*vEl$HYfms#A<V#vq9i+AXYTtoDB|wKraOV2cD^~ob!VrKz{>8W3B&*9s+|yE`niD
zz?p8!IWPnU1Y+ei&e@;{IOLKa7;!lmAPo3lerNS#H!u`(kp%!8d?o~Qw*3<z6nL2}
z1n4p|VC0zs%6Tjhex`hK&IW*^!IvvWAOYBPJLd?2000-k5a4A$00IfR$RH4ixKszW
zynh9QZT~;50|6ixTZ{$6E>;YLV2zgo1YS-u5D;;(-+>U&xrY4Z9|(i|9|a<zmng)7
zFEIlGU&;?4Hfb&ejm_1I$qIph(1=TwfUtRep>;qw2yhV$0s_y}YA$pW7<{=r*qJ2F
zIX^5G`7b~8KlEb{2*4#U1OmJm3<Lx}6U{kaAQ*HhSwT?HrCfkOAZI!!|6tGfhk%fP
zi~WQJUpkyX2+)~m&p+TZECdR@c&>ne0nm%gV6kWC$#YmR2#n4D3q}Y8b~$P=5P6XW
zEco9P{=*;`3Wi+t!!{UrDOs_-^zVkC|C9Y#@R<_N`3Mn^|08MO$ct=2z!1d6F2SCA
zF0l#$LN2g{<sX8r<03WK;x17L1p?0Gn9c<V#hzy_1_Q%3<YG6$5U?|yq;ps}2mwK&
zFBq}$UA}-ok(ZAW7z}!`5(pdyz8D|`ak=Z@2=Li()8Ak)L#I^O>)FyNivjk^B`GNm
zfFproNC}7-0)_xUP$-n781_RQAS^^g=>PT5KU2eUaW!^!^>jA3Ac7;|2qe+nyON4h
GME?WL;08kg

delta 42943
zcmZU)Q;;pdvMt)SZQHhO+qUi5_G;U<?OyF(ZQHiZx8IF(?)}(bRgn?-RT(jmqq={<
zjsw9OV1WVCTAMDL<H-J}nsWB`sf8&_S=d{z^0utzmgMWmnN{0!0azfS$hLY`KxpYz
zenFG{2LQQQpb%VXag`*Q3B)#Nx!3cX#d6;}aAY~;L_k*mkekTd_R(Z$m7(&ZW=2u|
zX>yFN;t!Ld{6#wT1J(lw>?d$mIqF-)p^jBwHWmQz`#6;Y=-{Z|nLZ(e|2@Rcx}KCN
zv3%U6jOEJE#>mN+L_N&1{8B)xUqZbq@aAgtvzsTfGN7tICM6+M;yOds5rm?mU{Kxh
zYCDGJxuc%V1Y`AnI^eJ>$ey}yMEsGTR7Y@N;DzKMg7t&9ry<naQrW;WNAqPc9xsvW
zy#qAROxq-9N$Y9wf9YrO;RaOx@!xhc;QOXkzKh|iRvM-?h=x%|%vRSaQd86WQ6sf#
zR6Pmt#QdB%xoXdTCA7G;Ak9Epr4E%Wq?b6g#{*-SfB*e?v9j7L2>7v{hgfMAhJMMc
z-hDTK%WaSNWe$(i*R<&1#$b=9_g6@#Kmlai_@kwZ=Y_=d!>vA`)sZ6#W|PFki8Ozo
z3T^hm>9`!MQ7*&BesJB@q!Gp_6JfN`iLlM6=R`JLZ_ZT6N@zVfUtb9*wpAt|R*G>}
zB~%j|$NEN{;h=r!y;x2@axSi4Zh8`)-0tkc1-Z!?VrdH9qo~^kX?Q0cS;AReZ333o
zM%M8+(B37`)ahhWETznh8+X;1znaG%tG>>!7QYx-5G2QhH{i^Bpuv88muc^+3E(7O
zVY~>{Aw>#<>QQw#U#TFpk^7O^gY9QEiwf`y<HP@YdR2fj45Y29fQ!Zdu|qjm*JO6=
zs)t83n`z~P@0y3Q2)E7KhJI{biwAItU7sxLOtkX<3Fqc&(BCL5d|NF9PX-50S+Z{S
zK|{T^+A=Bv<Uou_8H%De#ao^NA$&81S^^{EG@m&CJ4+5Q{z3xv1R;tytzj8~6IY^e
z-2j<l4LU#x^M1K@(2cZ0gNMV8#_#`wxtES!-&UF@J(KX5B}@^*T_dr<e*pMyJhEww
zL+z6rX2Mhg>c`bRe2~&_d|F~_!**nvvncs+;I+Nw%@@vY=^JAZvgyRK2t{C;S}j7-
zUT*it%4@{rhr}>inZjWQZ|S>ypQeTi{09%ZfKs0jSvU#PGIa?&H+00C!Bo%uHueK-
z>4*J0GZZ0qC5G~==1G{Ay9|(WV+`9XafgB(5f-M$`U!|1D8D9DS$2&8&Bp{mlTJxs
z{I|-+Ad6J_XuNKeO`@;d>}Q6W=W(4hnR0cYVvhNOqqMCc;D5FLtntFIXufbM5e0K^
zjtiQ{B`=QlC__}4(gUK`Q?;kA^v|^=q~vl+HtHC+vLeh6K<3ruo(d3J@OZK=0pRr3
zS=)z4?Tr{`cQ+(@%gY;o+6*J-?4tA8r&h2+s=I9~h|N*ILqSo*xoX{Nv=iH2tEGn@
zz?sCO_mh(WTFx5tI>YYS1)4J>{4cPpt0;*H+UzA+(H7pc+hdYI@6K)Vjq0P+ujZRn
zK?pVM;AN?}S?xhS$pDS)tk6CCRmsMAgFTxT(leyUxy2Sd(kB&(SFCtSWnsqsxHszx
ztH08dC`9y3A=UGpG!JN%%&prM?_$D_c2%x-7!piuWcPHYlxheYLfBLe-D9|~MgM~J
zCqbUN(!ir@DbhgpJm09)gyQ=dcG#g@I%nFYLs^)|Ye>_{H~?-`i+gxpY|%ZpqcC>4
z;Y?c?A+AmRR-3`6n>RV3OANl)S4yo{x<RDQ?O`efvQ#RqX}l8(FULHL(O#KX^L69L
zj!m~_L+6*m?c+<-n*0Ia(oken>xZ-{$NIjqmDHRhvHj8zPE_U-)k^QUj=~rE-pWYG
zAJJ*PXi?~HjR11Ud;-A*#az2Sc^c`;9yBABoqZB6)(a9<!j&p-H{gYD9vv6C_-Bv5
zuQuPj9T#3U{Yxj8-7@v`$0X}6|L$$EbHc>ooJC<4_)w5+i5L9VqQG|Ap56umT<;7D
z-22h#XK^+$=4`-AP%zq6?7WD<pR=WkR47tND<7kT&;f?Q1wv)sp%1Ap^43J%&Qfto
zH}lw<T0!8}(-AI1LuEhTdYl6u)VRA{AL~pG;CI+Ike;)8_arFhP^O8Ne?$G2lgdgL
ztN~Y*>8(4XSNK7Lv{aFO<!u&v?Ti?bcG_}^t6}pG0w^G2|J<OMcYyvBl0&!ZkLdJX
zw}-3@5CE(p>9K+FU7BO^2EciYLfjrD7w8=+X{HbBcqL85_&Z17QmVAIB6w1t-KyjR
z6NC0Fz1_P=g&(ykbrh|~j9GOR>JJpVAo8iYWTf(f7VyuMXnnFm4%e^1iD)E6&gvQi
zvJ(%Lble5t79jq>Lbz}LRCnb;iCQ084eJ8OA_DmPUn#3~U($XDJ`hm0?eCuHK^VFe
zG#3V76n!Z!*?$to>JVek(AnRAqdl-_{e^3`J;Bf1`hUOeJ}!@+BdRM2XcSg~d2j{e
zDml9fUIc2M>m+KUeV<?dWlvsGf4o0DGoC!1$n&@1^0w^U2W0+mWE;->a){RN_UG;>
zI08<d<(zb7HTd0W4b-;$0%MDB^7z|EZ@qJYS}>2-5}KONu)DN|AcB`T!8*7D4M6%K
zAWC$C=l<0b3a;pWbKy=)=4~_4pYg_zpKnPeOS%^Kb9BU)l@(u!1eD7hMY0Ls*+=dn
z{kkSHN_sZ>OcNE)()Tt<%^8aQxVi(hI{|sP4g+H{3N;49xvwD|`&D;_QJ;XR*AH7l
zb5bPC$yr>Z_3Be$EU$h=!oqXdO}ckZw6lAL%V4Jqk87Rlx$$CYFBRc@qf<5cJlj#i
zY~?WT;M5&W`S(A|E!ZC4fo-y%McUFxbh2w4^pic0)bS)IIhjlwSZzk6@Zw!);A%~?
z$fR(QQvQ?e%&Zkf18xHEv|sO(V2!{_<_>1AZZ77=_AvjsIhxqOa1b#O{r@KmGZ*Lo
z)>xSSr^v_0C}-|q>1IX5!knBSL;;Xj-DE<_HTb4=6U`fl7Wg7|rb$T=LCqSyD4h#w
z1m{?5Y{buSxhAYH;W`QtoqRKj-|5?K?^X-|!$J<6X6;#=7}%Tfc8lZ(AEK@O8|5bP
zIF2{2Yl$u=BqmITbpSFxF;6Hw9_Z(>H#^%%X{qYyLNIANUaybzd*h?t`2g4{<Pu6@
zo=(pME&oT-sd^nGt^{Ou!4!vuYyx#w1~CXhlr_$*4IE5_r=m-*O_z+)Q)%s0+=)fz
z%eEJJ*+l>gpI^WPN6(-4M=+OAG4RX9@13244w2LW#sOyqFMck_Qo9M_pM-X(Rl`CU
zy-wO5cfD}CT~^oiz;)BL>oOo%4*opqS`A9f05@3if<1rk56lgskTz$k&QnBzRv?A-
zCy9QVv~SBQ;k@heCzjcuAnlvG=_L(|X7iU@zU<FGTun~tPoRT<Omz2GhadDFsV<55
zJu!a14lvPWj~hnsdjoXEMV?8uZcV{hHdZ#-Mdru*tIaJiCc|5pTLyq`o?%`PYD{=!
zv{UZen0Alu!lIqSo$vzs)Mwv$oJ4WojLlN30}_!O2(a=_yZ~KN_JM%3q0F%gAvD3;
zop$O-1;E;&+P&Q8QdCgmayUr0r}i%1eEvDNu28ib62X#+MPrwPY{b?R&%ut0DVhm?
zW|NK4W2>wlakDXNdeUg;gMM>j9BIUkzhvj+5n8+tY6rohb_4zi4D8R3CChl+=$16&
zl4{|JCW~GXZ3oP}AZ55;Jo9Z_GTEfno==W(G!~zFWtBrq^_Qp+b7`F<*P%dB!bXqj
zx!>xnp^acNvM4GQ3-kYs9|tqj{~bxT{~pQYpfqy8w2r*%)+loCqo&;X!S)i!AY9+|
zo6tnHRwFs{k;Vk{xlB;ED9Q>$14M(4^6Hk#2klS1H-88=kf=-)ZF&k~8|Gg*#n;Q#
zdfzu%Sic#NkMiGFA5WBq?qoy7j*rymU!B{v^^2o-aT&oH2gRq!oYLS@?=wqo-D`!x
z;aP9MxW-uW`mUjYPxa&K7v=59Yq{f3%Ts{X&$UmQ{_Og(=;ps|zvsy)C=<g_;uURs
z1&jKas*dDo&5J0)=H(Bvsjq}n?_ZJ6ECTSSz{4TBy$@lmcVtYP)gm4=-Iw*=b6>_g
zaQgc%lH2%$D6U7=wf(TDjkD?V24yhV$EgfJM+xLCBiF4U`j%p{5L5ii7%ZWqZvE!%
z8>FMZp_=D{FD0SGDR!sgoTAS%pf=)qPpDhJAg*MkkhD>L9=-Nzt@{T{uQu~Okru?z
z*HECrp@mTanQ|rGo&U<Rb}m~zsa1b_9KM=%Wm^`4^MVv{W<o@8+WBC3cF83j;QI)8
z`FdC`J;ZrixQ}k9-&E)~-%5~Jfz_OOP0T-)HnRJ<E(74<KxSoZp<Q}L^m^(#94F@~
zB>jx!*IzYCZr=T!6(gDAIL+TY`5GBna{C-+=X)Arf|^<kYc^uhkN<>*%Mls!`)I!X
zG#$1iIXp>hrXh%Xxe7XfV2DqY_d^48-lnB9G8p968}#}wiqd3fu?!>SlT`+fS6QUC
z%7g|al=<kEnElFZU%?FPpagFn!seeM116N3t;z6K|A>&=vGoU5;&Erfaga}xnRaeB
z`7qLIc+e*=cX_XQk}K^jxsS<wvqn~~z0I`c?Nt&&?B9m4UY8R_4@0aVM$!S6U^T~E
zxr1@;s4{!gr@u~@^CfAaYtR&<jJC&%l4~5+B--><<LC061PQb*gb^zCNd+?H5w`<|
z5Ne|ow{ElL1qzZCqU;)&Vm{K@s&@zLZu-trUVE4n#*2_w4ASH`>9qz{+|~cJHWk^e
z*R26jwC-nt^X{ZyeoDs4evbo~25$Cz@X7EjR!(qR6UM&td)#|BG4;KhQ#WXk15cY1
zmFpewy-vo9x#9_ilFvM{aFwqfmr%wU3))3KDqnr=MEPxBO$XuW!f}tkm*SNVLy7Om
zmIM6_S0X$<jS6671k$#9L#Fxe_wf$1ZVrDuRuytlPfS^3Y*@)kjl%&*(o<poq-k<~
z6cuC+p7@yml8-)<Y4FUrCb$s|YR{vjaloRF<zB%k?qlbmzDwJ&P~N!~B6ybSO{yu7
z7|?fgUpTEiYhX|b{A|Uz?o;yR^^OEjBkMI0?UBl_MnY9PYAZ9Zv$f7-&&7v6bOYTC
zPQ7_HVt>`Wv^o4e`SS&MR#GV?J-TUeqN-NlxJ73y7C4Op2B`rxU~h75K%$z(vnImC
zJ6cQ8hm1Z4-uAfjoVRN!eKRz>QxH}ry_1xJ=l+!`41>e~cFNLu4w*==Vzj0Hjz&F^
z0uOmUbmlUGDKxpVkN)nfxxp(1Vka*erwQxWh0rO?u>)>RAWs7nZ+0_hlTlpPW@_HW
z*+n}PVI$FtvyEUVllLI0G;zgRdR;eIt~P5-<UPQ_c`G!s68lt7ER=?b9>`{Eth&BI
zGTE6orsCq~g6Sy1&EFr&SuPrFa9#)ou7tl??go-}5rF?qVa~peY1`iA4CN3*t#>D)
zf37@KOH$h6A)f@894;x_xwv>Z;P3W_xUE3WZBefuk05@a5m%WdC^C7l<I?FcB?XQ7
zis;<Of#}bQ8_L8%N%$JxVAk}QqsweI7jHTAdZHT;OOvbgJiq}9S*=N~FE#b%ebS&+
z3+hd4Fdeq-IDCR1;;oH-aQzx^=u_*4gQ;(l61sgs)S?04vtA}szilP6?m}V8E9-yV
zY*09rzV7bk>!Y(D(oMddX`SmHY~{TLgyCY3sMxY8cNJb^zQNcTe8jveo(ihZ0L(|q
znMc-a>?S4aqZ(KHt5wA;m)mxixap@Mm8S&%q;o+H{2yVBcnk*CZo-6%W-X$3)AiEL
z18|<Y6y5+NQtV)p@XY&^1qI!b4;kU1ch$DSQ{YRxy!ur+PjRY(NC&X$6nLD1tg|WD
zoz6MPk^+P!cdFuu&oC$1sX#m3WplS)#?d~wa7NvE>LUscgm|8%z;pT8`~s^he?GZU
ziOC}{W?YzGiw6pfJMH!D^0cO?yxrQYQ>dHfCQ$(Td@yz?@!XDfbg7G!X{V^?66d#c
z(vEx}6UFXHNZWn$@LNxNLekY{J8gA68X&7x99J<-g<bxNRh}=vO^*6SvUf^oQATx^
zrHuYBbUvA7#&>eU7wem*cW?_yb6YeUD@B7>w$cK!E%5@vCc)`sHlKZo^bH#{2E848
z?plECV&{LRrrfvvkk;`jIxxp3A{c8gl9(VYnHm&}Y!T`Dh6-oSj4K&*(tQ=2V^{h#
z>*x1S&urs%doMbRt`$<7bIH0x28a$)Mwu%2-_(@U@+ifw)-Vx=8fJZ35{w2E)>)<Z
z+C6-e4|p)?0L=W8a>n-uUgX^Ha%~(6oqoUxU)F>kGPV(5QF|B2$vPt}BuYm*;V98o
z@l;y^{t~GeiAEjs;14drw7#4xCVmy|#Dv$|TT2=;u}{-nLlkyX0$N$(c&Ik!$oNg{
zDaJQit0eKK;>@!co+y>})AY>4G0XA2r{(0CoY?;4;$keLVhEI9H(V0aF)&{%oGCzu
z@?Q0x`}L#Rxt=f_6hvj-7c*5eMp(;e%;YKOa`-bayhVK8vNagrI;RsT5!{>Ou}$W4
z^*PO@TJ!Ym1%hTt1;e{COYHau#X6!3V0fioQt`068gUJwqv;IM#Y28CHB{6H-2x$b
z0C&Asglm~Hez0RFRYb&GK}_vn;R=wbk|^8H=p}?quoN|`v;`{f2q7gJs#w)?=D!Bf
zFjIXv(c{$hsok}qoD*4wRt3JBZZp6nL+D@5n#Wgwx`2E?)p#r-65C~3!l(0+bxpe2
zEaT!4=NAovjV%@+EhSRBqLqr?Ne{JLpBpsg%f=v?2cA$}(mot27LBdo5(VU!;G<t2
zZ}&VH%4?J&(6V9ZPdmhPN=aRYvz-xjR00*%Mu$Q{cKeza;*|LG3b4U9Zv6pEp8O9x
z24x<K;$dZAT7w^;juQ)4DbLbWjwzH{ozRfaVPCOAOzNT``$o;p#~wcmj}Q1Zp_EJ$
zlOjG2TtBBg5}u29X1#=E^8`5WKC74p$vaiZ9kH&b<g=B8w=94rW<##v(HsaBH_}f9
z{+WV<4WuH5>%tcw2&mptrg&1f33oSDBWIe!&eAEZ3z4(Dx}?x)S>x-$KjtvW6r(u5
zh2>`>o?A?BgDD|d&C^=#&b`=1xNJ?q9gg@w7R%^DA2z(l5I>l+<^b@%Jc`lstU@(E
zV2&W_TZGhs7f>!s1u;mVYjP*by(Q|nQ!Un0u==@u40aqhA6Pq)?kE;fZgD*rTnxD-
z_pd4q`{RgPaFI#4{uSqrw-$<*3lfcxE40wXg3c4;58c!8;GNQ+u$L|8uev?J3$+Mi
zcI)634pV(J#(K&?nFj>@=l#AIP;j|7-8CP?H8U$C1ahs<2`@ry*eXwmu%lnLb5x0C
zMRADs{w5%aL62Zjd&0I!&gq<YYab>K;(}cRP|fPRu4U6GNt4RjTLrF+r5Bl27L^a3
z5_$IZ?F)UZDmO56P${TwKAj5L-j+RmEZDO-DYN8c!?PpRwgC(otv{E%Df2?vDUrlq
zlO`%OL}gc{s#~^dl_V@(_*hm*%F&;)JWuXKR&1d0W7JgGh16dybs2h=;QmoEVD0JJ
zGnq=QrVb_FsOh4Oq<?D^3}R2%t-MulHvVkUuD-^e%-S@NpeL%jlWd0-kfM_<SQqb~
z-t#?F=C&TC9|1OGX)kgeTQGB^IsY(5fccv&!KbD|U%r+Q?r*Qz@}Av_F19xl>$lE%
zt1#(Vl@G`GkhFH_j3$g;*FKAYKx1TRJ=q#F*3<L4+0?6fE7SXCb-%0;(`(^WE&_kt
z<zm!>1{}=0&wTFBkVMGfsYxu;y9pv!ybr3?2#g{^f&+A{`MTh9^%`Ml>q353GE~xN
zDA5xNUwB@HtgH^4)2GX}KY<1)Z};h9HfY|*BugGU-SD=>$@R>S5<Y(WHPeWhJ-7l%
zm+<$rD;bG%#>K66Nn);g0PAJ~cbF$9C%Zc^tJg;+;2qAKo0zuei7%?brWukQ0;F!*
z$a92CH-PuI0?p<Z!(+aqrwGJ<C3cHv9PO=!hOKL1Wpe>q@wJlM_}cmKp1-i0ke4$$
z!(28zauMHD^K|cO*?6MdP`=Fx6lsc-i|1Cu9v19f3q)C>7HFKh?BL~H8s`rByCzDr
z$znt4;k!hWa|5>syc+l(oGS1EdrKOM>+XfJ=Kuoo?32fL*sM8G2nAbw8GC`PvZ!(V
z-u24IXSv%5wmz4%@qeTrwMHNQd}01KUvwg#T$XH^4s?LNyw9sr7fFE++L(fVXv^-b
z8~){<6bREz4NtW015obq+6$6W49}FENlt)&>HPS&-_jH1ckjz4XMMV(##OzHaglH1
zGr+^c=l<g9YV5dFRL~&yD%vzAfBoY2l+n=e=kV+4;o<8uW^wXZu+Q+vtIw@NG*->8
zVC3xTD#*Ts28*OHJHF6FVuN$UIHnm9M`D+N%aef(k%q&qebsPb&7xYs&G!tzZcu&J
z@3y;4Q$COGN+XwYC4a+&As&+9^urtf4^TXX82-;FXRNHgEH8wv@<L|tE258a!rc;%
zByzezNcsaRRwSv9H;&9dQVw;$!OMgdzA~(8XeT|4mwToV(%w5DKviQ_{{g{{bFJLL
zcQ!zmxA_^(WCEkC?#9yXZ1i!w*V4wO)=sP{JWdWHfj{}(eEGL9^rHHsTCPE(1n{t{
zN7`w;G{D+)YvAzu0fUgFC2g*@4>F_9??qI!K2#^ra)nwEu~i4=ZvEp^OpCj&Y{+DD
z4bt4n>yY}wMY!TpUr!6O!furp$xO?wm*@Q^4sX?1uHg*4ZK!$$a+Gu3&CW0QX2;ed
zD@nH8jS`MFos)M|n6ZuTVRI6N2YB0nW400*>_MZo;9lLEKlFgOKae!Q^6|uG<iJIq
z?WGGrwifW!XN!b7g{9c5=p1W~{h_iQU9Os3{%3eM+Yb!ZFXa4Rt`H0R|Hy4tE-vQ(
z)!?lEZ40piGbcMSP&9+9=0j4m{;zIl=4R#kzfJ!w+*$vRa4*%AcRb=i5wH8E^@;)0
zvP)bl#{^zsJv7UW<&WzI{g3&K(K75|Ta(6ywwaeVlJ|mfRDUE`Mirf;Gh^1I^=70?
zRvrCp&`Z-NDL^s4D)@bC*M2wueefOZW~ls2yIF{NIr2cULb#G0wl1e6r<}u*Q)1Pt
z3q~9cnESBa2Yh`!Pv{yNCK2|g*U!#6^xVz>d@jix^;>vaWUjWJyTPAD<*-3nFa7rQ
z9-?<)-_6^DMO$Vt=mug-tosXlmt^}4h@6=2qqL#0%BZh%9&Bc1pQu+qI!;Zi=;<66
zen<%5QFDZ_2x52yH7$$tfk5O?arZk7w04jd2us1n0Evo;l2+~ehh@)d&7_1qHE4Q1
zhzA9VOjn;#&OB!E!`qUkZ<yAimv!<aQ(AWQ^m(IBPzX?Oml%F{Hq}nH|8V^+Q(Q-M
z3+F@~|G2G~1Q)Xry(ldZqCl$QfkSdXAC~N%s!gA%J4V^p^w@7Qkib}53S>g6PU79u
zNa{l*06y02Jm?p!_6X+{sBYW`=BdJ$#6?fs&L}!T>E!AqxXxEJ1@(J74fJa)fEujw
zeCz3SmTyhI>$re;-a`nb=BLn!k$#6as~?vqvturwN3v;~Sp!aHSJQjlXE<b}p3aiy
zkek-<qAzy7Pd_#*Un38!fb4MsCC)O?2e8gi0r^Y7djt|8Q5vyxKzX1L3aS4@i^byd
zU|Ms{X_npzWd8kS>DD#L-R1G*^L0|qDPxntQ$GIAwHw4rdDlvZ*zzuN;=!1y9N?37
z`fCR=6h{wMEHN%mFVAKiU0G@qN&2ShsG=J*{ORwkMn)G-a&He8?>8<TEuBOm+^-ZZ
z11R)iJ(Y*am~(S8I|AhjZKAKg38U8sLMX>b-o4n7v%1VbFUG*+Qdz;)6xa7(9`{+T
z$kYV!83-=|SWKHb2V3JIq(Fr5u<H3Q3oWzj{)2x)bwS4YMs9`_SzlA=+DbG_3y4lc
z>;8~p1k%gyku-J*B&EOQX?07|QMC+@002o?HLgW_XZ>ZvyGj?t6F7+8MZfiWX+%>j
zqEmp!zjwYOYtj6CoiYftM_^ZE=l?xgNOo1)bwXwtboc9yvbFscEQT2*58ihw;<jjM
zhxn-yX|V!Ln4P=Ff^X~_Q#%oWS4jtAj4tn@Jo!f^naY07CE1g^75339=6Rn*0Dx-|
z!8;}z6NmOmjNwQYFV2iPUBD6r1~V0#lM`xdEj3tV2g{oaHq`9jxiugAWoQIVBpzaG
zu~ed!NnDpV%}IgN)<J~Bp^?Otc))&+hKvi6Py$u#W=xqYRNreBuL`%lB%!y|mT$Fz
zgVWIFJw$_tn6yihq<WNVq4&9T0<bq@y=RbvD&)@EZ&#_Fd<w8`5Hy=^l=dy}w%_E+
zx}Tt);KhF6ps-}rhf5IgXvY8}BiTGoV=X7o^{HWf8-bA$tr6-bu$(`G5aRe^P4Q$^
zZ2gV6HooA)XsYwj5hB#b5n=*%?x1_qr?yLOZkIQalR&)8ukY{E`>xI&0K`3VS&syY
zZ$`ppQ5Y4eLj~&e>k;RcM&E{3LZAR2j*kl_pqO-lG=SB93X_!%r?u9+(h_U3vS}6I
z9-rP{J5O^Ds|pj+%a$A&ThIYh8!d@+PmLU+*vxSjNHpgW=uA=;>y2_{o}Fo^J>o>{
z&y`ts{<?l9{sJ~`r+@zgoJ5T&U${&x3w+TzqWtD&j+B!xJ8o6?LM07^@J}vTLnY$n
zsPbLzMm8eu<OPbwb*rx07)%-i<!#yK3OoZSbp*=a8Qg?#b<`u!HtirlNhFLVi7BZ1
zJ9?STREOwYsJ(lUc(Y|#@$X1uq1qayLT<>6n;)tm%aZm`;~#@(0Pk}0ef$nlcs>gx
zO{;3P#XN>|``+}-K;Mo8|BB1MotPacHtU2|=`eCFB5f23s4KQs9>CC&gCT(^UISNN
z%9#)E%W`-X6)yV$oq;z-8(dM(HG*<(gdMo0cYadTOTSQrq+VN#l2u0p23Fn>s8a^O
zY_CX~A?|z9uSiZefOM6NOREDf9*la{bLIR!GCax*>(Iv;mfYL1x~47xfVcAtPVKL=
z$Mbd-<<iwXo5H@+ObLXWKTqtO)5c>UsiLk@w*TUiO5wBt$RwFtZ*gb2E$|TCHx-3l
zt^&XLwv{wrP$=l=+()zjzvJ^B`@uyH0>bd$+-I{(aH8HFK%dVG&ihs8<2HUeqE+dO
zw{rXM<Gb#uF2bDDlL#MQ$8bcuEH7hRKg!6VdG4vm%oia%6X)rwqeGXcMc}8m1B-~B
zo_~meTQzdeKB?_ngrmk71ApzVHCw3L<yw=9yTPGGm$8)(#!l5S=AoDMhXxjx&y3zn
z$WV<Zw;^6Up!mD3|1#YSwrzk6O#`HsGmG8s0`Wk=8}P>UvOX8rWbZ7-I>+QO+&IJJ
zuh8OWf|9pk`pGe!tweQl=PhEl<bZYds{5tMVuDs)Ed^2kEjHU0GWD$Jg=Oiq$9%F)
z8G6bMuaC$>Gcx5(&eGTo$^lLZHCR#?U`YmChH!o*kynqoJ2ZRSTvs&uU+~ZRzwpn@
z&HVq6oa?_VcvkNJpg%dVcJhh|0U#S~Bm+-6mRg0Jns(ySn|HkaiEuU#+d!h_Pm5C^
z*ooeY`E~1R-d7Y<S!6~2%dHtNu@(QjtH`sX@~38#IAeP9x_m`Iqn`YfNwi4#V8$Vp
z#N_qx`*n9%cTZnQe~06aLOLOZa4aa{3jJb~BJ(r14gtl?JMHV(d;M+h8Q>d@KF*!A
z-G=^H;DyvdgEzeh$yS?R(-7-ro+a}R$`xnqI`~7ypX37cnK=fEov;V0&g_Fg`AR%)
zltVe*n9=B(IgS3JSe8jua>n6cMR}DJt$9t70r4rW`f=X`k(EF)_n+&tv4^O2cd9ZT
zL@04OOYh!dl}Gk=T7cW53ZUdBmrrL$yRa0jUD)*}UGRo{9$}DLsxutmY@Vn#rcbJR
z%qSyHYO`L@y+V1Bjf!=W+j`={;*u63%LWt!ig#`vV_3gqz{r3>y6VOBGBMrU#azuJ
zDN_G>xNX%RamYoa&+tp5z`4M{+uy$F^*JzxOj+Vu_`Fbau3wO23Yf7YG?>QR-O<xy
zWZW^x-C^|tCXR;Z(EL*~*Q)?WWIbM2)3nS?yFwb%5z+ZOM}YpgSmQ&0Q1sIh!c>W9
zl8Y7X51xXt?lR6jVixF^e;~SICjtCSnrhZu_uiswf0<aF=>E-nszK(th?Vp=csx;@
z=iC211YL}3B;y4F8xZ+tCS>A-ABWgSE#fxen0o`WHFVIH!v*Xw(chfAfaFz&BuO%e
zbkHm2kG(w-@hYn)XTAq!#2x`pAK{gP8mkFqAFaT1q`#<tpQ6sUhCl9zSa^NjfJiGQ
z1cjE;_U8K_{LI)t^p@c_)Q>eR&D1qEc1Nb;ttc;i+AH_USOF!`cMXZ)HpBRVkg2LC
zqB7X72w^oB@@>4L>oDl%A$j;_dEK7km97J%5Y%Tye}PPSdPZ2Ec96YyMuqFSp@%57
zQ=0+=za=tNpFE=2rn743i0I?9($!ShCjLf9n+C;)+=a61Ot3ufyJzrBmQAT<9L!8`
z8Kb~V`q1^d!T_QWV7wD&{Uw(sz-lnN=^#8arukLc&YyTqpq%(pj{cValR&dwXReYb
zE77;@`U4XoRB0!cCc2`cO{w0d8Z=;v0X={<%W_hC5)a9TbwGsG;Us4^2h8ONI?N1u
zqQdQ?9*iu0p4P3cgRk7mIHN=Y<5oSNO2Tb&jTG_Maug8n`#nEa$U~bsJcn9?hPJ+h
z2pvb|t}&ee@)wUXKocC1RgUStXhx>L6{U)Ww=*Uf-&l+{tx0BOC^X`JZ5od$mB4*{
zLTwDwCI&2*@=@?rd)4I|flAcnHsaA#4w5og4+H)JHWz_U?l2HxoCzI-J~B)>pRoIO
zu=l6p(E}jtl((wkdUYGvhv)qJuZ-QT`@vbt*{XlbLGH0SpV487Mxii)H>(Iog(lds
zp5ate_NiF`^lsGY{e61meUkHWq(VS1e{b#eaA*J6adlUp;ip5ukgm>fH;3^A(398S
znYSBjbb;uf;B|77E=d)iTIa#UdEuY|3x^ryzXQn8wo@Th{--K|_ICpY?C(?s9b5Yn
z{FjOvHO=d^!|oZmcHxgYXM>yWWredK(3IzXkJg{<BV<UG!rwW0n2m(t08Dd1jySWd
z&=zuWZ7C+hLr@`n$gC5goezOls~OV9q$&m12Afz@Ml(OItx)A>(F)rNXSe*QM8ber
z(F=fkLGHH2h#j2mf~LBWn0>D>fV|iMFBk%v_bO{)Zh9a_G5d%Ya)Gr}#;<X%b5<p)
zM2drwo|slBA!f;`N%#VH+-J}Fy6<blZNM2v{z0j8L3(H0&$7!b85j*`uN&kiWdu!(
zj(Ey7Zqo&kpDmr|D(e}DR9ls_;-)4EUJ4Mrk@2?$c>DOmYg2E%`;j@ZyUhHp3?x|d
zx+bA)-zUfwC`?Cc+d<rz2SIr;ibAM@dqsSsVHLUf_^%UjoNv%dxQhF-O;z7;4)^6Z
z2Hh(AT@kt}s9xr%Z2U_78C1HyXK!5zEP|bQF--*(Fx#kN?HkgQKmJY)Q%s;KkS?qD
zdXx4gEKuSr6C3F2K3uI`TO7S49u(Fv;UK&->oRX02gDZW_|3GXVum0jY3V%fHc&FL
zH30yB%7VXFCRIDziU12vgca+guKw*1qTe;I^^J(w6JZvOEepN?;|B|Gz%q4mg>8;<
zIO&d;w`9M7h2AZVhA0AV&^J5gz`>3(Oivs%#{Zb#x?D@~Pv#V|b|L+A)@hq_K~Dxd
zKBvbkT!B#diQ!~PXb~&09eR<KLe&Lww?2TpEA=&vsm!>7*v(nxg&JzE2!9K-l_WEi
zsY~*^V^wOhV-B`xXEvTmH2ClG9}tB}b?^4`_lj|0M1k^R8N7X_m#$)JSV`umPiYdi
zu<rn$GBzWM6>)7&?O?aTOMW3~=ftjVrQ=lH<vp74$Os%F{lmE_@Y3Q*SP8y`=1_n_
zj7>7p#d1qnqP6K<ND)z-Vg;B*`ZC&5*a@{!9Y#P{uHkdQ;6dF|+_7m`;Ur>Y2ZOM(
zP1zDbg$uCmh`ly@ElRT)G$_m?y*kS{BI_%$c`qz03CNnC!7Z&k-v{|f5<Ku@H$PB=
z9>q3^E*#>w52@rIgyG%0uKOi0Tpa)^CF_#LZL<W;Buq!sN-YGMCCP(w?TCb!$0?;d
z4@+Hgx`k5UU-G89<p%b$p}-2BGrDC@dmt%BF5*z!r3g9!^fcykq@MsEUUQo^r?~Sd
zFQ{S#VO|N3%6~=mn=exu9>!0}-eh+bG;vl^{SeiXToiqRHs4J^+aO4fre~yI>e^Ne
zeG!T97R>QHMH9pJ3}d~tARKK5Ah9zGv(}1z&qB#YwsOFq$+fl=LQgQ4<|i?lEu4JL
zL96|c{-711p$S|XOD2a&PwC|Uc3OAa^srU}?|gE&yNgFINyAkg37J0Hdkv#$B39}H
z%#%^=$N;Vsv7#KqJZU;oNPOP<0^&+$Ubor`-nzu}An2TaftLlwb^9q0_E{F1{Tb62
zE{5bP|B%UHNN>1pqhQykHsGIYf=F$&m&*?}h6tV^&p?Azrsgm{dMb-&qY{0z6DQ6e
zrGeCqPt4iRQTuOmO>l<M*aTfSC@NWji;o-1S^+JUFGLTEU|B;3?h)*3twR%cQjby1
zdFl%t#dC)=x?3-a5IDwcPBEssTsL%I^L0%fc>rJM9|(HGe8cY!D`50o5Ld5^Fn<cR
z(r*c@0|zd)Tr4J+HK6M&Pu??UtJZoqS~*2S6*t7Q%g-GR;;8^5D$i)#WhyZ4Iw6uP
zSAcRamg3_uq{7YN-EQL5nL|*Dfuq5n*9FF#Y)40N_Xvz>f$514!dt-U7m*G5sKG=x
zZvqBFfrB0%U@ZD`l11K}y-N_PRx&pG{aN=ha)00GE4Z<z<Ab1g$q;lZ95O4v&oIZ}
zoQ5JkWQQ!Ho~I$rI_lD<ia<#1aWLEB1yC=tWkD$R0F9I8VAOYtXO=guv(IE>64$z;
z^Wykyh{2u%FDYU?kV6P@g%%n6#OBy5iH!GB1GOmY5zJD+6ad2P&j5&QUgA;i&ARXV
zlgXg440J09CuRA(<Vd;OkDT}twY-F`Za-1P-3%5~H;^~k*&SCQrFx>Me^v|UDtMYI
zcl3fWca%#kftB6Gc90m6Df-;`czh&y_Xw!`mSFmCM$G*`<d@|?-d3`!kTBp{M?U#*
zG_m)!UMTh&>C9fJVo+1KnP>dL%Cm>o+M|qdCl4Aji_Sw-6a@_kL7dxfBU=<8{_AY0
zQCJm7(k+RQuhGaH5k&!`t^I!gV2;s;n3Mqy{f+x;=un@u_jB<{TNVI6`kS`7hsdd!
z-^Xwsk^P)%Fcq8xX`VV-1Osqr)6~XjW`lQ#)7%FDo+-M#pV{O4zFryo-rF(f0X=Vz
zn@T<UV2%pkMC~!zw{>1gV|bIqj_&9I`nMOp>;6S~!`@EKJu>1sO;tFUPlk)dp#)4l
zR48SHW^@cHbsV*x5k9DVZS1`S<jj=N`F(YxA!2-(je$7IIu-tX?|{MUWZ?lBEO^7Y
z5Jf{)j=l+PJq&0>lF{X0!c~8^t9Cvefu(L=?B4Y9f7TRjrr-e!BENlZ-RREdp0Z0p
zDR?|e4OJ0c>7sW5eBi1q;MrItQLX34)L0as2T0z=wQFq-f(|Wn+1F-si1w74!ridp
zkl24CKZa*C%(2ta5deC_B2m7Nr;dI8&nL&Yvn))dmMK<?Pay{8Q%V*qFzq{^+Is5Z
zCT>6P4t_Z}pg8GU%agAW{w)q14@IRhCVFo-D+Inx@UkWYunukB&ubjdCw<ph`^J}*
znU;savpt;CZS{SA{DRHs=lNWJ7TKhy7B9<>i4UBcyyY@AcL5{LcC$Fn8YAL2B2VY`
zzsHI8zl?c=Si~Jzs-z_MIHYIZPRux5823x#@9(gRuBa5ZJKhuO%(N&LYIvy2ig?5a
zRY%EF?}ss*hJ69=7bnN<yRp>tCzLMSp@(UuDnDiL9t?m<t;nRz;hQ#g7dfAaQuCaK
zBtw-MyA<cy3&2XRvkFG)zxi_1PB!b5Ia!%?)8=)sYlE9$i!;zpU61nbIUwDxHvC|T
z-&hl+dJ{)e4K!zK{*Sj&<*ZU>MpxXOmQsU3SX?Y;5u#eNZIC03$k@<h^*3RU7*9?>
z*7zZplz`-(Ipw7=ggs`BnV{P>m<0^RX&p~ai7Q+-5Wt&D(DRp%ON;XOu+QWLB-hhG
zI46A2EQg`Y_KclxDTIY6ICe~$C+xI7tB$ZPgh#8bJ6Df}K1*P2g%%sG7Wn;g?`@8b
za0X6uG&5-LdZ3*@+K{GZ##2Tq^t;%+dwW&XwLP&|1Nx#mgX-DEKTU{yG6@!1%-tam
z4cia07!WTT&t5BYugbB(-(H9C`8`FfZNXBidct^!w>1c1uRyYQizx4V#z~1<M-?s!
zl#iK@ZX83*Fckm!+?J0^SzDkwlXK^HL`mE9j)$v)fMI;eij1kKQ6%CQYgpx#7@Bh!
zOm4ib%2r#KO8Lr#HNq-Ob6~2I$1}T>rVP`i0U%?r+?kw@gi!{zxT}h4TD)gD9ZXb<
z+YL`Sbo%K^W?JsDZKtR>5KlQ3f204oiu+q?J3&nLjWPqj;jVNGvhH51Anal+-tEM-
z2C@7+ajhUxlfzGIKU;{v^Zs2(ydcuqungC*4&U@yPz5x|RxM}sPrpPikzC5y5+wJW
z2EZM6=p9Gp37TLlmlP0qdErp1KAJBSR?EOjQ}v75qRb$mj69BltJbq1{GVLQ!1lQE
zgp4?CeL*Jog|o>SO35NuLG|mWh3D<O0FtT0A@&JYJMg`&g>K+S)ZnN;Ku|t%kZZll
z8}@U&j=%y8$w75b-7x_T%`XN9VPcVQ7|=8%;D!65631jilBEvbFmSZrUNzc#Z-Zdm
zAivxWy9UX;J?TT5x+px_%yn4muACDiLkpe0G+^MtKM}MAFYNn@pI~3);<Q$4R{mpy
ziHA#Wjzi$wvR63p&O?NMJ~_|Dg$hzQ9$J1X++3!~D=ifD=b~>{&<(9ctba^j2QbYv
zce7@?0HO03%`&3Q&|UdrRLBoSxc)eV9YsM|ZY#eHFF31$D|_An)=hfMyWkM-rivt9
zxC=L%YI9=Tn`yx>nyd=VJT!fT$Euj8L{{niyM*EdoCeR-E#YM(s_eZkrd_;cjVH!c
zrE+re+P)7@P`^1X!5dk1pE!u80@z<KOq}ay#UL!6oPU_&U?3!B%lD>>MPG8k8vBaZ
z49k>GAyg0??f$5HuQT}RNR;ff7FZ-AR0RR@<F~MCetUcmXpp&RSR&$`N*xh@nXPb^
zfYr*JR&N;1y4+i!STKk(_?a(OtEnm5;GbU1|Bc3hP(9XLy}P_kb9g?F0yv%)Edi9;
zsC7%cm>J=wy-&leQz*^^)sWeTZz{=<iM)&OXt|`isU&|IM3^`PiT5KQ3(~M%k=~Go
zfW02!dZ&HmhkAHaOQ;UFChMWa#mU_ti^r8HJ0I{t|0+ySp5f7mpYzZMF8OO-vMcKZ
zOHnWw?u2*y&~j4F>R2VB0Qw8>PsJ92=VMO{eFqC1(^4!KIP817h$gY1N(!gg92Zn7
zkMg+D!?+JE7jY}P65TzeyE1G(Jdi(8tVgsXbN&G{QCjSTM5n~I=3T5Q%y)tdHKUY5
z-74?!K-X=m?iE<%sAplDJBw3Pig^teb)!!BFt$%OZ5QMuBU9BB0hGaIxxiMzF}2Z@
zF0ljcUVS^o8Vu}Uuw<-FAQgNv#8AO+O7pJUD0BI)N3S9su8uU-EN@HN;Z<6lSZOa}
zBHFgSfU|WSB>iD>MQTNQ*t?}e%Eo69rgC*6Er2+8&tbqVlAG;JVno`Xj7G&kQ)~iI
zN}bhlj>Lip#^}-b008c*ap8ekSw^n8sE)SRcEEGU&_vr~%<lILW7<hnrC4c1Q2(o|
z<=3~PYlynD4i}EwKzGg<$aLua%?_lEIm!23W;^+T3|E81?cKWL@5T7i?kE@a7jfhA
z$-13cws{-%Egybyta81T>0443IU^u3>yy0ly+YDX_Bk5>n7f(fA7Yhtl4gz0uv|^C
zPFb!}-&#52b$gY{-I22CB(T3E4z+g2ug-OEB-3gBgeN-GS;kO@wfkf-wO4<L=U}{F
zQ`0!YOJ~zA^YrgTP`D=csyOA>3u35kfS2NC_#uMMy%Of4$-$=QiNd));U|V1m<?q_
zpx?LN(N0SRFv52c--q~gruf$<$WNybG<qQ{M#t;$P0HBb2Nqaf-G=Ygg?(u}YxU+J
z1%MF23t-=s(OFy%*Ah_FA$Aj1$U<h>aVlY$w~dR+YY*1rguN|=xe|49$V3UOPNRlr
zQi}<6HK+^)Hg@vxvRqh<HpTyEk=~;3>z$NpWV84WV8B%W4u>r}w2iEx!)VKu2+R5k
zbw5+4zoND&uxg)W7(C94K{s1MEM~2jB`+aZ&aR%l|5zvBL#9&D*;;buk{!k|S|hb&
z!b1F9+C<uDnyFT4XF)i^WlnQAAz|W`BgsPJe@>IrhB{Nai`E=K5x|WKYpPMnylUT3
zhuKpA*byjgtUqoIe2C4y*DnHBjjWtk=+-0Xio4j)6`M}CoyKpX8BT;?<y(#og57%|
zQ$beAGAwjJHQbmF6q7%hDML?zUtBBac7Q$q4tfAY?0h`%(aIaU8P{E#)V-2YEYaj0
zjjH=Bn6J$GJWeLlX(>bcy^SbJ6`9#ZG!0J!n6YPDE3F9bgy9#g+eo@kDDl&T|KsX$
z&}J1>VzYK=c&=RwEy|%filWDAWz?n4my%d}jGBk!dm8Am9Eq8~-;*&Rlkh#3jcmoE
z_68pe%O|cPU?>slcTwmRbcKU++O!u-&lABS;d5rP0Jo@Pc>={vp!>nF6?q9C_6f5A
z=(W%_(HVz8ga5*br?$(@iW1epNeV!^Ukm9+)fcIO`<xw9FeN)!C4Ji<c?UHCSXhbB
zoFn=(*1bhup~A0vz)4F_Mf4fYGLiH3D)l&FfsK%@h>T^@EzEP!i>X~(i&;?CU3!(;
zsKm55v-1!<)o#&A6kJ2Ntv<eBsntXQ%38e)1=fSg?+fvJh5^98Io7j-*9RkcgvO?+
zEFp4LuWWydxJjOIzkRnSRhp=D;t|64N+k50_>8oX32y2``1MvM*Iwy9%B@kKwNyEr
znaA+}3nM_cIk1!9NyyTpSbVYDkbj=9wVqj`x7#^H5PN5ka5zpnGeQtrZ5ELLalPv~
zT{mo$Ir9vh&s57~Lrt58AKHJ9%2*`1Io9qi6vh*lJyx>H<6^hv|7A#R(~Bj=8|GTk
zRC50rn@|c+8QWdBhkp!{U`gvXS@`m{1OXn;><!`n-64M6klhT^Q*=P%D$0BJAw|zV
z78T<3RdWK_HqnGe1Qa;DDv+=P$QEo%hnP*&%evTOe8o#^-9$sO6P0YQuklR`l!Dl(
z{Pt0h<>Z}gUrl<(JDLrPo=}dx@XAY=7guq}^P3_rJ!X_ru|kk9TU$kdaV+c4CAF8Z
zUZ;r;_e!f+t(g<Ao*F$h{#qR^1P;P)g1Zn1ax2Yi{f2bI*F|DzjRr#i#55B_iRSu)
zd144Z{D$HhC<x!C`fv^^d((02v8f{}Lob{os0R$%GsfbusF-pQ6ZD{>WrYqtBp%-k
zXA2%1-Q0NYf-7U)Dt~FeU`~G{CgRZl&YvNKT?=D%blmj*%$;pIGlD8ruw(-hMIYLL
z7Fz55@y;jBzp^TEr)Mh${QCo~(!SkiFcIm+8M)mS=hIow+x5vuTMDF@-Fvuiy?BK@
z``S$VNH)DSiX*o-EU`_((ZcETCt&wR!!$r5r_jS<aGPM|J7iM-Q(aMJm(M^BZV3$M
zUEUoO=Co|L6aIInptMjlid$cnvRCzu$g=4K%Ok4*F{V0L(Ms$B(5Jg(NRG#7Xbk&t
z*5qQy-~wxp`l;TKUyTsOOytFmPG_X&-=63ogX8>x7pWay(6=}M>+?mW>FgvL8k>f)
z=ti2;^=Kiq6x=n&_h_l{h)9WyUhvsH^rE0L-IY5@vrkJ&d!O;bw@GtrndiexiDB3i
z8JSUG@^u`zBnsCJFa_5!Sm(A^KO;^cXa@HI%Aq|`_y=h`$i7tWk+`TRjZv4LJSV()
zRE9={tPC1+tE83fO>-F)Rr$B4fwbOo<rI}rDRhlyS8!>n85|+$bIi*FpYKsmyWmgr
z9xO8-BOl5E*mu&aY9jx0U)>Fyg6A^-lbH|degu!@&vI%qK>C&7+%y7}x%pe6U;fv{
zqr=Su^2Hf?z7veiQ8B~vKcBW-g~Q6PFJU_hgt60K7K;r_hBD(906UV_ZVc{KS`QiV
zDjxzVip#vN?Up2J<cd&*&A4VX_A_B`7DX>|^S%d*5&Z5sSx6g-EofFSp->mh`gG7h
zAro%=Z-_usiq06N)^3biy*l@P$k2Ak>FRIn{);F~9{5f`k05WPVmRr<svUO+Cl~#9
zw*cT8+E2iLiF!8H|4q4Yb0ss1iX;yO@B^eR4w!>RZcOqm^Th+iF(}4S09k;;?{SgM
z`Fc_kKui|kfZwMTN50<wK4#gX1OxR*^(cY^L8N6P9uE?AQ=<BC{O$dDL64rH!u!R;
z<K4m`K=Ai`1<GN}>V4d{jj%odTX}K>EiI(i%uG+ryTyEY^#Rsno`zr@xJ??10|5IL
z_GT7^2*v?{p-hMu%%43WTKt7%e&#9}bG>LQk_9Cv15J?^FSnTt>6aCSUKWP$EP+WA
zYPqR!I1+Dt3O*owYS4?jMv1m*u*PNWr&IA)#3o;dvPGLYN@tQ7fe(i*ZGezwsGFI^
zprDE7#rzM4co>PAL{54)%>i7zJYcmj1FWubqZDtzFd#pTTy}1oRA$XWj?PY7!AdNm
zM#7UW4k4$|XKeIW-=C8OA5oV<oT7tt_Q_APtc4d?t_rGhwd2MoA%n^4tG`PlfAg={
z#uGXA-WYSO=YdcQSGR<DVrk==k?FzYCIUSkSZ(Xr@3K8l1y%J53Ko}!GC;fR9b=o5
zQ=$Z%^KYD`a&B7#bP#`0M>iW{M4Idq4!%W-sLUMkDcyt?OXOk+!O@Jny9XRZV#5WS
z-i7Ig2IznXmz3cs*R6_D>83tC3iA}Tv&dD4e8tEf92IqctuGg;QbdbJ_aX(=1nOIE
z4Ok`_iqz0Y@bM@pWRF=q6@byEQ*hcgZB+{&=i)3%-Y7c)^nCH_A;Q&rkz?RLTf*7L
zlIiNnnD=9tZ=$pghBiA*QZo;K0pDkbK0Buan@<M4RM=`a4^2Tv14Fvin01#<FJFG$
znN`QrTZ~6x?|B9cJMKD=aa#2YVg%5LwWcM?-Wn$~^%`L$w31<@5<sPiGDu@FNxJqP
z`xi?UiW=U<gVH3qHABDwJKeS`9kD4S$4g}0#N#v*-S>BWn0OA5Zee-zML110$c$WP
z5+*n3FX4!QWL;QOcr(bV<6l=(xrIj4ur+wQVgVUP^aQ)BH#Js=Ec2qXYSB1?{{(>g
za82@+{M{G3+42$IrU7kBlDMkzQk3rq{?Up<jsAAs_TWolbmF`PYtV|e_oIQf*r<>Z
z#Ls^s*o-5^?{7*<{y(<fIXbfL-5QN;TOHfz*yxxY+h)fV+m(*pv2EM7ZKq>>dEfIp
z_nv#cJ4WrXYp?OFIo8^>{&+NJ%@JrxCKmrK3-G35J|9l1dpU$EzB;)t`5`(Wp?4W$
zN>K*EzetlPq$?!9V;>)zTk;djHEPJmar@YK(4^6y+|)LoL((t0-st{YL^Ht2Uk3W`
zjwnPeX9hBhHBDP(9y|K_?>d&?Z{d5mlIXtQz}CA{BVtMEM=a;TER-@&gbtrk|ENh?
z2q5v!s+2%T=2_8q261vUhVr{JT7MR>Z&oSOj^#7VRt@J6ydR!oVX~3>`KZG0??Yn9
z&0&$hf<&_;<Y5&AlgyV}JhcGAgCmlrYm;{?VOL#hggQO_K|aIZL|etnfW?FXQLQ4P
zE|+st&4S5M47##;-_d@K{^1u5ej%)`8;)m0Q$)5%uB9#A)m4a9EIw@172I^Si@cIc
zN9S6jN})pX%4(ikG<@|4wU5G<^ZD6nOQ0V%Yq9*5IM(5~9Bha)DzgS;4b^5VccIgC
zoYISl#L(nFGDhCM=4L}&(jE_=(H+(KO03m50r8a5ekjbnoOL=+&sr!9xkmFtyhDPV
z;PIL}g65oAW_V&RP!)R)+Os)`Ga<AxLPm6J{Nxez_fclf;zFB4r`wH3CS#jEtu*7`
z@}{c(+u<wa5p74&&$A2|jng?sg&DUTfVlDTID{6)0>dhb#wZ=KRUn%uHc=&Z<qbKE
zPGDa>gshsw8PPt1E~Z+T!|g_9PP!*CgiC|Dn7c%JCHDgLChr%@)Mii_E<^358XIq;
z?i`YGWwsFX#}1)#N$6FRdZuoMTP~yNX$K53T3F&)HS=Rl`HKQXP=-^mpT$lvasB)d
zp71s>G5ySn1*oS}&RjLtXb^L6;;%PM;;^YRV%J0|N+eTAYymAShtJDMkeKMl^uL|f
zE{9;_R8Od#M!=C-F|i6`=0u8Q{_vtWiso>W801?1vh{7rKl`O&FK@rJAonZj5eCx9
zxIx~V(lR}{2o@F~r1~=-6=v{Y;lMj5GN3amE5pu>!|G^h$(Yt8;S6S{vQ=cQUe~Wv
z{FPF+*oC7BK^9kV@?~}P)WO%s!<T0`z=su$?<(EV_xa^CeExOMqBFBAA#JKbckeyD
zXvRgQ$6T(w(%g7S36>}Q2m0knju~$z^U#)nLN!+iQGG8!s8nIWA=?bOF!=h)+#w7T
zS^!9-4j~qY!*3KFp{Fcuzx+q08}>P|;Mepc5wsDqMUSH^lA-hj4~I3gb-*T;zmXn7
zaJd0Q-W^&QEWFEPM;@9CVntVCM#uuIbZ4y3mR$jTPA?R<qDZvd2C$Y{x2<t<J_gZ%
z24w$aPJs|$r*0+KV8PjmOKXt1Z)l<lh1J+tAU;=PfQRHM8cvKNo=uibGfsq3)(TG{
znkGXkV0oC>ScfQ%=ijqv|JuiHh&<Q2uHp4#Vv3!cK~(|Rmw#3dn*YZ*ns6-i`Sz7n
znD{0YT<7SDC=Syx@gk?ABcGE{N`5Y6B;h4c>3$g?OUIGVnmTM*A(NB2j+epT;{5|9
zMcsESJL#;hY;568uxu{STX(7{#D}+&P%zc2Pe?jPUG<o;#)L$suE;f4H^j;H4NECb
zikd&=qiI@-P92M{A`-4J4DaH!b)Tt7<*AleN?00<1--rj8~e3neJT=B)=9)!sF2qQ
zN=^`9dtvPnhw;^%B@-eUE#hE%?j~B78@t$6lM-OaWpl{QV8Z%0>Hv%^laol8cDfmb
zNi)MY>VU>O;34Ou7Fc|G3IeVT#?nmyrR%GW8HyH2`QZuCgk&69`RAhEsGVE224T>K
zT53n8%I1x7cR?=tRbtEkWPfZZ!U*eoNx==^;_uHi5`zA+p}&e|;)&NZK}#9y<@|&y
zRl-TUw>~}Y%%q5iB62Y#bAL)X!+8R8Nh?4Pp>a~_Z)5_;OxP^-@M@(HpiJvcC)h-)
zw$IH?zqm_+yxAS1WleQsSIHAX976f)(&;{@d44}%+43%P;pF@Z_K=Q`6_ZF>rw<hY
z(zZ#}z{h%&zaFpaCVYPzSRli9>J1ph8>AJJ;sV(POqA}O!YDxswh#rnkXwTVAmMCk
zUfr6Ly&bo_0oZDf7MjEf_1gfC&*&T7{(+$Dh>b`n)9MK1s-r3Q8wVxwa9=!|UlEdr
zja2$m*rz2J5aO?sb5>f%PshLCP7Uz@o~zfdTw|m^zH_5&X~(Z60pc-IG>kRSq%F2}
z`QIgpHVV4LZtOKxI&z$1=zkR5+aH)sg(40eS6nf?YCx%=K(85~F%v8=KSEWl%v*Vh
zUh&|k<(i%;Lh#9tB5WIH&!@1<W@Bm1vcc+>PzZ}VAn|ypoucJ+B)!P<4ZVc}qTWb3
zqYu1e%&w9&0z2n&r%}pV)u%>^9v3-}v;&Jj6PP=)PC`uj;dx}u#6>HawC#8cA8D|r
z&`9!;h#^YiK`hGU&!XfsjN8H$S++evZN6<9FDm{Hje2*+8j5nx>E|G*u1qmvj4Rca
zim!CPFQp)=hcNbuR~?{JG2op7IG^l}CvpZi)X@hk{1{ltw2mx&N~z&^Ylk}2otxDv
z`y|^vgT|qyaAo}M7hGv<4BdgU;xXkfqAxpbMR44MQOM?zBFwB>)XL&db|b@hD!f5o
z8-$92d&o(ml%V*_2CCa>895q0UQ=usLfDbV7zp8CEFLJ+cDHc6b$#?nHfMoN`G0%L
zT>oAE;^t%l_9_bl3N$zD)+Deb?B6j0$%INo2pr9xtaG}*htIak*;M7bH8o)O{3MXJ
zp-%Xx9n7fe!EQ$5g!eKP7wPjn|ANtmB!)YKM{w(T@|Q#x2{iitaQ5NW{l~cQTAlu6
z*b4^7XZhpt^QlcE%szD4M5>;wqL2~_3xR}1gWw&G8;mG$I|2eQS60x`>LGf8U3G*F
z|JwE(`%B%OOL$C0E%M#u{tnlbPZl>&SN$gSKE&LcZj|Xu>nL~OB`P>2p4tja)qek*
zqyWja(J{(<w{x{*@pqs(bXHz$2K`neq3i)vo%npSp$bz!=}$v8eL`o~8N$5)A0-Qf
zj4|jsNYaV2#O-dtFY4NZlj`lh!rC(<g$q|&cgrsHqAaG4ZdB&xl{>+Lno;XFxYV05
zw4q6~09`Q266l!QhW+5b7z6Exzl&$u%&79*;I@&sf+l;uQ|tyMWJzylEmhXk=J7`3
zfiEaEVO5o$a)&!$C<)fzvP$qp#yg=e5JyaOim+~5Fj+AIE>ho&?=MIO4Uqb0C<Txf
z49AG8D(#b!$CSiKA^#YxS}HG0&@Pt4t#kTD-+2mqWyCoAS{-}79oW4!bM^2k(141a
zY-?cTY@nX$3vy4Q22Rk7G)CiJ^au?2rU!qlu%7pkw`E34ZpQNXr!;A+=0&#5Dfl!p
zDu^=}xyYUZHmIfaK&q|h3i|||=-5NIv>v_RD<?9Bca^MCLIW%NP0&KMXF%pIpIe-g
zph(+I$c|_%P@~|K>~59UcEwX#3k7PB0i)vg@+3E7q__rIkSQ!f8Q0xwVPYvkO2?eY
z%JB=-TT!6s!V(tqg!vvI-GPg|S+>C?B2xG<vJ$?4v2<I$Jqln|T6s5}W#^%5g1J7X
zX(!X^ObG;SHqXwGTOBS$7?fV5>9V3k$dW#$qVz!J{`VVx3)E9V$P+C2!N!sZLf94N
zH;g}WG(i#kcaHO9BbMO$uvuU^A?!O)DK71^Gh(su-ULA*;P~IE2ZB789l^}_$)9s&
z6pj@EJ)5pEK@ykEPGR8Dq)+HX%1eDS(~==dG!M_+zJ67p!-3NtgPk_wXae=n#ByY-
z-#{|VuN%>gsk;}ijqaY_PrxUid~VtF0a61>`6Dfi+<f&}?vy^C1Q$m}f#{mywIG5!
zZdd$ayxbz+rI0$#2yGueHImsKdTsTQObJf_N%5l5i{Zr}^v}LQLg~Wt1;kJd+44X*
zzYAy|W$ZlzG}wVgf46r>#kBXy;|Ha(doWd`UFwj@1gW>dJgsDD(n$1J%dOD8^(^7L
zGGa#TQgWCWEv#?Lk3O#5_Y3LI3vll_IPf4FJ-bGZ9yf3I-aM5y(|GYm4c+zXf*b7s
z&pK}}=Ng?&@4DunlUu%Q03SB}D5?4aFlgS&qR8WCSnm}nD<s`sdS9tCn$xFTk#-EJ
zIppSwJP`gS3_c0zkXwY3yviL>q<3z?`GH*Z9|^J_Y75n>yQ=DB@c!FjpmPU@sD>O<
zpBdWyh&AZXl%;z4f6`Q?PEjpolFY#X=Ngu73tAvl8JM2J7I^dQsm=019dVlXN}6S)
z<JI_z-;jXp;*VgzLlOANy-ftz({pUW7S9Dn%=S2UjzbYt^qcamLVdMkTMPGtu|OLr
z@vxN7C3HVrE=d^B6&0pc!40}`TJiL+JV(++(1Z?de}?LV-*T92{lXlm>}+oUs4L_v
zP$8~n$Xv?jD^|hm!g7=?|2Dr)H_uV>^C_{;eCX~xUQ#W#phJSPA$Nu3)1fLTRtVEr
zg(yW}4jsFAJ&ah)e6&`Ymz!Cjm?t<UNwn;xs<bB*jyIj{LCh#=gkpW*pZKn*H81vE
z)ltB({*=vrA6fOB0fiaFhb&tR5T&)&M?|l&EXc*5FHWPzY$^N_6}4^gGA2i3vte&~
zV8Y`k@meyEvFk^10!TO!?<V)Fm}gHK#O}_<m6Mvoj#a5YnSxTvE+;WS0l;we+mhgY
zzvJh*bUB=h{ijEZ^kP=*&jnj2HuX|=xaxTWmhva$NQhfFwMWb5y$dA(k{!Koq3D$=
zzk|ZW>=oi}*kD_w3*SDgrU<dKL15~;u)~{<$e&G6s~wF!7@{#9&O&hv-io~H7;(XT
zeuh<1b4G9{S(5fgnyJm`3-Y+KfAUh7k{A1H;haD%zLCTN>38uhZm!d_jV!CMc|KFJ
z(!cZHL-Xc9Rbv);^^gIjr?71o(|z>kQzAKBV7he4fwi&DN~RO+=VO@6^F4g)v}sy@
zZQ$3ZSv-7@(a~Gy(vTly;<b*^9mb`cJj`+?y_rVx@LBU>;5#13MFMM9Ewk3;3TwHj
zyweZVGRxyfJzY^eg%T-EY6oZaq?Z#Y$v6#ESJ*JTgrAGi0&f5#mZ>5I67r9hRzFaK
z<1Y=SeS7T&7hDpAXemj67#g5n94O;2JP$C55+<V;iGpebr4as6Wqj$hg7x6FCf(}3
z*~yCR#-JkpgNc4t%3r|^2jP!3TT<vFzE@W-YRr3T%_CRiW4?4|j!M*H`U1}M`}d%P
z`JG|50dQnm3}%2_i=Fm&)7~o;rD*s8)0~Hm7-5Yu3ZK`Pmoq~*{y7(>+K+8GwKcg+
z1!!Am0R$=PAycEon}z!Y@BBy-e?oNGP^KpIbMKlIMH(RAQmY=jZm#VrQDP@sTFl@t
zzQN9}`${)&KdH0H-P2nu3`ol7uFRqA#);N;PuF*;Qy;);dh*?o%$>)0UFYXZ4OivW
z^wx?|LvxCICDL$Y%c_yfK)=p8p6K;h5$wYvTB~vfwd$z~*ZR=RA7L(@&nr}dr3m;~
z=_+-TaFC)xBiqtEY}MHl^K2_nssoj@b<r)}=zgN<fU{Jb-h|fDV%@$*&STpX>dM=i
zxZhDivO0i89XPOMLTYU#*n*@PeJ%MuE6jY7ZsBe%8hEvy90Kax#llNzO}O3!AD7)k
z$o=%WP$(|C=u8QAZT%R`YS`Olwo-z~)sBUj#<QnsDNj*p6g0VP)+{Fh2z^(^dIZZj
z5wO{D8e4PxNcP>4Hd5m$dMso%oafPwKZDFTBcTAHdqf`DHhKI}{MsZAH!}Poy5lhj
z=YC0~>-En^5D(16%bbo(6$#0NIWuO>2Rly}HeSv-8N}SEA}cLAV+*QZ>i6y<Zsh*B
z2TgB|&kqCl3sxVG3)eZ_+s~6mzkqEce`dJg8X&C1gHO<y69adBqTr2LyT2NsBb4`e
zwvhq0x$#MP!)5uCKT^o7>dVgZzGqKtk6h+JP{1C@P8->0UYVc1({9b5p00*U{n|%J
z^Ig2O-xtoP`n|uzn!yFvW4wG8Vm3x#yE*6t7t*wI07umV7m`}TS1i?ZFPQ+x&ZvrM
zl=)VA^|zE}HSpyJwBEu2C{!bkw;vBe>supW92pWy?ri|qgm4fm@Xtj#hMF(+(kO0Q
zF3Fc3qp2|$DMYB}deaNkcwrZy9HMSsnjzZWe5e;{M^UueER<}*LuaD9<8a^X!a-Ko
zkN(%fd%(ScD9$-PKTm+{k?B`D9V{dyKZI4Vdl*8y8U_2tY;~PIUk3>aax3BxFBclX
z{g6MdxjC+{qt`A`X3tpJsm%$#P)ydw`^#N{3NEZc@Z0Q1GBVcutRu9G3pE^yu7xx8
zZ_dbpZ8GMBrUBbJk7Mh-4-SJgY&6?aYWOhWT7mp_K4J}Y4AW^ufls0><<zy?%;uF2
zg03IFj~&k+S;<$^wF3RpdhaKX_7(O34~j3A#crmJViI+kqvuB$CbIo4j)kSm$F_t$
zOIOPxwgsczm4}ubJRvc^y<LXoetLA*rzek@G<N8%2c47l(~)CLnbR%}SvY-rnR&MB
zV+Gz<RI@*DR{mUQJnv9G74ld&QQI|q6-~R0-x!34gp1_O2|?z%x;gzi3z`PV?TezT
z<%41lyfp-mDv3TZ&Kc-n$fau_FNU3@2-GfMBpI|SxY~CeCk_j%l+%ruCt>pS!kG5v
zJu(Q<Jyw6<B<K4QSgR2|^kb~ii)dKh0#93~0b@H6^KC(CP0<p&;MLE3$MpSx&;G0)
z`oCfV4ut>ad$KXJaRO_!L;#xF_Fpl<VCSg@LIg-I)?pZ1pY?-jriAVKU~<EJUWE#V
zu@gB<p;T~wId#=*<FNh-V4aOC!6?HvG8nO+B$VywHuK8c{FcZgg+$>a1u%EfFM2le
z3ag|L|4g-!mpnFd&Y6ImR2Kdf4~QuxG80f)v}AI3dDl54b0yFF0G#=CJJW+OUdMqy
zl2^#XSR!%$LlJp>p0dw;y7*#<$k8=Aaoo_v@PGA`B)9KdD+wmsQzK2YW->4PlZR_g
z>x^n-c?*Nd?p<bp3>p093r+UY%ZXRI#SzRmOZKO^EjTlz{gtsnIjFSs2vaESr-N0>
zR5|(T>?5m*2GEW?x*a%ALb;=%;D+Om&=FY(h%Fnm{iXetb(~s<b|iS>3@bnC`_^#)
zh$!;;o9I;yuN)K3S`pi(ZZfNpc$37HCyqQwie{lrgCts4C9sO`Ap^vD6-dF~{mG#H
z=I!e9<!ME|1qemyI7PNw-qW5*%zHU<y=)Fiqj_@10=klmh|$v1^e4>6+x^;Er|M=n
z^-ei5;e%MlEx50D7QAonF9s%VcVABbW^BSE59L<*w^)fs6RGK;fut+gbf0>=j*s0B
zlVcgg)>6qP7z)aj5gTB+y%IL-4D5gVO%MPcjuB`xW1hLqeA0P3>pi?SL0v2y@J`-X
zSWo<`3}DOV#2r7Biur4jUxBy~Ha{Sw=G*9(rr&LwFtuh_Aa^yTbc$xAq<aBsp^sYD
zh1Z&z&V<M9mC!)54FnV3yj?#`t}g;i(}EZ?%h>?xjqenUS9rE}qj`vl90&E%j5#VO
z8qD{ULsRW&Wl5v+ds0DRm1NdetTH)K1;C8q4}iuF8o>$|NP4?)TkC2mL`A8V$8a6J
z{aq;p-s(-^imes*A;QQlpN&}ftkyM_!@U@{MS?+W21fZ#1Wsu8_fENeO@V?=+5Eav
zRW#Rp1I(I_4W0ra=+p~t1OGmJOHlPlU21G^Wfpi+*>W)aG88KQDOdI+JNFi>q+uvb
zSwNI+Orbk2LJaH7ZM)yHNuKnXH&tK2&;fq0v?x@odhjbQsJM_RKWsEEgnKfJF<2i4
zwdmoA8l*(xZ|w^+O&_uQPCii@rkM^I{g8edT`1I;;)5~Cd)Dswb-GM)xME$fQExmk
z5DAeCwKa1;kpVA%hN!7Kc!%1B9tVSR2tfT2l{x6{AL>SK3#fu^<5=;L<q0s9--K#B
zVX^~UiBe5eJa><;>u#;xU<C@7#sHxJ>8k=hl3D1mT5(+-SDG7^lW;f^qf?ac`#DIV
z(Z~oe5~{Pf&+WK>i!KqQsp+4LwvO@T@7bGiAaxMp1-f2tcGYL_dZdR8#r%J?dIEf0
zdAhXnh}A^=PG9?`?3pI@J5!k?f_I^a<iUQL66$?8-Ax?qHl^PU>>l1<JR5ziojs?g
zKVQI93vWg6=_{>f-rd6du2tqZLqELsnaM(w$`@|ODhlfJhcbOo(#tDVO`NU2j$6Vl
z{gR>GDy8tC`Lxpd*=oxUTb%-`y$m?lEg!U7c?3)_fJI$W<VIV?9Ty))_$1Pps=-z3
z@APO`Q*`)eAmq6V*>@%ju^GvG;izKw`HEF&jYo=Lv0`v|jz153TSTMga=O;Nwr51o
zoVijXhqKnM<ZR6;eMT|Ee}_1R^BeX{lYMzRSr^tS6dNVL<B9d4jN3jr%m;w)Qw-~6
zom^WBb^4!&b}A2#b#0Y&vdU-6<CUt@wtPu%xolZF`w78AX!P2v$qUna65VI+HLh|U
ztB|VJV@`l_-Zly=_IogB9alti`qP4+?>N2Yw&Xb<iPE}N<o<1hl1Sbt!}!V*#XjXa
zgE0J*f!1&+yky=^GUTIXumXImI5`cQaa!I0R#K%aj#6qV9Ha*+nRjdj9KgLYMH!qZ
z$zaNUj}!Rzja!1!m8-#_$DiRVPDsT3Cr)s|{5MX}I~5nA@T<sU%{TQ1ePc1ptr$w{
z!_`7O;lbtJ73wDWK(Px;uUvJESIWTwaWNNo4|sNFR<`gkEbs-4G=brckiwA~n+SuA
zBHB7B-F@FcV26NY|0VP4zLhS=i-pNrCmQfPZg9M4D7eXItbp%*<ZXJrBR<aKO_4ie
z2hwm|<_J+`${1}4JD^ttp4n%IGh3{Y2JWKHN)k%Y>!p8vYiL8|uQR~!!GG6fL8Y(I
zkUGEPQ9?hlb|ebe6S6>@uO#xcX+p>qda>IIs}J~!7T5#gnyA$7gEs6CN`*bQ%4B89
zbm_3EOtaPUXeQhVBxLBsm`T<`zS6S>+WSLU6KBvV3)9+ayNKs%76<6PiE9(Qx3U`-
zf>O1|L(%z1y*a$$(-s&?Uh``wsj9v_`pIf@hcwEX_74C*Dru?NAmzoMEYz?XvtqsS
zIBE|F1A2-ArTyN3oJ}>W{bqfP$_y*!Swe(W1p>+u*v$R72pSmJ0kv*DsDK0JAy5Qj
z_L>8?@+?{;wE&?(IY?IJngS=GB!uPBtFl&(TWf9u@MuVI&{;afV&wpU$gF3|AsfW>
zbN%L0gg0QmU_gj8h`o9XWEd`fRa_Kuz3DU>hl3Zzn?0gU;9))=C-5P<jV4m$N|oO+
zyGbNXy*D-blq-i#MK21DF@ChhKG6~wU4GY=$>Dg)0!o$=Q3z^r%fi)rJm4v#Xl@6h
z$dq#AA)D;iu7zhc(qE_c?&c|2fC@=CkYVhWM*_&pPX`GOh$5hGrCm&yG4OxrJ%;8_
zeue0s^I1H-ZtWbZ#(w%nNFp=MSj{IT1U0W#684Nb$U$*Rpm+4viLxhw1<vtEg;PO+
zdOL?*^^*j9LO%Z)4)1%nleTbPl0H*hRDunXX8?ubJ}FNwmPjk9`n@5Hj0i8qPmR~$
z;voPncD?U-yWnKii1lDk7MhgU!@>*qD*Z$CRI%IzJ$ft~4kLe`^`9S!-Iv~r==MQ-
zzOtaZ3`2d^LA<Bw7oU$GxsQNL`$mB0<HzLzvEQ)bE_LExR-ybAD!IqYYrK(QP&p(=
zUA3zh_;!d`93*NOlZK1WfF;O!z_S$kb1J}yFPDRieIMDojcz|P=oGSHSO}X|CVpP`
zS{-05X)4Fv3$p~;#FFA2GF(gFfI{LKQTT!;j9bP5l1hUR$SVzdwasmjX1!b>p5C~@
z!DLofxVlslmmmh$m-0NRwXIywb|=hcZ5SyrKT*>CP@@n)bS;!KeLs!m*}<5tPy$Hu
z@<<K;BA>vh<YvVmxZBrxLzAY5z=Ccl<bJ&V?ZH^7Vo7SeCkpaS5^-K0yR3$4bNh)$
zG<H2S>8TEX5d#rJXY1HtljOsU^s?h&vC~{vP1QEKYxZ$J@Qh#Y?c;m@-U~u20BH(9
zgxflqRxQG|W5+rD**$CsZd12)kpmdYUFcM=VCL-*P-4hw>+mFyiSJo}Wqy`d&LapV
z8RDQ0^65Fl-s{<b&mneoe0qFp96>vfShvxO?xFxZZFqZ4ok7=IJZkE30G?lYk9aqw
zgdddo`26Y}KwS5BpV-v-^wc#ePiLMD*_*4HGq-fkUg3y;8M{)EemVc*On`+olsWQx
z{Lkx)-M>;Ax4+QbD0`wzd$de3?M_SD&*J#u?N?W}WPG!`_D&>^RZ8t4JDpL)1=xBG
z=i4%RUV3T)qn{)e2KLKnaPSgu)C6CYY}b8(=D=Hr{hCU`g7h~Cvu?w42xBYb7oO?b
zo}^paGV85Y4<L}V6FIEG(-be|<WWJaU$1Pm)ku~z7Ifl-0%jlKL3eQ7Rn|Re#^6*$
zvLJ=0N{qJg(U0;I!9UgIGy#X5zYt03but+U=$Qh5O7USA{NJwjfAg_fxjDIkkGamE
z+(7HRZ=gI0d6rbHtY5i#WjFx=I3`hhI~P+s7iW@x6@334`@;HH-k0rP(|;)3|J(E*
zftLS|>A$FK|39ez3c&nNQ?`Fm+5XWG{$HqU{~Pto&Cjz0au;BNa@WZhD1ZTNOQ{I|
zA=N0ueRT%@d;6~^w*Pu!;{w){lEUkfd~M3r&V_`9IiZXf>}&VFdHBH53M>dNI2JA-
zX(a;~D=V<Of*43xfr`fZKPc+TtekMHoIunnVKBCTEJ%P{RrsK6z^)2OU`aV5aIAtC
z_*RYx`QK*v{|_RNu>uL=Ka>A6%3MVT^sgZMe@!|oq`>|`Z$<}dSCfNs0sX3Xp;VML
zRg`3b7B#DI%p@Gl|8)TsYb`*Tfo-)Fc+6kB_!|8h=it<ZV-mMBwl}e~GbiC>0}?k9
zfPLLiT1A0=jqt$hI@GV97`C1fN=j2jL|UtkzaA45XxoAUyl#L7ZZu$jea8W2H28yY
zvi~y|loOa+rvQv>MEF|DKZ~mR+AAlJsF4tilj93j1V~?v2TW?jgi?@`QI(Ma)-=`v
zubQEOBu&V5UQMoGU&c2rgrJ;t$gMbFV4Ph4wIHs47ZlM>@P#TcKn0v^A4B8#rxc|8
zb=v-OvN*VsQ4v7d>$W;Vp#S>~SPu*USqCkFd4u%8xj{|fw<7^Gj(^YI|Cq=9?>qq4
z*O?X&_>U;Hdq$?a<xdrjwucx}uPdzvxM<4a@Kvpf#Tu;!Ey)a}cn>rT)2t&Dv;-kE
zDRnfGAR3`wzA2J0bk}Z=VpowhnTx+}o?A)s)^p-h_Z2xue_tm(s_ypMwxQD-9`P=Z
ze7`<ek=5y9)j!K=E_Y^n!U1DC#(!c5ma~$X>omtRq{nq0<nupOSPQqA185*pdZAR#
zX^+O?>&$!2yREBw5>J8%BOC0xG;WNLHL9AD8GXzpZFICm+%102wlC0WRHR}ja$X$_
z^A&CPUr(oa*zX7`2mCSG%L_D4KnjtBrl6Wk|M@G++QGtUz9#7N6#xKCJ$!Nr3ZpQt
z8MQYJy_|>LxkhZIR?|8Dn$6nppm|k}y}*X#DIydk5pZOFQVjcHkz(Df9psfSsan6(
zdJn(p4%mZ^#Ok^z@;Vx>J@BVfFRYrCQU9@JTA|4sOM-<G8iv@99|V6Ra6{>svMfbU
zt`pt_!)1iJBTrAs7Y1m8RWO3x5vQkU55MT=4MMI7{3-E-Cg1PW8@nuBPU4127rxO?
zYlK{r?4G<VSx)+ZZVhX`%fAca823}*8b+Xp@;q#%pFl)tx}UD!#0VW#PL_fbeJ*S%
ztfJq=2x>=R869sIW=9ADr3&32A~{96I;@Yo@M+Fq7nRN}p%0MXE&aH{yP|O})n?LG
z#nYLgvhQ7+>Y1FN(lsmK0{VVLCtt;vN$>Id&T6O3_)7=~K`xVbf%$&0o_{V)-|K*5
z!CGJTSNhFi6zi+zLk-dc()ZAvB~d-%!|x7ElYGo<wue`Bo7oH8XFT?7Q`s8BUZdEz
zna}#)J9mzE-FpE_CqIvuzk8jY@6}b*t(j-1?=e#uO)@zzjYp@yzOMsB`s!;?41za1
z#=YsR$LD$xnW^FWh{*VzBa>zF(D!QJj~O&uvqP8yI<ZEX8k%dC71K1x2>hxXa#GKA
zwFu0kpp^xrP|Q87EK%um2H6Zqv6ZVqXN&#WqDMg0L%aa-_aiVac!nC|L560tLveaw
z-z}CUGI`Y0*5QupIF!7CsZ(apfd#LJ(`fF!vd@PjkqzdSDH1-|?v`uu)Hfd+0Y!<*
zR}^r`UeZrSqZZ635g;1|2~TkGF|)11Y~D`C;powFy+e*f+P&hbWVZo@vakt$V)0mn
z5!_PUyl#Ml?Yn+pP6TrKVSu`BV2rsiw)lKS2Hc2XJWA~}9+6fspZb)BxtIAK@CQTU
zkIH5cRq(o&MrV*tIPAMl$-C9|v2XrC$g{JUJF7M%OQSX*8Fh+T&k4PMM286%@3yra
zwkoI=chg(mERE@esMxF;LNk<#iF}Ba>j*j-h|>WBgi6>nF4`xK*fMP#qK%}`3b&9P
z2$vdejjr`S75v$9^w-f>aCC_^+N*4;^J}XM6WpF!8b{Y1XHi!x@I<sBi+=}o9@AaM
z8VD_r<`Q;xWT+CmbfdcGXK-g>q+%sDU{7}{t3;waEDN&~l#Na>E#05FBMFK&?j${0
zNmc_!UYC^_qW=_F7^rhq<8_4;=-1`?^NfnusWXU!u^+98PZO<vUgKkkY(`v7pY=xl
zyd3^rV8KWR{$Rt8syqiIiz1Zmf)*(3B5wB8zt;En`z5(zY}aVeA2BR!>wzT&5n+=m
z60j*m!&i?(IXtF%kQ0VXUjWJQqN4~C;ZhHPY=|gkOH)2kun@=yUiYxzE%4!Db2jB1
zJc<a`s+gjlMVgxi21FW;HZYx)PAVACUzq!z7#iNz48aUWro#exX!2<(bd%s%{rgEq
z?ie0vuA%X}Uy8vmd66NiKrGOrV?+efz~4!Ziu@I-;AUwXc`w5Cke?>ICp_!N-faN$
zOCYN=4p&WaA@EGdg&D`F^<rtp46im}xfVDT7KVko4FGm9VD^*~^@!+<PH`nk)2T`D
zYC5})I8PYa_fkwM^FEC(e>VrxjLy3<3OoPsOaER&nSw_t*f9s}yEz&lBXM??9UJXi
z@SY*Ybt0XPYJDF~bB5(1r|v0^yF0)Q-cx*gJDT#@Ze!<ab%s1;P-uF9@63pWSd_}{
zZ~Ha3n8{pmoJmH?7SG|06)mRi&V2lV;4gNOQK3F}C-1ALD*{;O=u&@q0_~LVsZ+d~
zT`{cWCN*Pbz4B<Y+f9pS$#%LYZ*XrgoiQG}ZjO(VVGI6;V0dbg!$qS3<;j4=4Mw1?
z+T8T-mJwS<dhX|eiNDuu0aQdC)}Uk{X$19`K7gx~zFH1H0meRvdX{rMwm<%AcLas8
z)jQmGpj<hOt1bizHlIjFe}XLrFBY~Cb<26@n8e(Do9h2&uGHg<{-B99Do~n}WZP15
zA~fgq9E1#C!HpQ-uZPjZ2m=E+2A3oa7bd1}BOy`&p0@AKCQ!YowrhIJI;Q6bUY4lS
zpOJjKqbc4Gp~-W&>Rkw)Lxjt~H`pN@csTNC;(y!Zl;x6#Cw4IXu9%y);E^S9m1}81
z^b4tDVZ<w|x8czJaoEkpy@yD4>)*;P+SL~lWF{Hn0!>LZCoLB^RdWoeXsRWOt-do8
zDM(%aqrkMFlWWMj;B>1a+9_Q@jg~?&aEd0hlrn~|rBc2#WCZ;61oJ6ea&I@1tK7sc
z8>(FHFyL3oQ2-4W??3BaqB`j$+k*U={f(m6g>jRWVv9V<u3KA=yT&vyS6H%-=W{IS
zm-6Z(#w~+YhC&6FRirRLtJFuR52rcqMOK@V!Izk+Uqf}Ie0<gF^=@e=#H)@O^{SV5
z-G)2)8`Xm5DFLP;Xs}*ZvT9snGR(1Dr5^9PRt(^hiXg&5fk6R6>8*SC=asIZ?jPv@
zm-^ZucC5qGn{a~mNTHg-RS8=)AKgaR2Oz%a<0M5R(J2bqu9*#>B_C@3&MW;4nvqMq
zytGj|ygu~#Pv`=ewAp6tIScU<G&W{_yuv)B<_iP6XKVx?MiXI$HiWeMbz6x2%M{$p
z<YsXfJfpvJUgdOQO6}8XpbJMTq$tlwJ}n2sH%MxsR?-O^g9j#<?)AGqqk0%ZpEln!
z3hbQ=T|uZm>1}ubNKw;c{Ty@LtUeuWXT}eOz=;T9Ga2|ZqCz{+y%8VyS(Dts94rDo
zY(k=MNpxzQQcf;-fgv9#x+F^+gdI+eWoFfCaY~5<*;%OwPoxPi_#(^iZ1;H&Stp@{
z>WjpGu4k#&SkXDPhbx|IjV^rfpn84`!w*rbeE2g+OkkY?4q)~~PKYqDknn4yI3tS<
z)pA9eq9wA9(bW3@Y^<m!;hHupT>Z=1n#8f)y5Ca1A2nOeYE;orXBF-sTQsD!W~r2e
z2(Tw8k*G8L9^Fg$V>06>fV$$Q43nMLls|7-KJr}<??5Si(p~WQoUyD5`|rKuqDo7e
z^I}ZiUBMeH;6;I2ki)9%>4<(Gs-s@@Zo1L={ZGQKIaGU>Gui1~7u^<Cs<&>8EkK#B
zZe-MGm!(;XnpE3q9F7DGE}Bfc1_$#FO9WWTUWAeIl#@5SY?m`JtS#bd85QBrwSzI=
zH&=!rBZ~E*gg5_kt`iNq4{jXZg5HTle2aH=h@XxC;57Qtmh#z+@6!7$x+<d*8}_EE
z#_qr9NGp_t#-xThPYW6G@VC}oXo!MpfbcAuD4@UL)gdH~^oB*YP~pzjZto!EY8UZG
zF{f!RTA07sZ|Yd>U^MqLg9LXF5XD|-HSxhYiS`X4*o9PG`Z~`;X*t;E-QUBpO*lzr
z*j8}D08(OAEX?|&-KGbrVk<fSyixo~iLJYcKX9zK!bH^6jFm(8q9d<RBNIKI4XD@A
zBvY!3;E>n)?GeBbK03XCw83U-#x^9DcD&agQ`@@=j=QYT_Ra&!sajyi<ffKgD4t3N
ziW}4=(wE#;j-Y>QZ96BWljhUXWUSRHITfri09LZAU<UbT+NGY8i$m@(NXix~J@w;%
zdPYiS9Z>w8ms<p{wE*@9+Z_I);pTecR#)eoikj=2!J*S|<&!g39uf4yc*(!Pj;og&
z1q>Mr+E%w9^-tc{3VKes!OE)PThmnHqN9bKl<V8LR>K!>w^?K!i>IM#Azh6a%OXu)
z02fTn^niHO3oI+=ta7Q>xRB7|*3m6&1p5yMY^i;4=@43pGAJkJo#7Dr#AJD`=37bf
zU??J&V8&nezcJS*_O#;=Y10LLmc|1n*mh9aa3Ph)@?K`nrqdr0<ZI@+(zNfr*|ZpP
z)7XP)Ng!D@okS9~D1MAdP0$`nm$Lm}2ejmwnc`Ni9VWa{62@#ehKE~$nc_}-Y~^x!
zgo)wj1!9bb5p+T@va7J%wxb#QN?R6O(|BLtvomQFXn<2R#*d!EOo)XvGFNRH_^^Yi
zbeZ&-8WTG#ypUMx6zW3>Qbq#h56%#BK&JT%$Blb$SZS@ucU6Y*gMr)l4lhae0Bk}&
zf<qwfb^V#Z2FtQy8HyU5R$i%FAR)Wa>&4bKrlJ~`5_(%|c6s9|sKVOv)`va3Ca)`$
z-4S`*2Yk%nH#^Rb(Dm{uRtsJW%CuQQY8sCOUPFM9M2a;xsF5u$FTS~rrkQ7>`tLs&
zjKa}j0neqg=gRmEbmM~p{2^3Q0GS2T<T3dEI590f#|-)OB8zJpcu=&sEEh!r3TY`+
z>6!?$-QEN<*)ch2mprLNl$ng_U%$4=bljD~E~a@Y7{r4)pgN;ZA93ZsmAR!%(EHJ~
z`0|RP>w<RlKBG&$d){mo5mH2Kix~Pk3CjjI!(E@zGAty!W$7KAW#ZwH1OCEBZ6I>a
zhP}G*m}H;QSYM*dYiQ%8RZh=+WV|Hgl=~Kf;V<jkazDpY`|8Bb;_^d3M+{HZM(%r-
z>;Ishctf~>!lyD#0k$N_Ofa$6g$1<i74a01v$H&Y{kIHy|Hj|i^~>Q2>IGS;mJeUY
zkwCtve0U2Zg7lx`UJjgG3;-_MRMkfI&{zoaa-+?|lo<t8q_pu85_kbd4*jJ$MIo}W
zr?urFxrTV0WQrju^>^o#2vc3o{)y>QAx`<W@jOscXY_Qq&%X}Odg(*-(+8mFIlOWa
zB&1r>kWKxVE92M=1dkH%(`U#_LJtLuXD6IHzO-D>jClJw1sW|vC4fYl{oQ$YafF;D
z4{xv{(Y88dVtwwtE1Lcm`X;m0?%F2*d%I71=$VvcM8?#xH!)o@&hes|rTMS$*>M^R
zbp=|c&hzc$2K*DNfhSR}oZ0R`mc#O?A^)vpCM0_I8_pb92@=*FlFroqniIR3paY~N
zzA<BwD~&e$lBIj}IH0w_Le?Vul3V!%(%TQ9<<JaJ%s^ij`quN_5cl#igDI7PkwbM&
zXg33FoV4D?D-LJSWFy@r90#~muU2;~BS>?;S=;bqx8(9HV?fYbYdZF*aqqt^gfrDZ
z|Mhov0LQqlN;$gJ2%03WIQt2Atk?$19Jh$-(bMFCD^vxB4Opqfs2YcG6j4_G`BNy3
ziW>}!RwTUxn#>m}4p9Q%m(L^Z@{(8E6?K}ad^Z5gz1;sEo)dG)R`V~O8>R-moUR&0
zL<*d+rgu#q!E1j+#A!@-tLUVjBj`=<lV7>wg@mW*zWFgy$x3M)@5<^S8e2mT2@_bX
zg*&wTA3g4YQ2>#9CGdWZTDED$i@pK5PByhQS-Et4J<q#mSgu)YE#HM$t%zo6(Z6WB
zueUR;jDc{e+txvO6?4hG9U#}oD*M~XrZ%JbUc#6^!)N1jf`U;XOy>9LU+Dl?o@NC5
z`QEV0b}02e{uBY7t!^_i9HJ&Kw%=g+A*#kspiG_2oB-tHg@d&Wb?zm|t#Fh<s>1xy
zeV&!KM3dhH*wg!D&m;4MdN-&fK@S8-Z#y%<R$yR2<>4*XG-T!LqurSJx_4HnzzoEw
zUqeGjXU?~wyqQ4xX=A%edt2tFK<6AKU52kF5vTR|wL<T_@5skh+H4}o_B{UFWxDvU
zWpamEY=B<ACx%BE(N`hoOzu`$16VpZkRi*a<?3(H0e0^s?n*>vdItPB{?LwQ1?eqB
zlnqL+EQs&LTLFwV4m?Tj$6+9Ph4UfInj%SF-vuWrXIsAWKM=a;3ok0|xRWQTx+ayO
zK~s;)5>AfM&Te0+&5!sO-VzCAS0HZCh;=3o(g0L0O9z>Pl^WZ?=-5_A@Cbu(xvh*N
z>DLWJtqf)H;R2rdjupLj2%eyi$Bv`y5iWH#ng}Edl*9zaY2T{4&1f4-9SqVbtxRer
zR$dj8|1zWN?sYfpHxu7wtSPEagPS7|>K+1}=vB$N(TEGRN^3lH+8?Hi-+?oa5@tN!
zK>&P_;MDc>BK8$Zf7M3N3Wp=9>KKf(NY`LLeYTk_De8$v*?~)f)g5OGuEqrX<U|a7
zmEY^rs%i_%DXN%(yj{ozgd^%u_aWLBg1$%vf>TcJp^km2Nh06Jr6-fd`s*--GUym{
z2(^BQiolVX5rg~hhNV;&*Bf`k+noOjbOSIxDj*P5A#$4T7x+PVR!zlUlp*N^&3Qve
zo1nw(sm3EsV(B`Tc(|cbPc>5C$R<>7mS3*KecYZ@Ww&gJwZHa4Cdb|fM*bZDW-cjY
zVgxtBr+xdeH>Tqd8WbC2w3>6*fAh)W_-3CA?Hp9bNg#zV=}<Rfo;6v{wHBjmiw4+R
z?v(In;DNnW{VkG4F@Py+h@nxa_Cv1Of}$WC_^l1d`0$vxxCqayReBjvRNptXX{`N0
z$lWYw>dQA0AaNer&ajTyf;+&CpBey<ak))9pcW>+6i3^f%H|ubnmdt!SBqCmJ4RYi
z#1wTDx7v^z;mS$Fe?L1*-&8ArZwSCQ??qrsE#)=q7AOHCXVP#Z6OO9k&xa8B`uFC5
zS$$_yp+FBKXC9P=!pox{n*3ur4P5$(Y%bLHQk#xv1Bj6+v9nd;90o~E#hpc9$Cle;
zIV-Vwht-rVEDIvG-SZBg%&*hcOJRKr+M`KaWTP6A79g#BM=&;h{|@(gY7U6?ScVG}
z6GJMSD0$(sRF(7JC^c|&$=LcRuIPq+TI|o1w^nisz-RYno|*7AIy3t&Hb0l_GsysF
z`|1L|j-VO4dgTUhC7%Y>&5Zbi=G|VrAUjPDCFOn!)$Kr*nhQ7y<&pc4aIr|DeU(W>
z_N!NEyePtD;QM)=7F@wc?+w6R=8W_=(ePk;gTb+TVENIv>6HiTHY90g;AZPzGFxQC
zHJThIYIZ#9ve(hIFHv~R5H_x~*=E{(JI;4GRuwxTt-==RKEBeDs)Aki943wa3hX>Z
znY}z^BK4hQqY2e^0agV&s10u%v7QmCN;`pbLcp?UoEuO3COCv&a}?nI^+fV3fkg9_
zKw7>09;v_Xx|llq9z>lz+iWVe;dt{jCv8WVZe{x3vKd0_Mt-z_>4XBUtmYW;lO6m$
zFx35;*Hm2IpE5aHv!vFKOi@MGy~nM?3{xq&Avo0*Uz_XtFxTxbC7ZZrJijBdhFTgx
z0J|#>Rq1Hquzu2X+8EFtZBAKpwF<KoWxt;?ax`sI9%S>BYg#@0*D!Yi#!NF68d)=n
zp?i<~BmnET`Tb^1qR#A%A$z#@P}jjanc?y>*ji?Fy`ha(;CsOkFLCd3>^kw36HbT^
z!od59h&EI64?*YFTP&lFF7pF{ALI6P5J>u@i!X^Ox-s^GD}ey~H=4dC04|bXV4?3f
zDKFq_cNrx{^UNz4*n{m2k*9B2?c*q}f8X_r;pJ)WG^j&3(f0+fJv;sF%D|hUU(g1^
z0P}OX^HZo)LLJfIPBD90FPm04yc1d_apgQ}25FtvQloGXhOFnVD0vf{znw6IOuatK
zFA}|Ymt?bWggk&QT^$k59*{{xRy;@tlx&+U_pn-iS+`K&Fvk9{aQ!Q>2}Hy$LVN{t
z1UTVM^F{8;LpNDG2+?8T>ZUU}-AzWylv7kaQmtmT2q*reAy~@{ENnbW18nq!D~H^~
zjq8j^(D}#E=XEHp^-Gl^{K~`A56wsVP<}wp^Lp&+OC=zn?C*1RrQdY^zJtH0yx8yJ
zIg9y|TSz3s7e2!23C3X!Q}MwN_aK<I6e^w2<}Ru#TW=N~XGHlHL_+(z6f-l*Uph_6
zGx5VSmjlGhi_FCDqXBJgD_v~7Ex)uBbo=PC;Lng?e#pYbmZQ1i-r0^FoPbV)uQqCl
z*-+~t0xSTLQ>jNb?oi1gww*Juq>>qnK@4EWn0|U!I=2VCdR?viJ;S@Kn}hf@gpSDQ
zSHr~q***3YQ>RrNI`*f{f?{165HI}Zzj8CzL(S8zc%cP8^4_UH^g*xh<A}Ei5x=AB
zA1sjlIP%%mAzrL*FjJUOzsC9*S3`Pfu<l<RM;HpQ1?K#2FfP<uOpaY~aIk@D!V3Oy
zg$!A&Ea-JrX1fd=TvTjL%F9#Vh~(ul^QGfc8hcrS;bZT$Gh1}J${Wfzs}eb^9Izw~
zZ2(R8)$!OipDH2t7yfhCtrszSsccH9_;~~$fp)=wmqw$AF#bK#E-u-YyE1AV7R<Z8
zG<F`~cIbBW`}f~__DnFu91(SVvv9ha)IJ$!P1kIN_d|xzJs;8F8R1)$1qn}Vq`;m*
z5U*ymp^sxWg4a(hSbtH|{jD0omo4K@E~x9kp>t05$aE0Vp~{@;pd;1vM%6s{f=?|`
z%Wns_FcpZ*#~y(Thz;j<KZjjIR`D@5K@J%KXIarrY`!nq^$oZZn><*+X!mvJJzC;7
z;V*eT%I==Co}Dexy!tLT$IArHkz)M1D&vJWkRQGVqTh&IpoeBfMUdMdzgYzk0JTtk
zRx8-9y?0T#kzYo6S3?=ygz>sd*!ddKCMD}2cy89?Rhp+@C3^ht7Aq0oz_a{zinj9s
zNABOGjU#VLp^0jDm@L?S{nB)*dtgE2Qd*r7Z&;%x(xP{5MO~}AbX2?BU~LT(nd=FM
zLA<ne`)U@lg!P)Ui=;(!;kB#>vW}lc_|1XxlVTXp-L&tdOask(CD>YU!y@a=Ee<7V
zf5bkN?{CjqRkG~Hl+TifW9)J&?a?Oz?0OtNX#6E7Yjb)g9~DM45u!db*UovRraIn>
z+^Y~#u2V{UhXc0w%-L!j7`eVN?N{rZR2}@GN3#o%*Y{a_$Kl)g{QGf@f2lVzBnlC~
zlOR>2QjoTEH}#O@<@fQHaMmg(sa~$lAl5c*7!&1~|A8Lt9@RTuqqfd_vY^xoU|{bp
z@|{Y!X0}b2!l=?U_gb`*j#vfCkI{IKU#h=fv9F7tT&m4)Hl9~Vl`U-k*^#G(M(bfX
zhD2!Yc{wcQe|xgL_Bp57VSS47f>gCGWwR%DZSmLr>t*-aG*F0VEdtT3z!g#Bl^~_k
z`;u_Q@2j=sCE?!M<OZ`28h8Q@sF|Qq%iH~fb<TE`Re90A{giq)a3J8nJFF<|Qcg~K
z5XY0gba$;fhA6akDcCBgik5`J6g4Q?hJGW^nsdd_$AGm5b>)CApFff(3@0^$p1#S?
zzzVf1z(BbG*b1iBv;F1a$W{!Y?kawm?2B2dVgSPab86iaRk8V)@($Dv;HJR8!WTtI
zh7LK`0-xIFPu|Mrn^H&Im>ZqgH`V8`M;-pKzE4I0`};aHymo0s$9FVfoS$=j%)2*u
z(}ail7y(jO|AsX>VO~~^b@I*tttL*S3{)#;r_6~1l3`;s3J4|@j6ehtd0Y_MXeT4b
zr7jLnW}P4>?HBWV6fFRn4~<x`O&{>lem!3@I=0Qy%!GH%kG*`Q6-}wJJI*c(Ok&Ln
zX3j}GPkTFGVC+kzQE)Djr3m{3_f~3W0h%80{-;6<EIgnE<p9nc2!Zji0;@hGlE?8u
zQP6)d$uh|?$ulW1DKaTDsW7QBsR8{Dx6wHMEq4EpYADZtRYN&ASy}&QHB=K?Rds2x
z^V@jGlGHr29t1m^M6`^}&j1-RG$GY|TDdSh2zF&P98by9+$rY2r4kSr-`rdzSi<;o
z1lq#We(KTRDBO1W)FCllWu^+7jgNYr>3?c5VvlFkjx}}JUj_QH5=g*8fGr9rx7s>i
za{}(C*q$B1eBYQqd;%fP2S0CKWl5Ph^WdT&hKE6LaXDkLHSq2#uX;|DPz2LhF<`Ko
zpO$3rv<{3}d|nV<hZ%0xIPG6pJ$rS=c<!id!m^p4CLlt$izm{_C}l|n`yoQb?O>5(
z!rV3pI)(8#dMH@QoC01?Vao!zr2D`cI{@z`m;Ikxgc#yHzF0ff*e!#;k=cE-wlPX$
zdC5PFjlk6hZ5?8eU8G^05Z%^}J5R>c(ltWeLp+0nnSM48d)`uIGd5=OSijqh_47Cb
zk6;f0HXQzWl*)GVWL9Vg@|r3@8st;-Q&B6phOZo$hw>aX(`dkLp*OYuXiS=L1t9ml
zBsG!vKxiWGt)yVyW;DJwKS{~C_+TE+is(RWqDWntSY<L1^FX9UxiAseR6hDo(7gMp
zkBqF3P;|b8QscbEDgUYSXbPIrSuxAJXT%@b;+jN1EeSM9TxDfA2#>xL!?938t`u{J
zX+N&NoagAPFuWG_FVJSV&cT^ehk#mzP)VfFU$>jjOJSJbkZ|SLOIcb!E9ct0B$dB)
zNa*3*&lJD^If~lk_1x~*xH2?0-}9Z}n@M8%GgyxEXV<0$0$ma)3+$}9irL_JIA0zr
ztUvLdqhuSjDOmA!p7b8#?sF8_n~c_H*-QnnBmn#q4GM$!Wk9=dGI+kqwgARI#<Q$w
z=oq-sXw~`nbo&h)mQE$)L4(%rEhx~lv-RUaLI0<)uMUgy+uD{cm2N~*8mD1M=`IP8
zMnW2-d!)Oi8v*H(5EujmlvKJ~y1V1UbKdto=ZAlM`>$v2*=w)0@3pSydS<R?-5d9K
z3=>jIjZGkF;i6^?kv3?s2}1KC>h+H<T(V=j=GY?aHro!E<B0GOS^MZKJEA#&b{4MR
z@_J~{(Z1;7<v=Ofboo~a2d4Ut4>oFMk>N4uqGVn>-+yj66rdqS-a<QegG+-YwKdad
zyVgeW)&fIYj|rpY=JY1{wK?7ALtz~r<)%=wJrr3Kf%kqi<6_knqDJ=CDe~;CnC<Z*
z{3iphM0z1CZL)@`-%+a=Bz=R{(@L{iQKXFCrg6&;;<ak(Vk6CyaJ~ZYE^)`!+;Zy}
z+yKwAW%pF5+OQF%TdH|+6<3&yAJQ`Q*xlEg=e7{8@7h8-xQGbLEoSO({m)P3xD`o%
z<EHnqn30|=v|z0Oy*{BK1q5K6vGXBcGW?X2dXI8yOGaHaj<luZjn+&Z@ONu^+Lunm
znXm3n`B7<YR>RzT)cm1sC622CJL<-XJ?VYd^YRu7Nd<32ghVW-{?1rq?NC1A4cH{~
zxRhLYrs-NX=aHF~-vh1A6A$HXpC@YA)aw`B2Pr9PZY6vLV$tS#`{*?OETYkNr}{xn
zF@bqsM1#i^OdNkEuF(PFN0WM4I4}g+(S*{<=SOMx%ydE$7{^L2ugA(GG(&Y>TVh6G
z842JrCH~w+2spn)dc2Z&RAf***b@h;asY!n^tf-P66ndmWY2x#kAN?P-En<`c&-Ix
z+XLQJg;TYUc9Sk`7|I(-x`~QPYL)P5jLYCWWzBw7uVSu)XNunTT&60cRSLaL^$2kF
zJH&@ZSnEiB)t7uGm!h|Rt;;GnKdN+N*8NGP!PO!qB0M^{x7F-|SYQQw%lb;cvJ>Cx
z#J=2yyC$u%-S9$6u1x4=VWp;7&T-yEy<Y?=^=w{#OSND-jL-<|nc~Bb{IthF+oB;K
zE>Nnm?N9OW#rOFswBi88-hRq*H9J+4J=rdawQMVnM|ZtUzJ@6BZyJ+5lOQ+`D`kYj
z>NY^b2+?9pR9>M6?Y&AS_$wa_&_*-5QjhjIdqhuu8Ngl%z6yxJe$+xl#|pvEF@j3Q
z6My7QUltipd+(f?m(fLxl>p?^!AD;k@m(Xoaj3{~@}`~#Yc*%-*Zb%oGp5I}K(WME
z+)v_CVv;mtW?9$Ut`nB(j+m?oPb|%H_-fMV5W|ms&0?1EvL;g>M_ImbqU6spo(ely
z3NF=Pwdnr5^ll`UtM8>7#eqnsZF-&NoRZI|5{2UY?e{JUw}#1xz-GIH-YG@zGO_b1
zMbXemrix^;BYjxQ)9$`UOjU0UR+B3k-kxF4E?5kb$fV$vKv~8Lc1df3yu8@=r+Hmh
zFA-oDzBi`<Fj>(Q7`u+_YW!PrX^!8d<|756f_6pAlgDw|FoMn>J)j~i`dcnWDy48m
zc||3qZbp{vNo3ie<ur+Q^D@1Yp~oUK*FM+OZEX|3<*U)M+;leROOmz=xNVhIwdZcO
z2w$a&=*I>Dw@`y>N>twZjOVjjFlA$i45H;>nE5Yj!znKrX2t3TG$ZCQis9>#`nL4T
z(<f!?lK3if--&L0$9ay&>D+oDrU^e-jB|ekJ0u^M>Op@RZ!%d02b_t82>Px18h|wQ
zh4iQ1nfE6JF^LgN+X&#$v?#yo8}E;ytjfjbSYsw1MGAOJs*Ewu>Z_}U6ipOCBoOw_
ziryN5ywV#<Ya!#L)F(8F?`cGno^{YUHDUO>sAtj9P7#yLD<cGDQnC((qw&r9<A@pW
z#N`d2mORMh7Sw|bs_VABc>k4kBYh1&TWrs@l&g^{9v}NhsIRM3oCn_qNr%K<U@k+>
zP!N(kOG4_Eo0~Xa#3B9;-PiPtZx0bM<2X9v+L`+|ik$Xeg1=4-c)j#<KYoJhYKl6F
z%(iRJC<QwnjmZ%Ytdr*to{6oIdmoO4ea&AOLJ?c&PrhQ0yIktDc%(F%-;)FVwr_e&
z=*}!uO)wa+bHtGL74<PrR8!tlF}&jS-LAs7>p{_%*sHiTJ}TdS$TAds7hh^XNSpP3
z53SvIP|({9c-Do#bmSDII^>uBa#5h8Yhntl!k$_pUChbG&RRx-P<4?W4IIBI+jAl!
z|6b~@J-~-55O;3lz?}0iRc`jzWkafBI?IUtXn$89%OqiC51Lk^`vpHjXfQr~qD*Rr
z5h73-(CD;menua)IX<^lsYvCCF!Ru)EJ>Tep`SO^lE7bh7}X!IKpjzRmqxI7L7|In
zwRYQ*VDQl|l<_+78O9z313U?j?Ax2BVEiGB*dyVOz=(+V&#t3xLg~*)h5+Q+22xjr
z0M+ta;LyyfL>m*pFC@40Xh7SrNV_uKJ1%<{N;w!(#6mcd8B!4H>D0c9aC<`+)mb#x
z&r)vNpYxkr_bo$Nq@PN;UYo~WMu(h$76TuWq&}e3;ce^6gMk5NvLS1$d^vHcx8u>Z
z%PZDiY`P)`F}*$YEbi*bIe05^J`dz{0p~Rp88-bOzU*kqFDV1g7@m*eMR^~z1Lw#W
z2iymgMwwlpk2*XfD|DV0BibCvpM2bxpALH~R=!t3TTM9=Dtn<&CkdI4)cSoEA@BpE
z)_tsj81U5==;!!g`fviU)4hBVsTwQzXvE2XnPZ5AEqTI?l5!Dhsrzx8@Y2Wnc5|*w
z|N6%@N2{eQb3kQP?*_dy>1&H4_PEY2<+m;p9n{fuUU$c}YJQVjXhD!ihI1!BT`yu?
z<g!T>|Gj=jn1K`JALoQZFF+>JT;qYAcI6Ju(!+M5U{<S*Be1B}>biwT&=URRmNv8_
z|H^gcyXyTcG%I)vJL_qg@jTNs+1H3dTGHV{%Nun49FY%-@Af6#b<4Gj(L!bm%vEt_
zrJ7Sv8Ot+l`91uVeYX*orkzk>svqA@(Pe9gm~xz<DMDKIn;nO#b>2kyBI|j$!(8T-
zIL~bj9Sts|rS`qhoFPK3asd}1!u$FRZ=~8nPzpz%CYAf|`?I9B2E_qQ9)>4h5W{}t
zKmFOh`$m<(6FZh1kh5u7V`Z|uWMUGE*0!BzV@9Oq2|R}vLrM@$cls-;N9ekzC6%T@
z4Qod1v!X+1`oH%`7;<TD(4V8y!+h|i_o-qDTd2qk!~h*c#}6JH5z8-}R@O7qN@`GR
zegjZonJP&~u|*@hXp-45=$Jq4EIfkSjTUpR+FXn;)Z$%g+k-vYP0l+C2r8kW2OHh;
zZuT)u)xDJvf=a~aM2`ts0djK;wLZw{yIU*4{mmgu7Aq{aK0Ta5t@f=U0;`8u-ys!B
zwpT|k#haRRt*>um=;n5+>An-ZG$eA^ME;Uxkt)ZC6|T8PSE#F@vJcY7ylpGp-Jg(H
zqs7kzqQ%`JQc&8Mb2jI4RP~?0+uoq4ZtYZd*T3&5xwt``iT6c3yarqjTu<+64j9i~
zp);n87c9Rj^xvCVbzP9$nNT0R<mc7Ynv9#hoveAvY%BQ|)hr@W-QxKz`l=67xUWx4
z0c)vWf4i{sIhXmwzWVvt+5-z^rC;xi-6NTX9I|E$jz`P3kGy`&Qrb|zX}YcfuvkAf
zcZOhYjrhY6`cGD<^=S{T34gu)wQ*vTZQa6zbWmSyOZYA87~^H&lpbCbaLW_p>nR4R
zP&B!Ceo^MEzs2K#{VGbt?4ilEB?LV71j@lVh(p$DC7e;}vhvj3EnOi@Z*_mpUaqp@
zR-vw)Jle)wlZR%PmV>XmaW6t={%Z}iScaQz)5Kv6!GpdNkx(sr`sw78o`PlPWK1<j
z<ujUqs>mKMu2n8UZz1ipxo9>e@sbn|CZ-|r!dU_}Qbs;1*FEa>ymx?$pyKE1DpIH}
z(%&{1O~N>Id+NG#EOLreopZ=eM1Ku5^0>oFxCzPIyMy@l#^n7H{O5Yp#C0KMw}Y95
z&gpeb2otEm&n5m+?eZPOkF}a%nro)rjS(aZ=dLe*GJPpoQy>j1wY|QaX6}<JwN|Ux
z&PLheJ8e)5;!o0Lh4Jw`VTNZd&jiw9ECelx^f7yU-kZA%TE}oVxSQBce<ZVWa@S}B
z?ab>{eAhs@KcO6Kdq7o=VGC*tC!!sZBmH!kj|ex8D9Dk<M#v8ssvXHsVIoH_myYK@
zw`k<e*Czzxh2+=uiv>uSxng^Gox!g64@jSCb2VQnKdiev>YNmHIk&081q=70k&Qn^
zJTQ%3JH)<fW}t5r3&nq)6~v4C5cA*$@2c8s=c(-Pmw+SnZvw}{$D3pP=pC7BO*BU}
z^N1U4t)mxSk14e`M|NK?rKM=~^|UrgM-M#tbOPCxu-e?|f6jb1)yNkU+V43rI2}2D
zGP97%e72!0xyxmR<z>?+Gxlf!=f-ETfH6A)C74tYTbwY&u+;+IX*)l%`(Ez+nkGXy
zIx{go)6c$F8c#=ET}$f~dmx5qas|Smmj%J6T-~DQbQ_oJzZgd#RTT0PqagDbMu3i-
zS6Co&$!<EP*f7lGM8d5nzcDA!T3bH%50+@=#D8>R536%M>k_^>U6@HE_icDp9V+pB
z<ptYm9c?Blck$KsmWES$^RPovru^lXk-ZzZEf!YdNSLq_+@WSy=aehtL_?UlIu79&
zt}gOJ22F?}!yaRu6>XVrOuR1m0m38Isg{+NnKUmkH*tx?m>vcf<bpRaE-dBs@JFR5
zOn>R$e}K~Cn@$?u&iIMD_M2~4U8#4&^x<**_2Twe{aQ=4e{Oq4Uu$J*=h3R$&G)9E
z)$&>19pQI%-``{2Tw|g*wwiI%K?D%21zcOv;v!EiECuc89F^WPJ&J6;KF?6>TQy##
z+4C=cgx{)ZeW^;?kFL}h^5D6=i<5*iYk{|s<#d_9;5xZ#vqE9FxvaTjVK{^Q_5y81
zzoCi8+gjdovh1zct;KDL*Hkwl@tmfR=Nur=6*-tcN2!Ch)2K3gR@;yMQ0pC{5Nk$6
zYLQPgg<-R<d#h-gw37K9DKK>SS+$>_)5YF$#!yUl-eS&|s%_gZYbEaUiqbzjrGJu2
zL9FAk;wz+_Y^mDGy%|D8=z5oE><qmlF~RRfWFC!F4SvT3YQFerM>u@_>BZ4Ey~w)O
zF6R2YbLLL@Kx5_(lK_eQfDVifL;*$D=bk~?eK|XxfLHTntXynj_F%O%{WR?~ed83a
z9?mYNuAe`9y4BGrbmF6M-fu2&OYur-1JQOiLgo8AxpyOl=L5&3E+c9+x=hF70NP#D
zY#74Dv;_tb`e-;HhW`b&xW=nW-3%=zAIz0xv0KhwEkiT`vG7%3=hs;iMDwn9=0}xP
zLXS(0OT9r0788@zWn;No$$;E*dIZVKMkmDCLc5J)0)`xB_^;cuwZZ*g>FqwfxjG&^
z)$eOIkCElk<Rls)N>tBQOg=icyJOZp;rH5@A3?3rRTkCh_9GH(`-C)c9n=?5CO7Pj
zy*>r@JbLs5?bYn$FP0mdPDK0%a*`aPT9A57T7w|Jc_YQ#<!Wr2d~Bc9=MSOPMWI!(
z8=%VkwKLt^Mb?O$!}UG9WO{Nm2}}u7;5y!FC>MpmE-e2&$^}drpcMX8Xu1EqL5@p`
zdTP=FKSyymp`T*1s_Z9DeZ?W=5>+$98(n!bX;A`PriD=RFkUJIB_e%@N$oJV_pMz)
z>DR)VFZI$Ip%xPx)d#LoH8*8%kVzt`d4ti&ab&pshxbIw$&cK&-4tF{Co|90(;n^?
zGM1WHo0>bu@Rl%@5!O_`IC0E}NkM8M8e1>YCxZk~wlpm1Zux@*XBMlfs+2+dd^I^0
z$cik@hr3S*9_Jc42qLx{%TnDc&a*PurPHjtfWJRXuN$p4pYL!}_^F8D$y|M|Kh6K*
zDt>_#W>lBw|B)9KZ)cHrr_ryeGv#nH&)j~qy~zIQ`C?sP3ghdu_1HW)T`))?@sRA)
z(TS`q|Mj>;<Xrr>?0#NzO+`l=Q!-hDIFfZI!5<AjLq;;Ttt}8X&#hRadz86~x}rPC
z0!d_3RT?KZ9V{CK7KaAoh>TzN)h~{wxwDy@3==*q3APCd36_Zv_1Q{Ar#?JMc{?R!
z<~LWLRDC3_fFk&-aXHZHwFm#0Td~*X$$1!9_A_1`BaE4gi@6e%$EcSRDv*&Q&WSv{
zY8*=(&Cs7@Clo~Rj#ZtWQ64@OzILvvvwh>5#mgrIN6D*VW5TW)%o!wlC$-u-sYm1w
zwww|D-NvxUq#{!}AtLSfo^F|*Xw2BPJufRQ4c%NV7@`tNq@w4ew7S74Q$=vZJehK2
zk_BN0Q|4Jdj!z^@>}i)$>@ne2skz|d*~xKHwcxjq^4LJ|Js#mnP^YVRXH}%NGN-gh
z5o_s<J|_b|cK^8j@Vc1^$aUdY*2PK1@-Upx9b6&SwO~gz+KT_pLaSJgJRT61Wl@FO
zEz|9JPE3=#enIO=z%vlCY(A359FP~k$f%IMoF3dXwrvO<F`oz@5mE@cW~Kxw7{?6_
z#>N%Jp2#4WyQAYmKFJtM3A#UI$g<u+>~*a4@-~amTfMTRCya~R5XO5?tmbgOEFCGU
zY^z|~lU-(67diXFserFspi!Wax0$3;eL1vyC8EY#k)yWsICh-Rwo25MH%!>$z0|kP
zOk3dxt<S@r_G&KBB0b~2^hR3ls10k3RBvB4d_}8#p4g~sRobLOV|Cr=J(UA9Fn;ss
z_T8f-wXL#T^<7pengnXfCkd2Iaw@l&Igih!;!dym|I^Y#8mDmc7!3x4$LZZD-}M}o
z-zdkS+`b@!{pmUSua+Gc;NO2XgLuIIXuZ*JQ&W9QhVViDDhRL1#gEHzW3w0`<e%i5
zoK$Vi@ul_+HmIqkD`3^0Ku5(yHSEH|#xayqp4K9LSBfWus#UEeWmn#_mTcqvy-;qd
zzI@d|;E)-GSWxiV=<%)H*J+Qrrsm7WW)J4@;eZ%vCNab{(aX3uIdRW8!^0!anV^#w
zFp;AV!EL(jgk_Y*3$}6I4u%r()T)cmT5Zb46&lRXqA_;tew&!N<Jbp+UWOQNT;Xqg
z59G$B=J7_>>5IOReA&AJW!vCkQA{a`>{UL!&dH!mr}@mMcg=Ur!o>%p2XgZXF$11)
zgP^aQ=;#qbB2P$iGUA8`sXrf_OG&ld?h-$23lCP>lS@nfkQU3w!o>hGGBH&<D#{wM
zB<m>AC8y@`F(d<t^s+unqU`erge5DR;vBwx7Veh0ZzN=33hGIE-D~wdGr1id;E+_8
zRNpILD)jk1j&UG>9hZU8L^hctmZIyFJDdBHj$9sMXYh^rbN*PtaLMclv@a;dSUT}d
z9Q+Vvc!hm`lE@U6Ang|a*|>q-)Q+<jQdk@rh4F<^THNas$8eZxy^HceU|M)d_m#rc
zV@T>zRSYY9>ZHHj57oM?*rsGiy=3*H3f9uxm)fQsPL0|{NiQQw-C7`V`42uF<NhGR
zbcR{PMpA~ggK>X?_Yd(6O-&1SpkZ7U&rv784+og+m+F8x1XX~5sadNXh3wTkf8H?0
z-@&1F;@eJb<V^FA80Se{x5rM)2-wQ;R&NHL97Lu7KH~738;)69v<Ue7Ah{xwxTL+a
zMQlRUb%uTV?-W{}{yJwec3V4$dTWc_o0QLr=w=@^hzS2O<AHYLxPS2Tr$f;bu4mw~
z81;4e$!Xslfpm6*)<q@+C-th!`dm$3jfs<|t`Z(y^fVeKN7UlS*IZrs$Q4Z;O`6jF
zu{HTerVgt0MHo7=9Ki3?@gsagfxXky#~7oNojNFb#Pih^vUcRcyA;owvCc`h23Yf+
zBBqRj0ZO<Nd86bUW~r{&d0Fb#RX#An8nKOx`4c5>Bj#|_$J6ubdS$Llr#y>%Ml#*s
z+}PcCdnY<(;G`>H=VA2YC5dk}K~XzC9JZSk6e9edU)o5SP|3$`F(wnl(P=5BTTRHr
zOLks<;E9L*#-x0BR4<du9=ldC9ho2)f|#cbCgd!L#@PKi+u$sxqd=k;;t={dtcFTh
zVo<u~^iBpfUAaj#cb>bh#Y>Bka!`Ni*^O_63PPmt^<*!ngEu37lZGU8c$sR*Z80qJ
z1qsKiTjHf4t;Zg)g-K*SiILvxN}L|54U0_<Cup+M)x~#5BZkLqhBA7)T~^zALkM)G
zfTU+G*aA2ys%=Y$h>1SRqd-v|rk-q}V^ar*`l7pIU{4!nen8#|w*EH!Rj2*gC3oZy
zr_Ztojl<KtZBTwaf6HBmh5t-_v!*F?*^;M_{g8Ud+~qgP`A9=|AiKk%r1}hownNW{
zgM}l7)bzOGf#RjcI%ZED>J6D(TW-XWOreZL_e!0q)vx9>+X34V+n+X_g^Hha@KSFE
z#51GQFS}*C<-&_%K{|nQChGO^THP_#sOkuMd<>T)E6QiKej1^=cwZ)kG-W5$CVu1_
zf2;aT19n3RAaHnBMvuSB>c{u-rYsig^<I3#$%<}`x~WzaRLLtQo9-2}ty~0RukYc$
z4$`z|7B@u#13}cwS@Jo`R8N9xH_bogSq$sXgD=+9=UV9leDypMY;u?9R%Oq#lzm^j
zY1_3-`@=J0LZ(h^Ie~*MtJz^sw#_czS!ihGLYMk!-gzoqtsF`AjUt=QXoRNh%XC+=
z%-(Bu`Fvuex1TVl`C!%?hn?Vx;1krXO@R$>mgM6aM;IySp$fac_sMVg#THw~m~JCJ
zs!U}OgMU;t)BJX*eOF>mD5lE!1$q)g3tj6qHQw~c0^^W40osXx{*4+MC!dgw*UV+g
z-jtqZvPWk}ThJm-FK_PA?&|o4qJx(@dY>9*k)@va3F$ML$f5`2RH0{E2)Bir%4Lp<
z*l?!sU0yvsqW;PQ8>Q2gNVyL$Yu<iwK@)p<Rbe$S$%WP2F!Xq^4GYh))Dt1=f=(e{
zvqY!BO5+@Y|7Fa&%ToSAh>NY(GNfq<tKf#6Lzw8xC&scL#FF2NvmTWH_?oDf`h<WQ
z860$e`K7#({G1>pkvs<ZWE$awri1WC53Z9-)RYEZ4|hf|vnM=s5)ZJd&P!ldqg5|Z
zMi=Ka?o+gD;N=vSV)Aip#+cb!RmAKR`E4=Wj8ft!5Unx7NJ|LkUipkq<y#Rh&m_yh
z@*7!phPF{ZK0MjCJ2%)Lyjf`Q%Hj|=%n4r9vh1L0YA}&Yu&^@l{RA<CbtaZD#LvCx
z=ZdiT{5@?fRyxS7MpVBPtexlnv1q+fC@(=NR|IBeZ$E^qetp4A_)EKHvzgU8ExSee
zeb@&WTVWNSM!JFdvJ!>8;3=cVQvXWkg<7_)^g8b<r-=-dNOytn(z9)6s5|oN1hhT2
zcH<2l@-C$-ewC@)FocMzY7Jvuo9hIQnF@S$bzV&dBLxH<FfAE%#F|LgO@hON_@}qy
z!anUEq+2|f&19obuWLEp7c;mdTQ^1t#EZ@3YZvh?c76Pf*GSu(EB+*Nwn;j-J=GWP
zzbEcKg*ELRXvp$-TrH<UGqd;tVB>B<m*Dp6deH_xtNCWJ!v}#Xm60>5?b7JoGB<x1
zhC7GIKghb%pqF67!lOYGS;;9<JOmn!!AqvYggG{P!IUNTES3eO=77zJNsv(Ow>gS{
zxt5_sGtV0O(89?2Mw2N5VjBGZ-@H$P@v9IMN)NcKRZ=@hiRdEG;5nYOdyD{{D<$_s
zrn%SdB{>Ta97IL-ZJ<n@g(Sbzr&djhfS+~cI*a^p1A*IbU%g*wJL^KeF>;>_S8ac0
zqZDK#)n{n?u9tS4wHjv4qIA$@G4n0C^-wNe+*I{bi7a2h`~DeUeVeh_gsva6q=FN~
zkAuH6xbeE#lDf<g?eLqXovxW1vXluTZ-1A2-U><<G7usT&D|2_(zjM^tAsoUt$1Fy
zhJ2(LQ)54^_O!5R!?H7K&3AN9HeWN*Fze*_iT^3_buKXtE*4Tn`c7NPA!NckS>e%*
zotLKaoVY(uMPz<;)GR@lK?Q@ikm)N;mSj%;ZO=(Aw5VaPp2s(zj*lok)t#a9!`kdG
z52R+2cJ@vXQe;%;6eUK6oEHb}-FXg3Kgok@wadqvA-ofOaYJd-d9a4)5JmolLSp^d
z7XWc&OP{EWqxnhBTMJXX{5)j(g?M3dqicr%pG!IKj0DX^*_n;)@6%f%G}5Ik;&GN1
z>5s2p+2Om}V1rsR`M+Y37~`g{f0zSEfe3?<IN1OMbzqg$mSqo&llJi@t~hG&m8EMp
zpVJjDLo9jC^jAQbxp0Dtdvx7)+Glp0FXMf;4+t+4JZ01Q&A}g8bB6Q;&VQ$+Z6|un
z-Rz?N-v8O8ePXaYn*ZTUv>0@7lN;0|bNT?<?O{4x^VWewW7NPwMZ&vgv;b(;(h(@?
z=MAfWnft}OnRV;Cev4@Xf1jg^bBTpEQ9Zj?hrRmfLi<Y8I}*J+r7x3ss)DR8tt{Wq
z8Ev)l8OR;8Q38dgvoZI*f>{+mf02aNAO#znhlj$Qq7xtMoN-Y?PzYgvl*#`4fwzv}
zA<8=fBG|t~4gT}i1q}4B2jRLOG$<ydD6l#%5DFtII*<<xNmPTNfc||I3PEXM0vN-L
zfgm7^3&``vm<tFrHRQT$<p*%VO(8sR6CnJJArxF^14Y?DK?B}dYxAHy{nv#T4+@Vi
z437I}^1lZi3<?E9=}hVVje&UKpgVPkKZDNZe=ryr4!P4*_y-2!<ptbD|4;1h`5lr-
z$cw^+06}1PZ<PGwTkzedyI%c&Vo=Z@ZvKgZAiVdzL18?w`xqF=%X@!4C<ywmNa1%Y
z{$KcDAQX5%R0tdl|2se)AS|&}0EHOwS4?*#-u-C#N1S&|!T-W|pn&^v0`B&6-xUB1
z<hkzy1PAckX-)hYi2sWn!~=ugcXDS8zi$lS0YdI1F8+-F*ur`KoG9}T3=9VRMK}l!
z{3ChsU-J+E0EmYNet*F`C$Rgq0e}N}?qeW0=r0yPJa-4x{=><gKR6J6pDiE|$O}W<
zn|QY%?0%|2ya3+&Sp@<?f0Y;z0s{VJ3kQSmrv$_c0{w3=i2tqpJLA8i2J(XbDjg6U
z0=%CR5HFbLe(Hd{;6G9*|3&p3(?AgPpY#I|01zAs_={FvDDZwt?u>c<!XV(kn7Lbz
z_dfl1LKlBTF#Z_~1Ofol-R1vo{HKt3z<(7I2oC$Jg27-g=spWzDDPi8hJa!4`>BJ#
zdH!?XLHy5+2YPq9@%`LE?~3pqT>vlu3jYfOf*|*E3<g4g_je2if#LTtO7PwG?$Zwg
z!Qha@Y$238C6mM^Arv}22}!u91e8Y%BnIXYh4BI;!B7BLR1_*H0+)b@i;D{h{C{WY
e{?W;Ca5S`cbhS4z#f3qD05C2yvxJf)?*9WR2mmDj

diff --git a/tzpfms.ps b/tzpfms.ps
index 0ce3f2c..1b81fa2 100644
--- a/tzpfms.ps
+++ b/tzpfms.ps
@@ -1,15 +1,15 @@
 %!PS-Adobe-3.0
 %%Creator: groff version 1.23.0
-%%CreationDate: Mon Mar 11 12:11:34 2024
+%%CreationDate: Mon Mar 11 12:13:35 2024
 %%DocumentNeededResources: font Times-Roman
 %%+ font Times-Bold
 %%+ font Courier-Bold
 %%+ font Courier-Oblique
 %%+ font Courier
-%%+ font Symbol
 %%+ font Times-Italic
+%%+ font Symbol
 %%DocumentSuppliedResources: procset grops 1.23 0
-%%Pages: 10
+%%Pages: 15
 %%PageOrder: Ascend
 %%DocumentMedia: Default 595 842 0 () ()
 %%Orientation: Portrait
@@ -237,8 +237,8 @@ setpacking
 %%IncludeResource: font Courier-Bold
 %%IncludeResource: font Courier-Oblique
 %%IncludeResource: font Courier
-%%IncludeResource: font Symbol
 %%IncludeResource: font Times-Italic
+%%IncludeResource: font Symbol
 grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
 def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 /Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
@@ -276,20 +276,389 @@ def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 %%BeginPageSetup
 BP
 %%EndPageSetup
+/F0 10/Times-Roman@0 SF(ZFS-FIDO2-ADD-B)72 48 Q -.4(AC)-.35 G 42.103
+(KUP\(8\) System).4 F(Manager')2.5 E 2.5(sM)-.55 G 39.602
+(anual ZFS-FIDO2-ADD-B)-2.5 F -.4(AC)-.35 G(KUP\(8\)).4 E/F1 10
+/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
+(zfs-fido2-add-backup)108 96 Q F0 2.5<8a61>2.5 G(llo)-2.5 E 2.5(wa)-.25
+G(nother FIDO2 de)-2.5 E(vice to unlock ZFS dataset)-.25 E F1(SYNOPSIS)
+72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q/F3 10/Courier-Oblique@0
+SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0(After)108 153.6 Q/F4 10
+/Courier@0 SF(zfs-fido2-change-key)7.564 E F0 5.064(\(8\) deri)B -.15
+(ve)-.25 G 7.563(st).15 G 5.063(he k)-7.563 F 5.363 -.15(ey f)-.1 H
+5.063(or a dataset from a FIDO2 de).15 F(vice,)-.25 E F2
+(zfs-fido2-add-backup)108 165.6 Q F0(may be e)2.5 E -.15(xe)-.15 G
+(cuted to e).15 E(xtend this to an)-.15 E 2.5(yn)-.15 G
+(umber of additional de)-2.5 E(vices.)-.25 E .273(First, the wrapping k)
+108 182.4 R .574 -.15(ey i)-.1 H 2.774(se).15 G .274
+(xtracted as normally during)-2.924 F F4(zfs-fido2-load-key)2.774 E F0
+.274(\(8\), then a credential)B 1.604(is made as-if during)108 194.4 R
+F4(zfs-fido2-change-key)4.104 E F0 1.604(\(8\) \(e)B 1.604
+(xcept the "primary" de)-.15 F 1.603(vice and all the ones)-.25 F .185
+(holding backups are e)108 206.4 R .185(xcluded from the search\); ho)
+-.15 F(we)-.25 E -.15(ve)-.25 G .985 -.4(r, t).15 H(he).4 E F4
+(hmac-secret)2.685 E F0 .185(is instead used as a sym-)2.685 F 1.555
+(metric AES-256-GCM \()108 218.4 R F4(EVP_CIPHER-AES)A F0 1.555
+(\(7ssl\)\) k)B 1.855 -.15(ey t)-.1 H 4.055(oe).15 G 1.555
+(ncrypt the wrapping k)-4.055 F 1.855 -.15(ey d)-.1 H 1.555
+(irectly with a).15 F(random IV)108 230.4 Q(.)-1.29 E(This turns the)108
+247.2 Q F4(xyz.nabijaczleweli:tzpfms.key)2.5 E F0 -.25(va)2.5 G
+(riable into).25 E F3(salt)108 259.2 Q F2(:)A F3(credential-ID)A F2(:)A
+F3(credential-public-key)A F0([)A F2(.)A F3(backup-salt)A F2(:)A F3
+(backup-credential-ID)108 271.2 Q F2(:)A F3
+(backup-credential-public-key)A F2(:)A F3(IV)A F2(:)A F3(encrypted-key)A
+F0 1.666(]...)C F4(tzpfms.key)108 288 Q F0 2.238
+(is actually a dot-separated list of de)4.738 F 2.238(vice b)-.25 F
+4.738(undles. The)-.2 F 2.239(\214rst one is as-described in)4.738 F F4
+(zfs-fido2-change-key)108 300 Q F0 5.181(\(8\). Subsequent)B 2.681
+(ones also include \(identically-encoded\) IVs and en-)5.181 F
+(crypted blobs.)108 312 Q F4(zfs-fido2-load-key)108 328.8 Q F0 .081
+(\(8\) shops assertions around de)B .081(vices in a de)-.25 F .082
+(vice-major order \212 depending on)-.25 F(de)108 340.8 Q
+(vice numbering, a backup may be loaded e)-.25 E -.15(ve)-.25 G 2.5(ni)
+.15 G 2.5(ft)-2.5 G(he primary de)-2.5 E(vice is present.)-.25 E F1
+(ENVIR)72 357.6 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4
+(TZPFMS_PASSPHRASE_HELPER)108 369.6 Q F0 .046(By def)133 381.6 R .045(a\
+ult, passphrases are prompted for and read in on the standard output an\
+d input streams.)-.1 F(If)5.045 E F4(TZPFMS_PASSPHRASE_HELPER)133 393.6
+Q F0 1.595(is set and nonempty)4.095 F 4.096(,i)-.65 G 4.096(tw)-4.096 G
+1.596(ill be run via)-4.096 F F4(/bin/)4.096 E F2 3.262(sh \255c)B F0
+(to)4.096 E(pro)133 405.6 Q(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 422.4 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 434.4 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 446.4 Q F0
+(Pre-formatted noun phrase with all the information belo)160 446.4 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 458.4 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 458.4 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 470.4 Q F0("ne)160
+470.4 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 482.4 Q F0("ag)160 482.4 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 499.2 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+511.2 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
+(FIDO2 back-end con\214guration)72 528 R(En)87 540 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F4(FIDO_DEBUG)108 552 Q F0
+(If set, enables lib\214do2 deb)173 552 Q
+(ug logging to the standard error stream.)-.2 E F1(De)87 568.8 Q .625
+(vice selection)-.15 F F0 .727(When creating, the \214rst de)108 580.8 R
+.727(vice which supports the)-.25 F F4(hmac-secret)3.226 E F0 -.15(ex)
+3.226 G .726(tension is used.).15 F .726(When loading,)5.726 F
+(the assertion is shopped around to e)108 592.8 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F1 .625(See also)87 609.6 R F0
+(The lib\214do2 documentation at https://de)108 621.6 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F1 1.666(SPECIAL THANKS)72 638.4 R
+F0 1.6 -.8(To a)108 650.4 T(ll who support further de).8 E -.15(ve)-.25
+G(lopment, in particular:).15 E F1<83>128 662.4 Q F0(ThePhD)7.5 E F1<83>
+128 674.4 Q F0(Embark Studios)7.5 E F1<83>128 686.4 Q F0(Jasper Bekk)7.5
+E(ers)-.1 E F1<83>128 698.4 Q F0(EvModder)7.5 E F1(REPOR)72 715.2 Q
+1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 727.2 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 744 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 756 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 29, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 1 2
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 41.363(ZFS-FIDO2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 38.862(anual ZFS-FIDO2-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0
+SF(zfs-fido2-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)
+-2.5 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne authenticated by a FIDO2 de)
+-2.5 E(vice)-.25 E F1(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108
+124.8 Q F0([)2.5 E F2<ad62>1.666 E/F3 10/Courier-Oblique@0 SF
+(backup-file)6 E F0(])A F3(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0
+2.867 -.8(To n)108 153.6 T 1.267(ormalise the).8 F F3(dataset)3.767 E F0
+(,)A F2(zfs-fido2-add-backup)3.766 E F0 1.266
+(will open its encryption root in its stead.)3.766 F F2
+(zfs-fido2-add-backup)108 165.6 Q F0(will)14.654 E/F4 10/Times-Italic@0
+SF(ne)14.654 E(ver)-.15 E F0 12.154(create or destro)14.654 F 14.655(ye)
+-.1 G 12.155(ncryption roots; use)-14.655 F/F5 10/Courier@0 SF
+(zfs-change-key)108 177.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the FIDO2 de)108 194.4 Q(vice, which)
+-.25 E F4(must)2.5 E F0(support the)2.5 E F5(hmac-secret)2.5 E F0 -.15
+(ex)2.5 G(tension.).15 E(If)108 211.2 Q F3(dataset)3.555 E F0 -.1(wa)
+3.555 G 3.555(sp).1 G(re)-3.555 E 1.054(viously encrypted with)-.25 F F2
+(fzifdso)3.554 E F0 1.054(and the)3.554 F F1(FIDO2)3.554 E F0 1.054
+(back-end w)3.554 F 1.054(as used, pre)-.1 F(vious)-.25 E 1.272
+(credentials will be deleted from their de)108 223.2 R 1.272
+(vices \(as-if via)-.25 F F5(zfs-fido2-clear-key)3.773 E F0 1.273
+(\(8\)\), if a)B -.25(va)-.2 G(ilable.).25 E .594
+(Otherwise, or in case of an error)108 235.2 R 3.093(,d)-.4 G .593
+(ata required for manual interv)-3.093 F .593
+(ention will be written to the standard)-.15 F(error stream.)108 247.2 Q
+(Ne)108 264 Q .464(xt, a ne)-.15 F 2.964(wc)-.25 G .464
+(redential of type ES256 is generated on the de)-2.964 F .465
+(vice \(with relying party ID)-.25 F F5(fzifdso)2.965 E F0(and)2.965 E
+.499(name equal to the dataset name\) with the)108 276 R F5(hmac-secret)
+2.999 E F0 -.15(ex)2.999 G .499(tension requested; the de).15 F .499
+(vice PIN, if an)-.25 F -.65(y,)-.15 G(is prompted for here.)108 288 Q
+(This mimicks a W)5 E(ebAuthn re)-.8 E(gistration step.)-.15 E .962(The\
+n, the credential is asserted with a 32-byte random salt, which hashes \
+it with de)108 304.8 R(vice-pri)-.25 E -.25(va)-.25 G .963(te data,).25
+F .138(and thus generates the wrapping k)108 316.8 R .438 -.15(ey \()-.1
+H .138(which is optionally back).15 F .138(ed up \(see)-.1 F F1(OPTIONS)
+2.637 E F0 2.637(\)\). This)B .137(mimicks a)2.637 F -.8(We)108 328.8 S
+(bAuthn login step.).8 E(The follo)108 345.6 Q
+(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>128
+357.6 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(FIDO2)A<83>
+128 369.6 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(salt)A F2
+(:)A F3(credential-ID)A F2(:)A F3(credential-public-key)139 381.6 Q F0
+([)A F2(.)A F0 1.666(...)1.666 G 1.666(]...)-1.666 G F5(tzpfms.backend)
+108 398.4 Q F0 .875(identi\214es this dataset for w)3.375 F .876
+(ork with)-.1 F F1(FIDO2)3.376 E F0(-back-ended)A F2(tzpfms)3.376 E F0
+.876(programs \(i.e.)3.376 F F2(fzifdso)108 410.4 Q F5
+(zfs-fido2-change-key)60.228 E F0(\(8\),)A F5(zfs-fido2-load-key)56.727
+E F0(\(8\),)A F5(zfs-fido2-add-backup)108 422.4 Q F0(\(8\), and)A F5
+(zfs-fido2-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 439.2 Q F0
+.486(is a colon-separated tuple of unpadded URL-safe base64 blobs; the \
+\214rst one is the ran-)2.985 F .217(dom salt; the second represents th\
+e ID of created credential, and the third \211 its public k)108 451.2 R
+-.15(ey)-.1 G 5.217(.T)-.5 G .216(here e)-5.217 F(xists)-.15 E
+(no other user)108 463.2 Q
+(-land tool for deciphering this; perhaps there should be.)-.2 E
+(Finally)108 480 Q 12.005(,t)-.65 G 9.505(he equi)-12.005 F -.25(va)-.25
+G 9.505(lent of).25 F F2 9.505(zfs change-key)12.005 F<ad6f>17.172 E F5
+(keylocation=prompt)15.506 E F2<ad6f>17.172 E F5(keyformat=raw)108 492 Q
+F3(dataset)6.107 E F0 .107(is performed with the ne)2.607 F 2.606(wk)
+-.25 G -.15(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606
+G .106(rror occurred, best ef)-2.606 F .106(fort is made)-.25 F
+(to clean up the properties, or to issue a note for manual interv)108
+504 Q(ention into the standard error stream.)-.15 E 4.055<418c>108 520.8
+S 1.555(nal v)-4.055 F 1.556(eri\214cation should be made by running)
+-.15 F F2 3.222(zfs-fido2-load-key \255n)4.056 F F3(dataset)7.556 E F0
+6.556(.I)C 4.056(ft)-6.556 G(hat)-4.056 E .729
+(command succeeds, all is well, b)108 532.8 R .729
+(ut otherwise the dataset can be manually rolled back to a passphrase)
+-.2 F(with)108 544.8 Q F2(zfs-fido2-clear-key)5.146 E F3(dataset)8.646 E
+F0(\(or)5.146 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
+2.646(ails to w)-.1 F(ork,)-.1 E F2 2.647(zfs change-key)5.147 F<ad6f>
+10.313 E F5(keyformat=passphrase)108 556.8 Q F3(dataset)6 E F0
+(\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
+F2(zfs-fido2-clear-key)108 573.6 Q F3(dataset)7.607 E F0 1.607
+(can be used to clear the properties and go back to using a)4.107 F
+(passphrase.)108 585.6 Q F1(OPTIONS)72 602.4 Q F2<ad62>109.666 614.4 Q
+F3(backup-file)6 E F0(Sa)203 614.4 Q .352 -.15(ve a b)-.2 H .052
+(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
+F .694(This back-up)203 626.4 R F4(must)3.194 E F0 .694
+(be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 638.4 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 650.4 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F1(ENVIR)72 667.2 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35
+E F5(TZPFMS_PASSPHRASE_HELPER)108 679.2 Q F0 .045(By def)133 691.2 R
+.045(ault, passphrases are prompted for and read in on the standard out\
+put and input streams.)-.1 F(If)5.046 E F5(TZPFMS_PASSPHRASE_HELPER)133
+703.2 Q F0 1.596(is set and nonempty)4.096 F 4.096(,i)-.65 G 4.096(tw)
+-4.096 G 1.596(ill be run via)-4.096 F F5(/bin/)4.095 E F2 3.261
+(sh \255c)B F0(to)4.095 E(pro)133 715.2 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 732 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 744 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E(fzifdso 0)72 817.889 Q
+(March 11, 2024)158.568 E(1)188.837 E 0 Cg EP
+%%Page: 2 3
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 41.363(ZFS-FIDO2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 38.862(anual ZFS-FIDO2-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Courier@0 SF($1)143 84 Q F0
+(Pre-formatted noun phrase with all the information belo)160 84 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F1($2)143 96 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 96 Q 2.5
+(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 108 Q F0("ne)160 108 Q
+(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
+-2.5 E F1($4)143 120 Q F0("ag)160 120 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .178
+(If the helper doesn')133 136.8 R 2.678(te)-.18 G .178
+(xist \(the shell e)-2.828 F .177(xits with)-.15 F/F2 10/Times-Bold@0 SF
+(127)2.677 E F0 .177(\), a diagnostic is issued and the normal prompt)B
+(is used as f)133 148.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
+-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F2
+1.666(FIDO2 back-end con\214guration)72 165.6 R(En)87 177.6 Q(vir)-.4 E
+.625(onment v)-.18 F(ariables)-.1 E F1(FIDO_DEBUG)108 189.6 Q F0
+(If set, enables lib\214do2 deb)173 189.6 Q
+(ug logging to the standard error stream.)-.2 E F2(De)87 206.4 Q .625
+(vice selection)-.15 F F0 .726(When creating, the \214rst de)108 218.4 R
+.726(vice which supports the)-.25 F F1(hmac-secret)3.227 E F0 -.15(ex)
+3.227 G .727(tension is used.).15 F .727(When loading,)5.727 F
+(the assertion is shopped around to e)108 230.4 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F2 .625(See also)87 247.2 R F0
+(The lib\214do2 documentation at https://de)108 259.2 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F2 1.666(SPECIAL THANKS)72 276 R
+F0 1.6 -.8(To a)108 288 T(ll who support further de).8 E -.15(ve)-.25 G
+(lopment, in particular:).15 E F2<83>128 300 Q F0(ThePhD)7.5 E F2<83>128
+312 Q F0(Embark Studios)7.5 E F2<83>128 324 Q F0(Jasper Bekk)7.5 E(ers)
+-.1 E F2<83>128 336 Q F0(EvModder)7.5 E F2(REPOR)72 352.8 Q 1.666
+(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 364.8 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F1
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 381.6 Q F0 83.763(,a)C(rchi)
+-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E(https://lists.sr)
+108 393.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(March 11, 2024)158.568 E(2)188.837 E 0 Cg EP
+%%Page: 1 4
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF 50.243(ZFS-FIDO2-CLEAR-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 47.742(anual ZFS-FIDO2-CLEAR-KEY\(8\))-2.5
+F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
+(zfs-fido2-clear-key)108 96 Q F0 3.587<8a72>3.587 G -.25(ew)-3.587 G
+1.087(rap ZFS dataset k).25 F 1.387 -.15(ey i)-.1 H 3.587(np).15 G
+(asssw)-3.587 E 1.087(ord and clear tzpfms FIDO2 meta-)-.1 F(data)108
+108 Q F1(SYNOPSIS)72 124.8 Q F2(zfs-fido2-add-backup)108 136.8 Q/F3 10
+/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0
+(After v)108 165.6 Q(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E
+F1(FIDO2)2.5 E F0(:)A 5(1. performs)118 177.6 R 5.642(the equi)8.142 F
+-.25(va)-.25 G 5.642(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>
+13.307 E/F4 10/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E
+F4(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. loads)118
+201.6 R .79(the primary and e)3.29 F -.15(ve)-.25 G .79
+(ry backup credential, and for each success, if the de).15 F .791
+(vice containing it)-.25 F(supports the)133 213.6 Q F4(credMgmt)2.5 E F0
+(feature and has a PIN set, tries to delete the credential from the de)
+2.5 E(vice,)-.25 E 5(3. remo)118 225.6 R -.15(ve)-.15 G 10.689(st).15 G
+(he)-10.689 E F4(xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A
+F0(,)A F4(key)14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3
+(dataset)133 237.6 Q F0(.)A -.15(Fo)108 254.4 S 5.859(re).15 G -.15(ve)
+-6.109 G 3.359(ry remo).15 F -.25(va)-.15 G 5.859(lf).25 G 3.359
+(ailure and missing de)-5.959 F 3.36
+(vice or PIN an instruction for manual remo)-.25 F -.25(va)-.15 G 5.86
+(lw).25 G(ith)-5.86 E F4(fido2-token)108 266.4 Q F0(\(1\) is issued.)A
+(See)108 283.2 Q F4(zfs-fido2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(ENVIR)72 300 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 312 Q F0 .046
+(By def)133 324 R .045(ault, passphrases are prompted for and read in o\
+n the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 336 Q F0 1.595(is set and nonempty)4.095 F
+4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 348 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 364.8 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 376.8 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 388.8 Q F0
+(Pre-formatted noun phrase with all the information belo)160 388.8 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 400.8 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 400.8 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 412.8 Q F0("ne)160
+412.8 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 424.8 Q F0("ag)160 424.8 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 441.6 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+453.6 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
+(FIDO2 back-end con\214guration)72 470.4 R(En)87 482.4 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F4(FIDO_DEBUG)108 494.4 Q F0
+(If set, enables lib\214do2 deb)173 494.4 Q
+(ug logging to the standard error stream.)-.2 E F1(De)87 511.2 Q .625
+(vice selection)-.15 F F0 .727(When creating, the \214rst de)108 523.2 R
+.727(vice which supports the)-.25 F F4(hmac-secret)3.226 E F0 -.15(ex)
+3.226 G .726(tension is used.).15 F .726(When loading,)5.726 F
+(the assertion is shopped around to e)108 535.2 Q -.15(ve)-.25 G
+(ry such de).15 E(vice.)-.25 E F1 .625(See also)87 552 R F0
+(The lib\214do2 documentation at https://de)108 564 Q -.15(ve)-.25 G
+(lopers.yubico.com/lib\214do2/.).15 E F1 1.666(SPECIAL THANKS)72 580.8 R
+F0 1.6 -.8(To a)108 592.8 T(ll who support further de).8 E -.15(ve)-.25
+G(lopment, in particular:).15 E F1<83>128 604.8 Q F0(ThePhD)7.5 E F1<83>
+128 616.8 Q F0(Embark Studios)7.5 E F1<83>128 628.8 Q F0(Jasper Bekk)7.5
+E(ers)-.1 E F1<83>128 640.8 Q F0(EvModder)7.5 E F1(REPOR)72 657.6 Q
+1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 669.6 Q
+(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 686.4 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 698.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(March 4, 2024)161.068 E(1)191.337 E 0 Cg EP
+%%Page: 1 5
+%%BeginPageSetup
+BP
+%%EndPageSetup
+/F0 10/Times-Roman@0 SF(ZFS-FIDO2-LO)72 48 Q 55.603(AD-KEY\(8\) System)
+-.35 F(Manager')2.5 E 2.5(sM)-.55 G 53.102(anual ZFS-FIDO2-LO)-2.5 F
+(AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
+/Courier-Bold@0 SF(zfs-fido2-load-key)108 96 Q F0 2.5<8a6c>2.5 G
+(oad FIDO2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 1.142(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.642 E F0 -.1
+(wa)3.642 G 3.641(se).1 G 1.141(ncrypted with)-3.641 F F2(tzpfms)3.641 E
+F0(back)3.641 E(end)-.1 E F1(FIDO2)3.641 E F0 3.641(,a)C 1.141
+(sserts the preserv)-3.641 F 1.141(ed chal-)-.15 F(lenge, HMA)108 165.6
+Q(Cking the salt with the on-de)-.4 E
+(vice secret, and loads the resulting k)-.25 E .3 -.15(ey i)-.1 H(nto)
+.15 E F3(dataset)2.5 E F0(.)A(See)108 182.4 Q/F4 10/Courier@0 SF
+(zfs-fido2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
+(OPTIONS)72 199.2 Q F2<ad6e>109.666 211.2 Q F0 3.208
+(Do a no-op/dry run, can be used e)131 211.2 R -.15(ve)-.25 G 5.708(ni)
+.15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)-.1 H 5.708
+(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.208 E -.25(va)-.25 G
+3.208(lent to).25 F F2(zfs)5.708 E(load-key)131 223.2 Q F0 -.55('s)C F2
+<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 240 Q 1.666(ONMENT V)-.3 F
+(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 252 Q F0 .046(By def)
+133 264 R .045(ault, passphrases are prompted for and read in on the st\
+andard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 276 Q F0 1.595(is set and nonempty)4.095 F
+4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 288 Q
+(vide each passphrase, instead.)-.15 E .643
+(The standard output stream of the helper is tied to an anon)133 304.8 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 316.8 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 328.8 Q F0
+(Pre-formatted noun phrase with all the information belo)160 328.8 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 340.8 Q F0
+(Either the dataset name or the element of the TPM hierarch)160 340.8 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 352.8 Q F0("ne)160
+352.8 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 364.8 Q F0("ag)160 364.8 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 381.6 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+393.6 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666(SPECIAL THANKS)
+72 410.4 R F0 1.6 -.8(To a)108 422.4 T(ll who support further de).8 E
+-.15(ve)-.25 G(lopment, in particular:).15 E F1<83>128 434.4 Q F0
+(ThePhD)7.5 E F1<83>128 446.4 Q F0(Embark Studios)7.5 E F1<83>128 458.4
+Q F0(Jasper Bekk)7.5 E(ers)-.1 E F1<83>128 470.4 Q F0(EvModder)7.5 E F1
+(REPOR)72 487.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+499.2 Q(.ht/\001nabijaczle)-.55 E(weli/fzifdso)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 516 Q F0 83.763(,a)C(rchi)
+-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E(https://lists.sr)
+108 528 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(fzifdso 0)72
+817.889 Q(February 28, 2024)153.568 E(1)183.837 E 0 Cg EP
+%%Page: 1 6
+%%BeginPageSetup
+BP
+%%EndPageSetup
 /F0 10/Times-Roman@0 SF 93.563(ZFS-TPM-LIST\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 91.062(anual ZFS-TPM-LIST\(8\))-2.5 F/F1
 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm-list)108 96 Q F0 2.5<8a70>2.5 G(rint dataset tzpfms metadata)
--2.5 E F1(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2
-<ad48>1.666 E F0 2.5(][)C F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E/F3 10
-/Courier-Oblique@0 SF(depth)6 E F0 2.5(][)C F2<ad61>-.834 E F0(|)A F2
-<ad62>1.666 E F3(back-end)6 E F0 2.5(][)C F2<ad75>-.834 E F0(|)A F2
-<ad6c>1.666 E F0(])A([)186 136.8 Q F3(filesystem)A F0(|)A F3(volume)A F0
+-2.5 E F1(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)
+2.5 E F2<ad48>1.666 E F0 2.5(][)C F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E
+/F3 10/Courier-Oblique@0 SF(depth)6 E F0 2.5(][)C F2<ad61>-.834 E F0(|)A
+F2<ad62>1.666 E F3(back-end)6 E F0 2.5(][)C F2<ad75>-.834 E F0(|)A F2
+<ad6c>1.666 E F0(])A([)234 136.8 Q F3(filesystem)A F0(|)A F3(volume)A F0
 1.666(]...)C F1(DESCRIPTION)72 153.6 Q F0(Lists the follo)108 165.6 Q
 (wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)128
-177.6 Q(back-end)128 189.6 Q F0(the)187 189.6 Q F2(tzpfms)2.979 E F0
+177.6 Q(back-end)128 189.6 Q F0(the)187 189.6 Q F2(tzpfms)2.978 E F0
 .478(back-end \(e.g.)2.978 F F1(TPM2)2.978 E F0(for)2.978 E F4
-(zfs-tpm2-change-key)2.978 E F0 .478(\(8\) or)B F1(TPM1.X)2.978 E F0
+(zfs-tpm2-change-key)2.978 E F0 .478(\(8\) or)B F1(TPM1.X)2.979 E F0
 (for)187 201.6 Q F4(zfs-tpm1x-change-key)2.5 E F0(\(8\)\), or ")A F1(-)A
 F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4(keystatus)128
 213.6 Q F1 -2.1 -.25(av a)187 213.6 T(ilable).25 E F0(or)2.5 E F1(una)
@@ -300,18 +669,18 @@ F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4(keystatus)128
 2.5 E F1(no)2.5 E F0(otherwise)2.5 E 8.743(Incoherent datasets require \
 immediate operator attention, with either the appropriate)108 254.4 R F2
 (zfs-tpm)108 266.4 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 1.778
-(program or)4.277 F F2 1.778(zfs change-key)4.278 F F0(and)4.278 E F2
+(program or)4.278 F F2 1.778(zfs change-key)4.278 F F0(and)4.278 E F2
 1.778(zfs inherit)4.278 F F0 4.278<8a69>4.278 G 4.278(ft)-4.278 G 1.778
-(he k)-4.278 F 2.078 -.15(ey b)-.1 H(e-).15 E .566(comes unloaded, the)
-108 278.4 R 3.066(yw)-.15 G .566(ill require restoration from back-up.)
--3.066 F(Ho)5.566 E(we)-.25 E -.15(ve)-.25 G 1.366 -.4(r, t).15 H .566
-(his should ne).4 F -.15(ve)-.25 G 3.065(ro).15 G(ccur)-3.065 E 3.065
-(,u)-.4 G(nless)-3.065 E
+(he k)-4.278 F 2.077 -.15(ey b)-.1 H(e-).15 E .565(comes unloaded, the)
+108 278.4 R 3.065(yw)-.15 G .566(ill require restoration from back-up.)
+-3.065 F(Ho)5.566 E(we)-.25 E -.15(ve)-.25 G 1.366 -.4(r, t).15 H .566
+(his should ne).4 F -.15(ve)-.25 G 3.066(ro).15 G(ccur)-3.066 E 3.066
+(,u)-.4 G(nless)-3.066 E
 (something went horribly wrong with the dataset properties.)108 290.4 Q
 .965(If no datasets are speci\214ed, all matching encryption roots are \
-listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F2
+listed \212 by def)108 307.2 R .965(ault, those managed by)-.1 F F2
 (tzpfms)108 319.2 Q F0(.)A F1(OPTIONS)72 336 Q F2<ad48>109.666 348 Q F0
-1.583(Scripting mode \212 remo)185 348 R 1.883 -.15(ve h)-.15 H 1.583
+1.582(Scripting mode \212 remo)185 348 R 1.882 -.15(ve h)-.15 H 1.583
 (eaders and separate \214elds by a single tab instead of).15 F
 (columnating them with spaces.)185 360 Q F2<ad72>109.666 376.8 Q F0
 (Recurse into all descendants of speci\214ed datasets.)185 376.8 Q F2
@@ -326,26 +695,28 @@ listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F2
 G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2<ad6c>109.666 446.4 Q F0
 (List only encryption roots whose k)185 446.4 Q -.15(ey)-.1 G 2.5(sa).15
 G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 463.2 Q F4($)
-108 475.2 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)108 487.2 R 18
-(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
+108 475.2 Q F2(zfs-fido2-add-backup)6 E F4 72(NAME BACK-END)108 487.2 R
+18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
 (available yes)24 F 6(tarta-zoot/home TPM2)108 511.2 R 6
-(unavailable yes)36 F($)108 535.2 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4
-24(NAME BACK-END)108 547.2 R 6(KEYSTATUS COHERENT)12 F 6(filling -)108
-559.2 R 6(available yes)54 F($)108 583.2 Q F2 1.666(zfs-tpm-list \255b)6
-F F1(TPM2)6 E F4 72(NAME BACK-END)108 595.2 R 18(KEYSTATUS COHERENT)12 F
-6(tarta-zoot/home TPM2)108 607.2 R 6(unavailable yes)36 F($)108 631.2 Q
-F2 1.666(zfs-tpm-list \255ra)6 F F3(tarta-zoot)6 E F4 72(NAME BACK-END)
-108 643.2 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 655.2 R
-18(available yes)24 F 6(tarta-zoot/home TPM2)108 667.2 R 6
-(unavailable yes)36 F 12(tarta-zoot/bkp -)108 679.2 R 18(available yes)
-54 F 18(tarta-zoot/vm -)108 691.2 R 18(available yes)54 F($)108 715.2 Q
-F2 1.666(zfs-tpm-list \255al)6 F F4 72(NAME BACK-END)108 727.2 R 6
+(unavailable yes)36 F($)108 535.2 Q F2 1.666
+(zfs-fido2-add-backup \255ad0)6 F F4 24(NAME BACK-END)108 547.2 R 6
+(KEYSTATUS COHERENT)12 F 6(filling -)108 559.2 R 6(available yes)54 F($)
+108 583.2 Q F2 1.666(zfs-fido2-add-backup \255b)6 F F1(TPM2)6 E F4 72
+(NAME BACK-END)108 595.2 R 18(KEYSTATUS COHERENT)12 F 6
+(tarta-zoot/home TPM2)108 607.2 R 6(unavailable yes)36 F($)108 631.2 Q
+F2 1.666(zfs-fido2-add-backup \255ra)6 F F3(tarta-zoot)6 E F4 72
+(NAME BACK-END)108 643.2 R 18(KEYSTATUS COHERENT)12 F 36
+(tarta-zoot TPM1.X)108 655.2 R 18(available yes)24 F 6
+(tarta-zoot/home TPM2)108 667.2 R 6(unavailable yes)36 F 12
+(tarta-zoot/bkp -)108 679.2 R 18(available yes)54 F 18(tarta-zoot/vm -)
+108 691.2 R 18(available yes)54 F($)108 715.2 Q F2 1.666
+(zfs-fido2-add-backup \255al)6 F F4 72(NAME BACK-END)108 727.2 R 6
 (KEYSTATUS COHERENT)12 F 54(filling -)108 739.2 R 6(available yes)54 F
 36(tarta-zoot TPM1.X)108 751.2 R 6(available yes)24 F 12
 (tarta-zoot/bkp -)108 763.2 R 6(available yes)54 F 18(tarta-zoot/vm -)
 108 775.2 R 6(available yes)54 F F0(tzpfms 0.3.4-33-g81add25)72 817.889
 Q(December 4, 2022)83.023 E(1)183.842 E 0 Cg EP
-%%Page: 2 2
+%%Page: 2 7
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -358,11 +729,11 @@ BP
 (EvModder)7.5 E F1(REPOR)72 160.8 Q 1.666(TING B)-.4 F(UGS)-.1 E F0
 (https://todo.sr)108 172.8 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25
 E/F2 10/Courier@0 SF(\001nabijaczleweli/tzpfms@lists.sr.ht)108 189.6 Q
-F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
+F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
 (https://lists.sr)108 201.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
 -.25 E(tzpfms 0.3.4-33-g81add25)72 817.889 Q(December 4, 2022)83.023 E
 (2)183.842 E 0 Cg EP
-%%Page: 1 3
+%%Page: 1 8
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -371,104 +742,106 @@ BP
 -2.5 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0
 SF(zfs-tpm1x-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)
 -2.5 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne stored on the TPM)-2.5 E F1
-(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>
-1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>
--.834 E F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-1.666 E F3
-(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 6.867 -.8(To n)108 153.6 T
-5.267(ormalise the).8 F F3(dataset)7.767 E F0(,)A F2(zfs-tpm-list)7.766
-E F0 5.266(will open its encryption root in its stead.)7.766 F F2
-(zfs-tpm-list)108 165.6 Q F0(will)2.5 E/F4 10/Times-Italic@0 SF(ne)2.5 E
-(ver)-.15 E F0(create or destro)2.5 E 2.5(ye)-.1 G(ncryption roots; use)
--2.5 E/F5 10/Courier@0 SF(zfs-change-key)2.5 E F0(\(8\) for that.)A
-(First, a connection is made to the TPM, which)108 182.4 Q F4(must)2.5 E
-F0(be TPM-1.X-compatible.)2.5 E(If)108 199.2 Q F3(dataset)3.176 E F0 -.1
+(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2
+<ad62>1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2
+<ad50>-.834 E F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-1.666
+E F3(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 2.866 -.8(To n)108 153.6
+T 1.266(ormalise the).8 F F3(dataset)3.766 E F0(,)A F2
+(zfs-fido2-add-backup)3.766 E F0 1.266
+(will open its encryption root in its stead.)3.766 F F2
+(zfs-fido2-add-backup)108 165.6 Q F0(will)14.655 E/F4 10/Times-Italic@0
+SF(ne)14.655 E(ver)-.15 E F0 12.154(create or destro)14.655 F 14.654(ye)
+-.1 G 12.154(ncryption roots; use)-14.654 F/F5 10/Courier@0 SF
+(zfs-change-key)108 177.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 194.4 Q F4(must)2.5 E
+F0(be TPM-1.X-compatible.)2.5 E(If)108 211.2 Q F3(dataset)3.176 E F0 -.1
 (wa)3.176 G 3.176(sp).1 G(re)-3.176 E .676(viously encrypted with)-.25 F
 F2(tzpfms)3.176 E F0 .676(and the)3.176 F F1(TPM1.X)3.176 E F0 .676
 (back-end w)3.176 F .676(as used, the meta-)-.1 F .926
-(data will be silently cleared.)108 211.2 R .926
+(data will be silently cleared.)108 223.2 R .926
 (Otherwise, or in case of an error)5.926 F 3.426(,d)-.4 G .926
 (ata required for manual interv)-3.426 F(ention)-.15 E
-(will be written to the standard error stream.)108 223.2 Q(Ne)108 240 Q
+(will be written to the standard error stream.)108 235.2 Q(Ne)108 252 Q
 .294(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594 -.15
 (ey i)-.1 H 2.794(sg).15 G .294(enerated on the TPM, optionally back)
 -2.794 F .294(ed up \(see)-.1 F F1(OPTIONS)2.794 E F0 .294
 (\), and sealed)B .586(on the TPM; the user is prompted for an optional\
- passphrase to protect the k)108 252 R .885 -.15(ey w)-.1 H .585
-(ith, and for the SRK).15 F(passphrase, set when taking o)108 264 Q
+ passphrase to protect the k)108 264 R .885 -.15(ey w)-.1 H .585
+(ith, and for the SRK).15 F(passphrase, set when taking o)108 276 Q
 (wnership, if not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E(The follo)
-108 280.8 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
-<83>128 292.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
-(TPM1.X)A<83>128 304.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A
+108 292.8 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
+<83>128 304.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
+(TPM1.X)A<83>128 316.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A
 F3(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)
-108 321.6 Q F0 2.207(identi\214es this dataset for w)4.707 F 2.207
+108 333.6 Q F0 2.207(identi\214es this dataset for w)4.707 F 2.207
 (ork with)-.1 F F1(TPM1.X)4.707 E F0(-back-ended)A F2(tzpfms)4.708 E F0
-(programs)4.708 E(\(namely)108 333.6 Q F5(zfs-tpm1x-change-key)37.249 E
+(programs)4.708 E(\(namely)108 345.6 Q F5(zfs-tpm1x-change-key)37.249 E
 F0(\(8\),)A F5(zfs-tpm1x-load-key)37.248 E F0 34.748(\(8\), and)B F5
-(zfs-tpm1x-clear-key)108 345.6 Q F0(\(8\)\).)A F5(tzpfms.key)108 362.4 Q
+(zfs-tpm1x-clear-key)108 357.6 Q F0(\(8\)\).)A F5(tzpfms.key)108 374.4 Q
 F0 1.412(is a colon-separated pair of he)3.912 F 1.412
 (xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the)-.15 F .868
-(\214rst one represents the RSA k)108 374.4 R 1.168 -.15(ey p)-.1 H .867
+(\214rst one represents the RSA k)108 386.4 R 1.168 -.15(ey p)-.1 H .867
 (rotecting the blob, and it is protected with either the passphrase, if)
-.15 F(pro)108 386.4 Q 1.413(vided, or the SHA1 constant)-.15 F F5
+.15 F(pro)108 398.4 Q 1.413(vided, or the SHA1 constant)-.15 F F5
 (CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)3.914 E F0 3.914(;t)C 1.414
 (he sec-)-3.914 F .379
-(ond represents the sealed object containing the wrapping k)108 398.4 R
+(ond represents the sealed object containing the wrapping k)108 410.4 R
 -.15(ey)-.1 G 2.879(,a)-.5 G .379
 (nd is protected with the SHA1 constant)-2.879 F F5
-(B9EE715DBE4B243FAA81EA04306E063710383E35)108 410.4 Q F0 6.72(.T)C 1.72
+(B9EE715DBE4B243FAA81EA04306E063710383E35)108 422.4 Q F0 6.72(.T)C 1.72
 (here e)-6.72 F 1.721(xists no other user)-.15 F 1.721(-land tool for)
--.2 F(decrypting this; perhaps there should be.)108 422.4 Q(Finally)108
-439.2 Q 12.006(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506
+-.2 F(decrypting this; perhaps there should be.)108 434.4 Q(Finally)108
+451.2 Q 12.006(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506
 (lent of).25 F F2 9.505(zfs change-key)12.005 F<ad6f>17.171 E F5
-(keylocation=prompt)15.505 E F2<ad6f>17.171 E F5(keyformat=raw)108 451.2
+(keylocation=prompt)15.505 E F2<ad6f>17.171 E F5(keyformat=raw)108 463.2
 Q F3(dataset)6.106 E F0 .106(is performed with the ne)2.606 F 2.606(wk)
 -.25 G -.15(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606
 G .107(rror occurred, best ef)-2.606 F .107(fort is made)-.25 F
 (to clean up the properties, or to issue a note for manual interv)108
-463.2 Q(ention into the standard error stream.)-.15 E 4.056<418c>108 480
+475.2 Q(ention into the standard error stream.)-.15 E 4.056<418c>108 492
 S 1.556(nal v)-4.056 F 1.556(eri\214cation should be made by running)
 -.15 F F2 3.222(zfs-tpm1x-load-key \255n)4.056 F F3(dataset)7.555 E F0
 6.555(.I)C 4.055(ft)-6.555 G(hat)-4.055 E .729
-(command succeeds, all is well, b)108 492 R .729
+(command succeeds, all is well, b)108 504 R .729
 (ut otherwise the dataset can be manually rolled back to a passphrase)
--.2 F(with)108 504 Q F2(zfs-tpm1x-clear-key)5.147 E F3(dataset)8.647 E
+-.2 F(with)108 516 Q F2(zfs-tpm1x-clear-key)5.147 E F3(dataset)8.647 E
 F0(\(or)5.147 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
 2.646(ails to w)-.1 F(ork,)-.1 E F2 2.646(zfs change-key)5.146 F<ad6f>
-10.312 E F5(keyformat=passphrase)108 516 Q F3(dataset)6 E F0
+10.312 E F5(keyformat=passphrase)108 528 Q F3(dataset)6 E F0
 (\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F2(zfs-tpm1x-clear-key)108 532.8 Q F3(dataset)7.606 E F0 1.607
+F2(zfs-tpm1x-clear-key)108 544.8 Q F3(dataset)7.606 E F0 1.607
 (can be used to clear the properties and go back to using a)4.106 F
-(passphrase.)108 544.8 Q F1(OPTIONS)72 561.6 Q F2<ad62>109.666 573.6 Q
-F3(backup-file)6 E F0(Sa)203 573.6 Q .353 -.15(ve a b)-.2 H .052
+(passphrase.)108 556.8 Q F1(OPTIONS)72 573.6 Q F2<ad62>109.666 585.6 Q
+F3(backup-file)6 E F0(Sa)203 585.6 Q .353 -.15(ve a b)-.2 H .052
 (ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
 E F0 2.552(,w)C .052(hich must not e)-2.552 F .052(xist beforehand.)-.15
-F .693(This back-up)203 585.6 R F4(must)3.193 E F0 .694
+F .693(This back-up)203 597.6 R F4(must)3.193 E F0 .694
 (be stored securely)3.193 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
 (-site. In).25 F .694(case of a catastrophic e)3.194 F -.15(ve)-.25 G
-(nt,).15 E(the k)203 597.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)233 609.6 Q F3(dataset)6 E F5(<)6 E F3
-(backup-file)6 E F2<ad50>109.666 626.4 Q F3(PCR)6 E F0([)A F2(,)A F3
-(PCR)A F0 1.666(]...)C .639(Bind the k)203 626.4 R .939 -.15(ey t)-.1 H
+(nt,).15 E(the k)203 609.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 621.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 638.4 Q F3(PCR)6 E F0([)A F2(,)A F3
+(PCR)A F0 1.666(]...)C .639(Bind the k)203 638.4 R .939 -.15(ey t)-.1 H
 3.139(os).15 G .639(pace- or comma-separated)-3.139 F F3(PCR)3.139 E F0
 3.139(s\212i)C 3.139(ft)-3.139 G(he)-3.139 E 3.139(yc)-.15 G .638
-(hange, the wrap-)-3.139 F .462(ping k)203 638.4 R .762 -.15(ey w)-.1 H
+(hange, the wrap-)-3.139 F .462(ping k)203 650.4 R .762 -.15(ey w)-.1 H
 .462(ill not be able to be unsealed.).15 F .463
-(The minimum number of PCRs for a)5.462 F(PC TPM is)203 650.4 Q F1(24)
+(The minimum number of PCRs for a)5.462 F(PC TPM is)203 662.4 Q F1(24)
 2.5 E F0(\(numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0 2.5(]\). F)B
-(or most, this is also the maximum.)-.15 E F1(ENVIR)72 667.2 Q 1.666
-(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108 679.2 Q
-F0 .046(By def)133 691.2 R .045(ault, passphrases are prompted for and \
+(or most, this is also the maximum.)-.15 E F1(ENVIR)72 679.2 Q 1.666
+(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108 691.2 Q
+F0 .046(By def)133 703.2 R .045(ault, passphrases are prompted for and \
 read in on the standard output and input streams.)-.1 F(If)5.045 E F5
-(TZPFMS_PASSPHRASE_HELPER)133 703.2 Q F0 1.595(is set and nonempty)4.095
+(TZPFMS_PASSPHRASE_HELPER)133 715.2 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F5
-(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 715.2 Q
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 727.2 Q
 (vide each passphrase, instead.)-.15 E .643
-(The standard output stream of the helper is tied to an anon)133 732 R
+(The standard output stream of the helper is tied to an anon)133 744 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
-133 744 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+133 756 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
 (y. T)-.15 H(he ar).65 E(guments are:)-.18 E(tzpfms 0.3.4-33-g81add25)72
 817.889 Q(March 11, 2024)88.018 E(1)188.837 E 0 Cg EP
-%%Page: 2 4
+%%Page: 2 9
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -522,7 +895,7 @@ F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 475.2 Q
 (able)-.8 E(1.)108 487.2 Q(tzpfms 0.3.4-33-g81add25)72 817.889 Q
 (March 11, 2024)88.018 E(2)188.837 E 0 Cg EP
-%%Page: 1 5
+%%Page: 1 10
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -532,14 +905,14 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm1x-clear-key)108 96 Q F0 3.008<8a72>3.008 G -.25(ew)-3.008 G
 .508(rap ZFS dataset k).25 F .808 -.15(ey i)-.1 H 3.008(np).15 G(asssw)
 -3.008 E .508(ord and clear tzpfms TPM1.X meta-)-.1 F(data)108 108 Q F1
-(SYNOPSIS)72 124.8 Q F2(zfs-tpm-list)108 136.8 Q/F3 10/Courier-Oblique@0
-SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0(After v)108 165.6 Q
-(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G
-(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM1.X)
-2.5 E F0(:)A 5(1. performs)118 177.6 R 5.641(the equi)8.141 F -.25(va)
--.25 G 5.641(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.308 E
-/F4 10/Courier@0 SF(keylocation=prompt)11.642 E F2<ad6f>13.308 E F4
-(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
+(SYNOPSIS)72 124.8 Q F2(zfs-fido2-add-backup)108 136.8 Q/F3 10
+/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0
+(After v)108 165.6 Q(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E
+F1(TPM1.X)2.5 E F0(:)A 5(1. performs)118 177.6 R 5.641(the equi)8.141 F
+-.25(va)-.25 G 5.641(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>
+13.308 E/F4 10/Courier@0 SF(keylocation=prompt)11.642 E F2<ad6f>13.308 E
+F4(keyformat=passphrase)133 189.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
 201.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F4
 (xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A F0(,)A F4(key)
 14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
@@ -574,7 +947,7 @@ F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
 (https://lists.sr)108 504 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-33-g81add25)72 817.889 Q(December 4, 2022)83.023 E(1)
 183.842 E 0 Cg EP
-%%Page: 1 6
+%%Page: 1 11
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -583,13 +956,13 @@ BP
 (AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
 /Courier-Bold@0 SF(zfs-tpm1x-load-key)108 96 Q F0 2.5<8a6c>2.5 G
 (oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E F0(])A/F3
-10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 .19
-(After v)108 153.6 R(erifying)-.15 E F3(dataset)2.69 E F0 -.1(wa)2.69 G
-2.69(se).1 G .19(ncrypted with)-2.69 F F2(tzpfms)2.69 E F0(back)2.69 E
-(end)-.1 E F1(TPM1.X)2.69 E F0 .191(will unseal the k)2.69 F .491 -.15
-(ey a)-.1 H .191(nd load).15 F(it into)108 165.6 Q F3(dataset)2.5 E F0
-(.)A .236
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 .19(After v)108 153.6 R(erifying)-.15 E F3(dataset)2.69 E F0 -.1
+(wa)2.69 G 2.69(se).1 G .19(ncrypted with)-2.69 F F2(tzpfms)2.69 E F0
+(back)2.69 E(end)-.1 E F1(TPM1.X)2.69 E F0 .191(will unseal the k)2.69 F
+.491 -.15(ey a)-.1 H .191(nd load).15 F(it into)108 165.6 Q F3(dataset)
+2.5 E F0(.)A .236
 (The user is \214rst prompted for the SRK passphrase, set when taking o)
 108 182.4 R .236(wnership, if not "well-kno)-.25 F .235(wn" \(all)-.25 F
 (zeroes\); then for the additional passphrase, set when creating the k)
@@ -654,7 +1027,7 @@ F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 696 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-33-g81add25)72 817.889 Q(December 4, 2022)83.023 E(1)
 183.842 E 0 Cg EP
-%%Page: 1 7
+%%Page: 1 12
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -663,133 +1036,133 @@ BP
 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm2-change-key)108 96 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5
 E .3 -.15(ey t)-.1 H 2.5(oo).15 G(ne stored on the TPM)-2.5 E F1
-(SYNOPSIS)72 112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>
-1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>
--.834 E F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666
-(]...)C([)186 136.8 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)
-A F3(PCR)A F0 1.666(]...)C -3.332 1.666(]... [)-1.666 H F2<ad41>A F0(]])
-A F3(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0 1.677 -.8(To n)108 165.6
-T(ormalise).8 E F3(dataset)2.577 E F0(,)A F2(zfs-tpm-list)2.577 E F0
-.076(will open its encryption root in its stead.)2.576 F F2
-(zfs-tpm-list)5.076 E F0(will)108 177.6 Q/F4 10/Times-Italic@0 SF(ne)2.5
-E(ver)-.15 E F0(create or destro)2.5 E 2.5(ye)-.1 G
-(ncryption roots; use)-2.5 E/F5 10/Courier@0 SF(zfs-change-key)2.5 E F0
-(\(8\) for that.)A(First, a connection is made to the TPM, which)108
-194.4 Q F4(must)2.5 E F0(be TPM-2.0-compatible.)2.5 E(If)108 211.2 Q F3
-(dataset)3.054 E F0 -.1(wa)3.054 G 3.054(sp).1 G(re)-3.054 E .554
-(viously encrypted with)-.25 F F2(tzpfms)3.055 E F0 .555(and the)3.055 F
-F1(TPM2)3.055 E F0 .555(back-end w)3.055 F .555(as used, the pre)-.1 F
-(vious)-.25 E -.1(ke)108 223.2 S 3.06(yw)-.05 G .56
-(ill be freed from the TPM.)-3.06 F .56
-(Otherwise, or in case of an error)5.56 F 3.059(,d)-.4 G .559
-(ata required for manual interv)-3.059 F(en-)-.15 E
-(tion will be written to the standard error stream.)108 235.2 Q(Ne)108
-252 Q .294(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594
+(SYNOPSIS)72 112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2
+<ad62>1.666 E/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2
+<ad50>-.834 E F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0
+1.666(]...)C([)234 136.8 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A
+F2(,)A F3(PCR)A F0 1.666(]...)C -3.332 1.666(]... [)-1.666 H F2<ad41>A
+F0(]])A F3(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0 4.32 -.8(To n)108
+165.6 T(ormalise).8 E F3(dataset)5.22 E F0(,)A F2(zfs-fido2-add-backup)
+5.22 E F0 2.719(will open its encryption root in its stead.)5.22 F F2
+(zfs-fido2-add-backup)108 177.6 Q F0(will)14.654 E/F4 10/Times-Italic@0
+SF(ne)14.654 E(ver)-.15 E F0 12.154(create or destro)14.654 F 14.655(ye)
+-.1 G 12.155(ncryption roots; use)-14.655 F/F5 10/Courier@0 SF
+(zfs-change-key)108 189.6 Q F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 206.4 Q F4(must)2.5 E
+F0(be TPM-2.0-compatible.)2.5 E(If)108 223.2 Q F3(dataset)3.055 E F0 -.1
+(wa)3.055 G 3.055(sp).1 G(re)-3.055 E .555(viously encrypted with)-.25 F
+F2(tzpfms)3.055 E F0 .555(and the)3.055 F F1(TPM2)3.055 E F0 .554
+(back-end w)3.054 F .554(as used, the pre)-.1 F(vious)-.25 E -.1(ke)108
+235.2 S 3.059(yw)-.05 G .559(ill be freed from the TPM.)-3.059 F .56
+(Otherwise, or in case of an error)5.56 F 3.06(,d)-.4 G .56
+(ata required for manual interv)-3.06 F(en-)-.15 E
+(tion will be written to the standard error stream.)108 247.2 Q(Ne)108
+264 Q .295(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594
 -.15(ey i)-.1 H 2.794(sg).15 G .294
 (enerated on the TPM, optionally back)-2.794 F .294(ed up \(see)-.1 F F1
-(OPTIONS)2.794 E F0 .294(\), and sealed)B .589
-(to a persistent object on the TPM under the o)108 264 R .589
-(wner hierarch)-.25 F .588(y; if there is a passphrase set on the o)-.05
-F(wner)-.25 E(hierarch)108 276 Q 1.602 -.65(y, t)-.05 H .302
+(OPTIONS)2.794 E F0 .294(\), and sealed)B .588
+(to a persistent object on the TPM under the o)108 276 R .589
+(wner hierarch)-.25 F .589(y; if there is a passphrase set on the o)-.05
+F(wner)-.25 E(hierarch)108 288 Q 1.603 -.65(y, t)-.05 H .302
 (he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .302
 (ys prompted for an optional passphrase to protect).1 F
-(the sealed object with.)108 288 Q(The follo)108 304.8 Q
+(the sealed object with.)108 300 Q(The follo)108 316.8 Q
 (wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>128
-316.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>
-128 328.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
-(persistent-object-ID)A F0([)139 340.8 Q F2(;)A F3(algorithm)A F2(:)A F3
+328.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>
+128 340.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
+(persistent-object-ID)A F0([)139 352.8 Q F2(;)A F3(algorithm)A F2(:)A F3
 (PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3
 (algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C
-1.666(]...)-1.666 G(])-1.666 E F5(tzpfms.backend)108 357.6 Q F0 3.287
-(identi\214es this dataset for w)5.788 F 3.287(ork with)-.1 F F1(TPM2)
-5.787 E F0(-back-ended)A F2(tzpfms)5.787 E F0(programs)5.787 E(\(namely)
-108 369.6 Q F5(zfs-tpm2-change-key)41.248 E F0(\(8\),)A F5
-(zfs-tpm2-load-key)41.248 E F0 38.749(\(8\), and)B F5
-(zfs-tpm2-clear-key)108 381.6 Q F0(\(8\)\).)A F5(tzpfms.key)108 398.4 Q
-F0 1.509(is an inte)4.009 F 1.509
+1.666(]...)-1.666 G(])-1.666 E F5(tzpfms.backend)108 369.6 Q F0 3.287
+(identi\214es this dataset for w)5.787 F 3.287(ork with)-.1 F F1(TPM2)
+5.787 E F0(-back-ended)A F2(tzpfms)5.788 E F0(programs)5.788 E(\(namely)
+108 381.6 Q F5(zfs-tpm2-change-key)41.249 E F0(\(8\),)A F5
+(zfs-tpm2-load-key)41.248 E F0 38.748(\(8\), and)B F5
+(zfs-tpm2-clear-key)108 393.6 Q F0(\(8\)\).)A F5(tzpfms.key)108 410.4 Q
+F0 1.508(is an inte)4.008 F 1.509
 (ger representing the sealed object, optionally follo)-.15 F 1.509
-(wed by a semicolon and)-.25 F .822(PCR list as speci\214ed with)108
-410.4 R F2<ad50>4.988 E F0 3.322(,n)C .822(ormalised to be)-3.322 F F2
-(tpm-tools)3.322 E F0 .823(-toolchain-compatible; if needed, it can)B
-.866(be passed to)108 422.4 R F2 2.532(tpm2_unseal \255c)3.366 F F5
+(wed by a semicolon and)-.25 F .823(PCR list as speci\214ed with)108
+422.4 R F2<ad50>4.988 E F0 3.322(,n)C .822(ormalised to be)-3.322 F F2
+(tpm-tools)3.322 E F0 .822(-toolchain-compatible; if needed, it can)B
+.865(be passed to)108 434.4 R F2 2.532(tpm2_unseal \255c)3.366 F F5
 (${tzpfms.key)6.866 E F2(%%)A F5(;)A/F6 10/Symbol SF(*)A F5(})A F0(with)
-3.366 E F2<ad70>5.032 E F0(")6.866 E F5(str:${passphrase})A F0 3.365("o)
-C(r)-3.365 E F2<ad70>109.666 434.4 Q F0(")6.727 E F5(pcr:${tzpfms.key)A
-F2(#)A F6(*)A F5(;})A F0 .727(", as the case may be, or equi)B -.25(va)
--.25 G .728(lent, for back-up \(see).25 F F1(OPTIONS)3.228 E F0(\).)A
-.448(If you ha)108 446.4 R .748 -.15(ve a s)-.2 H .448(ealed k).15 F
+3.366 E F2<ad70>5.032 E F0(")6.866 E F5(str:${passphrase})A F0 3.366("o)
+C(r)-3.366 E F2<ad70>109.666 446.4 Q F0(")6.728 E F5(pcr:${tzpfms.key)A
+F2(#)A F6(*)A F5(;})A F0 .728(", as the case may be, or equi)B -.25(va)
+-.25 G .727(lent, for back-up \(see).25 F F1(OPTIONS)3.227 E F0(\).)A
+.447(If you ha)108 458.4 R .747 -.15(ve a s)-.2 H .447(ealed k).15 F
 .748 -.15(ey y)-.1 H .448(ou can access with that or equi).15 F -.25(va)
--.25 G .447(lent tool and set both of these properties, it).25 F
-(will funxion seamlessly)108 458.4 Q(.)-.65 E(Finally)108 475.2 Q 12.005
-(,t)-.65 G 9.505(he equi)-12.005 F -.25(va)-.25 G 9.505(lent of).25 F F2
-9.505(zfs change-key)12.005 F<ad6f>17.172 E F5(keylocation=prompt)15.506
-E F2<ad6f>17.172 E F5(keyformat=raw)108 487.2 Q F3(dataset)6.107 E F0
-.107(is performed with the ne)2.607 F 2.606(wk)-.25 G -.15(ey)-2.706 G
-5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .106
-(rror occurred, best ef)-2.606 F .106(fort is made)-.25 F .289(to clean\
+-.25 G .448(lent tool and set both of these properties, it).25 F
+(will funxion seamlessly)108 470.4 Q(.)-.65 E(Finally)108 487.2 Q 12.006
+(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506(lent of).25 F F2
+9.505(zfs change-key)12.005 F<ad6f>17.171 E F5(keylocation=prompt)15.505
+E F2<ad6f>17.171 E F5(keyformat=raw)108 499.2 Q F3(dataset)6.106 E F0
+.106(is performed with the ne)2.606 F 2.606(wk)-.25 G -.15(ey)-2.706 G
+5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .107
+(rror occurred, best ef)-2.606 F .107(fort is made)-.25 F .289(to clean\
  up the persistent object and properties, or to issue a note for manual\
- interv)108 499.2 R .29(ention into the stan-)-.15 F(dard error stream.)
-108 511.2 Q 2.625<418c>108 528 S .125(nal v)-2.625 F .125
-(eri\214cation should be made by running)-.15 F F2 1.79
-(zfs-tpm2-load-key \255n)2.624 F F3(dataset)6.124 E F0 5.124(.I)C 2.624
-(ft)-5.124 G .124(hat com-)-2.624 F .506(mand succeeds, all is well, b)
-108 540 R .506(ut otherwise the dataset can be manually rolled back to \
-a passphrase with)-.2 F F2(zfs-tpm2-clear-key)108 552 Q F3(dataset)
-11.539 E F0(\(or)8.039 E 8.039(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)
+ interv)108 511.2 R .289(ention into the stan-)-.15 F
+(dard error stream.)108 523.2 Q 2.624<418c>108 540 S .124(nal v)-2.624 F
+.124(eri\214cation should be made by running)-.15 F F2 1.791
+(zfs-tpm2-load-key \255n)2.625 F F3(dataset)6.125 E F0 5.125(.I)C 2.625
+(ft)-5.125 G .125(hat com-)-2.625 F .507(mand succeeds, all is well, b)
+108 552 R .506(ut otherwise the dataset can be manually rolled back to \
+a passphrase with)-.2 F F2(zfs-tpm2-clear-key)108 564 Q F3(dataset)
+11.538 E F0(\(or)8.039 E 8.039(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)
 -8.039 F 5.539(ails to w)-.1 F(ork,)-.1 E F2 5.539(zfs change-key)8.039
-F<ad6f>13.204 E F5(keyformat=passphrase)108 564 Q F3(dataset)6 E F0
+F<ad6f>13.205 E F5(keyformat=passphrase)108 576 Q F3(dataset)6 E F0
 (\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F2(zfs-tpm2-clear-key)108 580.8 Q F3(dataset)6.029 E F0 .029
+F2(zfs-tpm2-clear-key)108 592.8 Q F3(dataset)6.029 E F0 .029
 (can be used to free the TPM persistent object and go back to us-)2.529
-F(ing a passphrase.)108 592.8 Q F1(OPTIONS)72 609.6 Q F2<ad62>109.666
-621.6 Q F3(backup-file)6 E F0(Sa)203 621.6 Q .353 -.15(ve a b)-.2 H .052
+F(ing a passphrase.)108 604.8 Q F1(OPTIONS)72 621.6 Q F2<ad62>109.666
+633.6 Q F3(backup-file)6 E F0(Sa)203 633.6 Q .352 -.15(ve a b)-.2 H .052
 (ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
-E F0 2.552(,w)C .052(hich must not e)-2.552 F .052(xist beforehand.)-.15
-F .693(This back-up)203 633.6 R F4(must)3.193 E F0 .694
-(be stored securely)3.193 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
-(-site. In).25 F .694(case of a catastrophic e)3.194 F -.15(ve)-.25 G
-(nt,).15 E(the k)203 645.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)233 657.6 Q F3(dataset)6 E F5(<)6 E F3
-(backup-file)6 E F2<ad50>109.666 674.4 Q F3(algorithm)6 E F2(:)A F3(PCR)
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
+F .694(This back-up)203 645.6 R F4(must)3.194 E F0 .694
+(be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 657.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F2(zfs load-key)233 669.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 686.4 Q F3(algorithm)6 E F2(:)A F3(PCR)
 A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)
 A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)
--1.666 G 1.425(Bind the k)203 686.4 R 1.725 -.15(ey t)-.1 H 3.925(os).15
-G 1.425(pace- or comma-separated)-3.925 F F3(PCR)3.924 E F0 3.924(sw)C
-1.424(ithin their corresponding)-3.924 F(hashing)203 698.4 Q F3
-(algorithm)2.523 E F0 2.523<8a69>2.523 G 2.523(ft)-2.523 G(he)-2.523 E
+-1.666 G 1.424(Bind the k)203 698.4 R 1.724 -.15(ey t)-.1 H 3.924(os).15
+G 1.424(pace- or comma-separated)-3.924 F F3(PCR)3.925 E F0 3.925(sw)C
+1.425(ithin their corresponding)-3.925 F(hashing)203 710.4 Q F3
+(algorithm)2.524 E F0 2.524<8a69>2.524 G 2.523(ft)-2.524 G(he)-2.523 E
 2.523(yc)-.15 G .023(hange, the wrapping k)-2.523 F .323 -.15(ey w)-.1 H
-.024(ill not be able to be).15 F 2.5(unsealed. There)203 710.4 R(are)2.5
+.023(ill not be able to be).15 F 2.5(unsealed. There)203 722.4 R(are)2.5
 E F1(24)2.5 E F0(PCRs, numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0(].)
-A F3(algorithm)203 727.2 Q F0 2.968(may be an)5.469 F 5.468(yo)-.15 G
+A F3(algorithm)203 739.2 Q F0 2.968(may be an)5.468 F 5.468(yo)-.15 G
 5.468(fc)-5.468 G(ase-insensiti)-5.468 E 3.268 -.15(ve ")-.25 H F1(sha1)
-.15 E F0 2.968(", ")B F1(sha256)A F0 2.968(", ")B F1(sha384)A F0(",)A(")
-203 739.2 Q F1(sha512)A F0 4.983(", ")B F1(sm3_256)A F0 4.983(", ")B F1
+.15 E F0 2.968(", ")B F1(sha256)A F0 2.969(", ")B F1(sha384)A F0(",)A(")
+203 751.2 Q F1(sha512)A F0 4.983(", ")B F1(sm3_256)A F0 4.983(", ")B F1
 (sm3-256)A F0 4.983(", ")B F1(sha3_256)A F0 4.983(", ")B F1(sha3-256)A
-F0 4.983(", ")B F1(sha3_384)A F0(",)A(")203 751.2 Q F1(sha3-384)A F0
+F0 4.983(", ")B F1(sha3_384)A F0(",)A(")203 763.2 Q F1(sha3-384)A F0
 (", ")A F1(sha3_512)A F0(", or ")A F1(sha3-512)A F0
 (", and must be supported by the TPM.)A(tzpfms 0.3.4-33-g81add25)72
 817.889 Q(March 11, 2024)88.018 E(1)188.837 E 0 Cg EP
-%%Page: 2 8
+%%Page: 2 13
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF 44.133(ZFS-TPM2-CHANGE-KEY\(8\) System)72 48 R
 (Manager')2.5 E 2.5(sM)-.55 G 41.632(anual ZFS-TPM2-CHANGE-KEY\(8\))-2.5
 F/F1 10/Courier-Bold@0 SF<ad41>109.666 84 Q F0 -.4(Wi)203 84 S(th).4 E
-F1<ad50>4.589 E F0 2.923(,a)C .422(lso prompt for a passphrase.)-2.923 F
-.422(This is skipped by def)5.422 F .422(ault because the)-.1 F .675
+F1<ad50>4.588 E F0 2.922(,a)C .422(lso prompt for a passphrase.)-2.922 F
+.422(This is skipped by def)5.422 F .423(ault because the)-.1 F .675
 (passphrase is)203 96 R/F2 10/Times-Italic@0 SF(OR)3.175 E F0 .675
 (ed with the PCR polic)B 3.175(y\212t)-.15 G .675(he wrapping k)-3.175 F
 .975 -.15(ey c)-.1 H .675(an be unsealed).15 F F2(either)203 108 Q F0
-1.39(passphraseless with the right PCRs)3.89 F F2(or)3.89 E F0 1.389
+1.389(passphraseless with the right PCRs)3.889 F F2(or)3.89 E F0 1.39
 (with the passphrase, and this is)3.89 F(usually not the intent.)203 120
 Q/F3 10/Times-Bold@0 SF(ENVIR)72 136.8 Q 1.666(ONMENT V)-.3 F(ARIABLES)
--1.35 E/F4 10/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)108 148.8 Q F0 .045
+-1.35 E/F4 10/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)108 148.8 Q F0 .046
 (By def)133 160.8 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.046 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 172.8 Q F0 1.596(is set and nonempty)4.096
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 172.8 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
-(/bin/)4.095 E F1 3.261(sh \255c)B F0(to)4.095 E(pro)133 184.8 Q
+(/bin/)4.096 E F1 3.262(sh \255c)B F0(to)4.096 E(pro)133 184.8 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 201.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -802,10 +1175,10 @@ F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
 249.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
 (assphrase, otherwise blank)-2.5 E F4($4)143 261.6 Q F0("ag)160 261.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 278.4 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F3(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 278.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F3(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 290.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F3 1.666
 (TPM2 back-end con\214guration)72 307.2 R(En)87 319.2 Q(vir)-.4 E .625
@@ -814,13 +1187,13 @@ Q 2.5(yo)-.15 G(f:)-2.5 E F3(NONE)2.5 E F0(,)A F3(ERR)2.5 E(OR)-.3 E F0
 (,)A F3 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F3(INFO)2.5 E F0(,)A F3(DEB)2.5
 E(UG)-.1 E F0(,)A F3(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E
 F3 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F3 .625(TPM selection)87 348 R F0
-.621(The library)108 360 R F1(libtss2-tcti-default.so)3.121 E F0 .621
-(can be link)3.121 F .621(ed to an)-.1 F 3.122(yo)-.15 G 3.122(ft)-3.122
-G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
-(li-)3.122 E .781(braries to select the def)108 372 R .781
-(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4
-(/dev/tpm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4(localhost:2321)3.28 E F0
-(will be tried, in order \(see)108 384 Q F4(ESYS_CONTEXT)2.5 E F0
+.622(The library)108 360 R F1(libtss2-tcti-default.so)3.122 E F0 .622
+(can be link)3.122 F .621(ed to an)-.1 F 3.121(yo)-.15 G 3.121(ft)-3.121
+G(he)-3.121 E F4(libtss2-tcti-)3.121 E/F5 10/Symbol SF(*)A F4(.so)A F0
+(li-)3.121 E .78(braries to select the def)108 372 R .78
+(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.281 E F0 3.281(,t)C(hen)-3.281 E
+F4(/dev/tpm0)3.281 E F0 3.281(,t)C(hen)-3.281 E F4(localhost:2321)3.281
+E F0(will be tried, in order \(see)108 384 Q F4(ESYS_CONTEXT)2.5 E F0
 (\(3\)\).)A F3 .625(See also)87 400.8 R F0 2.247
 (The tpm2-tss git repository at https://github)108 412.8 R
 (.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1 F
@@ -837,7 +1210,7 @@ G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
 F3<83>128 542.4 Q F0(EvModder)7.5 E F3(REPOR)72 559.2 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 571.2 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 588 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 600 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E F3 1.666(SEE ALSO)72 616.8 R F4(tpm2_unseal)108 628.8 Q F0(\(1\))A
 (PCR allocations: https://wiki.archlinux.or)108 645.6 Q(g/title/T)-.18 E
@@ -847,7 +1220,7 @@ E F3 1.666(SEE ALSO)72 616.8 R F4(tpm2_unseal)108 628.8 Q F0(\(1\))A
 r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 669.6 Q
 (able)-.8 E(1.)108 681.6 Q(tzpfms 0.3.4-33-g81add25)72 817.889 Q
 (March 11, 2024)88.018 E(2)188.837 E 0 Cg EP
-%%Page: 1 9
+%%Page: 1 14
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -857,13 +1230,13 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 (zfs-tpm2-clear-key)108 96 Q F0 2.5<8a72>2.5 G -.25(ew)-2.5 G
 (rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G(asssw)-2.5 E
 (ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72 112.8 Q F2
-(zfs-tpm-list)108 124.8 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1
-(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q(erifying)-.15 E F3
+(zfs-fido2-add-backup)108 124.8 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5
+E F1(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q(erifying)-.15 E F3
 (dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2
 (tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 5
-(1. performs)118 165.6 R 5.641(the equi)8.141 F -.25(va)-.25 G 5.641
-(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.308 E/F4 10
-/Courier@0 SF(keylocation=prompt)11.642 E F2<ad6f>13.308 E F4
+(1. performs)118 165.6 R 5.642(the equi)8.142 F -.25(va)-.25 G 5.642
+(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.307 E/F4 10
+/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E F4
 (keyformat=passphrase)133 177.6 Q F3(dataset)6 E F0(,)A 5(2. frees)118
 189.6 R(the sealed k)2.5 E .3 -.15(ey p)-.1 H(re).15 E
 (viously used to encrypt)-.25 E F3(dataset)2.5 E F0(,)A 5(3. remo)118
@@ -872,12 +1245,12 @@ F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10/Courier-Bold@0 SF
 14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
 213.6 Q F0(.)A(See)108 230.4 Q F4(zfs-tpm2-change-key)2.5 E F0
 (\(8\) for a detailed description.)A F1(ENVIR)72 247.2 Q 1.666(ONMENT V)
--.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 259.2 Q F0 .045
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 259.2 Q F0 .046
 (By def)133 271.2 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.046 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F0 1.596(is set and nonempty)4.096
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
-(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 295.2 Q
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 295.2 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 312 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -889,10 +1262,10 @@ F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
 2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 360 Q F0("ne)160 360 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
 -2.5 E F4($4)143 372 Q F0("ag)160 372 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 388.8 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F1(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 388.8 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 400.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM2 back-end con\214guration)72 417.6 R(En)87 429.6 Q(vir)-.4 E .625
@@ -901,13 +1274,13 @@ Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0
 (,)A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5
 E(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E
 F1 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)87 458.4 R F0
-.621(The library)108 470.4 R F2(libtss2-tcti-default.so)3.121 E F0 .621
-(can be link)3.121 F .621(ed to an)-.1 F 3.122(yo)-.15 G 3.122(ft)-3.122
-G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
-(li-)3.122 E .781(braries to select the def)108 482.4 R .781
-(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4
-(/dev/tpm0)3.28 E F0 3.28(,t)C(hen)-3.28 E F4(localhost:2321)3.28 E F0
-(will be tried, in order \(see)108 494.4 Q F4(ESYS_CONTEXT)2.5 E F0
+.622(The library)108 470.4 R F2(libtss2-tcti-default.so)3.122 E F0 .622
+(can be link)3.122 F .621(ed to an)-.1 F 3.121(yo)-.15 G 3.121(ft)-3.121
+G(he)-3.121 E F4(libtss2-tcti-)3.121 E/F5 10/Symbol SF(*)A F4(.so)A F0
+(li-)3.121 E .78(braries to select the def)108 482.4 R .78
+(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.281 E F0 3.281(,t)C(hen)-3.281 E
+F4(/dev/tpm0)3.281 E F0 3.281(,t)C(hen)-3.281 E F4(localhost:2321)3.281
+E F0(will be tried, in order \(see)108 494.4 Q F4(ESYS_CONTEXT)2.5 E F0
 (\(3\)\).)A F1 .625(See also)87 511.2 R F0 2.247
 (The tpm2-tss git repository at https://github)108 523.2 R
 (.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1 F
@@ -924,11 +1297,11 @@ G(he)-3.122 E F4(libtss2-tcti-)3.122 E/F5 10/Symbol SF(*)A F4(.so)A F0
 F1<83>128 652.8 Q F0(EvModder)7.5 E F1(REPOR)72 669.6 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 681.6 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 698.4 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 710.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)
 -.25 E(tzpfms 0.3.4-33-g81add25)72 817.889 Q(December 4, 2022)83.023 E
 (1)183.842 E 0 Cg EP
-%%Page: 1 10
+%%Page: 1 15
 %%BeginPageSetup
 BP
 %%EndPageSetup
@@ -937,28 +1310,28 @@ BP
 (AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E/F2 10
 /Courier-Bold@0 SF(zfs-tpm2-load-key)108 96 Q F0 2.5<8a6c>2.5 G
 (oad TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-112.8 Q F2(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E F0(])A/F3
-10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0 .864
-(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.364 E F0 -.1(wa)3.364
-G 3.364(se).1 G .864(ncrypted with)-3.364 F F2(tzpfms)3.365 E F0(back)
-3.365 E(end)-.1 E F1(TPM2)3.365 E F0 3.365(,u)C .865(nseals the k)-3.365
-F 1.165 -.15(ey a)-.1 H .865(nd loads it).15 F(into)108 165.6 Q F3
-(dataset)2.5 E F0(.)A(The user is prompted for the additional passphras\
-e, set when creating the k)108 182.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5
-(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q/F4 10/Courier@0 SF
-(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
-(OPTIONS)72 216 Q F2<ad6e>109.666 228 Q F0 3.208
-(Do a no-op/dry run, can be used e)131 228 R -.15(ve)-.25 G 5.708(ni).15
-G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)-.1 H 5.708(sa)
-.15 G 3.208(lready loaded.)-5.708 F(Equi)8.207 E -.25(va)-.25 G 3.207
-(lent to).25 F F2(zfs)5.707 E(load-key)131 240 Q F0 -.55('s)C F2<ad6e>
-4.716 E F0(option.)2.5 E F1(ENVIR)72 256.8 Q 1.666(ONMENT V)-.3 F
-(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 268.8 Q F0 .045
+112.8 Q F2(zfs-fido2-add-backup)108 124.8 Q F0([)2.5 E F2<ad6e>1.666 E
+F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 141.6
+Q F0 .865(After v)108 153.6 R(erifying)-.15 E F3(dataset)3.365 E F0 -.1
+(wa)3.365 G 3.365(se).1 G .865(ncrypted with)-3.365 F F2(tzpfms)3.365 E
+F0(back)3.365 E(end)-.1 E F1(TPM2)3.365 E F0 3.365(,u)C .864
+(nseals the k)-3.365 F 1.164 -.15(ey a)-.1 H .864(nd loads it).15 F
+(into)108 165.6 Q F3(dataset)2.5 E F0(.)A(The user is prompted for the \
+additional passphrase, set when creating the k)108 182.4 Q -.15(ey)-.1 G
+2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q/F4
+10/Courier@0 SF(zfs-tpm2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(OPTIONS)72 216 Q F2<ad6e>109.666
+228 Q F0 3.208(Do a no-op/dry run, can be used e)131 228 R -.15(ve)-.25
+G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)
+-.1 H 5.708(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.208 E -.25(va)
+-.25 G 3.208(lent to).25 F F2(zfs)5.708 E(load-key)131 240 Q F0 -.55('s)
+C F2<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 256.8 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 268.8 Q F0 .046
 (By def)133 280.8 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.046 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F0 1.596(is set and nonempty)4.096
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F0 1.595(is set and nonempty)4.095
 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
-(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 304.8 Q
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 304.8 Q
 (vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 321.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
@@ -971,23 +1344,23 @@ F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
 369.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
 (assphrase, otherwise blank)-2.5 E F4($4)143 381.6 Q F0("ag)160 381.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 398.4 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F1(127)2.677 E F0
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 398.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 410.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM1.X back-end con\214guration)72 427.2 R .625(TPM selection)87 439.2
-R F0(The)108 451.2 Q F2(tzpfms)2.729 E F0 .229
-(suite connects to a local)2.729 F F4(tcsd)2.73 E F0 .23
-(\(8\) process \(at)B F4(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
--2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 463.2 Q
-(vironment v)-.4 E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .111(The T)108 480 R(rouSerS)
--.35 E F4(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F4(/dev/tpm0)2.61
-E F0 2.61(,t)C(hen)-2.61 E F4(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
-F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
-492 S(ing one of the earlier ones with, for e).1 E
+R F0(The)108 451.2 Q F2(tzpfms)2.73 E F0 .23(suite connects to a local)
+2.73 F F4(tcsd)2.73 E F0 .23(\(8\) process \(at)B F4(localhost:30003)
+2.729 E F0 2.729(\)b)C 2.729(yd)-2.729 G(ef)-2.729 E 2.729(ault. Use)-.1
+F(the)2.729 E(en)108 463.2 Q(vironment v)-.4 E(ariable)-.25 E F4
+(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .11
+(The T)108 480 R(rouSerS)-.35 E F4(tcsd)2.61 E F0 .11
+(\(8\) daemon will try)B F4(/dev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E F4
+(/udev/tpm0)2.611 E F0 2.611(,t)C(hen)-2.611 E F4(/dev/tpm)2.611 E F0
+2.611(;b)C 2.611(yo)-2.611 G(ccu-)-2.611 E -.1(py)108 492 S
+(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F1 .625
 (See also)87 508.8 R F0(The T)108 520.8 Q
 (rouSerS project page at https://sourcefor)-.35 E
@@ -1002,7 +1375,7 @@ F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
 F1<83>128 626.4 Q F0(EvModder)7.5 E F1(REPOR)72 643.2 Q 1.666(TING B)-.4
 F(UGS)-.1 E F0(https://todo.sr)108 655.2 Q(.ht/\001nabijaczle)-.55 E
 (weli/tzpfms)-.25 E F4(\001nabijaczleweli/tzpfms@lists.sr.ht)108 672 Q
-F0 83.763(,a)C(rchi)-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E
+F0 83.762(,a)C(rchi)-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E
 (https://lists.sr)108 684 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25
 E(tzpfms 0.3.4-33-g81add25)72 817.889 Q(December 4, 2022)83.023 E(1)
 183.842 E 0 Cg EP
diff --git a/zfs-fido2-add-backup.8 b/zfs-fido2-add-backup.8
new file mode 100644
index 0000000..08a80cb
--- /dev/null
+++ b/zfs-fido2-add-backup.8
@@ -0,0 +1,125 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 29, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-ADD-BACKUP 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-add-backup
+.Nd allow another FIDO2 device to unlock ZFS dataset
+.Sh SYNOPSIS
+.Nm
+.Ar dataset
+.
+.Sh DESCRIPTION
+After
+.Xr zfs-fido2-change-key 8
+derives the key for a dataset from a FIDO2 device,
+.Nm
+may be executed to extend this to any number of additional devices.
+.Pp
+First, the wrapping key is extracted as normally during
+.Xr zfs-fido2-load-key 8 ,
+then a credential is made as-if during
+.Xr zfs-fido2-change-key 8
+(except the "primary" device and all the ones holding backups are excluded from the search);
+however, the
+.Ql hmac-secret
+is instead used as a symmetric AES-256-GCM
+.Pq Xr EVP_CIPHER-AES 7ssl
+key to encrypt the wrapping key directly with a random IV.
+.Pp
+This turns the
+.Li xyz.nabijaczleweli:tzpfms.key
+variable into
+.br
+.Ar salt Ns Cm :\:\& Ns Ar credential-ID Ns Cm :\:\& Ns Ar credential-public-key Ns Oo Cm \&. Ns Ar backup-salt Ns Cm :\:\& Ns Ar backup-credential-ID Ns Cm :\:\& Ns Ar backup-credential-public-key Ns Cm :\:\& Ns Ar IV Ns Cm :\:\& Ns Ar encrypted-key Oc Ns …
+.Pp
+.Li tzpfms.key
+is actually a dot-separated list of device bundles.
+The first one is as-described in
+.Xr zfs-fido2-change-key 8 .
+Subsequent ones also include (identically-encoded) IVs and encrypted blobs.
+.Pp
+.Xr zfs-fido2-load-key 8
+shops assertions around devices in a device-major order \(em
+depending on device numbering, a backup may be loaded even if the primary device is present.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-add-backup.8.html b/zfs-fido2-add-backup.8.html
new file mode 100644
index 0000000..e6d3444
--- /dev/null
+++ b/zfs-fido2-add-backup.8.html
@@ -0,0 +1,153 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-ADD-BACKUP(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-ADD-BACKUP(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-ADD-BACKUP(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-add-backup</code> &#x2014;
+    <span class="Nd">allow another FIDO2 device to unlock ZFS dataset</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-add-backup</code></td>
+    <td><var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    derives the key for a dataset from a FIDO2 device,
+    <code class="Nm">zfs-fido2-add-backup</code> may be executed to extend this
+    to any number of additional devices.</p>
+<p class="Pp">First, the wrapping key is extracted as normally during
+    <a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>,
+    then a credential is made as-if during
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    (except the &quot;primary&quot; device and all the ones holding backups are
+    excluded from the search); however, the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; is instead used as a
+    symmetric AES-256-GCM
+    (<a class="Xr" href="https://manpages.debian.org/bookworm/EVP_CIPHER-AES.7ssl">EVP_CIPHER-AES(7ssl)</a>)
+    key to encrypt the wrapping key directly with a random IV.</p>
+<p class="Pp">This turns the
+    <code class="Li">xyz.nabijaczleweli:tzpfms.key</code> variable into
+  <br/>
+  <var class="Ar">salt</var><code class="Cm">:</code><var class="Ar">credential-ID</var><code class="Cm">:</code><var class="Ar">credential-public-key</var>[<code class="Cm">.</code><var class="Ar">backup-salt</var><code class="Cm">:</code><var class="Ar">backup-credential-ID</var><code class="Cm">:</code><var class="Ar">backup-credential-public-key</var><code class="Cm">:</code><var class="Ar">IV</var><code class="Cm">:</code><var class="Ar">encrypted-key</var>]&#x2026;</p>
+<p class="Pp"><code class="Li">tzpfms.key</code> is actually a dot-separated
+    list of device bundles. The first one is as-described in
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>.
+    Subsequent ones also include (identically-encoded) IVs and encrypted
+  blobs.</p>
+<p class="Pp"><a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>
+    shops assertions around devices in a device-major order &#x2014; depending
+    on device numbering, a backup may be loaded even if the primary device is
+    present.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 29, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-change-key.8 b/zfs-fido2-change-key.8
new file mode 100644
index 0000000..7e3b45a
--- /dev/null
+++ b/zfs-fido2-change-key.8
@@ -0,0 +1,188 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd March 11, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-CHANGE-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-change-key
+.Nd change ZFS dataset key to one authenticated by a FIDO2 device
+.Sh SYNOPSIS
+.Nm
+.Op Fl b Ar backup-file
+.Ar dataset
+.
+.Sh DESCRIPTION
+To normalise the
+.Ar dataset ,
+.Nm
+will open its encryption root in its stead.
+.Nm
+will
+.Em never
+create or destroy encryption roots; use
+.Xr zfs-change-key 8
+for that.
+.Pp
+First, a connection is made to the FIDO2 device, which
+.Em must
+support the
+.Ql hmac-secret
+extension.
+.Pp
+If
+.Ar dataset
+was previously encrypted with
+.Nm fzifdso
+and the
+.Sy FIDO2
+back-end was used, previous credentials will be deleted from their devices (as-if via
+.Xr zfs-fido2-clear-key 8 ) ,
+if available.
+Otherwise, or in case of an error, data required for manual intervention will be written to the standard error stream.
+.Pp
+Next, a new credential of type ES256 is generated on the device (with relying party ID
+.Li fzifdso
+and name equal to the dataset name)
+with the
+.Ql hmac-secret
+extension requested; the device PIN, if any, is prompted for here.
+This mimicks a WebAuthn registration step.
+.Pp
+Then, the credential is asserted with a 32-byte random salt,
+which hashes it with device-private data, and thus generates the wrapping key
+.Pq which is optionally backed up Pq see Sx OPTIONS .
+This mimicks a WebAuthn login step.
+.Pp
+The following properties are set on
+.Ar dataset :
+.Bl -bullet -compact -offset 4n -width "@"
+.It
+.Li xyz.nabijaczleweli:tzpfms.backend Ns = Ns Sy FIDO2
+.It
+.Li xyz.nabijaczleweli:tzpfms.key Ns = Ns Ar salt Ns Cm :\:\& Ns Ar credential-ID Ns Cm :\:\& Ns Ar credential-public-key Ns Oo Cm \&. Ns … Oc Ns …
+.El
+.Pp
+.Li tzpfms.backend
+identifies this dataset for work with
+.Sy FIDO2 Ns -back-ended
+.Nm tzpfms
+programs
+.Pq i.e. Nm fzifdso Xr zfs-fido2-change-key 8 , Xr zfs-fido2-load-key 8 , Xr zfs-fido2-add-backup 8 , and Xr zfs-fido2-clear-key 8 .
+.Pp
+.Li tzpfms.key
+is a colon-separated tuple of unpadded URL-safe base64 blobs;
+the first one is the random salt;
+the second represents the ID of created credential,
+and the third \(en its public key.
+There exists no other user-land tool for deciphering this; perhaps there should be.
+.\"" TODO: make an LD_PRELOADable for extracting the key maybe?
+.Pp
+Finally, the equivalent of
+.Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=raw Ar dataset
+is performed with the new key.
+If an error occurred, best effort is made to clean up the properties,
+or to issue a note for manual intervention into the standard error stream.
+.Pp
+A final verification should be made by running
+.Nm zfs-fido2-load-key Fl n Ar dataset .
+If that command succeeds, all is well,
+but otherwise the dataset can be manually rolled back to a passphrase with
+.Nm zfs-fido2-clear-key Ar dataset
+.Pq or, if that fails to work, Nm zfs Cm change-key Fl o Li keyformat=passphrase Ar dataset ,
+and you are hereby asked to report a bug, please.
+.Pp
+.Nm zfs-fido2-clear-key Ar dataset
+can be used to clear the properties and go back to using a passphrase.
+.
+.Sh OPTIONS
+.Bl -tag -compact -width ".Fl b Ar backup-file"
+.It Fl b Ar backup-file
+Save a back-up of the key to
+.Ar backup-file ,
+which must not exist beforehand.
+This back-up
+.Em must
+be stored securely, off-site.
+In case of a catastrophic event, the key can be loaded by running
+.Dl Nm zfs Cm load-key Ar dataset Li < Ar backup-file
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-change-key.8.html b/zfs-fido2-change-key.8.html
new file mode 100644
index 0000000..d056d47
--- /dev/null
+++ b/zfs-fido2-change-key.8.html
@@ -0,0 +1,207 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-CHANGE-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-CHANGE-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-CHANGE-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-change-key</code> &#x2014;
+    <span class="Nd">change ZFS dataset key to one authenticated by a FIDO2
+    device</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-change-key</code></td>
+    <td>[<code class="Fl">-b</code> <var class="Ar">backup-file</var>]
+      <var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">To normalise the <var class="Ar">dataset</var>,
+    <code class="Nm">zfs-fido2-change-key</code> will open its encryption root
+    in its stead. <code class="Nm">zfs-fido2-change-key</code> will
+    <a class="permalink" href="#never"><i class="Em" id="never">never</i></a>
+    create or destroy encryption roots; use
+    <a class="Xr" href="https://manpages.debian.org/bookworm/zfs-change-key.8">zfs-change-key(8)</a>
+    for that.</p>
+<p class="Pp">First, a connection is made to the FIDO2 device, which
+    <i class="Em">must</i> support the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension.</p>
+<p class="Pp">If <var class="Ar">dataset</var> was previously encrypted with
+    <code class="Nm">fzifdso</code> and the <b class="Sy">FIDO2</b> back-end was
+    used, previous credentials will be deleted from their devices (as-if via
+    <a class="Xr" href="zfs-fido2-clear-key.8.html">zfs-fido2-clear-key(8)</a>),
+    if available. Otherwise, or in case of an error, data required for manual
+    intervention will be written to the standard error stream.</p>
+<p class="Pp">Next, a new credential of type ES256 is generated on the device
+    (with relying party ID <code class="Li">fzifdso</code> and name equal to the
+    dataset name) with the &#x2018;<code class="Li">hmac-secret</code>&#x2019;
+    extension requested; the device PIN, if any, is prompted for here. This
+    mimicks a WebAuthn registration step.</p>
+<p class="Pp">Then, the credential is asserted with a 32-byte random salt, which
+    hashes it with device-private data, and thus generates the wrapping key
+    (which is optionally backed up (see
+    <a class="Sx" href="#OPTIONS">OPTIONS</a>)). This mimicks a WebAuthn login
+    step.</p>
+<p class="Pp">The following properties are set on
+  <var class="Ar">dataset</var>:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li id="xyz.nabijaczleweli:tzpfms.backend"><a class="permalink" href="#xyz.nabijaczleweli:tzpfms.backend"><code class="Li">xyz.nabijaczleweli:tzpfms.backend</code></a>=<b class="Sy">FIDO2</b></li>
+  <li id="xyz.nabijaczleweli:tzpfms.key"><a class="permalink" href="#xyz.nabijaczleweli:tzpfms.key"><code class="Li">xyz.nabijaczleweli:tzpfms.key</code></a>=<var class="Ar">salt</var><code class="Cm">:</code><var class="Ar">credential-ID</var><code class="Cm">:</code><var class="Ar">credential-public-key</var>[<code class="Cm">.</code>&#x2026;]&#x2026;</li>
+</ul>
+<p class="Pp"><code class="Li">tzpfms.backend</code> identifies this dataset for
+    work with <b class="Sy">FIDO2</b>-back-ended <code class="Nm">tzpfms</code>
+    programs (i.e. <code class="Nm">fzifdso</code>
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>,
+    <a class="Xr" href="zfs-fido2-load-key.8.html">zfs-fido2-load-key(8)</a>,
+    <a class="Xr" href="zfs-fido2-add-backup.8.html">zfs-fido2-add-backup(8)</a>,
+    and
+    <a class="Xr" href="zfs-fido2-clear-key.8.html">zfs-fido2-clear-key(8)</a>).</p>
+<p class="Pp"><code class="Li">tzpfms.key</code> is a colon-separated tuple of
+    unpadded URL-safe base64 blobs; the first one is the random salt; the second
+    represents the ID of created credential, and the third &#x2013; its public
+    key. There exists no other user-land tool for deciphering this; perhaps
+    there should be.</p>
+<p class="Pp">Finally, the equivalent of <code class="Nm">zfs</code>
+    <code class="Cm">change-key</code> <code class="Fl">-o</code>
+    <code class="Li">keylocation=prompt</code> <code class="Fl">-o</code>
+    <code class="Li">keyformat=raw</code> <var class="Ar">dataset</var> is
+    performed with the new key. If an error occurred, best effort is made to
+    clean up the properties, or to issue a note for manual intervention into the
+    standard error stream.</p>
+<p class="Pp">A final verification should be made by running
+    <code class="Nm">zfs-fido2-load-key</code> <code class="Fl">-n</code>
+    <var class="Ar">dataset</var>. If that command succeeds, all is well, but
+    otherwise the dataset can be manually rolled back to a passphrase with
+    <code class="Nm">zfs-fido2-clear-key</code> <var class="Ar">dataset</var>
+    (or, if that fails to work, <code class="Nm">zfs</code>
+    <code class="Cm">change-key</code> <code class="Fl">-o</code>
+    <code class="Li">keyformat=passphrase</code> <var class="Ar">dataset</var>),
+    and you are hereby asked to report a bug, please.</p>
+<p class="Pp"><code class="Nm">zfs-fido2-clear-key</code>
+    <var class="Ar">dataset</var> can be used to clear the properties and go
+    back to using a passphrase.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="b"><a class="permalink" href="#b"><code class="Fl">-b</code></a>
+    <var class="Ar">backup-file</var></dt>
+  <dd>Save a back-up of the key to <var class="Ar">backup-file</var>, which must
+      not exist beforehand. This back-up <i class="Em">must</i> be stored
+      securely, off-site. In case of a catastrophic event, the key can be loaded
+      by running
+    <div class="Bd Bd-indent"><code class="Li"><code class="Nm">zfs</code>
+      <code class="Cm">load-key</code> <var class="Ar">dataset</var>
+      <code class="Li">&lt;</code>
+      <var class="Ar">backup-file</var></code></div>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">March 11, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-clear-key.8 b/zfs-fido2-clear-key.8
new file mode 100644
index 0000000..f7ab9d5
--- /dev/null
+++ b/zfs-fido2-clear-key.8
@@ -0,0 +1,121 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd March  4, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-CLEAR-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-clear-key
+.Nd rewrap ZFS dataset key in passsword and clear tzpfms FIDO2 metadata
+.Sh SYNOPSIS
+.Nm
+.Ar dataset
+.
+.Sh DESCRIPTION
+After verifying
+.Ar dataset
+was encrypted with
+.Nm tzpfms
+backend
+.Sy FIDO2 :
+.Bl -enum -compact -offset 2n -width 2n
+.It
+performs the equivalent of
+.Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=passphrase Ar dataset ,
+.It
+loads the primary and every backup credential, and for each success, if the device containing it supports the
+.Ql credMgmt  \" or credentialMgmtPreview
+feature and has a PIN set, tries to delete the credential from the device,
+.It
+removes the
+.Li xyz.nabijaczleweli:tzpfms.\& Ns Brq Li backend , key
+properties from
+.Ar dataset .
+.El
+.Pp
+For every removal failure and missing device or PIN an instruction for manual removal with
+.Xr fido2-token 1
+is issued.
+.Pp
+See
+.Xr zfs-fido2-change-key 8
+for a detailed description.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh FIDO2 back-end configuration
+.Ss Environment variables
+.Bl -tag -compact -width ".Ev FIDO_DEBUG"
+.It Ev FIDO_DEBUG
+If set, enables libfido2 debug logging to the standard error stream.
+.El
+.
+.Ss Device selection
+When creating, the first device which supports the
+.Ql hmac-secret
+extension is used.
+When loading, the assertion is shopped around to every such device.
+.
+.Ss See also
+The libfido2 documentation at
+.Lk https:/\&/developers.yubico.com/libfido2/ .
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-clear-key.8.html b/zfs-fido2-clear-key.8.html
new file mode 100644
index 0000000..97e05e7
--- /dev/null
+++ b/zfs-fido2-clear-key.8.html
@@ -0,0 +1,151 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-CLEAR-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-CLEAR-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-CLEAR-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-clear-key</code> &#x2014;
+    <span class="Nd">rewrap ZFS dataset key in passsword and clear tzpfms FIDO2
+    metadata</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-clear-key</code></td>
+    <td><var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
+    <code class="Nm">tzpfms</code> backend
+    <a class="permalink" href="#FIDO2"><b class="Sy" id="FIDO2">FIDO2</b></a>:</p>
+<ol class="Bl-enum Bd-indent Bl-compact">
+  <li>performs the equivalent of <code class="Nm">zfs</code>
+      <code class="Cm">change-key</code> <code class="Fl">-o</code>
+      <code class="Li">keylocation=prompt</code> <code class="Fl">-o</code>
+      <code class="Li">keyformat=passphrase</code>
+      <var class="Ar">dataset</var>,</li>
+  <li>loads the primary and every backup credential, and for each success, if
+      the device containing it supports the
+      &#x2018;<code class="Li">credMgmt</code>&#x2019; feature and has a PIN
+      set, tries to delete the credential from the device,</li>
+  <li>removes the
+      <code class="Li">xyz.nabijaczleweli:tzpfms.</code>{<code class="Li">backend</code>,
+      <code class="Li">key</code>} properties from
+      <var class="Ar">dataset</var>.</li>
+</ol>
+<p class="Pp">For every removal failure and missing device or PIN an instruction
+    for manual removal with
+    <a class="Xr" href="https://manpages.debian.org/bookworm/fido2-token.1">fido2-token(1)</a>
+    is issued.</p>
+<p class="Pp">See
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    for a detailed description.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="FIDO2_back-end_configuration"><a class="permalink" href="#FIDO2_back-end_configuration">FIDO2
+  back-end configuration</a></h1>
+<section class="Ss">
+<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
+  variables</a></h2>
+<dl class="Bl-tag Bl-compact">
+  <dt id="FIDO_DEBUG"><a class="permalink" href="#FIDO_DEBUG"><code class="Ev">FIDO_DEBUG</code></a></dt>
+  <dd>If set, enables libfido2 debug logging to the standard error stream.</dd>
+</dl>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="Device_selection"><a class="permalink" href="#Device_selection">Device
+  selection</a></h2>
+<p class="Pp">When creating, the first device which supports the
+    &#x2018;<code class="Li">hmac-secret</code>&#x2019; extension is used. When
+    loading, the assertion is shopped around to every such device.</p>
+</section>
+<section class="Ss">
+<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
+  also</a></h2>
+<p class="Pp">The libfido2 documentation at
+    <a class="Lk" href="https://developers.yubico.com/libfido2/">https://developers.yubico.com/libfido2/</a>.</p>
+</section>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">March 4, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/zfs-fido2-load-key.8 b/zfs-fido2-load-key.8
new file mode 100644
index 0000000..247ca04
--- /dev/null
+++ b/zfs-fido2-load-key.8
@@ -0,0 +1,98 @@
+.\" SPDX-License-Identifier: MIT
+.
+.Dd February 28, 2024
+.ds doc-volume-operating-system
+.Dt ZFS-FIDO2-LOAD-KEY 8
+.Os fzifdso 0
+.
+.Sh NAME
+.Nm zfs-fido2-load-key
+.Nd load FIDO2-encrypted ZFS dataset key
+.Sh SYNOPSIS
+.Nm
+.Op Fl n
+.Ar dataset
+.
+.Sh DESCRIPTION
+After verifying
+.Ar dataset
+was encrypted with
+.Nm tzpfms
+backend
+.Sy FIDO2 ,
+asserts the preserved challenge, HMACking the salt with the on-device secret, and loads the resulting key into
+.Ar dataset .
+.Pp
+See
+.Xr zfs-fido2-change-key 8
+for a detailed description.
+.
+.Sh OPTIONS
+.Bl -tag -compact -width ".Fl n"
+.It Fl n
+Do a no-op/dry run, can be used even if the key is already loaded.
+Equivalent to
+.Nm zfs Cm load-key Ns 's
+.Fl n
+option.
+.El
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh ENVIRONMENT VARIABLES
+.Bl -tag -compact -width 4n
+.It Ev TZPFMS_PASSPHRASE_HELPER
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
+.Pa /bin/ Ns Nm sh Fl c
+to provide each passphrase, instead.
+.Pp
+The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
+The arguments are:
+.Bl -tag -compact -offset 2n -width ".Li $1"
+.It Li $1
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
+.It Li $2
+Either the dataset name or the element of the TPM hierarchy being prompted for
+.It Li $3
+.Qq new
+if this is for a new passphrase, otherwise blank
+.It Li $4
+.Qq again
+if it's the second prompt for that passphrase, otherwise blank
+.El
+.Pp
+If the helper doesn't exist
+.Pq the shell exits with Sy 127 ,
+a diagnostic is issued and the normal prompt is used as fall-back.
+If it fails for any other reason, the prompting is aborted.
+.
+.
+.El
+.
+.
+.\" SPDX-License-Identifier: MIT
+.
+.Sh SPECIAL THANKS
+To all who support further development, in particular:
+.Bl -bullet -offset 4n -compact -width "@"
+.It
+ThePhD
+.It
+Embark Studios
+.It
+Jasper Bekkers
+.It
+EvModder
+.El
+.
+.Sh REPORTING BUGS
+.Lk https:/\&/todo.sr.ht/\(tinabijaczleweli/fzifdso
+.Pp
+.Mt \(tinabijaczleweli/tzpfms@lists.sr.ht ,
+archived at
+.Lk https:/\&/lists.sr.ht/\(tinabijaczleweli/tzpfms .
diff --git a/zfs-fido2-load-key.8.html b/zfs-fido2-load-key.8.html
new file mode 100644
index 0000000..ffc6446
--- /dev/null
+++ b/zfs-fido2-load-key.8.html
@@ -0,0 +1,117 @@
+<!DOCTYPE html>
+<html>
+<!-- This is an automatically generated file.  Do not edit.
+   SPDX-License-Identifier: MIT
+ -->
+<head>
+  <meta charset="utf-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <link rel="stylesheet" href="style.css" type="text/css" media="all"/>
+  <title>ZFS-FIDO2-LOAD-KEY(8)</title>
+</head>
+<body>
+<table class="head">
+  <tr>
+    <td class="head-ltitle">ZFS-FIDO2-LOAD-KEY(8)</td>
+    <td class="head-vol">System Manager's Manual</td>
+    <td class="head-rtitle">ZFS-FIDO2-LOAD-KEY(8)</td>
+  </tr>
+</table>
+<div class="manual-text">
+<section class="Sh">
+<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
+<p class="Pp"><code class="Nm">zfs-fido2-load-key</code> &#x2014;
+    <span class="Nd">load FIDO2-encrypted ZFS dataset key</span></p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
+<table class="Nm">
+  <tr>
+    <td><code class="Nm">zfs-fido2-load-key</code></td>
+    <td>[<code class="Fl">-n</code>] <var class="Ar">dataset</var></td>
+  </tr>
+</table>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
+<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
+    <code class="Nm">tzpfms</code> backend
+    <a class="permalink" href="#FIDO2"><b class="Sy" id="FIDO2">FIDO2</b></a>,
+    asserts the preserved challenge, HMACking the salt with the on-device
+    secret, and loads the resulting key into <var class="Ar">dataset</var>.</p>
+<p class="Pp">See
+    <a class="Xr" href="zfs-fido2-change-key.8.html">zfs-fido2-change-key(8)</a>
+    for a detailed description.</p>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="n"><a class="permalink" href="#n"><code class="Fl">-n</code></a></dt>
+  <dd>Do a no-op/dry run, can be used even if the key is already loaded.
+      Equivalent to <code class="Nm">zfs</code>
+      <code class="Cm">load-key</code>'s <code class="Fl">-n</code> option.</dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
+  VARIABLES</a></h1>
+<dl class="Bl-tag Bl-compact">
+  <dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
+  <dd>By default, passphrases are prompted for and read in on the standard
+      output and input streams. If
+      <code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
+      will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
+      <code class="Fl">-c</code> to provide each passphrase, instead.
+    <p class="Pp">The standard output stream of the helper is tied to an
+        anonymous file and used in its entirety as the passphrase, except for a
+        trailing new-line, if any. The arguments are:</p>
+    <div class="Bd-indent">
+    <dl class="Bl-tag Bl-compact">
+      <dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
+      <dd>Pre-formatted noun phrase with all the information below, for use as a
+          prompt</dd>
+      <dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
+      <dd>Either the dataset name or the element of the TPM hierarchy being
+          prompted for</dd>
+      <dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
+      <dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
+      <dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
+      <dd>&quot;again&quot; if it's the second prompt for that passphrase,
+          otherwise blank</dd>
+    </dl>
+    </div>
+    <p class="Pp" id="127">If the helper doesn't exist (the shell exits with
+        <a class="permalink" href="#127"><b class="Sy">127</b></a>), a
+        diagnostic is issued and the normal prompt is used as fall-back. If it
+        fails for any other reason, the prompting is aborted.</p>
+  </dd>
+</dl>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
+  THANKS</a></h1>
+<p class="Pp">To all who support further development, in particular:</p>
+<ul class="Bl-bullet Bd-indent Bl-compact">
+  <li>ThePhD</li>
+  <li>Embark Studios</li>
+  <li>Jasper Bekkers</li>
+  <li>EvModder</li>
+</ul>
+</section>
+<section class="Sh">
+<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
+  BUGS</a></h1>
+<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/fzifdso">https://todo.sr.ht/~nabijaczleweli/fzifdso</a></p>
+<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
+    archived at
+    <a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
+</section>
+</div>
+<table class="foot">
+  <tr>
+    <td class="foot-date">February 28, 2024</td>
+    <td class="foot-os">fzifdso 0</td>
+  </tr>
+</table>
+</body>
+</html>