From b3e9e1bd1ab3e48e1a1a9fde138d05e3e98dcf86 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Tue, 18 Aug 2020 20:42:58 +0200
Subject: [PATCH 001/119] Add documentation for the web administration gui.

---
 docs/antispam.rst                |   4 +
 docs/configuration.rst           |   2 +
 docs/index.rst                   |   1 +
 docs/webadministration.rst       | 437 +++++++++++++++++++++++++++++++
 towncrier/newsfragments/1590.doc |   1 +
 5 files changed, 445 insertions(+)
 create mode 100644 docs/webadministration.rst
 create mode 100644 towncrier/newsfragments/1590.doc

diff --git a/docs/antispam.rst b/docs/antispam.rst
index fd1d9033..a95109e8 100644
--- a/docs/antispam.rst
+++ b/docs/antispam.rst
@@ -1,6 +1,8 @@
 Spam filtering
 ==============
 
+.. _antispam_howto:
+
 How does spam filtering work in Mailu?
 --------------------------------------
 
@@ -68,6 +70,8 @@ Likewise, to learn all messages within the folder ``Spam_Learn`` as spam message
 
 *Issue reference:* `1438`_.
 
+.. _antispam_howto_block:
+
 How can I block emails from a domain?
 -------------------------------------
 
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 4b211925..5ff3546a 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -73,6 +73,8 @@ By default postfix uses "opportunistic TLS" for outbound mail. This can be chang
 by setting ``OUTBOUND_TLS_LEVEL`` to ``encrypt``. This setting is highly recommended
 if you are a relayhost that supports TLS.
 
+.. _fetchmail:
+
 The ``FETCHMAIL_DELAY`` is a delay (in seconds) for the fetchmail service to
 go and fetch new email if available. Do not use too short delays if you do not
 want to be blacklisted by external services, but not too long delays if you
diff --git a/docs/index.rst b/docs/index.rst
index 4d7c764e..238cea5d 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -67,6 +67,7 @@ the version of Mailu that you are running.
     :caption: Administration
 
     maintain
+    webadministration
     antispam
     cli
 
diff --git a/docs/webadministration.rst b/docs/webadministration.rst
new file mode 100644
index 00000000..210842e0
--- /dev/null
+++ b/docs/webadministration.rst
@@ -0,0 +1,437 @@
+Web administration interface
+============================
+
+The web administration interface is the main website for maintaining your Mailu installation. 
+For brevity the web administration interface will now be mentioned as admin gui.
+It offers the following configuration options:
+
+* change display name.
+
+* change the logged in user's password.
+
+* change user defined spam filter tolerance.
+
+* configure automatic forwarding.
+
+* configure automatic email replies (out of office replies).
+
+* configure fetchmail for automatic email retrieval.
+
+* configure application passwords.
+
+* send broadcast messages to all users.
+
+* configure global administration users.
+
+* configure relayed domains.
+
+* access Rspamd webui.
+
+* Configure all email domains served by Mailu, including:
+
+    * generating dkim and dmarc keys for a domain.
+    
+    * view email domain information on how to configure your SPF, DMARC, DKIM and MX dns records for an email domain.
+    
+    * Add new email domains.
+    
+    * For existing domains, configure users, quotas, aliases, administrators and alternative domain names.
+    
+* access the webmail site.
+
+* lookup settings for configuring your email client.
+
+
+Access the web administration interface
+---------------------------------------
+
+The admin GUI is accessed via the URL `https://<my domain>/admin` for default deployments.
+To login the admin GUI enter the email address and password of an user.
+
+To have access to all configuration settings and for access to Rspamd webgui, the logged in user must be a global administrator.
+To create a user who is a global administrator for a new installation, the Mailu.env file can be adapted. 
+For more information see the section 'Admin account - automatic creation' in :ref:`the configuration reference <admin_account>`.
+
+The following sections are only accessible for global administrators:
+
+* send broadcast messages to all users (Menu item Broadcasts)
+
+* configure global administration users (Menu item Administrators)
+
+* configure relayed domains (Menu item Relayed domains)
+
+* access Rspamd webui (Menu item Antispam)
+
+* Configure all email domains served by Mailu (Menu item Mail domains)
+
+
+.. _webadministration_settings:
+
+Settings
+--------
+After logging in the web administration interface, the settings page is loaded. 
+On the settings page the settings of the currently logged in user can be changed.
+Changes are saved and effective immediately after clicking the Save Settings button at the bottom of the page.
+
+
+Display name
+````````````
+
+On the settings page the displayed name can be changed of the logged in user. 
+This display name is only used within the web administration interface.
+
+
+Antispam
+````````
+
+Under the section `Antispam` the spam filter can be enabled or disabled for the logged in user. By default the spam filter is enabled. 
+
+When the spam filter is disabled, all received email messages will go to the inbox folder of the logged in user.
+The exception to this rule, are email messages with an extremely high spam score. These email messages are always rejected by Rspamd.
+
+When the spam filter is enabled, received email messages will be moved to the logged in user's inbox folder or junk folder depending on the user defined spam filter tolerance.
+
+The user defined spam filter tolerance determines when an email is classified as ham (moved to the inbox folder) or spam (moved to the junk folder). 
+The default value is 80%. The lower the spam filter tolerance, the more false positives (ham classified as spam). The higher the spam filter tolerance, the more false negatives (spam classified as ham). 
+For more information see the :ref:`antispam documentation <antispam_howto>`.
+
+Auto-forward
+`````````````
+Under the section `Auto-forward`, the automatically forwarding of received email messages can be enabled. When enabled, all received email messages are forwarded to the specified email address. 
+
+The option "Keep a copy of the emails" can be ticked, to keep a copy of the received email message in the inbox folder.
+
+In the destination textbox, the email addresses can be entered for automatic forwarding. When entering multiple email addresses the comma (',') must be used as delimiter.
+
+
+Update password
+---------------
+
+On the `update password` page, the password of the logged in user can be changed. Changes are effective immediately. 
+
+
+.. _webadministration_auto-reply:
+
+Auto-reply
+----------
+
+On the `auto-reply` page, automatic replies can be configured. This is also known as out of office replies.
+
+To enable automatic replies tick the checkbox 'Enable automatic reply'. 
+
+Under Reply subject the email subject for automatic replies can be configured. When a reply subject is entered, this subject will be used for the automatic reply.
+
+When no reply subject is entered, the automatic reply will have the subject `auto: <subject from received email>`.
+E.g. if the email subject of the received email message is "how are you?", then the email subject of the automatic reply is `auto: how are you?`.
+
+
+.. _webadministration_fetched_accounts:
+
+Fetched accounts
+----------------
+
+This page is only available when the Fetchmail container is part of your Mailu deployment. 
+Fetchmail can be enabled when creating the docker-compose.yml file with the setup utility (https://setup.mailu.io).
+
+On the `fetched accounts` page you can configure email accounts from which email messages must be retrieved.
+Only unread email messages are retrieved from the specified email account. 
+By default Fetchmail will retrieve email messages every 10 minutes. This can be changed in the Mailu.env file. 
+For more information on changing the polling interval see :ref:`the configuration reference <fetchmail>`.
+
+
+You can add a fetched account by clicking on the `Add an account` button on the top right of the page. To add an fetched account, the following settings must be configured:
+
+* Protocol (IMAP or POP3). The protocol used for accessing the email server.
+
+* Hostname or IP. The hostname or IP address of the email server.
+
+* TCP port. The TCP port the email server listens on. Common ports are 993 (TLS) or 143 (STARTTLS/unsecure) for IMAP. 
+
+* Enable TLS. Tick this setting if the email server requires TLS/SSL.
+
+* Username. The user name for logging in the email server. Normally this is the email address or the email address prefix (part before @). 
+
+* Password. The password for logging in the email server.
+
+* Keep emails on the server. When ticked, retains the email message in the email account after retrieving it.
+
+Click the submit button to apply settings. With the default polling interval, fetchmail will start polling the email account after 10 minutes.
+
+
+Authentication tokens
+---------------------
+
+On the `authentication tokens` page, authentication tokens can be created. Authentications tokens are also known as application passwords.
+The purpose of an authentication token is to create an unique strong password that can be used by a single application to authenticate as the logged in user's email account.
+The application will use this authentication token instead of the logged in user's password for sending/receiving email.
+This allows safe access to the logged in user's email account. At any moment, the authentication token can be deleted so that the application has no access to the logged in user's email account anymore.
+
+By clicking on the New token button on the top right of the page, a new authentication token can be created. On this page the generated authentication token will only be displayed once. 
+After saving the application token it is not possible anymore to view the unique password. 
+
+The comment field can be used to enter a description for the authentication token. For example the name of the application the application token is created for.
+
+In the Authorized IP field a white listed IP address can be entered. When an IP address is entered, then the application token can only be used when the IP address of the client matches with this IP address.
+When no IP address is entered, there is no restriction on IP address. It is not possible to enter multiple IP addresses.
+
+
+Announcement
+------------
+
+On the `announcement` page, the global administrator can send an email message to all email accounts on the Mailu server. This message will be received as an email message in the inbox folder of each user on the Mailu server.
+On the announcement page there are the following options:
+
+* Announcement subject. The subject of the announcement email message.
+
+* Announcement body. The body of the announcement email message.
+
+Click on send to send the announcement email message to all users.
+
+
+Administrators
+--------------
+
+On the `administrators` page, global administrators can be added. A global administrator must be an existing user on the Mailu server.
+A global administrator can change `any setting` in the admin GUI. Be careful that you trust the user who you make a global administrator.
+
+
+Relayed domains
+---------------
+
+On the `relayed domains list` page, destination domains can be added that Mailu will relay email messages for without authentication. 
+This means that for these destination domains, other email clients or email servers can send email via Mailu unauthenticated via port 25 to this destination domain. 
+For example if the destination domain example.com is added. Any emails to example.com (john@example.com) will be relayed to example.com. 
+Example scenario's are:
+
+* relay domain from a backup server.
+
+* allow relay for a specific domain for technical reasons.
+
+* relay mails to mailing list servers.
+
+
+On the new relayed domain page the following options can be entered for a new relayed domain:
+
+* Relayed domain name. The domain name that is relayed. Email messages addressed to this domain (To: John@example.com), will be forwarded to this domain. 
+  No authentication is required. 
+
+* Remote host (optional). The SMPT server that will be used for relaying the email message.
+  When this field is blank, the Mailu server will directly send the email message to the relayed domain.
+  As value can be entered either a hostname or IP address of the SMPT server. 
+  By default port 25 is used. To use a different port append ":port number" to the Remote Host. For example:
+  123.45.67.90:2525.
+
+* Comment. A text field where a comment can be entered to describe the entry.
+
+Changes are effective immediately after clicking the Save button.
+
+NOTE: Due to bug `1588`_ email messages fail to be relayed if no Remote Host is configured. 
+As a workaround the HOSTNAME or IP Address of the SMPT server of the relayed domain can be entered as Remote Host.
+Please note that no MX lookup is performed when entering a hostname as Remote Host. You can use the MX lookup on mxtoolbox.com to find the hostname and IP Address of the SMTP server.
+
+.. _`1588`: https://github.com/Mailu/Mailu/issues/1588
+
+Antispam
+--------
+
+The menu item Antispam opens the Rspamd webgui. For more information how spam filtering works in Mailu see the :ref:`Spam filtering page <antispam_howto_block>`.
+The spam filtering page also contains a section that describes how to create a local blacklist for blocking email messages from specific domains. 
+The Rspamd webgui offers basic functions for setting metric actions, scores, viewing statistics and learning.
+
+The following settings are not persisent and are *lost* when the Antispam container is recreated or restarted:
+
+* On the configuration tab, any changes to config files that do not reside in /var/lib or /etc/rspamd/override.d. The last location is mapped to the Mailu overrides folder.
+
+* All information on the History tab.
+
+
+The following settings are persistent and will survive container recreation:
+
+* All information on the Status tab
+
+* All information on the Throughput tab.
+
+* On the Configuration tab, the changes made to action values (greylist, probably spam ....) and config files that reside in /var/lib or /etc/rspamd/override.d. The last location is mapped to the Mailu overrides folder.
+
+* Any changes made on the Symbols tab.
+
+* Any email messages that have been submitted for spam/ham learning on the Scan/Learn tab.
+
+
+Mail domains
+------------
+
+On the `Mail domains` page all the domains served by Mailu are configured. Via the new domain button (top right) a new mail domain can be added. For existing domains you can access settings via the icons in the Actions column and Manage column. From left to right you have the following options within the Action column and Manage column.
+
+Details
+```````
+
+This page is also accessible for domain managers. On the details page all DNS settings are displayed for configuring your DNS server. It contains information on what to configure as MX record and SPF record. On this page it is also possible to (re-)generate the keys for DKIM and DMARC. The option for generating keys for DKIM and DMARC is only available for global administrators.  After generating the keys for DKIM and DMARC, this page will also show the DNS records for configuring the DKIM/DMARC records on the DNS server. 
+
+
+Edit
+```` 
+
+This page is only accessible for global administrators. On the edit page, the global settings for the domain can be changed.  
+
+* Maximum user count. The maximum amount of users that can be created under this domain. Once this limit is reached it is not possible anymore to add users to the domain; and it is also not possible for users to self-register.
+    
+* Maximum alias count. The maximum amount of aliases that can be made for an email account.
+    
+* Maximum user quota. The maximum amount of quota that can be assigned to a user. When creating or editing a user, this sets the limit on the maximum amount of quota that can be assigned to the user.
+    
+* Enable sign-up. When this option is ticked, self-registration is enabled. When the Admin GUI is accessed, in the menu list the option Signup becomes available. 
+  Obviously this menu item is only visible when signed out. On the Signup page a user can create an email account. 
+  If your Admin GUI is available to the public internet, this means your Mailu installation basically becomes a free email provider. 
+  Use this option with care!
+  
+* Comment. Description for the domain. This description is visible on the parent domains list page.
+
+Delete
+``````
+
+This page is only accessible for global administrators. This page allows you to delete the domain. The Admin GUI will ask for confirmation if the domain must be really deleted. 
+
+
+Users
+`````
+
+This page is also accessible for domain managers. On the users page new users can be added via the Add user button (top right of page). For existing users the following options are available via the columns Actions and User settings (from left to right)
+
+* Edit. For all available options see :ref:`the Add user page <webadministration_add_user>`.
+
+* Delete. Deletes the user. The Admin GUI will ask for confirmation if the user must be really deleted.
+
+* Setting. Access the settings page of the user. See :ref:`the settings page <webadministration_settings>` for more information.
+
+* Auto-reply. Access the auto-reply page of the user. See the :ref:`auto-reply page <webadministration_auto-reply>` for more information.
+
+* Fetched accounts. Access the fetched accounts page of the user. See the :ref:`fetched accounts page <webadministration_fetched_accounts>` for more information.
+
+
+.. _webadministration_add_user:
+
+Add user
+^^^^^^^^
+
+For adding a new user the following options can be configured.
+
+* E-mail. The email address of the new user.
+
+* Password/Confirm password. The password for the new user. The new user can change his password after logging in the Admin GUI.
+
+* Displayed name. The display name of the user within the Admin GUI.
+
+* Comment. A description for the user. This description is shown on the Users page.
+
+* Enabled. Tick this checkbox to enable the user account. When an user is disabled. The user is unable to login the Admin GUI or webmail or access his email via IMAP/POP3. 
+  The email inbox of the user is still retained. This option can be used to temporarily suspend an user account.
+  
+* Quota. The maximum quota for the user's email box.
+
+* Allow IMAP access. When ticked, allows email retrieval via the IMAP protocol.
+
+* Allow POP3 access. When ticked, allows email retrieval via the POP3 protocol.
+
+
+Aliases
+```````
+
+This page is also accessible for domain managers. On the aliases page, aliases can be added for email addresses. An alias is a way to disguise another email address. 
+Everything sent to an alias email address is actually received in the primary email account's inbox of the destination email address.
+Aliases can diversify a single email account without having to create multiple email addresses (users).
+
+The following options are available when adding an alias:
+
+* Alias. The alias to create for the specified email address. You cannot use an existing email address.
+
+* Use SQL LIKE Syntax (e.g. for catch-all aliases). When this option is ticked, you can use SQL LIKE syntax as alias.
+  The SQL LIKE syntax is used to match text values against a pattern using wildcards. There are two wildcards that can be used with SQL LIKE syntax:
+    
+    * % - The percent sign represents zero, one, or multiple characters
+    * _ - The underscore represents a single character
+    
+  Examples are:    
+    * a% - Finds any values that start with "a"
+    * %a - Finds any values that end with "a"
+    * %or% - Finds any values that have "or" in any position
+    * _r% - Finds any values that have "r" in the second position
+    * a_% -' Finds any values that start with "a" and are at least 2 characters in length
+    * a__% - Finds any values that start with "a" and are at least 3 characters in length
+    * a%o - Finds any values that start with "a" and ends with "o"
+
+* Destination. The destination email address for the alias. Click in the Destination text box to access a drop down list where you can select a destination email address.
+
+* Comment. A description for the alias. This description is visible on the Alias list page.
+
+
+Managers
+````````
+
+This page is also accessible for domain managers. On the `managers list` page, managers can be added for the domain and can be deleted. 
+Managers have access to configuration settings of the domain.
+On the `add manager` page you can click on the manager email text box to access a drop down list of users that can be made a manager of the domain.
+
+
+Alternatives
+````````````
+
+This page is only accessible for global administrators. On the alternatives page, alternative domains can be added for the domain. 
+An alternative domain acts as a copy of a given domain.
+Everything sent to an alternative domain, is actually received in the domain the alternative is created for. 
+This allows you to receive emails for multiple domains while using a single domain. 
+For example if the main domain has the email address user@example.com, and the alternative domain is mymail.com, 
+then email send to user@mymail.com will end up in the email box of user@example.com.
+
+New domain
+`````````````````
+
+This page is only accessible for global administrators. Via this page a new domain can be added to Mailu. The following options must be defined for adding a domain:
+
+* domain name. The name of the domain.
+
+* Maximum user count. The maximum amount of users that can be created under this domain. Once this limit is reached it is not possible anymore to add users to the domain; and it is also not possible for users to self-register.
+    
+* Maximum alias count. The maximum amount of aliases that can be made for an email account.
+    
+* Maximum user quota. The maximum amount of quota that can be assigned to a user. When creating or editing a user, this sets the limit on the maximum amount of quota that can be assigned to the user.
+    
+* Enable sign-up. When this option is ticked, self-registration is enabled. When the Admin GUI is accessed, in the menu list the option Signup becomes available. 
+  Obviously this menu item is only visible when signed out. On the Signup page a user can create an email account. 
+  If your Admin GUI is available to the public internet, this means your Mailu installation basically becomes a free email provider. 
+  Use this option with care!
+  
+* Comment. Description for the domain. This description is visible on the parent domains list page.
+
+
+Webmail
+-------
+
+The menu item `Webmail` opens the webmail page. This option is only available if the webmail container is running and is enabled in the mailu.env file.
+
+
+Client setup
+------------
+
+The menu item `Client setup` shows all settings for configuring your email client for connecting to Mailu. 
+
+
+Website
+-------
+
+The menu item `Website` forwards the user to the URL that is configured in variable WEBSITE=xxxxx in the mailu.env environment file.
+
+
+
+Help
+----
+
+The menu item `Help` links to the official Mailu documentation website https://mailu.io/
+
+
+Sign out
+--------
+
+The menu item `Sign out` signs out the currently logged in user.
+
+
diff --git a/towncrier/newsfragments/1590.doc b/towncrier/newsfragments/1590.doc
new file mode 100644
index 00000000..ba4c8b9a
--- /dev/null
+++ b/towncrier/newsfragments/1590.doc
@@ -0,0 +1 @@
+Add documentation for the web administration interface.

From 02cfe326d3226f8dfffeda445c3de736b64288d7 Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sun, 30 Aug 2020 01:04:36 +0200
Subject: [PATCH 002/119] support using files for SECRET_KEY and DB_PW

this enables usage of e.g. docker swarm secrets instead of exposing the
passwords directly via environment variables

just use DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY
---
 core/admin/mailu/configuration.py | 11 ++++++++++-
 webmails/roundcube/config.inc.php |  2 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py
index 66b0b832..eacf7803 100644
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -100,6 +100,15 @@ class ConfigManager(dict):
         if self.config["WEBMAIL"] != "none":
             self.config["WEBMAIL_ADDRESS"] = self.get_host_address("WEBMAIL")
 
+    def __get_env(self, key, value):
+        key_file = key + "_FILE"
+        if key_file in os.environ:
+            with open(os.environ.get(key_file)) as file:
+                value_from_file = file.read()
+            return value_from_file.strip()
+        else:
+            return os.environ.get(key, value)
+
     def __coerce_value(self, value):
         if isinstance(value, str) and value.lower() in ('true','yes'):
             return True
@@ -111,7 +120,7 @@ class ConfigManager(dict):
         self.config.update(app.config)
         # get environment variables
         self.config.update({
-            key: self.__coerce_value(os.environ.get(key, value))
+            key: self.__coerce_value(self.__get_env(key, value))
             for key, value in DEFAULT_CONFIG.items()
         })
         self.resolve_hosts()
diff --git a/webmails/roundcube/config.inc.php b/webmails/roundcube/config.inc.php
index eb40047a..627b96a7 100644
--- a/webmails/roundcube/config.inc.php
+++ b/webmails/roundcube/config.inc.php
@@ -5,7 +5,7 @@ $config = array();
 // Generals
 $config['db_dsnw'] = getenv('DB_DSNW');;
 $config['temp_dir'] = '/tmp/';
-$config['des_key'] = getenv('SECRET_KEY');
+$config['des_key'] = getenv('SECRET_KEY') ? getenv('SECRET_KEY') : trim(file_get_contents(getenv('SECRET_KEY_FILE')));
 $config['cipher_method'] = 'AES-256-CBC';
 $config['identities_level'] = 0;
 $config['reply_all_mode'] = 1;

From 426355f6b861058a1f489f791f23c2ab44d6ed60 Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sun, 30 Aug 2020 01:14:47 +0200
Subject: [PATCH 003/119] add some docs about _FILE variables

---
 docs/swarm/master/README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/swarm/master/README.md b/docs/swarm/master/README.md
index 58723c33..42e742da 100644
--- a/docs/swarm/master/README.md
+++ b/docs/swarm/master/README.md
@@ -106,6 +106,9 @@ As a side effect of this ingress mode "feature", make sure that the ingress subn
 - front and webmail are scalable (pending POD_ADDRESS_RANGE is used), although the let's encrypt magic might not like it (race condidtion ? or risk to be banned by let's encrypt server if too many front containers attemps to renew the certs at the same time) 
 - redis, antispam, antivirus, fetchmail, admin, webdav have not been tested (hence replicas=1 in the following docker-compose.yml file)
 
+## Docker secrets
+There are DB_PW_FILE and SECRET_KEY_FILE environment variables available to specify files for these variables. These can be used to configure Docker secrets instead of writing the values directly into the `docker-compose.yml` or `mailu.env`.
+
 ## Variable substitution and docker-compose.yml
 The docker stack deploy command doesn't support variable substitution in the .yml file itself. 
 As a consequence, we cannot simply use ``` docker stack deploy -c docker.compose.yml mailu ```

From 714fa044e08288d14ba02b016b5aca2114e68faa Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sun, 30 Aug 2020 01:19:42 +0200
Subject: [PATCH 004/119] add towncrier for #1607

---
 towncrier/newsfragments/1607.feature | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 towncrier/newsfragments/1607.feature

diff --git a/towncrier/newsfragments/1607.feature b/towncrier/newsfragments/1607.feature
new file mode 100644
index 00000000..de9f0895
--- /dev/null
+++ b/towncrier/newsfragments/1607.feature
@@ -0,0 +1 @@
+Implement SECRET_KEY_FILE and DB_PW_FILE variables for usage with Docker secrets.

From f999e3de083094816cb860da233cb474ffd1fc50 Mon Sep 17 00:00:00 2001
From: Wolfgang Jung <w.jung@polyas.de>
Date: Thu, 3 Sep 2020 23:13:40 +0200
Subject: [PATCH 005/119] Adds own server on port 80 for letsencrypt and
 redirect

---
 core/nginx/conf/nginx.conf          | 26 +++++++++++++++++++++++---
 towncrier/newsfragments/1564.bugfix |  1 +
 2 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 towncrier/newsfragments/1564.bugfix

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index 46db324f..924f978f 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -34,6 +34,25 @@ http {
       ''      $scheme;
     }
 
+    {% if KUBERNETES_INGRESS != 'true' and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] and not TLS_ERROR %}
+    # Enable the proxy for certbot if the flavor is letsencrypt and not on kubernetes
+    # 
+    server {
+      # Listen over HTTP
+      listen 80;
+      listen [::]:80;
+      {% if TLS_FLAVOR == 'letsencrypt' %}      
+      location ^~ /.well-known/acme-challenge/ {
+          proxy_pass http://127.0.0.1:8008;
+      }
+      {% endif %}
+      # redirect to https
+      location / {
+        return 301 https://$host$request_uri;
+      }
+    }
+    {% endif %}
+
     # Main HTTP server
     server {
       # Favicon stuff
@@ -48,9 +67,11 @@ http {
       set $webdav {{ WEBDAV_ADDRESS }};
       {% endif %}
 
-      # Always listen over HTTP
+      # Listen on HTTP only in kubernetes or behind reverse proxy
+      {% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls',  'mail' ] or TLS_ERROR %}
       listen 80;
       listen [::]:80;
+      {% endif %}
 
       # Only enable HTTPS if TLS is enabled with no error and not on kubernetes
       {% if KUBERNETES_INGRESS != 'true' and TLS and not TLS_ERROR %}
@@ -78,8 +99,7 @@ http {
       add_header X-XSS-Protection '1; mode=block';
       add_header Referrer-Policy 'same-origin';
 
-      # In any case, enable the proxy for certbot if the flavor is letsencrypt and not on kubernetes
-      {% if KUBERNETES_INGRESS != 'true' and TLS_FLAVOR in [ 'letsencrypt', 'mail-letsencrypt' ] %}
+      {% if TLS_FLAVOR == 'mail-letsencrypt' %}      
       location ^~ /.well-known/acme-challenge/ {
           proxy_pass http://127.0.0.1:8008;
       }
diff --git a/towncrier/newsfragments/1564.bugfix b/towncrier/newsfragments/1564.bugfix
new file mode 100644
index 00000000..5c189b80
--- /dev/null
+++ b/towncrier/newsfragments/1564.bugfix
@@ -0,0 +1 @@
+Fixes certbot renewal

From db440d46becaf626c7d188a667a15100327ab0bf Mon Sep 17 00:00:00 2001
From: Simonmicro <simon@simonmicro.de>
Date: Sat, 5 Sep 2020 12:02:50 +0200
Subject: [PATCH 006/119] Added line of warning

---
 setup/templates/steps/compose/03_expose.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html
index 93c2147f..e1d451e8 100644
--- a/setup/templates/steps/compose/03_expose.html
+++ b/setup/templates/steps/compose/03_expose.html
@@ -31,7 +31,7 @@ avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</co
 </div>
 
 <div class="form-group" id="ipv6" style="display: none">
-  <p><span class="label label-danger">Read this:</span> Docker currently does not expose the IPv6 ports properly, as it does not interface with <code>ip6tables</code>. Be sure to read our <a href="https://mailu.io/{{ version }}/faq.html#how-to-make-ipv6-work">FAQ section</a>!</p>
+  <p><span class="label label-danger">Read this:</span> Docker currently does not expose the IPv6 ports properly, as it does not interface with <code>ip6tables</code>. Be sure to read our <a href="https://mailu.io/{{ version }}/faq.html#how-to-make-ipv6-work">FAQ section</a> and be <b>very careful</b> if you wish to enable this!</p>
   <label>IPv6 listen address</label>
 <!--   Validates IPv6 address -->
   <input class="form-control" type="text" name="bind6" value="::1"

From 4a5678f571f11b56f56968af489574f84cc222e5 Mon Sep 17 00:00:00 2001
From: Simonmicro <simon@simonmicro.de>
Date: Sat, 5 Sep 2020 12:16:21 +0200
Subject: [PATCH 007/119] Added explaining message about the current ipv6
 problem

---
 docs/faq.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/faq.rst b/docs/faq.rst
index c59a8c2d..c90fbc6a 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -170,6 +170,13 @@ Lets start with quoting everything that's wrong:
       (`docker/libnetwork#1099 <https://github.com/docker/libnetwork/issues/1099>`_).
   
   -- `Robbert Klarenbeek <https://github.com/robbertkl>`_ (docker-ipv6nat author)
+  
+Okay, but I still want to use IPv6! Can I just use the installers IPv6 checkbox? **NO, YOU SHOULD NOT DO THAT!** Why you ask?
+Mailu has its own trusted IPv4 network, every container inside this network can use e.g. the SMTP container without further
+authentication. If you enabled IPv6 inside the setup assistant (and fixed the ports to also be exposed on IPv6) Docker will
+still rewrite any incoming IPv6 requests to an IPv4 address, *which is located inside the trusted network*. Therefore any
+incoming connection to the SMTP container will bypass the authentication stage by the front container regardless of your
+settings and causes an Open Relay. And you really don't want this!
 
 So, how to make it work? Well, by using `docker-ipv6nat`_! This nifty container will set up ``ip6tables``,
 just as Docker would do for IPv4. We know that nat-ing is not advised in IPv6,

From eca00905cf4eed25ce3a3f87592d2f378231fc1c Mon Sep 17 00:00:00 2001
From: Simonmicro <simon@simonmicro.de>
Date: Sat, 5 Sep 2020 12:19:23 +0200
Subject: [PATCH 008/119] Minor formulation

---
 setup/templates/steps/compose/03_expose.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html
index e1d451e8..c9238f5a 100644
--- a/setup/templates/steps/compose/03_expose.html
+++ b/setup/templates/steps/compose/03_expose.html
@@ -31,7 +31,7 @@ avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</co
 </div>
 
 <div class="form-group" id="ipv6" style="display: none">
-  <p><span class="label label-danger">Read this:</span> Docker currently does not expose the IPv6 ports properly, as it does not interface with <code>ip6tables</code>. Be sure to read our <a href="https://mailu.io/{{ version }}/faq.html#how-to-make-ipv6-work">FAQ section</a> and be <b>very careful</b> if you wish to enable this!</p>
+  <p><span class="label label-danger">Read this:</span> Docker currently does not expose the IPv6 ports properly, as it does not interface with <code>ip6tables</code>. Be sure to read our <a href="https://mailu.io/{{ version }}/faq.html#how-to-make-ipv6-work">FAQ section</a> and be <b>very careful</b> if you still wish to enable this!</p>
   <label>IPv6 listen address</label>
 <!--   Validates IPv6 address -->
   <input class="form-control" type="text" name="bind6" value="::1"

From 8b0e2edc52f294cf58a8624b31f0ce630c8069dd Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Mon, 7 Sep 2020 17:19:53 +0200
Subject: [PATCH 009/119] Create ISSUE_TEMPLATE.md

Add bug template to be used for reporting issues.
---
 ISSUE_TEMPLATE.md | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 ISSUE_TEMPLATE.md

diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md
new file mode 100644
index 00000000..0e4ce0bd
--- /dev/null
+++ b/ISSUE_TEMPLATE.md
@@ -0,0 +1,36 @@
+Thank you for opening an issue with Mailu. Please understand that issues are meant for bugs and enhancement-requests.  
+For **user-support questions**, reach out to us  on [matrix](https://matrix.to/#/#mailu:tedomum.net).
+
+To be able to help you best, we need some more information.
+
+## Before you open your issue
+- [ ] Check if no issue or pull-request for this already exists.
+- [ ] Check [documentation](https://mailu.io/master/) and [FAQ](https://mailu.io/master/faq.html). (Tip, use the search function on the documentation page)
+- [ ] You understand `Mailu` is made by volunteers in their **free time** — be conscise, civil and accept that delays can occur.
+- [ ] The title of the issue should be short and simple. It should contain specific terms related to the actual issue. Be specific while writing the title.
+
+## Environment & Versions
+Environment:
+ - [ ] docker-compose
+ - [ ] kubernetes
+ - [ ] docker swarm
+
+Versions:
+To find your version, get the image name of a mailu container and read  the version from the tag (example for version 1.7).  
+`docker ps -a | grep mailu`  
+`140b09d4b09c    mailu/roundcube:1.7    "docker-php-entrypoi…"    2 weeks ago    Up 2 days (healthy)    80/tcp`
+
+## Description
+<Further explain the bug in a few words. It should be clear what the unexpected behaviour is.  Share it in an easy-to-understand language.>
+
+## Replication Steps
+< Steps for replicating your issue>
+
+## Expected behaviour
+<Explain what results you expected - be as specific as possible. Just saying "it doesn’t work as expected" is not useful. It's also helpful to describe what you actually experienced. >
+																																																																	
+	
+## Logs
+Often it is very useful to include log fragments of the involded component. You can get the logs via `docker logs <container name> --tail 1000`. For example for the admin container:  
+`docker logs mailu_admin_1 --tail 1000`  
+or using docker-compose `docker-compose -f /mailu/docker-compose.yml logs --tail 1000 admin`

From 1f4e9165fa9aacbc39465ba956e95bdd6caf98c0 Mon Sep 17 00:00:00 2001
From: Wolfgang Jung <w.jung@polyas.de>
Date: Wed, 9 Sep 2020 21:35:08 +0200
Subject: [PATCH 010/119] Disables unencrypted http on TLS_ERROR

---
 core/nginx/conf/nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index 924f978f..a2b3d981 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -34,7 +34,7 @@ http {
       ''      $scheme;
     }
 
-    {% if KUBERNETES_INGRESS != 'true' and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] and not TLS_ERROR %}
+    {% if KUBERNETES_INGRESS != 'true' and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] %}
     # Enable the proxy for certbot if the flavor is letsencrypt and not on kubernetes
     # 
     server {
@@ -68,7 +68,7 @@ http {
       {% endif %}
 
       # Listen on HTTP only in kubernetes or behind reverse proxy
-      {% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls',  'mail' ] or TLS_ERROR %}
+      {% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls',  'mail' ] %}
       listen 80;
       listen [::]:80;
       {% endif %}

From 0cb0a26d952302abb93912470c6a2578e3630647 Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Thu, 10 Sep 2020 20:30:06 +0200
Subject: [PATCH 011/119] relax TLS settings on port 25

Because basically every MTA out there uses opportunistic TLS _in
the best case_, it's actually counter productive to use such strict
settings.

The alternative to a handshake error is often an unencrypted submission,
which is basically the opposite of what strict ssl_protocols and
ssl_ciphers tries to achieve.

Even big and established providers like Amazon SES are incompatible with the current
settings.

This reverts commit 2ddf46ad2b5054988ea5b270dcdb88ea80e6067e.
---
 core/nginx/conf/nginx.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index 46db324f..250ceec7 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -218,9 +218,9 @@ mail {
       listen 25;
       listen [::]:25;
       {% if TLS and not TLS_ERROR %}
-      ssl_protocols TLSv1.2 TLSv1.3;
-      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-      ssl_prefer_server_ciphers off;
+      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
+      ssl_prefer_server_ciphers on;
       starttls on;
       {% endif %}
       protocol smtp;

From 2e574d7ffbe5451b1f3e6488cf0992e19969eed1 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Fri, 11 Sep 2020 22:39:21 +0200
Subject: [PATCH 012/119] Fix issue-template whitespacing; Add some small
 formatting

---
 ISSUE_TEMPLATE.md | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md
index 0e4ce0bd..28983d8f 100644
--- a/ISSUE_TEMPLATE.md
+++ b/ISSUE_TEMPLATE.md
@@ -1,4 +1,4 @@
-Thank you for opening an issue with Mailu. Please understand that issues are meant for bugs and enhancement-requests.  
+Thank you for opening an issue with Mailu. Please understand that issues are meant for bugs and enhancement-requests.
 For **user-support questions**, reach out to us  on [matrix](https://matrix.to/#/#mailu:tedomum.net).
 
 To be able to help you best, we need some more information.
@@ -16,21 +16,29 @@ Environment:
  - [ ] docker swarm
 
 Versions:
-To find your version, get the image name of a mailu container and read  the version from the tag (example for version 1.7).  
-`docker ps -a | grep mailu`  
-`140b09d4b09c    mailu/roundcube:1.7    "docker-php-entrypoi…"    2 weeks ago    Up 2 days (healthy)    80/tcp`
+To find your version, get the image name of a mailu container and read  the version from the tag (example for version 1.7).
+```
+$> docker ps -a | grep mailu
+140b09d4b09c    mailu/roundcube:1.7    "docker-php-entrypoi…"    2 weeks ago    Up 2 days (healthy)    80/tcp
+$> grep MAILU_VERSION docker-compose.yml mailu.env
+```
 
 ## Description
 <Further explain the bug in a few words. It should be clear what the unexpected behaviour is.  Share it in an easy-to-understand language.>
 
 ## Replication Steps
-< Steps for replicating your issue>
+<Steps for replicating your issue>
 
 ## Expected behaviour
-<Explain what results you expected - be as specific as possible. Just saying "it doesn’t work as expected" is not useful. It's also helpful to describe what you actually experienced. >
-																																																																	
-	
+<Explain what results you expected - be as specific as possible. Just saying "it doesn’t work as expected" is not useful. It's also helpful to describe what you actually experienced.>
+
 ## Logs
-Often it is very useful to include log fragments of the involded component. You can get the logs via `docker logs <container name> --tail 1000`. For example for the admin container:  
-`docker logs mailu_admin_1 --tail 1000`  
+Often it is very useful to include log fragments of the involved component. You can get the logs via `docker logs <container name> --tail 1000`. For example for the admin container:
+`docker logs mailu_admin_1 --tail 1000`
 or using docker-compose `docker-compose -f /mailu/docker-compose.yml logs --tail 1000 admin`
+If you can find the relevant section, please share only the parts that seem relevant. If you have any logs, please enclose them in code tags, like so:
+````markdown
+```
+Your logs here!
+```
+````

From f3313fa26c36c37a9e87240cbdaf69359ea43cc7 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Fri, 11 Sep 2020 22:44:21 +0200
Subject: [PATCH 013/119] Remove <> tags as they break markdown rendering

---
 ISSUE_TEMPLATE.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md
index 28983d8f..10b9134f 100644
--- a/ISSUE_TEMPLATE.md
+++ b/ISSUE_TEMPLATE.md
@@ -10,12 +10,12 @@ To be able to help you best, we need some more information.
 - [ ] The title of the issue should be short and simple. It should contain specific terms related to the actual issue. Be specific while writing the title.
 
 ## Environment & Versions
-Environment:
+### Environment
  - [ ] docker-compose
  - [ ] kubernetes
  - [ ] docker swarm
 
-Versions:
+### Versions
 To find your version, get the image name of a mailu container and read  the version from the tag (example for version 1.7).
 ```
 $> docker ps -a | grep mailu
@@ -24,13 +24,13 @@ $> grep MAILU_VERSION docker-compose.yml mailu.env
 ```
 
 ## Description
-<Further explain the bug in a few words. It should be clear what the unexpected behaviour is.  Share it in an easy-to-understand language.>
+Further explain the bug in a few words. It should be clear what the unexpected behaviour is.  Share it in an easy-to-understand language.
 
 ## Replication Steps
-<Steps for replicating your issue>
+Steps for replicating your issue
 
 ## Expected behaviour
-<Explain what results you expected - be as specific as possible. Just saying "it doesn’t work as expected" is not useful. It's also helpful to describe what you actually experienced.>
+Explain what results you expected - be as specific as possible. Just saying "it doesn’t work as expected" is not useful. It's also helpful to describe what you actually experienced.
 
 ## Logs
 Often it is very useful to include log fragments of the involved component. You can get the logs via `docker logs <container name> --tail 1000`. For example for the admin container:

From 66db1f8fd075a0160915814b2a9d945f123efcf4 Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sat, 12 Sep 2020 01:32:03 +0200
Subject: [PATCH 014/119] add OCSP stapling to nginx.conf

It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.
---
 core/nginx/conf/nginx.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index 46db324f..bea822a5 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -58,6 +58,8 @@ http {
       listen [::]:443 ssl http2;
 
       include /etc/nginx/tls.conf;
+      ssl_stapling on;
+      ssl_stapling_verify on;
       ssl_session_cache shared:SSLHTTP:50m;
       add_header Strict-Transport-Security 'max-age=31536000';
 

From e8b67470800f7b9c0a808b9d0f71b5bd034e892f Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sat, 12 Sep 2020 01:38:37 +0200
Subject: [PATCH 015/119] add newsfragemnt for #1618

---
 towncrier/newsfragments/1618.feature | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 towncrier/newsfragments/1618.feature

diff --git a/towncrier/newsfragments/1618.feature b/towncrier/newsfragments/1618.feature
new file mode 100644
index 00000000..443f2b5c
--- /dev/null
+++ b/towncrier/newsfragments/1618.feature
@@ -0,0 +1 @@
+Enable OCSP stapling for the http server within nginx.

From 6c29d232e7e19d7e20014f0d8f766bca76cc0cc1 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario.ernst@rommelag.com>
Date: Mon, 21 Sep 2020 11:57:53 +0200
Subject: [PATCH 016/119] Remove whitespaces in newlines

---
 .mergify.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.mergify.yml b/.mergify.yml
index 56bfd522..90f55051 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -11,9 +11,9 @@ pull_request_rules:
         message: |
           Thanks for submitting this pull request.
           Bors-ng will now build test images. When it succeeds, we will continue to review and test your PR.
-          
+
           bors try
-          
+
           Note: if this build fails, [read this](http://mailu.io/master/contributors/environment.html#when-bors-try-fails).
 
   - name: 2 approved reviews; trigger bors r+

From 7e1150d9e593ce787b93e990a7ffb6c9cb5e4e45 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario.ernst@rommelag.com>
Date: Mon, 21 Sep 2020 11:58:18 +0200
Subject: [PATCH 017/119] Sync mergify team-member list to actualy members

---
 .mergify.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.mergify.yml b/.mergify.yml
index 90f55051..98a60180 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -27,7 +27,7 @@ pull_request_rules:
 
   - name: Trusted author and 1 approved review; trigger bors r+
     conditions:
-      - author~=^(kaiyou|muhlemmer|mildred|HorayNarea|adi90x|hoellen|ofthesun9|Nebukadneza|micw)$
+      - author~=^(kaiyou|muhlemmer|mildred|HorayNarea|adi90x|hoellen|ofthesun9|Nebukadneza|micw|lub|Diman0)$
       - -title~=(WIP|wip)
       - -label~=^(status/wip|status/blocked|review/need2)$
       - "#approved-reviews-by>=1"

From 957b6ac1045ec0916e3da288caa6830d25695b82 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario.ernst@rommelag.com>
Date: Wed, 23 Sep 2020 15:18:23 +0200
Subject: [PATCH 018/119] Revert "Remove whitespaces in newlines"

This reverts commit 6c29d232e7e19d7e20014f0d8f766bca76cc0cc1.
---
 .mergify.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.mergify.yml b/.mergify.yml
index 98a60180..f2e5b860 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -11,9 +11,9 @@ pull_request_rules:
         message: |
           Thanks for submitting this pull request.
           Bors-ng will now build test images. When it succeeds, we will continue to review and test your PR.
-
+          
           bors try
-
+          
           Note: if this build fails, [read this](http://mailu.io/master/contributors/environment.html#when-bors-try-fails).
 
   - name: 2 approved reviews; trigger bors r+

From d9e7b8249b88eecbb6e0f19a998762c8be748ac1 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Wed, 23 Sep 2020 19:59:00 +0200
Subject: [PATCH 019/119] Add support for AUTH LOGIN authentication mechanism
 for relaying email via smart hosts.

---
 core/postfix/Dockerfile              | 2 +-
 towncrier/newsfragments/1632.feature | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 towncrier/newsfragments/1632.feature

diff --git a/core/postfix/Dockerfile b/core/postfix/Dockerfile
index 8652eaa0..af29bf91 100644
--- a/core/postfix/Dockerfile
+++ b/core/postfix/Dockerfile
@@ -12,7 +12,7 @@ RUN pip3 install socrate==0.2.0
 RUN pip3 install "podop>0.2.5"
 
 # Image specific layers under this line
-RUN apk add --no-cache postfix postfix-pcre cyrus-sasl-plain
+RUN apk add --no-cache postfix postfix-pcre cyrus-sasl-plain cyrus-sasl-login
 
 COPY conf /conf
 COPY start.py /start.py
diff --git a/towncrier/newsfragments/1632.feature b/towncrier/newsfragments/1632.feature
new file mode 100644
index 00000000..06d78d6c
--- /dev/null
+++ b/towncrier/newsfragments/1632.feature
@@ -0,0 +1 @@
+Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts.

From a662c3f6f18981928187a698cc35ee700c6dd38f Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Wed, 23 Sep 2020 20:04:36 +0200
Subject: [PATCH 020/119] Changed change log file to correct filename

---
 towncrier/newsfragments/{1632.feature => 1635.feature} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename towncrier/newsfragments/{1632.feature => 1635.feature} (100%)

diff --git a/towncrier/newsfragments/1632.feature b/towncrier/newsfragments/1635.feature
similarity index 100%
rename from towncrier/newsfragments/1632.feature
rename to towncrier/newsfragments/1635.feature

From 8f49bb8d530796cda7bac0809cd4edc73f7aa706 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario.ernst@rommelag.com>
Date: Wed, 23 Sep 2020 21:04:50 +0200
Subject: [PATCH 021/119] Add config file for the "stale" robot to clean up
 issues

With this, and the already activated github-app, the stale robot will
mark and subsequently close issues as specified in the config.

Currently we mark after 21 days, close after 7 more days, and ignore
issues with an assigned priority or milestone.
---
 .github/stale.yml | 58 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 .github/stale.yml

diff --git a/.github/stale.yml b/.github/stale.yml
new file mode 100644
index 00000000..35659181
--- /dev/null
+++ b/.github/stale.yml
@@ -0,0 +1,58 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 21
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 7
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - priority/p0
+  - priority/p1
+  - priority/p2
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: true
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: true
+
+# Label to use when marking as stale
+staleLabel: status/response_needed
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+
+# Comment to post when removing the stale label.
+# unmarkComment: >
+#   Your comment here.
+
+# Comment to post when closing a stale Issue or Pull Request.
+closeComment: >
+  This issue has not seen activity since as it has become stale. It will now be
+  automatically closed. Please note that this is an automatic action, and not
+  meant in any offensive way.
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30
+
+# Limit to only `issues` or `pulls`
+only: issues
+
+# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
+# pulls:
+#   <any of above config here>
+#
+# issues:
+#   <any of above config here>

From 9f4e906534f5ef4d357601fb68893cc64af5dda4 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Thu, 24 Sep 2020 11:50:12 +0200
Subject: [PATCH 022/119] Update docs/webadministration.rst

Co-authored-by: Dario Ernst <github@kanojo.de>
---
 docs/webadministration.rst | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 210842e0..07d4ac6f 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -15,7 +15,7 @@ It offers the following configuration options:
 
 * configure automatic email replies (out of office replies).
 
-* configure fetchmail for automatic email retrieval.
+* configure fetchmail for automatic email retrieval (from 3rd-party servers).
 
 * configure application passwords.
 
@@ -434,4 +434,3 @@ Sign out
 
 The menu item `Sign out` signs out the currently logged in user.
 
-

From 4bc0962fb8eb2a8c4eb1c8a9d500c7f5e4b4c3bc Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Thu, 24 Sep 2020 11:50:36 +0200
Subject: [PATCH 023/119] Update docs/webadministration.rst

typo

Co-authored-by: Dario Ernst <github@kanojo.de>
---
 docs/webadministration.rst | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 07d4ac6f..49804af0 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -97,7 +97,7 @@ For more information see the :ref:`antispam documentation <antispam_howto>`.
 
 Auto-forward
 `````````````
-Under the section `Auto-forward`, the automatically forwarding of received email messages can be enabled. When enabled, all received email messages are forwarded to the specified email address. 
+Under the section `Auto-forward`, the automatic forwarding of received email messages can be enabled. When enabled, all received email messages are forwarded to the specified email address. 
 
 The option "Keep a copy of the emails" can be ticked, to keep a copy of the received email message in the inbox folder.
 
@@ -433,4 +433,3 @@ Sign out
 --------
 
 The menu item `Sign out` signs out the currently logged in user.
-

From a772c19546ec7cbb3cf47fa756ff969356243ce1 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Thu, 24 Sep 2020 11:52:36 +0200
Subject: [PATCH 024/119] Update docs/webadministration.rst

Rewording to make it more clear.

Co-authored-by: Dario Ernst <github@kanojo.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 49804af0..e19e521f 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -48,7 +48,7 @@ Access the web administration interface
 The admin GUI is accessed via the URL `https://<my domain>/admin` for default deployments.
 To login the admin GUI enter the email address and password of an user.
 
-To have access to all configuration settings and for access to Rspamd webgui, the logged in user must be a global administrator.
+Only global administrator users have access to all configuration settings and the Rspamd webgui. Other users will be presented with settings for only their account, and domains they are managers of.
 To create a user who is a global administrator for a new installation, the Mailu.env file can be adapted. 
 For more information see the section 'Admin account - automatic creation' in :ref:`the configuration reference <admin_account>`.
 

From 108352764792d2e7eff265184345bc61fa0fe824 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Thu, 24 Sep 2020 11:54:50 +0200
Subject: [PATCH 025/119] Update docs/webadministration.rst

rewording to make it more clear.

Co-authored-by: Dario Ernst <github@kanojo.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index e19e521f..f26eb470 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -133,7 +133,7 @@ Fetched accounts
 This page is only available when the Fetchmail container is part of your Mailu deployment. 
 Fetchmail can be enabled when creating the docker-compose.yml file with the setup utility (https://setup.mailu.io).
 
-On the `fetched accounts` page you can configure email accounts from which email messages must be retrieved.
+On the `fetched accounts` page you can configure email accounts from which email messages will be retrieved.
 Only unread email messages are retrieved from the specified email account. 
 By default Fetchmail will retrieve email messages every 10 minutes. This can be changed in the Mailu.env file. 
 For more information on changing the polling interval see :ref:`the configuration reference <fetchmail>`.

From 5f8e98c70f1a298b3d13fe4c0d384b9fb2a9896d Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Thu, 24 Sep 2020 12:05:44 +0200
Subject: [PATCH 026/119] Update docs/webadministration.rst

rewording to make it more clear

Co-authored-by: Dario Ernst <github@kanojo.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index f26eb470..ec6896f8 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -276,7 +276,7 @@ This page is only accessible for global administrators. On the edit page, the gl
 
 * Maximum user count. The maximum amount of users that can be created under this domain. Once this limit is reached it is not possible anymore to add users to the domain; and it is also not possible for users to self-register.
     
-* Maximum alias count. The maximum amount of aliases that can be made for an email account.
+* Maximum alias count. The maximum amount of aliases that can be created for an email account.
     
 * Maximum user quota. The maximum amount of quota that can be assigned to a user. When creating or editing a user, this sets the limit on the maximum amount of quota that can be assigned to the user.
     

From ec711cf021ffb1847d3a6ee7bd9a7355797ad9f9 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Thu, 24 Sep 2020 12:06:48 +0200
Subject: [PATCH 027/119] Update docs/webadministration.rst

rewording to add more clarification

Co-authored-by: Dario Ernst <github@kanojo.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index ec6896f8..d8316bb2 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -324,7 +324,7 @@ For adding a new user the following options can be configured.
 
 * Comment. A description for the user. This description is shown on the Users page.
 
-* Enabled. Tick this checkbox to enable the user account. When an user is disabled. The user is unable to login the Admin GUI or webmail or access his email via IMAP/POP3. 
+* Enabled. Tick this checkbox to enable the user account. When an user is disabled, the user is unable to login to the Admin GUI or webmail or access his email via IMAP/POP3 or send mail.
   The email inbox of the user is still retained. This option can be used to temporarily suspend an user account.
   
 * Quota. The maximum quota for the user's email box.

From 2387e53c58886b971e851ffb8dfcf74a4eb6650e Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Thu, 24 Sep 2020 12:08:44 +0200
Subject: [PATCH 028/119] Update docs/webadministration.rst

More clarification.

Co-authored-by: Dario Ernst <github@kanojo.de>
---
 docs/webadministration.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index d8316bb2..20760802 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -340,6 +340,7 @@ Aliases
 This page is also accessible for domain managers. On the aliases page, aliases can be added for email addresses. An alias is a way to disguise another email address. 
 Everything sent to an alias email address is actually received in the primary email account's inbox of the destination email address.
 Aliases can diversify a single email account without having to create multiple email addresses (users).
+It is also possible to add multiple email addresses to the destination field. All incoming mails will be sent to each users inbox in this case.
 
 The following options are available when adding an alias:
 

From 98f59a87639681f0be0951fe4c019e8fb44147df Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Thu, 24 Sep 2020 12:09:11 +0200
Subject: [PATCH 029/119] Update docs/webadministration.rst

typo

Co-authored-by: Dario Ernst <github@kanojo.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 20760802..22932eaa 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -357,7 +357,7 @@ The following options are available when adding an alias:
     * %a - Finds any values that end with "a"
     * %or% - Finds any values that have "or" in any position
     * _r% - Finds any values that have "r" in the second position
-    * a_% -' Finds any values that start with "a" and are at least 2 characters in length
+    * a_% - Finds any values that start with "a" and are at least 2 characters in length
     * a__% - Finds any values that start with "a" and are at least 3 characters in length
     * a%o - Finds any values that start with "a" and ends with "o"
 

From 769a143e458bc7e16d6b3f2c2a6f8fb6f72a8aec Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Thu, 24 Sep 2020 12:34:29 +0200
Subject: [PATCH 030/119] Update docs/webadministration.rst

typo

Co-authored-by: Dario Ernst <github@kanojo.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 22932eaa..59735115 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -149,7 +149,7 @@ You can add a fetched account by clicking on the `Add an account` button on the
 
 * Enable TLS. Tick this setting if the email server requires TLS/SSL.
 
-* Username. The user name for logging in the email server. Normally this is the email address or the email address prefix (part before @). 
+* Username. The user name for logging in the email server. Normally this is the email address or the email address local-part (the part before @). 
 
 * Password. The password for logging in the email server.
 

From f843bfe9d501daf0e861b699c8f68ed70da155f4 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Thu, 24 Sep 2020 14:17:05 +0200
Subject: [PATCH 031/119] Add additional clarification that you may have to add
 a new domain to HOSTNAMES in your mailu.env file.

---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 59735115..2076c51d 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -261,7 +261,7 @@ The following settings are persistent and will survive container recreation:
 Mail domains
 ------------
 
-On the `Mail domains` page all the domains served by Mailu are configured. Via the new domain button (top right) a new mail domain can be added. For existing domains you can access settings via the icons in the Actions column and Manage column. From left to right you have the following options within the Action column and Manage column.
+On the `Mail domains` page all the domains served by Mailu are configured. Via the new domain button (top right) a new mail domain can be added. Please note that you may have to add the new domain to `HOSTNAMES` in your :ref:`mailu.env file <common_cfg>`. For existing domains you can access settings via the icons in the Actions column and Manage column. From left to right you have the following options within the Action column and Manage column.
 
 Details
 ```````

From 9fe750dc2becb2f9547ba665a4320ca39f61468f Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Thu, 24 Sep 2020 16:43:18 +0200
Subject: [PATCH 032/119] Add FAQ entry for how to use webdav(radicale)

---
 docs/faq.rst | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docs/faq.rst b/docs/faq.rst
index c90fbc6a..054726c1 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -327,6 +327,19 @@ After successfull login the domain part will be striped and the rest used as use
 
 *Issue reference:* `575`_.
 
+
+How do I use webdav (radicale)?
+```````````````````````````````
+
+| To use webdav (radicale) you can configure your carddav/caldav client to use the following url:
+| `https://example.com/webdav/user@example.com`
+| As username you must provide the complete email address (user@example.com).  
+| As password you must provide the password of the email address.
+| The user must be an existing Mailu user.
+
+*issue reference:* `1591`_.
+
+
 .. _`Postfix`: http://www.postfix.org/postconf.5.html
 .. _`Dovecot`: https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/
 .. _`NGINX`:   https://nginx.org/en/docs/
@@ -342,6 +355,7 @@ After successfull login the domain part will be striped and the rest used as use
 .. _`520`: https://github.com/Mailu/Mailu/issues/520
 .. _`591`: https://github.com/Mailu/Mailu/issues/591
 .. _`575`: https://github.com/Mailu/Mailu/issues/575
+.. _`1591`: https://github.com/Mailu/Mailu/issues/1591
 
 Technical issues
 ----------------

From 1d6321992aa7852644045f83228ac2d09364bea0 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Fri, 25 Sep 2020 11:25:19 +0200
Subject: [PATCH 033/119] Update stale.yml

Add label backlog to exempt labels. We will use label backlog to collect bugs/features that we want to consider for a future release. Thus we do not want to auto-close those issues.
---
 .github/stale.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/stale.yml b/.github/stale.yml
index 35659181..9e5e9ecf 100644
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -15,6 +15,7 @@ exemptLabels:
   - priority/p0
   - priority/p1
   - priority/p2
+  - backlog
 
 # Set to true to ignore issues in a project (defaults to false)
 exemptProjects: false

From 5c4a8069e4a3f807556f719435da84b7ada24741 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Sat, 26 Sep 2020 01:13:29 +0200
Subject: [PATCH 034/119] Add additional instructions for first time usage.

---
 docs/faq.rst | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/faq.rst b/docs/faq.rst
index 054726c1..b292cd05 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -331,8 +331,13 @@ After successfull login the domain part will be striped and the rest used as use
 How do I use webdav (radicale)?
 ```````````````````````````````
 
-| To use webdav (radicale) you can configure your carddav/caldav client to use the following url:
-| `https://example.com/webdav/user@example.com`
+| For first time set up, the user must access radicale via the url `https://mail.example.com/webdav/.web` and then
+| 1. Log in using the  user's full email address and password.
+| 2. Click 'Create new addressbook or calendar'
+| 3. Follow instructions for creating an addressbook (for contact management) and calendar.
+|
+| Subsequently to use webdav (radicale), you can configure your carddav/caldav client to use the following url:
+| `https://mail.example.com/webdav/user@example.com`
 | As username you must provide the complete email address (user@example.com).  
 | As password you must provide the password of the email address.
 | The user must be an existing Mailu user.

From fd5e604cf11915b1fffd3eb995bac4f03723e3e4 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Sat, 26 Sep 2020 09:40:36 +0200
Subject: [PATCH 035/119] Exempt status/wip label from stalebot

---
 .github/stale.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/stale.yml b/.github/stale.yml
index 9e5e9ecf..3d5a3236 100644
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -16,6 +16,7 @@ exemptLabels:
   - priority/p1
   - priority/p2
   - backlog
+  - status/wip
 
 # Set to true to ignore issues in a project (defaults to false)
 exemptProjects: false

From 465540229ad231d739f432fd373f9bb483bbc492 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Sat, 26 Sep 2020 10:09:56 +0200
Subject: [PATCH 036/119] Update docs/webadministration.rst

Co-authored-by: lub <github@lubiland.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 2076c51d..7edb28de 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -45,7 +45,7 @@ It offers the following configuration options:
 Access the web administration interface
 ---------------------------------------
 
-The admin GUI is accessed via the URL `https://<my domain>/admin` for default deployments.
+The admin GUI is by default accessed via the URL `https://<my domain>/admin`, when it's enabled in the setup utility or by manually setting `ADMIN=true` in `mailu.env`.
 To login the admin GUI enter the email address and password of an user.
 
 Only global administrator users have access to all configuration settings and the Rspamd webgui. Other users will be presented with settings for only their account, and domains they are managers of.

From 037a7a40e74ea95153bbc28f7c7b02e23d5e8227 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Sat, 26 Sep 2020 10:11:12 +0200
Subject: [PATCH 037/119] Update docs/webadministration.rst

additional clarification

Co-authored-by: lub <github@lubiland.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 7edb28de..8be520df 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -115,7 +115,7 @@ On the `update password` page, the password of the logged in user can be changed
 Auto-reply
 ----------
 
-On the `auto-reply` page, automatic replies can be configured. This is also known as out of office replies.
+On the `auto-reply` page, automatic replies can be configured. This is also known as out of office (ooo) or out of facility (oof) replies.
 
 To enable automatic replies tick the checkbox 'Enable automatic reply'. 
 

From 04436dd047b938f9e0dd0e5d9d44d2a9740ae279 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Sat, 26 Sep 2020 10:12:29 +0200
Subject: [PATCH 038/119] Update docs/webadministration.rst

additional clarification

Co-authored-by: lub <github@lubiland.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 8be520df..020a1ee0 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -147,7 +147,7 @@ You can add a fetched account by clicking on the `Add an account` button on the
 
 * TCP port. The TCP port the email server listens on. Common ports are 993 (TLS) or 143 (STARTTLS/unsecure) for IMAP. 
 
-* Enable TLS. Tick this setting if the email server requires TLS/SSL.
+* Enable TLS. Tick this setting if the email server requires TLS/SSL instead of STARTTLS.
 
 * Username. The user name for logging in the email server. Normally this is the email address or the email address local-part (the part before @). 
 

From 4a3b16d3bc8e15737cfe3e51436fa41045cea4be Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Sat, 26 Sep 2020 10:14:15 +0200
Subject: [PATCH 039/119] Update docs/webadministration.rst

typo/grammar

Co-authored-by: lub <github@lubiland.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 020a1ee0..8dddaf17 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -149,7 +149,7 @@ You can add a fetched account by clicking on the `Add an account` button on the
 
 * Enable TLS. Tick this setting if the email server requires TLS/SSL instead of STARTTLS.
 
-* Username. The user name for logging in the email server. Normally this is the email address or the email address local-part (the part before @). 
+* Username. The user name for logging in to the email server. Normally this is the email address or the email address' local-part (the part before @). 
 
 * Password. The password for logging in the email server.
 

From 5981a34397b1ca06b54e3e55a662238482fb86d5 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Sat, 26 Sep 2020 10:14:26 +0200
Subject: [PATCH 040/119] Update docs/webadministration.rst

typo/grammar

Co-authored-by: lub <github@lubiland.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 8dddaf17..29a72ad9 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -151,7 +151,7 @@ You can add a fetched account by clicking on the `Add an account` button on the
 
 * Username. The user name for logging in to the email server. Normally this is the email address or the email address' local-part (the part before @). 
 
-* Password. The password for logging in the email server.
+* Password. The password for logging in to the email server.
 
 * Keep emails on the server. When ticked, retains the email message in the email account after retrieving it.
 

From a50e6d55c58cc2105558d108ef7cdb73ddf9faba Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Sat, 26 Sep 2020 10:17:19 +0200
Subject: [PATCH 041/119] Update docs/webadministration.rst

grammar

Co-authored-by: lub <github@lubiland.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 29a72ad9..72b058b8 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -162,7 +162,7 @@ Authentication tokens
 ---------------------
 
 On the `authentication tokens` page, authentication tokens can be created. Authentications tokens are also known as application passwords.
-The purpose of an authentication token is to create an unique strong password that can be used by a single application to authenticate as the logged in user's email account.
+The purpose of an authentication token is to create a unique and strong password that can be used by a single application to authenticate as the logged in user's email account.
 The application will use this authentication token instead of the logged in user's password for sending/receiving email.
 This allows safe access to the logged in user's email account. At any moment, the authentication token can be deleted so that the application has no access to the logged in user's email account anymore.
 

From 86d6caa7894bddec82ace1f5bdf338421dcb0908 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Sat, 26 Sep 2020 10:19:48 +0200
Subject: [PATCH 042/119] Update docs/webadministration.rst

additional clarification. We only support secure connections.

Co-authored-by: lub <github@lubiland.de>
---
 docs/webadministration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webadministration.rst b/docs/webadministration.rst
index 72b058b8..070eb473 100644
--- a/docs/webadministration.rst
+++ b/docs/webadministration.rst
@@ -145,7 +145,7 @@ You can add a fetched account by clicking on the `Add an account` button on the
 
 * Hostname or IP. The hostname or IP address of the email server.
 
-* TCP port. The TCP port the email server listens on. Common ports are 993 (TLS) or 143 (STARTTLS/unsecure) for IMAP. 
+* TCP port. The TCP port the email server listens on. Common ports are 993 (IMAPS with TLS), 143 (IMAP with STARTTLS), 995 (POP3S with TLS) or 110 (POP3 with STARTTLS).
 
 * Enable TLS. Tick this setting if the email server requires TLS/SSL instead of STARTTLS.
 

From b51d9eb58f3ce4a842db7a9bbacf78f65213654f Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Date: Sun, 27 Sep 2020 13:30:11 +0200
Subject: [PATCH 043/119] Update stale.yml

as discussed in chat https://matrix.to/#/!RJFCFtixHgPhzacdhW:tedomum.net/$160120578037UHNkM:huisman.xyz?via=ghostdub.de&via=matrix.org&via=tedomum.net
stalebot should only touch
- user support (issue with no label or issue with label type/question).
- issues we explicitly mark with a response_needed label (whatever the name will be of this label).
To give more time to respond when we mark issue with more info needed, we increase the daysUntilClose to 14
---
 .github/stale.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/stale.yml b/.github/stale.yml
index 3d5a3236..2f644e76 100644
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -5,7 +5,7 @@ daysUntilStale: 21
 
 # Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
 # Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 7
+daysUntilClose: 14
 
 # Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
 onlyLabels: []
@@ -17,6 +17,11 @@ exemptLabels:
   - priority/p2
   - backlog
   - status/wip
+  - type/bug
+  - type/discussion
+  - type/enhancement
+  - type/feature
+  - type/security
 
 # Set to true to ignore issues in a project (defaults to false)
 exemptProjects: false

From 78890a97ff60d43ee20710e2c534adbafea1ccef Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Thu, 1 Oct 2020 20:32:05 +0200
Subject: [PATCH 044/119] Preparations for 1.8 release.

---
 .travis.yml                          |  3 +-
 CHANGELOG.md                         | 46 ++++++++++++++++++++++++++--
 core/admin/mailu/configuration.py    |  2 +-
 docs/conf.py                         |  3 +-
 docs/releases.rst                    | 32 ++++++++++++++++++-
 docs/setup.rst                       |  2 +-
 towncrier/newsfragments/1011.feature |  1 -
 towncrier/newsfragments/1098.misc    |  1 -
 towncrier/newsfragments/1113.feature |  1 -
 towncrier/newsfragments/1158.feature |  1 -
 towncrier/newsfragments/1160.feature |  1 -
 towncrier/newsfragments/1167.doc     |  1 -
 towncrier/newsfragments/1194.feature |  1 -
 towncrier/newsfragments/1197.feature |  1 -
 towncrier/newsfragments/1207.feature |  1 -
 towncrier/newsfragments/1214.misc    |  1 -
 towncrier/newsfragments/1221.removal |  1 -
 towncrier/newsfragments/1255.bugfix  |  1 -
 towncrier/newsfragments/1259.feature |  1 -
 towncrier/newsfragments/1267.feature |  1 -
 towncrier/newsfragments/1268.feature |  1 -
 towncrier/newsfragments/1289.bugfix  |  1 -
 towncrier/newsfragments/1298.feature |  1 -
 towncrier/newsfragments/1308.misc    |  1 -
 towncrier/newsfragments/1320.feature |  1 -
 towncrier/newsfragments/1357.feature |  1 -
 towncrier/newsfragments/1394.bugfix  |  1 -
 towncrier/newsfragments/1438.bugfix  |  1 -
 towncrier/newsfragments/1444.misc    |  1 -
 towncrier/newsfragments/1463.bugfix  |  1 -
 towncrier/newsfragments/1486.bugfix  |  1 -
 towncrier/newsfragments/1512.misc    |  1 -
 towncrier/newsfragments/1538.feature |  1 -
 towncrier/newsfragments/1564.bugfix  |  1 -
 towncrier/newsfragments/1590.doc     |  1 -
 towncrier/newsfragments/1635.feature |  1 -
 towncrier/newsfragments/328.feature  |  1 -
 towncrier/newsfragments/508.misc     |  1 -
 towncrier/newsfragments/985.feature  |  1 -
 39 files changed, 80 insertions(+), 41 deletions(-)
 delete mode 100644 towncrier/newsfragments/1011.feature
 delete mode 100644 towncrier/newsfragments/1098.misc
 delete mode 100644 towncrier/newsfragments/1113.feature
 delete mode 100644 towncrier/newsfragments/1158.feature
 delete mode 100644 towncrier/newsfragments/1160.feature
 delete mode 100644 towncrier/newsfragments/1167.doc
 delete mode 100644 towncrier/newsfragments/1194.feature
 delete mode 100644 towncrier/newsfragments/1197.feature
 delete mode 100644 towncrier/newsfragments/1207.feature
 delete mode 100644 towncrier/newsfragments/1214.misc
 delete mode 100644 towncrier/newsfragments/1221.removal
 delete mode 100644 towncrier/newsfragments/1255.bugfix
 delete mode 100644 towncrier/newsfragments/1259.feature
 delete mode 100644 towncrier/newsfragments/1267.feature
 delete mode 100644 towncrier/newsfragments/1268.feature
 delete mode 100644 towncrier/newsfragments/1289.bugfix
 delete mode 100644 towncrier/newsfragments/1298.feature
 delete mode 100644 towncrier/newsfragments/1308.misc
 delete mode 100644 towncrier/newsfragments/1320.feature
 delete mode 100644 towncrier/newsfragments/1357.feature
 delete mode 100644 towncrier/newsfragments/1394.bugfix
 delete mode 100644 towncrier/newsfragments/1438.bugfix
 delete mode 100644 towncrier/newsfragments/1444.misc
 delete mode 100644 towncrier/newsfragments/1463.bugfix
 delete mode 100644 towncrier/newsfragments/1486.bugfix
 delete mode 100644 towncrier/newsfragments/1512.misc
 delete mode 100644 towncrier/newsfragments/1538.feature
 delete mode 100644 towncrier/newsfragments/1564.bugfix
 delete mode 100644 towncrier/newsfragments/1590.doc
 delete mode 100644 towncrier/newsfragments/1635.feature
 delete mode 100644 towncrier/newsfragments/328.feature
 delete mode 100644 towncrier/newsfragments/508.misc
 delete mode 100644 towncrier/newsfragments/985.feature

diff --git a/.travis.yml b/.travis.yml
index 9de9cea3..467f6f5b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,9 +5,10 @@ branches:
     - '1.5'
     - '1.6'
     - '1.7'
+    - '1.8'
     - master
     # version tags, e.g. 1.7.1
-    - /^1\.[567]\.\d+$/
+    - /^1\.[5678]\.\d+$/
     # pre-releases, e.g. 1.8-pre1
     - /^1\.8-pre\d+$/
     # test branches, e.g. test-debian
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7ccde4bc..708eb092 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,11 +1,51 @@
 Changelog
 =========
 
-Notable changes to this project are documented in the current file. For more
-details about individual changes, see the Git log. You should read this before
-upgrading Mailu as some changes will include useful notes.
+Upgrade should run fine as long as you generate a new compose or stack
+configuration and upgrade your mailu.env.
+
+There are some changes to the configuration overrides. Override files are now mounted read-only into the containers. 
+The Dovecot and Postfix overrides are moved in their own sub-directory. 
+If there are local override files, they will need to be moved from overrides/ to overrides/dovecot and overrides/postfix/.
+See https://mailu.io/1.8/faq.html#how-can-i-override-settings for all the mappings.
+
+Please not that the shipped image for PostgreSQL database is deprecated.
+We advise to switch to an external database server.
 
 <!-- TOWNCRIER -->
+v1.8.0 - 2020-09-28
+--------------------
+
+- Features: Add support for backward-forwarding using SRS ([#328](https://github.com/Mailu/Mailu/issues/328))
+- Features: Add options to support different architectures builds ([#985](https://github.com/Mailu/Mailu/issues/985))
+- Features: Add support for Traefik v2 certificate dumping ([#1011](https://github.com/Mailu/Mailu/issues/1011))
+- Features: Resolve hosts to IPs if only HOST_* is set. If *_ADDRESS is set, leave it unresolved. ([#1113](https://github.com/Mailu/Mailu/issues/1113))
+- Features: - Use nginx as http endpoint on kubernetes to simplify ingress ([#1158](https://github.com/Mailu/Mailu/issues/1158))
+- Features: Advertise correct mail capabilities through the front-container, this also enables support for PIPELINING in mail-protocols and IMAP IDLE which is a (potential) performance gain. ([#1160](https://github.com/Mailu/Mailu/issues/1160))
+- Features: Change default password scheme to PBKDF2 ([#1194](https://github.com/Mailu/Mailu/issues/1194))
+- Features: Enable access log of admin service only for log levels of INFO and finer ([#1197](https://github.com/Mailu/Mailu/issues/1197))
+- Features: japanese loca is now available ([#1207](https://github.com/Mailu/Mailu/issues/1207))
+- Features: Allow to reject virus mails by setting ANTIVITUS_ACTION=reject ([#1259](https://github.com/Mailu/Mailu/issues/1259))
+- Features: Update roundcube to 1.4.0 and enable the new elastic skin ([#1267](https://github.com/Mailu/Mailu/issues/1267))
+- Features: The roundcube container does support mysql now (no setup integration yet) ([#1268](https://github.com/Mailu/Mailu/issues/1268))
+- Features: Added CardDAV-Plugin for webmail roundcube. ([#1298](https://github.com/Mailu/Mailu/issues/1298))
+- Features: Allow users to use server-sided full-text-search again by adding the dovecot fts-xapian plugin ([#1320](https://github.com/Mailu/Mailu/issues/1320))
+- Features: Relay a domain to a nonstandard SMTP port by adding ":<port_num>" to the remote hostname or IP address. ([#1357](https://github.com/Mailu/Mailu/issues/1357))
+- Features: Introduce option to disable dovecot full-text-search by an enviroment variable. ([#1538](https://github.com/Mailu/Mailu/issues/1538))
+- Features: Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts. ([#1635](https://github.com/Mailu/Mailu/issues/1635))
+- Bugfixes: Use pip package for radicale to fix failing builds caused by [alpine]upstream package rebuild against different python version ([#1255](https://github.com/Mailu/Mailu/issues/1255))
+- Bugfixes: Disable Health checks on swarm mode ([#1289](https://github.com/Mailu/Mailu/issues/1289))
+- Bugfixes: Show SPF records in accordance with RFC 7208: Previously we instructed admins to create SPF and TXT records, where only TXT records are correct now. !! Attention !! You need to manually remove the SPF-typed records and keep only TXT in your DNS. ([#1394](https://github.com/Mailu/Mailu/issues/1394))
+- Bugfixes: Cover relearning messages when moving bewteen Ham and Spam status ([#1438](https://github.com/Mailu/Mailu/issues/1438))
+- Bugfixes: Defining POSTMASTER through setup tool apply also to DMARC_RUA and DMARC_RUF settings ([#1463](https://github.com/Mailu/Mailu/issues/1463))
+- Bugfixes: Check postfix mailqueue permissions before start-up ([#1486](https://github.com/Mailu/Mailu/issues/1486))
+- Bugfixes: Fixes certbot renewal ([#1564](https://github.com/Mailu/Mailu/issues/1564))
+- Improved Documentation: Added documentation that describes how spam filtering works in Mailu. ([#1167](https://github.com/Mailu/Mailu/issues/1167))
+- Improved Documentation: Add documentation for the web administration interface. ([#1590](https://github.com/Mailu/Mailu/issues/1590))
+- Deprecations and Removals: Dovecot: Delete obsolete data volume ([#1221](https://github.com/Mailu/Mailu/issues/1221))
+- Misc:  ([#508](https://github.com/Mailu/Mailu/issues/508), [#1098](https://github.com/Mailu/Mailu/issues/1098), [#1214](https://github.com/Mailu/Mailu/issues/1214), [#1308](https://github.com/Mailu/Mailu/issues/1308), [#1444](https://github.com/Mailu/Mailu/issues/1444), [#1512](https://github.com/Mailu/Mailu/issues/1512))
+
+
 v1.7.0 - 2019-08-22
 -------------------
 
diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py
index 66b0b832..2cf6a478 100644
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -24,7 +24,7 @@ DEFAULT_CONFIG = {
     'SQLALCHEMY_TRACK_MODIFICATIONS': False,
     # Statistics management
     'INSTANCE_ID_PATH': '/data/instance',
-    'STATS_ENDPOINT': '0.{}.stats.mailu.io',
+    'STATS_ENDPOINT': '18.{}.stats.mailu.io',
     # Common configuration variables
     'SECRET_KEY': 'changeMe',
     'DOMAIN': 'mailu.io',
diff --git a/docs/conf.py b/docs/conf.py
index 2bb0aaf5..24648e88 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -36,11 +36,12 @@ html_context = {
     'github_user': 'mailu',
     'github_repo': 'mailu',
     'github_version': version,
-    'stable_version': '1.7',
+    'stable_version': '1.8',
     'versions': [
         ('1.5', '/1.5/'),
         ('1.6', '/1.6/'),
         ('1.7', '/1.7/'),
+        ('1.8', '/1.8/'),
         ('master', '/master/')
     ],
     'conf_py_path': '/docs/'
diff --git a/docs/releases.rst b/docs/releases.rst
index 3d50c285..0613c91c 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -1,15 +1,45 @@
 Release notes
 =============
 
-Mailu 1.8 - tbd
+Mailu 1.8 - 2020-10-02
 ----------------------
 
+Release 1.8 has come a long way again. Due to corona the project slowed down to a crawl. Fortunately new contributors have joined the team what enabled us to still release Mailu 1.8 this year.
+For a list of all changes refer to CHANGELOG.md in the root folder of the Mailu github project. Please read the 'Override location changes' section. It contains important information for the people who use the overrides folder.
+
+New functionality
+`````````````````
+
+short summary of new features
+
+- placeholder1
+- placeholder2
+
+mention alpine is updated in .... containers.
+
+other interesting section
+`````````````````````````
+
+bla bla bla.
+more bla bla bla.
+
 Override location changes
 `````````````````````````
 
 If you have regenerated the Docker compose and environment files, there are some changes to the configuration overrides.
 Override files are now mounted read-only into the containers. The Dovecot and Postfix overrides are moved in their own sub-directory. If there are local override files, they will need to be moved from ``overrides/`` to ``overrides/dovecot`` and ``overrides/postfix/``.
 
+Upgrading
+`````````
+
+Upgrade should run fine as long as you generate a new compose or stack
+configuration and upgrade your mailu.env.
+
+Please not that the shipped image for PostgreSQL database is deprecated.
+The shipped image for PostgreSQL is not maintained anymore from release 1.8. 
+We recommend switching to an external database as soon as possible.
+
+
 Mailu 1.7 - 2019-08-22
 ----------------------
 
diff --git a/docs/setup.rst b/docs/setup.rst
index c150d29a..fa31c8f8 100644
--- a/docs/setup.rst
+++ b/docs/setup.rst
@@ -38,7 +38,7 @@ Pick a Mailu version
 
 Mailu is shipped in multiple versions.
 
-- ``1.7`` features the most recent stable version for Mailu. This is the
+- ``1.8`` features the most recent stable version for Mailu. This is the
   recommended build for new setups, old setups should migrate when possible.
 
 - ``1.0``, ``1.1``, and other version branches feature old versions of Mailu
diff --git a/towncrier/newsfragments/1011.feature b/towncrier/newsfragments/1011.feature
deleted file mode 100644
index f7b6afd7..00000000
--- a/towncrier/newsfragments/1011.feature
+++ /dev/null
@@ -1 +0,0 @@
-Add support for Traefik v2 certificate dumping
\ No newline at end of file
diff --git a/towncrier/newsfragments/1098.misc b/towncrier/newsfragments/1098.misc
deleted file mode 100644
index d99aa24d..00000000
--- a/towncrier/newsfragments/1098.misc
+++ /dev/null
@@ -1 +0,0 @@
-Ignore newlines and comment-lines in postfix overrides - this means you can now make your override configfiles much more readable.
diff --git a/towncrier/newsfragments/1113.feature b/towncrier/newsfragments/1113.feature
deleted file mode 100644
index 156a89df..00000000
--- a/towncrier/newsfragments/1113.feature
+++ /dev/null
@@ -1 +0,0 @@
-Resolve hosts to IPs if only HOST_* is set. If *_ADDRESS is set, leave it unresolved.
diff --git a/towncrier/newsfragments/1158.feature b/towncrier/newsfragments/1158.feature
deleted file mode 100644
index 12f9c049..00000000
--- a/towncrier/newsfragments/1158.feature
+++ /dev/null
@@ -1 +0,0 @@
-- Use nginx as http endpoint on kubernetes to simplify ingress
diff --git a/towncrier/newsfragments/1160.feature b/towncrier/newsfragments/1160.feature
deleted file mode 100644
index bc5231cc..00000000
--- a/towncrier/newsfragments/1160.feature
+++ /dev/null
@@ -1 +0,0 @@
-Advertise correct mail capabilities through the front-container, this also enables support for PIPELINING in mail-protocols and IMAP IDLE which is a (potential) performance gain.
diff --git a/towncrier/newsfragments/1167.doc b/towncrier/newsfragments/1167.doc
deleted file mode 100644
index 9ab81a24..00000000
--- a/towncrier/newsfragments/1167.doc
+++ /dev/null
@@ -1 +0,0 @@
-Added documentation that describes how spam filtering works in Mailu.
diff --git a/towncrier/newsfragments/1194.feature b/towncrier/newsfragments/1194.feature
deleted file mode 100644
index ee40311a..00000000
--- a/towncrier/newsfragments/1194.feature
+++ /dev/null
@@ -1 +0,0 @@
-Change default password scheme to PBKDF2
diff --git a/towncrier/newsfragments/1197.feature b/towncrier/newsfragments/1197.feature
deleted file mode 100644
index 0aae8a08..00000000
--- a/towncrier/newsfragments/1197.feature
+++ /dev/null
@@ -1 +0,0 @@
-Enable access log of admin service only for log levels of INFO and finer
\ No newline at end of file
diff --git a/towncrier/newsfragments/1207.feature b/towncrier/newsfragments/1207.feature
deleted file mode 100644
index 321635ea..00000000
--- a/towncrier/newsfragments/1207.feature
+++ /dev/null
@@ -1 +0,0 @@
-japanese loca is now available
diff --git a/towncrier/newsfragments/1214.misc b/towncrier/newsfragments/1214.misc
deleted file mode 100644
index adda05c9..00000000
--- a/towncrier/newsfragments/1214.misc
+++ /dev/null
@@ -1 +0,0 @@
-Move rspamd, fetchmail and unbound services into core and optional
\ No newline at end of file
diff --git a/towncrier/newsfragments/1221.removal b/towncrier/newsfragments/1221.removal
deleted file mode 100644
index 495fb8df..00000000
--- a/towncrier/newsfragments/1221.removal
+++ /dev/null
@@ -1 +0,0 @@
-Dovecot: Delete obsolete data volume
\ No newline at end of file
diff --git a/towncrier/newsfragments/1255.bugfix b/towncrier/newsfragments/1255.bugfix
deleted file mode 100644
index 606f2f86..00000000
--- a/towncrier/newsfragments/1255.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Use pip package for radicale to fix failing builds caused by [alpine]upstream package rebuild against different python version
diff --git a/towncrier/newsfragments/1259.feature b/towncrier/newsfragments/1259.feature
deleted file mode 100644
index e726a6a9..00000000
--- a/towncrier/newsfragments/1259.feature
+++ /dev/null
@@ -1 +0,0 @@
-Allow to reject virus mails by setting ANTIVITUS_ACTION=reject
\ No newline at end of file
diff --git a/towncrier/newsfragments/1267.feature b/towncrier/newsfragments/1267.feature
deleted file mode 100644
index e9fa8b3f..00000000
--- a/towncrier/newsfragments/1267.feature
+++ /dev/null
@@ -1 +0,0 @@
-Update roundcube to 1.4.0 and enable the new elastic skin
diff --git a/towncrier/newsfragments/1268.feature b/towncrier/newsfragments/1268.feature
deleted file mode 100644
index e4cf9a5a..00000000
--- a/towncrier/newsfragments/1268.feature
+++ /dev/null
@@ -1 +0,0 @@
-The roundcube container does support mysql now (no setup integration yet)
diff --git a/towncrier/newsfragments/1289.bugfix b/towncrier/newsfragments/1289.bugfix
deleted file mode 100644
index 8dc41dea..00000000
--- a/towncrier/newsfragments/1289.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Disable Health checks on swarm mode
diff --git a/towncrier/newsfragments/1298.feature b/towncrier/newsfragments/1298.feature
deleted file mode 100644
index 48d66d36..00000000
--- a/towncrier/newsfragments/1298.feature
+++ /dev/null
@@ -1 +0,0 @@
-Added CardDAV-Plugin for webmail roundcube.
\ No newline at end of file
diff --git a/towncrier/newsfragments/1308.misc b/towncrier/newsfragments/1308.misc
deleted file mode 100644
index 8c196ddf..00000000
--- a/towncrier/newsfragments/1308.misc
+++ /dev/null
@@ -1 +0,0 @@
-Use Redis 5.0 in kubernetes manifests
\ No newline at end of file
diff --git a/towncrier/newsfragments/1320.feature b/towncrier/newsfragments/1320.feature
deleted file mode 100644
index fc3fd5aa..00000000
--- a/towncrier/newsfragments/1320.feature
+++ /dev/null
@@ -1 +0,0 @@
-Allow users to use server-sided full-text-search again by adding the dovecot fts-xapian plugin
diff --git a/towncrier/newsfragments/1357.feature b/towncrier/newsfragments/1357.feature
deleted file mode 100644
index 56fa443f..00000000
--- a/towncrier/newsfragments/1357.feature
+++ /dev/null
@@ -1 +0,0 @@
-Relay a domain to a nonstandard SMTP port by adding ":<port_num>" to the remote hostname or IP address.
\ No newline at end of file
diff --git a/towncrier/newsfragments/1394.bugfix b/towncrier/newsfragments/1394.bugfix
deleted file mode 100644
index 6f17afbb..00000000
--- a/towncrier/newsfragments/1394.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Show SPF records in accordance with RFC 7208: Previously we instructed admins to create SPF and TXT records, where only TXT records are correct now. !! Attention !! You need to manually remove the SPF-typed records and keep only TXT in your DNS.
diff --git a/towncrier/newsfragments/1438.bugfix b/towncrier/newsfragments/1438.bugfix
deleted file mode 100644
index 73796bf7..00000000
--- a/towncrier/newsfragments/1438.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Cover relearning messages when moving bewteen Ham and Spam status
diff --git a/towncrier/newsfragments/1444.misc b/towncrier/newsfragments/1444.misc
deleted file mode 100644
index 82b18215..00000000
--- a/towncrier/newsfragments/1444.misc
+++ /dev/null
@@ -1 +0,0 @@
-Harden security by making certain configuration files read-only. Moves Postfix and Dovecot overrides an independed sub-directories.
diff --git a/towncrier/newsfragments/1463.bugfix b/towncrier/newsfragments/1463.bugfix
deleted file mode 100644
index 37423bfa..00000000
--- a/towncrier/newsfragments/1463.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Defining POSTMASTER through setup tool apply also to DMARC_RUA and DMARC_RUF settings
diff --git a/towncrier/newsfragments/1486.bugfix b/towncrier/newsfragments/1486.bugfix
deleted file mode 100644
index 3053455d..00000000
--- a/towncrier/newsfragments/1486.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Check postfix mailqueue permissions before start-up 
diff --git a/towncrier/newsfragments/1512.misc b/towncrier/newsfragments/1512.misc
deleted file mode 100644
index a886a8c0..00000000
--- a/towncrier/newsfragments/1512.misc
+++ /dev/null
@@ -1 +0,0 @@
-Use Radicale 3.x for webdav service
diff --git a/towncrier/newsfragments/1538.feature b/towncrier/newsfragments/1538.feature
deleted file mode 100644
index cdefe766..00000000
--- a/towncrier/newsfragments/1538.feature
+++ /dev/null
@@ -1 +0,0 @@
-Introduce option to disable dovecot full-text-search by an enviroment variable. 
diff --git a/towncrier/newsfragments/1564.bugfix b/towncrier/newsfragments/1564.bugfix
deleted file mode 100644
index 5c189b80..00000000
--- a/towncrier/newsfragments/1564.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fixes certbot renewal
diff --git a/towncrier/newsfragments/1590.doc b/towncrier/newsfragments/1590.doc
deleted file mode 100644
index ba4c8b9a..00000000
--- a/towncrier/newsfragments/1590.doc
+++ /dev/null
@@ -1 +0,0 @@
-Add documentation for the web administration interface.
diff --git a/towncrier/newsfragments/1635.feature b/towncrier/newsfragments/1635.feature
deleted file mode 100644
index 06d78d6c..00000000
--- a/towncrier/newsfragments/1635.feature
+++ /dev/null
@@ -1 +0,0 @@
-Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts.
diff --git a/towncrier/newsfragments/328.feature b/towncrier/newsfragments/328.feature
deleted file mode 100644
index b73b478e..00000000
--- a/towncrier/newsfragments/328.feature
+++ /dev/null
@@ -1 +0,0 @@
-Add support for backward-forwarding using SRS
\ No newline at end of file
diff --git a/towncrier/newsfragments/508.misc b/towncrier/newsfragments/508.misc
deleted file mode 100644
index bf8ab534..00000000
--- a/towncrier/newsfragments/508.misc
+++ /dev/null
@@ -1 +0,0 @@
-Enable sponsorship
\ No newline at end of file
diff --git a/towncrier/newsfragments/985.feature b/towncrier/newsfragments/985.feature
deleted file mode 100644
index 99caa7e2..00000000
--- a/towncrier/newsfragments/985.feature
+++ /dev/null
@@ -1 +0,0 @@
-Add options to support different architectures builds

From 17cea83301346b7b6c58e710dc1f54bdac12c892 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Sun, 4 Oct 2020 13:22:59 +0000
Subject: [PATCH 045/119] =?UTF-8?q?Completely=20remove=20step=205=20where?=
 =?UTF-8?q?=20you=20can=20set=20the=20replica=20count=20for=20docker-stack?=
 =?UTF-8?q?.=20Add=20additional=20warning=20to=20=C2=B4experimental'=20not?=
 =?UTF-8?q?ice=20in=20setup=20for=20stack.=20Add=20a=20notice=20the=20ship?=
 =?UTF-8?q?ped=20PostgreSQL=20is=20deprecated.=20Make=20the=20external=20P?=
 =?UTF-8?q?ostgreSQL=20database=20the=20default=20option.=20Make=201.7=20t?=
 =?UTF-8?q?he=20default=20version=20(stable=5Fversion':=20'1.7',=20in=20do?=
 =?UTF-8?q?cs\conf.py)=20Update=20mergify.yml=20with=201.8=20version?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .mergify.yml                                 |  6 ++---
 docs/conf.py                                 |  2 +-
 setup/flavors/stack/docker-compose.yml       |  8 +++---
 setup/templates/steps/config.html            |  6 +++--
 setup/templates/steps/database.html          | 11 +++++---
 setup/templates/steps/stack/04_replicas.html | 28 --------------------
 6 files changed, 19 insertions(+), 42 deletions(-)
 delete mode 100644 setup/templates/steps/stack/04_replicas.html

diff --git a/.mergify.yml b/.mergify.yml
index f2e5b860..c1141a93 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -35,18 +35,18 @@ pull_request_rules:
       comment:
         message: bors r+
 
-  - name: Backport to 1.7 branch
+  - name: Backport to 1.8  branch
     conditions:
       - base=master
       - label=type/backport
     actions:
       backport:
         branches:
-          - '1.7'
+          - '1.8'
 
   - name: remove outdated reviews
     conditions:
-      - base~=^(master|1.7)$
+      - base~=^(master|1.8)$
     actions:
       dismiss_reviews:
         approved: True
diff --git a/docs/conf.py b/docs/conf.py
index 24648e88..6b19f967 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -36,7 +36,7 @@ html_context = {
     'github_user': 'mailu',
     'github_repo': 'mailu',
     'github_version': version,
-    'stable_version': '1.8',
+    'stable_version': '1.7',
     'versions': [
         ('1.5', '/1.5/'),
         ('1.6', '/1.6/'),
diff --git a/setup/flavors/stack/docker-compose.yml b/setup/flavors/stack/docker-compose.yml
index 3568cfdc..d9c5cd4f 100644
--- a/setup/flavors/stack/docker-compose.yml
+++ b/setup/flavors/stack/docker-compose.yml
@@ -29,7 +29,7 @@ services:
       - "{{ root }}/certs:/certs"
       - "{{ root }}/overrides/nginx:/overrides:ro"
     deploy:
-      replicas: {{ front_replicas }}
+      replicas: 1
 
   admin:
     image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-{{ version }}}
@@ -42,7 +42,7 @@ services:
       - "{{ root }}/data:/data"
       - "{{ root }}/dkim:/dkim"
     deploy:
-      replicas: {{ admin_replicas }}
+      replicas: 1
     healthcheck:
       disable: true
 
@@ -53,7 +53,7 @@ services:
       - "{{ root }}/mail:/mail"
       - "{{ root }}/overrides/dovecot:/overrides:ro"
     deploy:
-      replicas: {{ imap_replicas }}
+      replicas: 1
     healthcheck:
       disable: true
 
@@ -64,7 +64,7 @@ services:
       - "{{ root }}/mailqueue:/queue"
       - "{{ root }}/overrides/postfix:/overrides:ro"
     deploy:
-      replicas: {{ smtp_replicas }}
+      replicas: 1
     healthcheck:
       disable: true
 
diff --git a/setup/templates/steps/config.html b/setup/templates/steps/config.html
index d6526eeb..29d8dddd 100644
--- a/setup/templates/steps/config.html
+++ b/setup/templates/steps/config.html
@@ -1,9 +1,11 @@
 {% if flavor == "stack" %}
 {% call macros.panel("danger", "Docker stack / swarm is experimental") %}
 Setup is capable of generating a somewhat decent docker-compose.yml,
-for the docker stack flavor. However its usage is for advanced users an is experimental.
-Expect many challenges is shared mail storage and fail-over scenarios! Some user experiences
+for the docker stack flavor. However its usage is for advanced users only and is experimental.
+Expect many challenges such as shared mail storage and fail-over scenarios! Some user experiences
 have been <a href="https://github.com/Mailu/Mailu/blob/master/docs/swarm/master/README.md">shared on GitHub.</a>
+For this reason also think very hard about using a replica count higher than 1. This cannot be used with the default config.
+Manual post-configuration is required for using a replica count higher than 1.
 {% endcall %}
 {% endif %}
 
diff --git a/setup/templates/steps/database.html b/setup/templates/steps/database.html
index af5334cc..194de577 100644
--- a/setup/templates/steps/database.html
+++ b/setup/templates/steps/database.html
@@ -11,13 +11,16 @@
 	<p></p>
 	<div id="postgres_db" style="display: none">
 		<div class="form-check">
-			<input class="form-check-input" type="radio" name="postgresql" id="internal_psql" value="internal" checked>
+			<input class="form-check-input" type="radio" name="postgresql" id="internal_psql" value="internal">
 			<label class="form-check-label" for="internal_psql">
-				Use the Postgresql from Mailu
+				Use the PostgreSQL image from Mailu. Warning, this image is deprecated.
+                                It will be removed from Mailu 1.9. Existing users can still upgrade to Mailu 1.8 using this image.
+                                With the release of Mailu 1.9,
+                                we will offer a mechanism for migrating your data to another database management system.
 			</label>
 		</div>
 		<div class="form-check">
-			<input class="form-check-input" type="radio" name="postgresql" value="external" id="external_psql" >
+			<input class="form-check-input" type="radio" name="postgresql" value="external" id="external_psql" checked>
 			<label class="form-check-label" for="external_psql">
 				I want to connect to an external database
 			</label>
@@ -37,4 +40,4 @@
 	</div>
 </div>
 
-{% endcall %}
\ No newline at end of file
+{% endcall %}
diff --git a/setup/templates/steps/stack/04_replicas.html b/setup/templates/steps/stack/04_replicas.html
deleted file mode 100644
index 9f6de061..00000000
--- a/setup/templates/steps/stack/04_replicas.html
+++ /dev/null
@@ -1,28 +0,0 @@
-{% call macros.panel("info", "Step 5 - Number of replicas for containers") %}
-<p>Select number of replicas for containers</p>
-
-<div class="form-group">
-  <input class="form-control" type="number" name="front_replicas" min="1" required value="1"
-  		style="width: 6%; display: inline;">
-  <label>Front</label>
-</div>
-
-<div class="form-group">
-  <input class="form-control" type="number" name="admin_replicas" min="1" required value="1"
-  		style="width: 6%; display: inline;">
-  <label>Admin</label>
-</div>
-
-<div class="form-group">
-  <input class="form-control" type="number" name="imap_replicas" min="1" required value="1"
-  		style="width: 6%; display: inline;">
-  <label>IMAP</label>
-</div>
-
-<div class="form-group">
-  <input class="form-control" type="number" name=smtp_replicas min="1" required value="1"
-  		style="width: 6%; display: inline;">
-  <label>SMTP</label>
-</div>
-
-{% endcall %}

From 05ab244638ca58d6f456c06f0d2c125b2361cae3 Mon Sep 17 00:00:00 2001
From: Thomas Rehn <thomas.rehn@initos.com>
Date: Sun, 4 Oct 2020 16:36:37 +0200
Subject: [PATCH 046/119] Ensure that the rendered file ends with newline in
 order to make `postconf` work correctly

---
 core/postfix/conf/main.cf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf
index 72828ea6..8f35f609 100644
--- a/core/postfix/conf/main.cf
+++ b/core/postfix/conf/main.cf
@@ -126,3 +126,5 @@ milter_default_action = tempfail
 ###############
 # Extra Settings
 ###############
+{# Ensure that the rendered file ends with newline in order to make `postconf` work correctly #}
+{{- "\n" }}

From 7b27d0dd4ef68ed8cf82bd7141b0b677fa43ba19 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Mon, 5 Oct 2020 09:26:50 +0000
Subject: [PATCH 047/119] When selecting a non-stable version, add a message
 this is version is "only for testing". The stable version is set via the new
 environment variable stable_version. E.g. stable_version=1.7

---
 setup/server.py           |  5 ++++-
 setup/templates/base.html | 12 ++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/setup/server.py b/setup/server.py
index b2ca2175..0d58fa25 100644
--- a/setup/server.py
+++ b/setup/server.py
@@ -53,7 +53,10 @@ def build_app(path):
 
     @app.context_processor
     def app_context():
-        return dict(versions=os.getenv("VERSIONS","master").split(','))
+        return dict(
+            versions=os.getenv("VERSIONS","master").split(','), 
+            stable_version = os.getenv("stable_version", "master")
+        )
 
     prefix_bp = flask.Blueprint(version, __name__)
     prefix_bp.jinja_loader = jinja2.ChoiceLoader([
diff --git a/setup/templates/base.html b/setup/templates/base.html
index c53bd1d1..5752e91f 100644
--- a/setup/templates/base.html
+++ b/setup/templates/base.html
@@ -8,13 +8,21 @@
   <h1>Mailu configuration</h1>
   <p>
     Version
-    <select onchange="window.location.href=this.value;" class="btn btn-primary dropdown-toggle">
+    <select id=version_select onchange="window.location.href=this.value;" class="btn btn-primary dropdown-toggle">
       {% for module in versions %}
-      <option value="/{{ module }}" {% if module == version %}selected{% endif %}>{{ module }}</option>
+      <option value="/{{ module }}" {% if module == version %}selected {% endif %}>{{ module }}</option>
       {% endfor %}
     </select>
   </p>
 
+  {% if version != stable_version %}
+  {% call macros.panel("danger", "You have not selected the stable version") %}
+You have not selected the stable version. The stable version is {{ stable_version }}.
+The selected version can be used for testing and reporting bugs.
+For production scenarios we recommend to use the stable version.
+  {% endcall %}
+  {% endif %}
+
   {% block page %}{% endblock %}
 
 </div>

From 7483ea1d495381b528e1c8516d156ab9d9599318 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Mon, 12 Oct 2020 20:30:26 +0200
Subject: [PATCH 048/119] Make setup show external DB parameters automaticaly
 when selecting postgres

Before, the "external postgres" options were not shown, even though
"extrnal" was pre-selected. This fixes the mechanics surrounding the
picker.
---
 setup/static/render.js              | 7 ++++++-
 setup/templates/steps/database.html | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/setup/static/render.js b/setup/static/render.js
index e501fffb..a817c4f0 100644
--- a/setup/static/render.js
+++ b/setup/static/render.js
@@ -51,7 +51,12 @@ $(document).ready(function() {
 		} else if (this.value == 'postgresql') {
 			$("#postgres_db").show();
 			$("#external_db").hide();
-			$("#external_db").prop('checked', false);
+			$("#external_psql").prop('checked', true);
+			$("#external_db").show();
+			$("#db_user").prop('required',true);
+			$("#db_pw").prop('required',true);
+			$("#db_url").prop('required',true);
+			$("#db_name").prop('required',true);
 		} else if (this.value == 'mysql') {
 			$("#postgres_db").hide();
 			$("#external_db").show();
diff --git a/setup/templates/steps/database.html b/setup/templates/steps/database.html
index 194de577..ad5411ab 100644
--- a/setup/templates/steps/database.html
+++ b/setup/templates/steps/database.html
@@ -20,7 +20,7 @@
 			</label>
 		</div>
 		<div class="form-check">
-			<input class="form-check-input" type="radio" name="postgresql" value="external" id="external_psql" checked>
+			<input class="form-check-input" type="radio" name="postgresql" value="external" id="external_psql">
 			<label class="form-check-label" for="external_psql">
 				I want to connect to an external database
 			</label>

From 2e55329b8b2ee85a11024588c033b2d55e833512 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Mon, 12 Oct 2020 21:16:17 +0200
Subject: [PATCH 049/119] Improve changelog and release texts for 1.8

---
 AUTHORS.md        |  3 +++
 CHANGELOG.md      |  6 ++++--
 docs/releases.rst | 38 +++++++++++++++++++-------------------
 3 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/AUTHORS.md b/AUTHORS.md
index cc3fb518..c189cfb5 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -25,3 +25,6 @@ Other contributors:
  - [Tim Mohlmann](https://github.com/muhlemmer) - [Contributions](https://github.com/Mailu/Mailu/commits?author=muhlemmer)
  - [Ionut Filip](https://github.com/ionutfilip) - [Contributions](https://github.com/Mailu/Mailu/commits?author=ionutfilip)
  - [Ichikawa Yuriko](https://github.com/IchikawaYukko) - [Contributions](https://github.com/Mailu/Mailu/commits?author=IchikawaYukko) Japanese translation
+ - [Dimitri Huisman](https://github.com/Diman0) - [Contributions](https://github.com/Mailu/Mailu/commits?author=Diman0)
+ - [lub](https://github.com/lub) - [Contributions](https://github.com/Mailu/Mailu/commits?author=lub)
+ - [Dario Ernst](https://github.com/Nebukadneza) - [Contributions](https://github.com/Mailu/Mailu/commits?author=Nebukadneza)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 708eb092..57fc8102 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,8 +4,10 @@ Changelog
 Upgrade should run fine as long as you generate a new compose or stack
 configuration and upgrade your mailu.env.
 
-There are some changes to the configuration overrides. Override files are now mounted read-only into the containers. 
-The Dovecot and Postfix overrides are moved in their own sub-directory. 
+Please note that the current 1.8 is what we call a "soft release": It’s there for everyone to see and use, but to limit possible user-impact of this very big release, it’s not yet the default in the setup-utility for new users. When upgrading, please treat it with some care, and be sure to always have backups!
+
+There are some changes to the configuration overrides. Override files are now mounted read-only into the containers.
+The Dovecot and Postfix overrides are moved in their own sub-directory.
 If there are local override files, they will need to be moved from overrides/ to overrides/dovecot and overrides/postfix/.
 See https://mailu.io/1.8/faq.html#how-can-i-override-settings for all the mappings.
 
diff --git a/docs/releases.rst b/docs/releases.rst
index 0613c91c..831bc8cc 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -5,29 +5,22 @@ Mailu 1.8 - 2020-10-02
 ----------------------
 
 Release 1.8 has come a long way again. Due to corona the project slowed down to a crawl. Fortunately new contributors have joined the team what enabled us to still release Mailu 1.8 this year.
-For a list of all changes refer to CHANGELOG.md in the root folder of the Mailu github project. Please read the 'Override location changes' section. It contains important information for the people who use the overrides folder.
 
-New functionality
-`````````````````
+Please note that the current 1.8 is what we call a "soft release": It’s there for everyone to see and use, but to limit possible user-impact of this very big release, it’s not yet the default in the setup-utility for new users. When upgrading, please treat it with some care, and be sure to always have backups!
 
-short summary of new features
+For a list of all changes refer to `CHANGELOG.md` in the root folder of the Mailu github project. Please read the 'Override location changes' section. It contains important information for the people who use the overrides folder.
 
-- placeholder1
-- placeholder2
+New Functionality & Improvements
+````````````````````````````````
 
-mention alpine is updated in .... containers.
+Here’s a short summary of new features:
 
-other interesting section
-`````````````````````````
-
-bla bla bla.
-more bla bla bla.
-
-Override location changes
-`````````````````````````
-
-If you have regenerated the Docker compose and environment files, there are some changes to the configuration overrides.
-Override files are now mounted read-only into the containers. The Dovecot and Postfix overrides are moved in their own sub-directory. If there are local override files, they will need to be moved from ``overrides/`` to ``overrides/dovecot`` and ``overrides/postfix/``.
+- Full-text-search is back after having been disabled for a while due to nasty bugs.
+- Tons of documentation improvements, especially geared towards new users.
+- (Experimental) support for different architectures, such as ARM.
+- Improvements around webmails, such as CardDAV and a new skin for an updated roundcube, and support for MySQL for it.
+- Improvements around relaying, such as AUTH LOGIN and non-standard port support.
+- Update to alpine:3.12 as baseimage for most containers.
 
 Upgrading
 `````````
@@ -36,9 +29,16 @@ Upgrade should run fine as long as you generate a new compose or stack
 configuration and upgrade your mailu.env.
 
 Please not that the shipped image for PostgreSQL database is deprecated.
-The shipped image for PostgreSQL is not maintained anymore from release 1.8. 
+The shipped image for PostgreSQL is not maintained anymore from release 1.8.
 We recommend switching to an external database as soon as possible.
 
+Override location changes
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you have regenerated the Docker compose and environment files, there are some changes to the configuration overrides.
+Override files are now mounted read-only into the containers. The Dovecot and Postfix overrides are moved in their own sub-directory. If there are local override files, they will need to be moved from ``overrides/`` to ``overrides/dovecot`` and ``overrides/postfix/``.
+
+
 
 Mailu 1.7 - 2019-08-22
 ----------------------

From c0cc6bbaec5be25d5f5ed15d002ddbfaaaf5a602 Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Mon, 12 Oct 2020 22:10:58 +0200
Subject: [PATCH 050/119] Add DNS SPF upgrade notice; Extend Changelog items

---
 docs/releases.rst | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/releases.rst b/docs/releases.rst
index 831bc8cc..dd819d2d 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -18,9 +18,13 @@ Here’s a short summary of new features:
 - Full-text-search is back after having been disabled for a while due to nasty bugs.
 - Tons of documentation improvements, especially geared towards new users.
 - (Experimental) support for different architectures, such as ARM.
-- Improvements around webmails, such as CardDAV and a new skin for an updated roundcube, and support for MySQL for it.
+- Improvements around webmails, such as CardDAV, GPG and a new skin for an updated roundcube, and support for MySQL for it. Updated Rainloop, too.
 - Improvements around relaying, such as AUTH LOGIN and non-standard port support.
 - Update to alpine:3.12 as baseimage for most containers.
+- Setup warns users about compose-IPv6 deployments which have caused open relays in the past.
+- Improved handling of upper-vs-lowercase aliases and user-addresses.
+- Improved rate-limiting system.
+- Support for SRS
 
 Upgrading
 `````````
@@ -38,6 +42,10 @@ Override location changes
 If you have regenerated the Docker compose and environment files, there are some changes to the configuration overrides.
 Override files are now mounted read-only into the containers. The Dovecot and Postfix overrides are moved in their own sub-directory. If there are local override files, they will need to be moved from ``overrides/`` to ``overrides/dovecot`` and ``overrides/postfix/``.
 
+Update your DNS SPF Records
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+It has become known that the SPF DNS records generated by the admin interface are not completely standard compliant anymore. Please check the DNS records for your domains and compare them to what the new admin-interface instructs you to use. In most cases, this should be a simple copy-paste operation for you ….
 
 
 Mailu 1.7 - 2019-08-22

From 26839c906692e55b526d874dccff1a4c4e67c1a1 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Wed, 14 Oct 2020 15:15:04 +0000
Subject: [PATCH 051/119] Fixed small typo, added clarification for full text
 search and added japanese local as a new feature.

---
 docs/releases.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/releases.rst b/docs/releases.rst
index dd819d2d..e5bd06c0 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -15,7 +15,7 @@ New Functionality & Improvements
 
 Here’s a short summary of new features:
 
-- Full-text-search is back after having been disabled for a while due to nasty bugs.
+- Full-text-search is back after having been disabled for a while due to nasty bugs. It can still be disabled via the mailu.env file.
 - Tons of documentation improvements, especially geared towards new users.
 - (Experimental) support for different architectures, such as ARM.
 - Improvements around webmails, such as CardDAV, GPG and a new skin for an updated roundcube, and support for MySQL for it. Updated Rainloop, too.
@@ -24,7 +24,8 @@ Here’s a short summary of new features:
 - Setup warns users about compose-IPv6 deployments which have caused open relays in the past.
 - Improved handling of upper-vs-lowercase aliases and user-addresses.
 - Improved rate-limiting system.
-- Support for SRS
+- Support for SRS.
+- Japanese localisation is now available.
 
 Upgrading
 `````````

From 72a9ec5b7c46dbaf006182141ade3d1bd228ff83 Mon Sep 17 00:00:00 2001
From: cbachert <cbachert@users.noreply.github.com>
Date: Sat, 24 Oct 2020 00:25:53 +0100
Subject: [PATCH 052/119] Fix extract_host_port port separation

Regex quantifier should be lazy to make port separation work.
---
 core/admin/mailu/internal/nginx.py | 2 +-
 optional/fetchmail/fetchmail.py    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py
index fa127584..1e0b16c2 100644
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@@ -84,7 +84,7 @@ def get_status(protocol, status):
     return status, codes[protocol]
 
 def extract_host_port(host_and_port, default_port):
-    host, _, port = re.match('^(.*)(:([0-9]*))?$', host_and_port).groups()
+    host, _, port = re.match('^(.*?)(:([0-9]*))?$', host_and_port).groups()
     return host, int(port) if port else default_port
 
 def get_server(protocol, authenticated=False):
diff --git a/optional/fetchmail/fetchmail.py b/optional/fetchmail/fetchmail.py
index 98b61c4c..4be3c2bd 100755
--- a/optional/fetchmail/fetchmail.py
+++ b/optional/fetchmail/fetchmail.py
@@ -28,7 +28,7 @@ poll "{host}" proto {protocol}  port {port}
 
 
 def extract_host_port(host_and_port, default_port):
-    host, _, port = re.match('^(.*)(:([0-9]*))?$', host_and_port).groups()
+    host, _, port = re.match('^(.*?)(:([0-9]*))?$', host_and_port).groups()
     return host, int(port) if port else default_port
 
 

From 862086ea3793b4b3c5099d1376ab2eea2099b6d7 Mon Sep 17 00:00:00 2001
From: cbachert <cbachert@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:52:21 +0100
Subject: [PATCH 053/119] Fix extract_host_port port separation

Add towncrier newsfragment
---
 towncrier/newsfragments/1669.bugfix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 towncrier/newsfragments/1669.bugfix

diff --git a/towncrier/newsfragments/1669.bugfix b/towncrier/newsfragments/1669.bugfix
new file mode 100644
index 00000000..7409b2d2
--- /dev/null
+++ b/towncrier/newsfragments/1669.bugfix
@@ -0,0 +1 @@
+Fix "extract_host_port" function to support containers with custom / dynamic ports

From b1592750571046e4113276a3b089d6aca635ef2a Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Tue, 27 Oct 2020 12:07:52 +0100
Subject: [PATCH 054/119] manually merge wrongly named news fragments

see https://github.com/twisted/towncrier#news-fragments for a list of
default news fragment types
---
 CHANGELOG.md                     | 10 ++++++++++
 towncrier/1478.feature           |  1 -
 towncrier/newsfragments/1139.fix |  1 -
 towncrier/newsfragments/1177.bug |  1 -
 towncrier/newsfragments/1190.fix |  1 -
 towncrier/newsfragments/1208.fix |  1 -
 towncrier/newsfragments/1241.fix |  1 -
 towncrier/newsfragments/1278.fix |  2 --
 towncrier/newsfragments/1381.fix |  1 -
 towncrier/newsfragments/1387.bug |  1 -
 towncrier/newsfragments/1479.bug |  1 -
 11 files changed, 10 insertions(+), 11 deletions(-)
 delete mode 100644 towncrier/1478.feature
 delete mode 100644 towncrier/newsfragments/1139.fix
 delete mode 100644 towncrier/newsfragments/1177.bug
 delete mode 100644 towncrier/newsfragments/1190.fix
 delete mode 100644 towncrier/newsfragments/1208.fix
 delete mode 100644 towncrier/newsfragments/1241.fix
 delete mode 100644 towncrier/newsfragments/1278.fix
 delete mode 100644 towncrier/newsfragments/1381.fix
 delete mode 100644 towncrier/newsfragments/1387.bug
 delete mode 100644 towncrier/newsfragments/1479.bug

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 57fc8102..a9c78f33 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,13 +33,23 @@ v1.8.0 - 2020-09-28
 - Features: Added CardDAV-Plugin for webmail roundcube. ([#1298](https://github.com/Mailu/Mailu/issues/1298))
 - Features: Allow users to use server-sided full-text-search again by adding the dovecot fts-xapian plugin ([#1320](https://github.com/Mailu/Mailu/issues/1320))
 - Features: Relay a domain to a nonstandard SMTP port by adding ":<port_num>" to the remote hostname or IP address. ([#1357](https://github.com/Mailu/Mailu/issues/1357))
+- Features: Allow to enforce TLS for outbound mail by setting OUTBOUND_TLS_LEVEL=encrypt for postfix. ([#1478](https://github.com/Mailu/Mailu/issues/1478))
 - Features: Introduce option to disable dovecot full-text-search by an enviroment variable. ([#1538](https://github.com/Mailu/Mailu/issues/1538))
 - Features: Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts. ([#1635](https://github.com/Mailu/Mailu/issues/1635))
+- Bugfixes: Fix the password encoding upon authentication ([#1139](https://github.com/Mailu/Mailu/issues/1139))
+- Bugfixes: Fix piping mail into rspamd when moving from/to junk-folder ([#1177](https://github.com/Mailu/Mailu/issues/1177))
+- Bugfixes: Separate HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI because of different ports ([#1190](https://github.com/Mailu/Mailu/issues/1190))
+- Bugfixes: Make postfix mailqueue persistent ([#1208](https://github.com/Mailu/Mailu/issues/1208))
+- Bugfixes: Kubernetes manifests updated to be compatible with Kubernetes 1.16 (breaks compatibility with older k8s versions) ([#1241](https://github.com/Mailu/Mailu/issues/1241))
 - Bugfixes: Use pip package for radicale to fix failing builds caused by [alpine]upstream package rebuild against different python version ([#1255](https://github.com/Mailu/Mailu/issues/1255))
+- Bugfixes: Ratelimit counts up on failed auth only now ([#1278](https://github.com/Mailu/Mailu/issues/1278))
 - Bugfixes: Disable Health checks on swarm mode ([#1289](https://github.com/Mailu/Mailu/issues/1289))
+- Bugfixes: Enable the From header for message delivery report in Roundcube and ensure DKIM Signature ([#1381](https://github.com/Mailu/Mailu/issues/1381))
+- Bugfixes: Fix alias resolution in regard to case: A specifically matching alias of wrong case is now preferred over a wildcard alias that might have »eaten« it previously. ([#1387](https://github.com/Mailu/Mailu/issues/1387))
 - Bugfixes: Show SPF records in accordance with RFC 7208: Previously we instructed admins to create SPF and TXT records, where only TXT records are correct now. !! Attention !! You need to manually remove the SPF-typed records and keep only TXT in your DNS. ([#1394](https://github.com/Mailu/Mailu/issues/1394))
 - Bugfixes: Cover relearning messages when moving bewteen Ham and Spam status ([#1438](https://github.com/Mailu/Mailu/issues/1438))
 - Bugfixes: Defining POSTMASTER through setup tool apply also to DMARC_RUA and DMARC_RUF settings ([#1463](https://github.com/Mailu/Mailu/issues/1463))
+- Bugfixes: Allow IPv6 authenticated connections in PostgreSQL pg_hba.conf ([#1479](https://github.com/Mailu/Mailu/issues/1479))
 - Bugfixes: Check postfix mailqueue permissions before start-up ([#1486](https://github.com/Mailu/Mailu/issues/1486))
 - Bugfixes: Fixes certbot renewal ([#1564](https://github.com/Mailu/Mailu/issues/1564))
 - Improved Documentation: Added documentation that describes how spam filtering works in Mailu. ([#1167](https://github.com/Mailu/Mailu/issues/1167))
diff --git a/towncrier/1478.feature b/towncrier/1478.feature
deleted file mode 100644
index fcfe6ea2..00000000
--- a/towncrier/1478.feature
+++ /dev/null
@@ -1 +0,0 @@
-Allow to enforce TLS for outbound mail by setting OUTBOUND_TLS_LEVEL=encrypt for postfix.
\ No newline at end of file
diff --git a/towncrier/newsfragments/1139.fix b/towncrier/newsfragments/1139.fix
deleted file mode 100644
index a096a718..00000000
--- a/towncrier/newsfragments/1139.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix the password encoding upon authentication
diff --git a/towncrier/newsfragments/1177.bug b/towncrier/newsfragments/1177.bug
deleted file mode 100644
index 752543d2..00000000
--- a/towncrier/newsfragments/1177.bug
+++ /dev/null
@@ -1 +0,0 @@
-Fix piping mail into rspamd when moving from/to junk-folder
diff --git a/towncrier/newsfragments/1190.fix b/towncrier/newsfragments/1190.fix
deleted file mode 100644
index fe365de9..00000000
--- a/towncrier/newsfragments/1190.fix
+++ /dev/null
@@ -1 +0,0 @@
-Separate HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI because of different ports
\ No newline at end of file
diff --git a/towncrier/newsfragments/1208.fix b/towncrier/newsfragments/1208.fix
deleted file mode 100644
index 04aee51f..00000000
--- a/towncrier/newsfragments/1208.fix
+++ /dev/null
@@ -1 +0,0 @@
-Make postfix mailqueue persistent
diff --git a/towncrier/newsfragments/1241.fix b/towncrier/newsfragments/1241.fix
deleted file mode 100644
index 5cfdc095..00000000
--- a/towncrier/newsfragments/1241.fix
+++ /dev/null
@@ -1 +0,0 @@
-Kubernetes manifests updated to be compatible with Kubernetes 1.16 (breaks compatibility with older k8s versions)
diff --git a/towncrier/newsfragments/1278.fix b/towncrier/newsfragments/1278.fix
deleted file mode 100644
index 9abf893c..00000000
--- a/towncrier/newsfragments/1278.fix
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Ratelimit counts up on failed auth only now
diff --git a/towncrier/newsfragments/1381.fix b/towncrier/newsfragments/1381.fix
deleted file mode 100644
index 8245ef72..00000000
--- a/towncrier/newsfragments/1381.fix
+++ /dev/null
@@ -1 +0,0 @@
-Enable the From header for message delivery report in Roundcube and ensure DKIM Signature 
diff --git a/towncrier/newsfragments/1387.bug b/towncrier/newsfragments/1387.bug
deleted file mode 100644
index ce6680ef..00000000
--- a/towncrier/newsfragments/1387.bug
+++ /dev/null
@@ -1 +0,0 @@
-Fix alias resolution in regard to case: A specifically matching alias of wrong case is now preferred over a wildcard alias that might have »eaten« it previously.
diff --git a/towncrier/newsfragments/1479.bug b/towncrier/newsfragments/1479.bug
deleted file mode 100644
index 7144a98e..00000000
--- a/towncrier/newsfragments/1479.bug
+++ /dev/null
@@ -1 +0,0 @@
-Allow IPv6 authenticated connections in PostgreSQL pg_hba.conf
\ No newline at end of file

From 708e31660fd172093f78710c16652badbd687450 Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Tue, 27 Oct 2020 12:52:07 +0100
Subject: [PATCH 055/119] mark radio buttons in setup utility as required

Otherwise it's possible to submit the form without selecting e.g. any
flavor, which would need additional handling on the server side.
---
 setup/templates/macros.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/templates/macros.html b/setup/templates/macros.html
index 4af20c4e..17cef872 100644
--- a/setup/templates/macros.html
+++ b/setup/templates/macros.html
@@ -12,7 +12,7 @@
 {% macro radio(name, value, emph, text, current) %}
   <div class="radio">
     <label>
-      <input type="radio" name="{{ name }}" value="{{ value }}"{% if current == value %} checked="checked"{% endif %}>
+      <input type="radio" name="{{ name }}" value="{{ value }}"{% if current == value %} checked="checked"{% endif %} required="required">
       {% if emph %}
       <strong>{{ emph }}</strong>,
       {% endif %}

From 2cf9fdb220c0f1b0da3fd9915e6a24e44741b86c Mon Sep 17 00:00:00 2001
From: ebdavison <549431+ebdavison@users.noreply.github.com>
Date: Wed, 11 Nov 2020 12:10:41 -0600
Subject: [PATCH 056/119] remove service status "feature"

Per the issue tracker, this was removed in issue #463 (Remove the Service Status page)
---
 docs/features.rst | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/docs/features.rst b/docs/features.rst
index 4aadef58..a5f2e0f4 100644
--- a/docs/features.rst
+++ b/docs/features.rst
@@ -16,10 +16,6 @@ Admin interface screenshots
 
    Managing email domains
 
-.. figure:: assets/screenshots/status.png
-
-   Displaying service status
-
 .. figure:: assets/screenshots/token.png
 
    Creating an authentication token

From 900b28178a2de08b16fe21ebd3d145f169f46e7a Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sun, 15 Nov 2020 14:22:00 +0100
Subject: [PATCH 057/119] add warning about removing front

---
 docs/reverse.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/reverse.rst b/docs/reverse.rst
index 9a7a7dc0..de710dff 100644
--- a/docs/reverse.rst
+++ b/docs/reverse.rst
@@ -225,6 +225,6 @@ You can also download the example configuration files:
 Disable completely Mailu reverse proxy
 --------------------------------------
 
-You can simply disable Mailu reverse proxy by removing the ``front`` section from the ``docker-compose.yml`` and use your own means to reverse proxy requests to the proper containers.
+You must not disable Mailu reverse proxy by removing the ``front`` section from the ``docker-compose.yml``.
 
-Be careful with this method as resolving container addresses outside the Docker Compose structure is a tricky task: there is no guarantee that addresses will remain after a restart and you are almost certain that addresses will change after every upgrade (and whenever containers are recreated).
+``front`` is handling authentication and is also proxying e.g. SMTP and IMAP. A basic HTTP reverse proxy as described in this document is not sufficient for this.

From d32e73c5bc166e16b43e03dd45160fb76c2b0c30 Mon Sep 17 00:00:00 2001
From: ofthesun9 <olivier@ofthesun.net>
Date: Tue, 17 Nov 2020 10:26:41 +0100
Subject: [PATCH 058/119] Fix letsencrypt access to certbot for the
 mail-letsencrypt flavour

---
 core/nginx/conf/nginx.conf          | 2 +-
 towncrier/newsfragments/1686.bugfix | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 towncrier/newsfragments/1686.bugfix

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index 8f6eaa0d..df598c94 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -106,7 +106,7 @@ http {
       {% endif %}
 
       # If TLS is failing, prevent access to anything except certbot
-      {% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not TLS_FLAVOR == "mail" %}
+      {% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %}
       location / {
         return 403;
       }
diff --git a/towncrier/newsfragments/1686.bugfix b/towncrier/newsfragments/1686.bugfix
new file mode 100644
index 00000000..932d7d7c
--- /dev/null
+++ b/towncrier/newsfragments/1686.bugfix
@@ -0,0 +1 @@
+Fix letsencrypt access to certbot for the mail-letsencrypt flavour

From ad97266f77dde277ac78734f520463362c3694ad Mon Sep 17 00:00:00 2001
From: ebdavison <549431+ebdavison@users.noreply.github.com>
Date: Tue, 17 Nov 2020 11:41:01 -0600
Subject: [PATCH 059/119] removing unneeded image

Removing this image as request in PR #1680
---
 docs/assets/screenshots/status.png | Bin 120581 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docs/assets/screenshots/status.png

diff --git a/docs/assets/screenshots/status.png b/docs/assets/screenshots/status.png
deleted file mode 100644
index 142c0c81ebd6912d889a3fcf6e3e3b05537c3fce..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 120581
zcmd43byQVt*FL&I6ls-i5$Wy@K^p1q2I-JaML=3fX^@ug2BjN`O?P*9{_g$0kI#3;
z`Qwc7opJs+j$!Q0+Iy{a-*aB`n%6a#!3uH`XvhS}5C{ZKO7g7|1cG1+fxvY=eFEOW
zd9p?X{z7mPky3dIetA7L`2t?!e-P97ploOM!PU^w6k={`XJg9XWb9~aYU^ZS_u=4C
ziy#E@5+e2Xjfz|H?wqTe3UvI}(n6)I2gYZ1%e;(u2%LyAR^7|VUlDqOVkJ+PRk7&P
zU(tp<rB#2dnD|&*7$NIIPlOujD};=!Y3OzI`vp?6M}{MLkILsadLB)gr+JU_B=E3R
znBj`0O~h$D7vY{ADnWJm@Kod}+2?2A58Id7nU7%q_|L1)wZu|N;(uQ}YlVAFL;l|%
zfJ2rbQ8CZ|J<=W`)%)*(BHVtjP5(WRj7T_&_1^=Zp}&;E|L5z$w;+Da3j3e)J(B!i
zobL8f6H6oCP7Zok*Bri|uk-uX`uw)7h2my^a?HP{d&^Um`KXro)J{EZf^_%EFS-R=
zgQ25J+8se(dBputORegKEYdQK!g%jS%ne5e*I@(pgc5p#f3Hu+H7cg=BRvkCtFyI=
zsgiiU%AXn=Z}3_=dpRVs!em7;&YIt&<0e!)smH{q?Yhc(t~}UjL#b!5_eWM1p1L~M
zr%(RxCyF0kpb~uY752*%t%{Cvj8l{s2o%p;id-uoCXV>$_I1=*y|$k4dT=I@F!(z-
zjjPl*$&7kj)>`o-#JPf7dcdly<7qrycJgBNCg5|mZnI{6K3|Dn^lEx>YfI|3Ec5oV
z?NzF`*=t0MU8fJV%daxi+(T&W<m=zh{IeW7o+HZZPo`7sBh(D<Pv2v99_v!=Rby=a
z`FhGP(4!gf8S!e;=3taEEMqQlq&AgHI^feOKXKA>lxE`*HAOb1b`w{iYp#3}^M2Ab
zU!535Y-joM-i=fbqtRGlEOsv+dvV`s?hW(7fhfI>?<MV!#;ir!&~*$ZRm5nXqVfIB
z_S<bP3k}1YsZ};F-WBo)qKK8Y_Xo#&7eb4xtE=f2dygMKKGE)%#tNZ3pmCw2Wn`qh
z>VLltMX9Ix_ZCQDw;(M!u%=TS(ZI`IKC`}FnBjS1Fy57#Qy!Tq`YP$L^Kjo{OuG5*
z=9&I&U0R!Yxm%??-MnYv#u<j*?5VW0^kkVg9pnN3BuZE0$;;R5VLi(8UC@E>)>e`8
zg9Xpbw!%1(4B-Okyh`v7!ll)o6%G2hq-ufx#zgxWnSiNnsj6qRTe&Yn#y!bvbL{Ef
zn@S|nOto^42O5%{(O%n@&NqTY@&jwxB@>EX&FcN-x{Eo`KXk8Ro;Wvg$ENzW4T{cs
zeGn6?##nZK^r)b4V|{-x`N2ChvV@5?w%69vXj#ff_nN${46(a!prfNB_WF#_ena=s
z*2Kdga+5~yh943#^7;vnQ^MU8)$VLr3a|6_ABLY)p*a1yHVx>F55K!&J72g`$EoZ2
zJjYd6$6>e%*xfC(+=$U^u|+FTzY|;T!NkJd$yet3dhd#Auvv=u$Fj=htj2DpRi7^I
z+cVNgIrY!Exl{~V;`RrnH^E;ljMX3dx0G*hM_(+XcSJ=;hf5cA4oyV5?D4UhY<hqG
z{8`Oim#NBgLN1Q!CIz!=g@&5?7Ze)q=Lf03*z8y&6LoOCfGn0tki6uhL-8Y?sbRGj
zCWZKfYQE>o^+!B^e$r*v-bG3w#Dr0$^=|H$$A`V?6hu-FJasOv83!xNgZm8sKReF-
z*UMG}T((BI7ory!8KtGaY&~s;B>sy#ik=`<f2-}uEC>5MN8OzKYNysQ-HZ6aLQ+Ip
zE;cw;-e*R4$u(RW30YElC|CV0^+!Ql@QHz|>#L>RU0Eq9B(N|YqHU!4<+iHPx3<%@
zsavFS9VV>9h3+W4F1xa}a_EQ{`&5jKaZR2sM+@pyKUCtJ%SU-*DbPYf&*-(d(-@Mt
zMjFNFyu9x==W<EGZfq#*!Z|uQ9UdK3@y)NlBZPbj*$%F#aH`tia_W>Q)T)CoQj_UZ
zd!7fiT#h7Oxw&$hDu4fo)aMqzxVX6b`r*cr)A#lsg*G+>EcD_5sc`R9h4oB*f{iv8
z+w~R8t<|A|_T387QRDG(C?4t)0uD>r(75N+Sjck8l8ZxYzNHRrygA<N{^H>T>V#Ck
z()#WfPo~m-sL%#m%*BDAF<{2y#`63cu;ANQ&5(3ye=VysH;Z>#;u$PZn|60|{(^`|
zq$ZC9k_R=d*=SKOG3o3gh5V`1begW-6PA)<aR@TH+Un}qov!njH}kP=@ZqR(rC{9f
z`Um@~sH74I=>_DwerKWXTQ7XAD=;q8BI}+=0r=CerFN$9!aO|0a4u=MMA!S1*W9or
z?YX^zZinT&<+L{$3d|OVP4stLh|M?WgkW{niW?Azt95UrJ-_MDk_)8ZlluAr%)Rxc
z`cv`%nW-Kd!<u)y!{)TrkVvZDtMgoZ2~pWD?=p07U}<pKHyE5a$=ALRVM@svNQ{2w
z8@8ui!)*U&5xJ{EgWh_o5zf!&?x2vf8f|C1)N&1ZdmL>wGg7F6BKDM**skS@*TJF8
z>tc^9%*O{+A#V3-<wF1P@No4GLn!~N<Wz$>m-2jSx4M&HuFcH(XQ&<ISELYqs{u2!
zS9>P^{pu)o#6w$DfR~UjqY%B`ubt@mVotRJXz!<kmdA@J7lP^DL2}hLPy9dTA2bi_
z>+)$dxNtlW@W%uN3VjL<MY*}yqhK!-loz;@4X|Q=m??p~ym$yVoAkz*uHFg>!8=Ja
z=XR$31}#uycI#&Lvz%#o5$`GZ-xBy`Iyx)tQQ>S-_h-cVkus^5o)NhY=0Snq`*Fre
z_;ufV2fz#BO(l(^!B5&#CtO*ff74d^G-b3lc#eiQ!g2c~?PIN`z<vAZrn86IEq+_X
zp7s<#Ps^&r!<>OHUo1o$&WSDNa&)tsDB~Dz(ENW3t3>KyzhG71ggfZYeTanJP+Ff)
z4TWj1XMapg%%7SAV(?>#_w_jy**#tomtCbyZ_HVGPlwP;zj2#sRZqRXxI6S;<dFiJ
z8S#+?NraICS6HOJmx44jJ=MqALJ#)M_n0mM+Pp5?{kpCgMw<P0w^c?wLt*zA5d1Au
z87P;Xp^(?%J!0T!p{5hO6^nyynV$TcH<~3?W&_%4lQ~dJe71Ab!4w%XZtkqk>M(Kg
z2X{lFIv$?W{h5|lPA*qhkBhCYs16ivkJVBJ8mA)NzLS4wj>>DyJKkTNwI-)eFkPML
zlMXMyDos95lm6ITIdWaJgZQWZ4I~L8&9pbF$Xd`Vu69(D=-r^WIkVpAB)g@%<ZSPl
zCC39kTLja3zv<yuLxd;eZ6>S^r`?7=_wSJ~^>3KSNr-wI>mEc)Ce$Y{7C+uW-n#7R
zy`LfGa|ZeF^}AbCYb$)iUP}Gj>DaT7eSf9=RRA!@Cv=Qw%?>Lb5OC$@GW#kyrKNtE
z61{5hRujekbLZnlGpxS9F&g>K$kPiEdxBSxps6w&jJj}N1Zo%5a9(JU`iY@zI9;nK
z1zdxTJtyXcT5^yB;MHEX7{pEcmXxGy*pQY+`uw>KE%Bf;4S=kgeE~df3uXXPc;Vu#
zY^;(}JTlU~nlT$22(+}cg&Em&t_=U;^0(6%2Z;Z0e`hV*>3d@FohNVz*R@AiX*WL$
z^@k>i{rsiyU1p{^3!TJRzSFCz(B5FQeiYnSA4{#RW4D<6VxH#t5%#;VUv_!fh=<7a
z3xMBmaV`<rLU#(BxIJN0)$YP0qrDy>h1xe<h!`sOZYl*(a9v8uN*3d@6|J25`ZpMB
zf`ZMJRtq1!Jugaac5t*Y2rH)g0p`JN`bw1~%b1$zxXs>NUqRjW6B6(>iqs&@X+jvL
z6rwjDc!?D_=?i8@GgH^xT3I5f+S#rXa-S9~__^%y{>d=j(87SDy8zYTc)eX+^W=hd
zyhK~{WS!ytMDruCZyA~=IPq1hu8N9eGB^wdC+lb?re@<FEmm7vsgeI>e#`Juz1-cs
zO;WRSWzXg3h6BA)J`#5+6%;0EtH2BE9)v_&%#YTwob9;5EoN2gi{<i8J?=p8X!rrm
zW5ye(KIWU@sx5SB9~c5DH1B;q+#oMhs75zaZM(j*HOlRDjU^LDzqsWqgaSis2%=?~
zY_(oV1)Y<FLs1sx>6Rzr&H27z-#S`#R{y=XCk=IXu2i)BOfsV?OI+O9OXYkO=y@KE
zx{{L7&BL{`ue$bx0kZ*Tl48Ef<<%97)A@r&8Gm4vl{yHZ7v^$luht{=9h{wwH@z{K
zmzTOMu|;>rZLSt37LIn9gvy+EDA7p;+n3scG%64I;2-U<9B(~jnwQLTRA)|Xxm{(m
zB=dM9>kA15&R@JVG(5AxBsf@TiI1g=o0uGg)~jv&(|_biMzNwhZmLk`^N3a2;QcC@
zdBLn*s5&10uJ>hb>1SUtPBMM-mkc#u<d)7h|70<;JxsQ>2i3FWIT?fG<y$F`+t;x^
zyMHZ?X3<yc$#-&dj-Zn~Hak;96VMThk@4aI6*=Hj9!Zm=oM79<$;J!MLqD6OiV76*
z%x^shvYAd4qTh;DYHSrPs<ezSNYc|^lFG|7fzpE_oaW;?R_p7Ifn6~brk7jb5RewC
z?r?n;*<z^!-7*3hGyAY;zwc|$t(lNO#9s^J4CS5^=r|1D<rNJxY|s-E$MUr&#<jOp
zlwRFj9GI>II=^lwUAeoU%v8$XB!N~;bE@6eg|X$zE7sV)tZ2UMwVm23EVNp1>NMe0
z)$(B&{L6>F$-Z0`rn`t6&@S`PSE@Rb4l|?dUy!_=A|lzJi`qbRep{r(YBop!sI%cs
znTi(l!rZL{r%LdAgyD#O$}NTy4gUL;?;XBSA&SJH$<ftuxgi~EO@GnG;zw_K%|^e;
z$wwUHXsCsV!iK*C>I^}n1J~Uz*^=W>S6??wQBG)9kpOs}Av?iTvke`fFd#OewZ3yF
zW$;;PX<-*i9!(@odXZ4eY+C~XZM(Pv9^3~%$n{xEbPZ)omv(e6{Ncv25OV^pyp~Gt
zn>KM&;&Vuv&pE|~5I2#Zkk3O^=UoIbAAHQa?_Tdko|Got<Z$+ugil#l&!{PUl|Q0z
zLQ`Fr{=b4y9o#q(_dw#Kb2>T(9pCQ(I~X&uEhlZ9^H+x20p+0m!@oG2mYzwwyvwn?
z(68P>=yOTQQ|Pj&K0N#B@71)OuIuTo|B$gA{hX_4t?%AoC+;1)&3H0K?ofMAPkwLx
z8s=<Z0JJ8y%4R0@(pX}u)-YvGS_+b#oelWKM?m0Id3|M_uTS@e027?7@T8ib7u-DK
z<#i1%gszr?$oR}<(|PpSt=e|#ZJUgmva~FJkFWRxAs3fx-0dkLBO@d1bjA{qrSDff
zNZfa&8aS1el|h7xCUNfBJ2(J7>^IlolCGkbO1(Xq&n71)7ZVp3l@=eA*5Vs`l#`Xb
z_N%#x-E#Ib4#S?h<MwzFqKxnL$K+l52AegfB^_zyo&{Dqw&-xean%NW(=~8HENtvl
zA)gB585ipXGxZ0{e`8Bv3!SW8sQrrsiA0eaj84_eyA_S-VS%9b;=7<zyFa6X_#ZTt
zh8@pc+@chz^<{`6Uaf6}1oK4qw8y6nnOp}Qu-#P1GxAl-rH~&T9-2HfH|<U~Kc-Hy
z%Bc=ajy$<o@L6gPUa59$(i`H^_eK(qOl`83@x}mA0BO0a9<z-|o}DEUbbBDC1oVvV
zfi@{JdrYA>EK+E-LOvJMm3n;tGKtG3y|NOEl$6xVQc{v4mH+ofh0xk4KIyj<)3iK|
z1~U#wI008#Y+b!tvUQz~`-t^LF)_AB_3HZi;r&=o^;$y(BafWw9vr*1M)megh>$Vu
z>9v&P7xSf0c6)(Ax;<C_NFJ6F!y8o;s`6&9KGz!h_;fV8_O4CW855Fvb7S9KK?81Y
z?~tBSYiH1LQ3ZvCeE{$bHs^MMZD{7~%T%R<0IByO2}l<}(?|0hFhPsTO@u3BYs>iN
z&2QNo`#_uE)!SQsaei(rzXc;TwFZ&l!Xd$>5~28vVG9K-cKZ7z^@eL28gu-!F=GpM
zf_shTX*Js_tt*pj_VHrPaHae#)4r#bgIX_^S7_+zUvhJQ#t=%?%-9%sXigp=ZF%?v
zj&M$L8Ov7=x^3h~Cz*}>ZSb<(%9XO2Wh$=w>aHf+i(|tH(wf9cPR)(*7+FaviYN71
zB%mL$NYR_vbGg$kA3KZ;r^jeOq(27@T)`JkP#i$&gTv&trg``Un!exnn1B8p2xm`A
z^KB#5o4}9qU8}>z;cCyfht44(KSg;VaVZBDG(yfFrUm0zSgRH0LyXgv@4MJCAKFIc
z1wTP8DSk>Yd7Oq(*1Imy&R9(s@_4!&EDuPPz?-&B5^!3|0-_&e1d7hLuBmEM%-~?E
ztKE|li;>s2A^(Og-_JmS1K*k9H&4kHf9IKTsQ-K;DM|fkpWsVF10qgnz-^<>$Y2UN
zA0JA9h*UJ?(yYUVZkYEL_O$b+MUC&>6SS@QCPWGfiq~m8ZDpAf+^&q+z7M>pwN@`z
zI$M;;jtrS&4*Q0L;9<PK8bQKzc6RpC^Guo^2gUpPG*e>8qJcLc;4%Hp3YQ8kHaUq;
zzgn>ZH30Q!k2h~tH`bzKVk7~L^78h^x4#ewdpJO7Y;2^fgyuWpCbHWE7UzA9rjmO`
z>Kl`sOa$8CR?w_2<@*XLlg+O)XpPYR-~d>Ym6K(^>;|7JPmv+~W}~|}jQB#I_rtEv
z%0jvq>zW_0^YG5uYpOI#z`i$>ln+mjf5@lZH{LExJT1gEndzG8LNv$4m7_>`O-@c6
z+97h#e20XNo&(yNtn6%uZIxG2Qo#mQjt75k@Xz|4+&ny%vmBOJgIB;;<|t-TR)$#U
zntB4Rh42_rx#f-M$jIQgRF{a#Q+6F49XF%ZQPjE%!SQ0<cWP#ocL#XF!on$Zyrln?
zR^IMO%HxySzL@xt`&SbDq8-%#|0l`u{{w}SI<e-!+W7;Zev{?4{+XhG#ZQMvQsD0Y
z6;1zN>!LvKd?upPq?7WoV@A&5(wgKk1*JsLU)i>XL*AUDNTkud*7K3qY^CaWbSkUJ
z>@o;Y6i%x0ySH(#P5!xrWl9AFBcq#OdK_!HcB3*CO?e>V{^v-C{KpaKqW>&KJH@gR
z%FlPb-G>xpwhjQp4$`)kH<|z5hsvv#Jglnv<I_+e2-iY2iy*Z?#pM2~9VwR^y`zRw
zGwNKQGN?MMwOU5gE)>t-5^!lgy7i%Y$U3$zJDN2W?RrVG1(7Ccq05q{>1TB#!CbI}
z1=pah2S%Yf7gNx55&Hf|;^Aw~x7lYRA74}`O1%HA`2oKSuN<@Z=bd(n$kto?p$Tg4
zrhre%R&O#WvnJjmN7qEB)m~3mdlTkeZ!!FHp{>I|Z~9$is7#Bqqi&Vc6(FjSXFtD5
zhuT$;ao=!eaGx+gmfB&#+3<sYlHU1PA&+^Rh}Ndy7MDyeQ<f-0ySq<95HL;`wp&Y~
z?#!rKH@`O#2etfhxQi~05@nZP9q`XCf3cE^V%@-pT^(ZRNKcAiwY(AQYIL;|B~E5>
zt4p*Xrl{?!0P~t9+#_b6B9hm1E^xRT{gtU1>Rz|gwcuM5p(6J^sx^8ue+BM#j@84g
zuugJ>p(jnl9#8y5g6p^=TgP-ahxUpThA3Xb4_y!E={B;&VkvxZY0%Y9MY~xcnGHCd
z(_ftX@Jy>jp%90>-U*RfQY%#AF17Zti*UZfZ;kKLa<`=4WsV^?OEPOV*?ZTh2b8WE
zXSN8))C2OA2bXEz(Qwro%6|N+xl#zb4l5^N#zEO9)3wLg4wK#qkV<<qe-v9A@b-ri
zPc(7O_g``kzbVowIue55p6>G?1t>ihmORy7r7F&5c1Ka8t3`BeWyoVAz}2TWBM-b)
z#(G`crIM_<#OuNFMSMjMBcK<lBIE0FKR2?R9YR5N@A)1z$LCY8l-u?y4F>U9(fS`_
zwT2_+UkO`?3ZP-~m%{8MZ#2R>u(EdxFKZO?j-Kv()HcwLkt5Lv_dtDY-Yu_V+%V38
z#-e1Q^K}0n`Ef3nqP^u^fMaajA_?YhFWs*8`x#_@kxcud8Jwz6F166$k=u&ZG`+|&
z=Bg2wzmffAXCOlgKQ@#U&W5y2Bj$~q7pjJAEkb2$&DP6Otv|VYh{8LnqzgE0)B{4I
z<2|bBD$CDDh-0IzI-W34#?Yb(4%~|^B^0fa^!;Khq)IhZwBX-195MasU_fF?C4Z}h
z(bdp1r;4%0vk+$&dNZ88Pj+xAJ!T7cS>y5S;L!IQaZR@xw8&PQ-PT!h=H#&kgIf?r
zdyy^S@r#F?%0+sxvtHWsh}6T`dtFLepBcS{ik-D)qFA?XS}0#GKM(8RSxwUjuB&_o
zDGBsGDqM*Ew7R!yULw4;8X<9~hfql>)j40nOnBVuu~q4gV5~?`htyY=h{o+6xcGb=
zGoUy4HoD-abxZll6MHmkQK@|zR*XT3e21=<v!`BKs2!G^QE9bLlpSzL3<ZvCy{G~k
zNAW^?qX^eFQhhzhJ6o~FwCwl^PJg$Yk!KxTEvODnI8ijV9ds7yQ6UdmXTN589y^VH
z@pT`e(mN{bZoy#0boTK3-=%*VL}|)i3>SlwN`7$ZD0@v0k#>|@+#P*7!TY>AD@@xS
zw-5(Y(?Mu*-H>IKQi;iNmx3V<?eR!%mr=J2Li$U0IuNT0R!u!2x?kYwvIF5mDwZ9J
zFcsf@Ftx!pC(htzL-!kLd=*j=v80sCp@v00IN?w*@$rY#O({XB!?Eob348PMWuNrd
zd?b))M&j6U!l6>?umBoUo3%6$=-GP~IX?i$V^gbu%Vb1@WOour{;>t&n6dZ+$zBE}
z3TgKio`h_!o9_x&Ye*r+()>7T+>l==K7@=3DOwOEKw8`M2AaZ!%;8RTFY*!FNlLIo
z^Qd-WM|iMo0YuYdVGuWN2(E8-bV-dBY1Qbcp@UdC`&pa)>*d@KENQRAdH-nhXW3Wg
zKY7lpaz{Lt)k-kyD<5Hdtl=FGJ)3kU0w?bYf4B?meEoMx{rsa@DW<xpdjwsi^0Aer
z7-@@gi`sk0@r)I<I)WV-C{f*mYscT)OxV7^50KJh==@P${;8t+HL_oJ<<sn5Bo#S>
zVvjXSQCp*cg@Hi$7-?+jDipP7lI&<c5Q&bMad3+yW6v`MXX3unn9~l@Se2yH(-?Ec
zrt_yU=ZB0pz#(TRF7Fzr*B<7w#&6RwNQ<suD~(r^kwS+4P#?<`SE6Ck4)SW*+(21y
zUeD+<K}0Dg)bgDXd)K7~d5)uXwR4uOAu4jIE;GekMXryqkRMZMVw0NVWTJx=(mE(5
zB#Hi8XyMT1dNmXm^-Aup>IA(M^D3zo{FDOnxhK@*LGYJtCePiQi7ICAB@T4p5@%U+
zP=reP_WbVa#l}{`h^=()`P@`}hb3JYb9P>)RaD*XKh9Q2AMA)!l|-7etW&tLqQFyU
z%tH8+hc&N~1cFfMUU@t@NF^N>kiVLGiBj^!J0JJzmAEcWU}N;=2)Y6N&ti31Xn#%!
zo#<3?rlOsCj<7qK8Lkk&NIk&YFTFiz0U`ma8Pqcx_XlWMj<gMdxI=I%gVxloJx%lB
z=u&?f34|y)=E(97;?T7K4R1}_r!431GG`iPi!)x-(p7z89M~FkGAZ1PqRqNbX{qRQ
zqEL{K!|5nRJFc_}sqN3Kq_)I@DZ;IY!|G49h{>t$F=XrM8yt7U`doLETr%W^zEsF_
z4>rHE&mVnqu_$>gSC~a@x)GZ^ZK`ZJn>Tt-Q)q_yICtD=%+!E|5R{>n8Lv&W;NPh~
zT7}}vwF+c<kp428iOBMG+KEUj15Z@2A{6Zg-9q8{+?Y-d=M+fzr3B7-?E5Y^1<6ge
zDtW5qiPD2ZGfL<A3r1rZBPz*$lLC1twC3_N&nU5^b#~q=Bx~LszB;)wl){PrIMQ0-
zA{1XtWWs?@Js3vLb?-X3_x&T;0T!ruAD26C6H@MyGDm8oJeTE9x61HBN0@QV^<9=l
z74`0-YWqCVbt8^5bft^#{?NpZV^(B@AVqd?a9EB}zal5+ao&!}6a^x%17-rJ4Z*i>
z-wJiDS_m?qEuX)<fOBYYvQQGwP%*4q6)mf<<0eqo$LdAVC6q={9(F^>_@g5^P7P(`
z_T*|bEK}>q>l4m^giA0(K(;v`eG%T<MM0*peUoC3X7T2|A+mHh9W{p=7yg$H^Z~cF
zzq0^JA%b^{6h)eKm-0s4eBm8Nzl&^VWVUGz(Mi9I=ORHEowZixF84!J>BUjqa}|HG
zr_&!iQ!Tr*dgtIXPbd?RA%Z;X&zrWO*I=yO|D+IyjW#zVn7hbzr7xoAt1EIrM_7Sx
zDDs+g5tZEjN4(=G#)biHP0)Ul`dpHU2BMPD(uT}8d7kW643z^(dB<bcbH6U=8@a^t
z-k!H^q*K$_dcCQ+IVL{7yXJ%=XxhREIJP}Ld$nQX;Jm=c*Idd~FVW+_-pr)euI^Vm
z7?vQVU}cTUl!#QjY`V?0TWAg=5lD=sQ|H}Qu~hLX9v&W!Ko@(;H?iZRnqUQuc=p4L
zYq`q&Y#aJkT-=B=sbq$wI6#|1j?A(zqb(lwD%bu9sjJGCFYH=2xruQ3#UEr{aU#Zh
zhT&`Wj7sK&A7cWwmt1Wv&^7?U!Wk+nB-6yo4xDlu(PR-uEZD}~QtjlGbUYG3DXByc
zFChK+jme-)gL##RYNtCAV4lD03ZDatbtniW&9YEy(bV1qnNa&<)K);Ql%+^ITPv_A
z?Aj`PFuW2mMAPttlrmbY^dyp-b~5FKRB-&K{5&Obu?W<q%Oea}@D&=KERwtk7Cgzb
zd9~6zeSuE;S=)eba4$JH`=@ESRX+OzyIKMEP@p#rcN2cLbf~!o25KGEut&i1E}<NV
zkM$QfSGu&NTGTx<?Hw&V^`{!L^{B~>+bb{rv=&>wJJOa$p^=>mkdRdG&lbaT#8kA@
zf$<-xQ5Lg%pK8iUQM+Z;@p35B3sO?~2A93fxdyJSt*t`+mQ;t8&NBNY5dzLe!Qes9
zgQko6N>B2!^Lm^4#;fv~`EpZ~v+cWzbq*!k*lMn@fPjGAnVLw~1#jF~>5g9?9~I0p
zv9i8!b#+xzR-US{BfUA_Gd`Gal1=755)WW(XE^YfFQIiRntm=aOH^%L$1#t)K<j|4
zsEz)vca``7MXdJ4L8q%>M;IAbaA9pnUNZk5kAS6#Wgk`y??|!>1fC-nx6kLla<3Hn
zDXy?m=K__sRN`Xl-n2RW1ltzpcP_s~G8_IQX3vD=79AAaf;y~%Y<jXEGE>2VcM#;*
z^QhF<xLC>apXEn?UviR)7#^dC1(^59YlYTTLTb|GE)gq#S+W>Y%aWZeUc|&P`KF`@
zpD(4^W9$XWSNu*_FyvfSj;T*-9o7D6LmB`dpd=O>U99sYlQDeu^P1b|vzO@u#^2H0
zu_*0C(_A326<myPMZ$1(T}GDHbWDbi=a*bpCbr?QsKLIy+Sp`5aB+vj`iX*V_1xEI
zc|k)O1@MdK7hi2P2D0&v<-a+ts?SKP*7)}W%VT9FUpW`uX}$lAgO6NJM<}k-?j+0c
zac{BM`}Z{ZUPq4!xolt4(S@1~Bp&tBmHerEuM8{;@0;^%u~3}Tt<fO&lXVu4Qwy{H
z?{6lGbrX1;C?P=UXxOh0{qf_KTCq;g<<UxTc=%cusc+UB|0myNDVuMPW$v$cm_kBA
zEJm`BhJ+sYiTPX*UXqjh%L`t8euRjwprj<CqJmY@c#N#4$K}&)WK%pNLF(N;k}U)0
zwiJN7xzHj6LWsn{!J$7@AnEgGgi0-jCXX|t-N`cGQ$In)Gq4f@7(nWK`|Y6lCIXvI
z?eM6JbTm@}1481q2sfC_)Am!f;PCu>9mJN`Q3o!OkPlI;v{(>2F`keQzw^#`)6zr^
zD^Ss7lQ;*?J!NH4VdwL`zcR0qN*K<R82urpxqS8~LzMsF_N2YN-F_p*b)?Q|V~6Ad
zT6^j4@Njp*=6P-{ONl8jbjJ>EZ?&jq{*{10iqG9Oi(xAQ&}XKmrux6L_zQTRD`;s+
z?~E6@U#-O>p`krqT<wW&yjo967W7W!w3%kM`16udKD8g5EP>e&9)gHYwAjbg@|uhc
z&fMJm2?j|&+YrCM($?g}+a>Oa6`!@`<<^{cNtXw{4}D*rlS{sPXL_+ehf2g<I^tqk
z?^~kRl$gL~uB4*!w#Dae^@z5e!-O*lyn|k#R`iOADf0Sk=j8TeXcTxZkdcv*?_ftk
zwq@4Vem^|4PxZZb=l!tx>u{+}N}6`(4Zv+zJ?}HsKr}+NjJvhI_>)1tgTuo%j1zzY
z@TN^ZzBhYZIdUn|;9PE}!xB6`x7?&&hj0%!3lEZVayhC6YK;%~H<#Df@Ei+>KRv?>
zY31DCVb!n#4o;sPU_yGIF>+i<%tjltHF};YKVzp}Lv7ly_W-&oC3}xd-INMKs+m|_
zEiNGkj;r7TE9-)CN02qUnKDOKf~e*T;()p4RKCOyt-}hC_Lp7>jFu3n6byGbvXfKW
z6$#_LQT>L>LnS$LBo)9K0RJJs0dzvu1-@m=g_#_TA9Xcv+>!daWi-?>3OOeVe%4=C
zdT)-NPeJ>_AN*%8g=iOsEX%FBth>qiY=d?A^0jl+2wR{^mJ@OCbYkW;${$?#YS@^V
zn39u|yL)@fy(gU=9F~@XNQ)H?Rw9MgFBW_^GJ;56y?XVDsrm8~fXJhpgO-)mRfL$P
zJSP3-<P6cE5wH#X0s=71d*ToGAEi5}duWJ?mKIrF{^rW7`D&dIhfzl|S1x69x{59o
zm&t6l)`4ED@(XZ{I>Ycq9UWPXyCOOOE`#|z!!ivw5Sn(~RrMM+#YtdBY_iO_y`$r3
zGc)o9HntehIAI4{u(SHyx}g*EwjZ=SL^L$;4e_6#K3om?ei!iM%*e>#zgmsHyt$dc
z3zf??1~~`B*rQeyru2y&5Vm%1XHfM7A>VuFMr8G3#Y}Nw&60#^%ei`vwjhj+hJ$9~
zz3D10Z>5}D_is^At)1b7_$)>U`aV|_6=nmlwE%072EgSxCZ=d4iNKeL2(#nWp558H
zXc#3}TkFV8^XVnDYy5qCbyB85-*`GA1GGaH`$b`Rc=+!eRyclp18Y+i=J;%8sLjpI
zjpx%=M7$rqT%ByJ92^Wi!r)&lwIU+|ETcrvZRzohu@|@;geOl}KWr*opYK^sL`+#1
zpWl0LkI~F~oxB5EcX`qB@J?E~_nm->;ur0KPmfV9?{5yaKy3q5qCb%%R9)XYcERTc
zO<!Ms-eZR$f<&M<PchTp$;r4UiXx1dFYfzyJn=}90ltGqQA0yAOe(o7n;Ds0`8?tx
zHI!fA(;W|Y3lC*BGn__7Ms5H}zOxvM7wtcSHi@g@<Tg@<Xs3uqvp&2I+(j6<=>JV#
z$k)8&Pb({J1$e~v2(t+(mGJ{tjp_la!wHzP3L_Ot-5SkhbKX`Fyj*<L+Sa!9C*x6D
zAR0M4drVZ+i#R6zh?*KM80<o>uC8R$1XBi*xMl*gfi1xbFe{OrCTW72mp9S0FRsjd
zh~&qQAJ)3lz$>)F4Vtnx1GfY`0KwZsQJ_9QMM5&XyFP;<mD9%Hx0sl>peW<>yD=+_
zlN*2^fVsQLX45)FOQ$)ovro~{DH$0fy1OL-g!swjuJ~gJ{+gRh0kvfqggLnR$p%*@
z0J^99b4g$aS5{Wq(%<-7V#}DBQGz)&*e)6Tf`IeFLf!Igz@3hXntBmb7KGBXPx(c0
z4BGIfJwZvj?mx29)BPs&JYieHX*=5u4B<L}Om(0bP%|*BjmitHb$=s&D<N?*rYwKd
zjwuho6%llGGVzRSo5Pu#XC9z1O3BD%z8}qLJR8@BfOmWV_-hXZ0gN+d#={fz;s(19
zzM;ZpPs``-Ox^vF2Vn!r1zqhS9@D{^hR;x4Wr}Wti>l{?UXurhT0tx#sn=I<sYGCQ
zA`<YU1HS@_b|HBX;T9k@mX?-)*j?`X-~(2H+vAj4QBg6O$LWc>x;nsP2?d2`a}BP!
zrKQin8$U8LuRy+1)6=h}dhWl;R)Tu{l8#wm5|1E~N)z-3*N+Hjv?%~>;IBcq1r_G3
zOiUdH6WAp5FgqCb*1f2FLs<!ryZM?wHLlPp<moED*D3ujQ-<g4a?<s5>FLG1Cljog
zo~#cLaohWW0#)jEWE97!+Z%?@c6fFMX4byN$4h`hLc8mEefoapL03n|8VTR8+54v4
zdWyB$W=0%TZ|!R9H<`mKy!g5v9=yQR_#7CxyuSWK7<P%Hxfl?khg&uXA*Xd|C>amW
zRUnmV`ufgzzA{yVH`riq$JM7SEG#CbriNuPbB{jo&S7^wCm@gp5HVR{j^R4%fC!fC
zt(e%+qCbY7L(+s67_bAK6L#<I-JSb(elBAHadZ!YeTN+~@$b>m(eq3CgDVw5d1YZ?
zi2c$*$>`R1K37Kb!Q|f->_*IZ5Nbxo_1QWn2)oVn*tkm)r;YUxTJ51%GK=vOHZz?~
z&BU}cU?o>k*tPF%0II1~X`yKIqW0E76MENhTc$hjkDd-n8JJjJCQvMZ0{HEY`^8KU
z{wrYPnAmmpccjpLHwZB#B%}<GC;X>>M62iRCzQb5_?6GQgVtlEJs2~Y&$U?X;^Vd+
zxvnl<u_MZHBDJkI7$KA^q!gfxo*y=RYS`7)6$Dx)W|Qt`z~lp8wYF2z0!v943PM1B
z9M5|ms7@X%FL5w3V#gO9jAWybkdRo<RELj^sYFFZ0W__q&}CE`mAzV<)62}vv{^`x
zDbR26*^@sdDA=!8Jts2<cnD)vU>lG38xD-v3EZ!@a;=;TL*u_O`HDU^MG7ftz77GL
zs?__&1&p)~frZm-aA5#*AayjI?+R3CwJ~UbOJ`w0eKF^%pWQb36B8E~QCLG`k|XlS
zqwccJ@@nA+f4<6nAb_i=Z{L0wlr)DVB@vG1yvwwms|QgQ2(A_~gSZ^3d&}*IG8Ao|
z>K@3bTdy)nX(!xqR<Ez?anLdrJKG{7Ep6$kCGv$p_B->(tgP4bZYyZh)i!-FOx=d!
z=9uGg*%E>ARU-g@yK@ck0Hwo0Cs=Oq8-6C)tjgi&CI(O(=^Y&%y?Zek)slC(3y78;
z;e}!U0o|2_-za3ZU%<w~s!NV+f)SlEHCDCV3Ih(x$B!SuR3#X`d_P;u^8ESp%gajx
zb^^LPvmeP?MLFg}saZKW<rc%Q(vLG_AYg+<3!sksvph5W<bY6{jO8f;(l|MfwYsr^
z`TY5tw{Ji1`4?4GoIv%z^r<B6xRf0)V2}!;#+<=hju+wsn2xRXJ-XlDH|_gnZejxY
z8XYa_;ZbkX06-MvI}9%)1+QUOI$Wg9C6~f0=ID3~P2J`I4(@kWQ)J~F*`)!l1(Vh8
zZ}BN#dE5?Pw%i`0D4Z9~3k@8tbg>YGSK7`cg3m3jt%;eL<=A){7^D~J)g5;!*M0r^
zEPXfJ_Uhzq?q~+o(k^5***<K?yXB{}J0HhfOP_j@jHG1gp698>*~t<TnWaR@1TY#u
zgZ=b>g7%7?y|UHw5pd<pjJuwqp{;?dSOwXz2*^k_pp<hBbc4E@P+W^O{p#2jc{pyD
zU5#w#KF{XO54=iBN(!{GAgIUPNb|Nh%FDUeI232Mvw(e96MVimW6YYMQD*d*N<K9U
zn5h8k%A7Xj(sz>vj!i?2jf}nnvOHJsY`is+ZDM9t?sl{+?b#f&16l_<wZg>-eP6Kx
z=m@ZZrFZh7mNV_Sn3S?Fff50jhoXYQFOXMq8X9<phK4W<1od=fW1|Z&4lo&QwA30f
zu{N!e%Q=BoN<k7wulY%@q{h2cufhyXPfw3tqtp+~C6A1bPBpr-6=~Nz>79>(y$Q<y
zC}(6Z;13D~(A&F<1%UX|YMmjGk>;nH!<B$}{Pssw2EBlh(W}(d)asSFpRiVmpPye+
zUVZ~GZVh@ISoZ=Hkd@6p#dXKA<wnNFnqUdQ4ZUP${<^wq0*d>f_r+XLNeR=@(Gje4
zAs`@>f}}#WLB(VC10<*d1Z8qc3XkhPQOo@`9Y~B7sJgy$`}^ReUm&w$eNnvgWoCjS
zA^-`RE72EPA4~z=#_cD-0s&l-(b4UA=;M&xD}u>JKx8WENI|~@t`-XmtJI|D1=urc
zT3YztxUY=*TO$Jl;V{m&yKCLR6+>k!z|Y^^-)}Nrs0q84FJHbOcUjCg@_<pOcS)RO
zpvK6h3F?}@aJ|310>q&d>?Sw~C_n9Ub4{H$!tYAHVF;Xl)lG&0qjMB5)-tDJt{idm
z{k7G8^NlUYMa?QpY#=-Q0HhNr1K)tmfa@2p?~@=w;{F++!+L*$e|$VHoB7~tZtmLY
z^M(&wpFo&`b~P_A&$6KoRHTzIBA%%B_P5|rQ4l-{0RO?vz}sx4qpOXy(Oh{_wGzF7
z<&Mzcu&`CYBAmN#UsW~P!bB`;YA`r>QSQ8>23j)N4<Fd6<dO~M8{J`OMwRLY59V<}
z_#B;|SHBai0ZIrmGIH%o1Rox&$y1<qc%2Mzffnr#=lV352nS?@@?GNFH*eqoBvus7
zpMq>ry~@~9gGD%4K2Z@7_<=+Y<B=?>#@pk*2=twLSSS5(f6)R&<NjoxXuz@NeQs=k
zzpqhiPX<PRVekMldAvwl0(_WUA_9RCH3%6bB&?O>=T8Q0e3@w<P9O&9V6DRnk-KH<
z@8XHOpS1DS%A<D;pfza(Eju?K-^`1<HO!QF47+C{Dnr(spn?%Jqybh5yIuo>moOnA
zca+6^kcfcOx*Jdz9?x@n*n)%Q(X23Iv6*HEZ9jmd5QeMc%azEL{r$mm(>`wZ<E*)|
z9cV!pPz#QZkC&6|ntyk61b|uxIUiaA`&s67<p^qx{KjBP0{i<H!r>Pm6ZOcQc~kxg
zhmiF>K5eUF%Fng))rB+mVmGldF^hW{Mb)^WdCC7{2ICJ_dCe!x&gvv`*`fae4cO2|
zn(rWJf<O=QS#$+6!hwySGvL`om(bRg0FY-vf?WaS;QgQUkC|=Hmvhobx4P-rRd}%d
zQT1N{lhpPVh#qix-%?WtL9-1QuG!IY2UsWd`X34Zu>@+J|ND$nZE&6nEl^2*gZ4!l
z=m`p(t6Oy&spQnu-M@$bqhJ5Wy#?Rd{w@csH)t&SK*<Nfc08=e!yclVbu{^*|5xe$
zUp?Ej{i11pnB}jS|4d}o1%{%3P2SJ{tLLKr=Ue{ok74a?LOws62$aip`tY>ob)9XM
z6Q6GG%$80^kr+vm$gNY)iT0P7c;M7u27%@Xb`VjD9Mwb-j&1JF2fmbo+Ny42<uAUB
z?mj3-Lu$$+s)0=Z3j6=h&wSZGmcoB*<8e;T-k3cXmrgnGezbx#z4p4>7GBU9o|yR4
zzxR5dQJj|>Hf7y9Fhdxy{9_IqnZMDiRHJ`_mNTeas|bM;)%643zYB92RR04S4;q8(
zRxf_<yPlyz$gjDXcq3gnt%>q^ig(k_lq<V5$mOhXhlgiWr9R{l2Mekh47eEbA_QEb
z`D(^h8j?H-evCr6kORN^F`GY614M!uh2kraBtW97#(7>LDo_<ZM}GWWT1JZJd1Qu$
zys#vmoEEN<T<0T|%O+sOC-XVKkS7&N*3s!6kR)fjVn@@eep593Y@RGi*#VI`j-YrK
z8Rg%gP+1P~=%rTp8viZAbq=M?vvFsPf{Cr|+*41SKoAbM+VkovIzGW{LQT@miB);<
zS&KOzeoyYx_amqfsv@>G;Ym?=4Qa*=)jw47k1)`S%5^fKFNo$pjY=3xO*TX~7Rrhw
zO=FbR$3QK`_OjN-zG=L`*w3`pAjgu%HjgB2v#hfBT9A|K{x?RJ6C1$uGAK?J4rhlV
z`D&R8)D9QN8O&6D)dEa(#2BPPF|^ofy&k=*re@PsPDT&5j%=fF)V)JuE4%P9XN|+y
ztH$gx5c_ovB2AheX#B>SqLvP-u&ov{BS|WC>`#KB?3V@f2_~%gWr+iM9Eo&I^#AVN
zvnofiw)phIAgMPll=Jt_%t>KbYwHG8S~fH9va?M^lW%tn=oxdy41QTqS6g+p4Us;i
zGh-o(O$}W+#)|uQSk&9|hh|SZR*CyhnG`-t>#!EzQ*rv#Vbq)_P)L1`e}eVzvM*D*
zsLB{^nC7gk>Ekjz2p<n#xa5}#kQ3WI@VZ@3khMf*$XHedmgW?3d*0$vVeBuR4r|PC
zMwekh#gMSGwZc24v`y=VE#5jSV&Dddd{oMAHDNbmpewae&d;I>dscM>WEEDM=}Nlk
z3t(@o0SKw@e2#Q9bkakW#th`dhKGr9@<{&H{kaCFo7$e99$;lerKEUI-RMarudU9%
zgc-38zp*c3K9(<ulf6qchKeZaMa-Qy?xJpUAa`{P_+ujOEinH~PG;8b$CEkLfNSv}
zOIJu&pr+~XA<I+b)>2nT^$-A`RMt@uw)OB>Tf^T%;6m-{nMxRmdU3lQkWSa#X2faC
zig$Q=^r$zAgQVGK6Xm!-fU5xd3H~v1Hu8>;i5Lx;ZB{TQ)$+#1#wK&|G?Fgw3Oa+)
zyLCfp`p!hxTB$l}j#D&?p8oO3;mM*wXC85BY2-AoV<ez?3TF=g0o)eIMM1f_xkZD=
zYkdiV-n=kP2~@|TQr~~{YS4ukf)e=w(7x7lP`eL7;dTPdyS23ykI%(AfS1FjMN{DL
z*CV`e_4CQzp`nfb1h&feqw53`s!avKSB|eKC;*zv0WrIzz6j8_7ohEgwJu+F*HuSP
z4nZ3SE3na2^2<O@0+^4-Y5m>i;b&?PsIs8dSM}%ziuy>2ehaN}ed5Mlc6mj`6=+f?
zTYQDIisCjmEnv5x<-NpUW7-9n^I};SNkRD>;NCEb@#t%8YzNSPr>d-QXR2*Pv+J3$
zd=3|XXXUEjzH<EK2Pd1rnmt`RV8$lTe}n)=Xua;vCaRBtz=Xq~^%gYR;RGB;Kvo89
zvUr4(abuFy`}8?bHL5}%jG($VV6ac{?o`=jZyF}=gAN+TPSlFD;5dW^|7j=zUjh|;
zIOiRqp6{LWr%#_C;Bg@apaqcg@Zbvx2?25a7f`pX%k&0TN^>TWQBYvp0Gb*=l7?G+
zef2!HD1aId-dK%Q*UPWG3nKOTj;rrgHe$mS!rx+7yy5yTas^N<m^cN7^}`|~F))N~
znaRb&YJWJD40slXs=8W(rzgPE#GQaZ3~zm?w3&%R!lYCH8mAU<L3Npm%K~_+sy~S<
z65RLk@iDBg07cpyEDuCBl|KQrrYaUxFJJlrt!Bn2GBk7rbRF$OLnW<ur)IwQY8yYJ
zSdr6TQlSKtAER^OL<j$9)EOf{6ZgL}se95C(V9%3=)4;^tRa1!A6@J2F<NVbC`UBe
zHnk%09&Z@^u{83DQ@6BKr)8CzrqBAN;&zR-zfwlln1YDots>;OqT&z<^@qbu#P=|9
zWTy(np9KdD#w<xR{X^NN@zhbv=;=(fwTUtm?KZif*N8x0N_2BvP`4i7*#{}1Ro2m+
zwuMN;ia+^h<;-fn8ER>IdwKLZAb`bgp8wQC;GppY9oQNyApV{#?$s=;?@m=9AR^A}
z>4T=lX-Gh#FOES`?Ksi#^3V`;tgWAsFk$-A&P0hhP=mdI_-nzQNKmuTFCr>h;<f<T
z^`CN6nM$oaj<7s4b<C4B4ZxwF_%9{CHeDY|8^Q!(7Ae;|cFIo=l(y`6y=5R@ug|$I
ztbrhvO=J%SDsw$h!1hi+PXolCa%58)8X6cW1r23=@Au+$cl`v|sO#2N50DAKa3~1i
z0GNKTk?L7Iy~1HV`88W6e%gmrz=Ivo=%wO@efVEfQ~1;k6OGr~1pvp?JZ^!L1Uv+-
zrR2VgqCpTW!j_h_;e=e(v3sDWhiRRry;wk!`JKpN<+ha_f4LT~51xsvTQ(-;ar_J|
zP**3Ee>dR+`X*ow;V|ii0n!hY0EU&$aO11vHQ0h2T)>p`wcc3Z_n?7+ZrHsyx}SUp
zRI{w?VQ9XoYt8KegUHuei9HtmOYBKTGKSN4A~Q$IAetb<2;+$G=Vs4a-v)UT2L=ZY
zCu3TfjZS`Fqk3M=6PSk;o3v^FaBrczGrq(KWt|`D%IwO#X)eCG_9`B_bJxFc_AVaU
za1tv8q6Dn%02^56vPY2Sb4|0pz7D7)ZaxXlYEAdt9I=3a0H@u2KiK<2z>$HJ-qzC-
z4AS@g7-qNirbf95Qba_=Ror{2=u4lvWo>N%wR{!WdIQsG2@vhGoe5aCSfo`o!i|n)
zvVfvgQZX7=-IA%9xBqt*phXDu)9s_9m~3op<0bk-K!m*9E-0zYQT^Vy>N1P+^ywn7
z%wX*-Fwg)rhJe11!)iPW;MZ#^DmEZY1)>xG^rG}^n*!bttOKsHnxLeSI=Q|zjnKEz
zOIH*hxYGAg(wl24b}xJ3aGTe;Q)w<Q<@42bVspk<Z^Z46dO7UaclnO{#lc205qHT&
z^va54#L!hUFL}z&#?X4=eTQ<_iI?|^h+FCv&T<PiFouE5dw+W(pN;JURxpM}`3ZPZ
z!L<VPGb92YZ)<Gl*w=%PkB-P#Se}!UlMki}$S5hjU^DAqyuZ5v$ph4>po$8%O!07d
z)*$NBy%}6!tci!=y#c-%5(WnFT0+30FgtILc^x!1qK-iE-@cxstvdB}^W?PKBphDf
zNEWJPqUAp_E3=_%0B)qUjg5noQyX}Izz?+a6%H%nrYZH#JFLF<ULcMWS56{Hh0K5!
z!_CXP&dq{w3936DyTvmg7e8h_a5H)MJzm|&ov%X6>$)En6od#`+GU`3j1_6e15=~a
zaZMWJmKca!&H4}dj_Q}7B!SEeXmCBCbu9#g(0=_H!ewP;Jb}nQAm4#G^M01Nw?6s|
zVC16&TxSNYN(gI<KR`+Q^?rO{sKX>IAcUwLKO-d_Y7IaM{_-W=ajiEDk7YUFg2poy
zT<sv(ZJ3q@WUtv4-!zZ2ZBRTumX)#KGU^zBdV}!zF^%g|c~)*NOb-_k5s{RYRq^1i
zvYv_pQ3u<J4<9~Uf(w`eWe^|)F#H^s+mT*iV!od&&2SusI|Nu(4)nz3<>k`ya-;6A
zWFYcS0NDZB+HVkqn*cqEsme;=Z5%G!FoX<jZHtL=>C}s5f#Co%#{fARCI}kx^#%2R
z3HS=#M?NlM!8aRowGRFdH!Tk<V3DNd`+?ZC0-y+}tw6o+VH0@t=uvp*TaZ_>@7_7F
zGgDGgt?ccEOJ|RK5$JAgD^SWWt*RPuN+TvB`p#tsg6ULYJ~TL(?Bz=c2$8|$s||kF
zp;Up>ZD=S+0JsFv=NP~=1Dc1ui;EdZ<lTjqGyt(!)HdB=`2go&CKG7E<2O8}d+z~*
z2_xi^%a;IdddI>-8YpJHv2^iv0?GwY>xJf&A;Ft4&{jhd+A=Ee@bC_|a?@yCJAu|C
z37pzX&=VrZ)ZA_xdU<&@yEnL>Py($A1haCpmpi2SdYjHv8yGmyJWMGmsY2a`I2z>~
z1G|#D{9+2J<(st-JDW4^*RK(*tgHYXK@^UqRkfHXPAM<iJu0$UKyi$SO{uPQJ(wQ=
z1i@mmlnes0C0)D5R;S4Wn~kl)Yn0YP@0fRAwM35?0|O&lA|2$9zV{inda;fofoWk;
z(aA0P>FMbtnCtL7-v$56K{P?1-ufjpN7AX+!dRo4$nN{bJ+(Didy7nw8q6sN&l|`}
zN<O{6zX!FB#)(g-&M^R3RLQW30H9m!?(TB?+@^_3dwYBP+#X5PyB-XJ$FnvkN=U(m
zlTlCv0LcwzQ2@puCEL%#uAr}<_Uo5$j(i&IxJy95G^(u=#50HbB;_UIS1V(bWPB$R
zs!ksUay4oazQ;MWo-G>~8vX`yK=G}xs2T23VW?@hHFZw`p*JWCCrzOafJDm5%Hn}S
zMa=sF7W6tG{eJa@Dyyk41J|_7c8(YR(IXz;dw!sbv;toXU=YwDTL)A4KK5e{1fbxu
zx*wYWcMyh|z?sx(bSvw2M?yhSCNKpcE(S0OR+Zkod4q?K4}{q4!W+N{qX8EM_K%N`
z4*^wAz+CP|A35;QKs~Q;KQRMDt^*Xp7|eN~$Fl<MG%P&a$;;*8{*H*>?JKB!POII|
z0rGT$41x^;04l-F&AkXF1OW1V?C)FxG_macC}ji@j|ixS3H<J?`1trb4K8Sa=>a=U
z9BBBVI1ENW3WIG30D1#!>wYkXp+EHm{|`w}JXmoDqv`ZFkFpspL)&&ENQLB7R8&%R
zkHFN@ewypmu_>+U&ny=9@%i~w!1?y)n+iCZK3R<BpaC@Pah?KRm|s6iB0$L#;9Qge
zXd@BwDJ*0I6D5`t#YIPT0Hv7S4h=v=IqeReECe+*H978Dj${RoxM_c_gaZrC!p4>f
z81B`6Zgsh<z5OC6i{yfWsQ|H`5fRA(KAfkN9Ww6WvN1@!ztAG@<;8z@bCC<Y6Y!|O
zx36D$pdV9GQXI(&)CvIB!<qrGLRi#xQv&)JRcm_yc3{sf+00ZgZEi{ex9)P`;a);Z
zODn>r0BVUtui=-HLhO%-!KmOP9o2r(hrKYp?VzTc1l%PMC5ufL^D98P?X52Fs;Ty7
z>gG{%xymLcB$N>m`6RB(!oiVk3H=EILD5R<@qmn8R}+8{8Z_4Y{Ct?~3|tVHPG!QG
zoWkcC0c56Opg@`pr4E3XF+&%iP=Q?3x!`MvXYi?_DHBiVg<2|R8nXQ;xql;G-{14<
z?fcQ;;U$<y1a=;efIul*8XNc{1<AKyBn8#e({sAUF7o3?IDkMfWqxcDJR-&s)1U|b
z6v<YCxgKlI;^I#LR@UV#09A6$Zw|0U;3K&mF20f4vkl%c(Il->hV<>}O72&sUfXG8
zx*!{P6!nvC`iu`K@;&}DQW#jipUmrB3xx*V2#g<owDE-Cj2*~3mYnq$kA}AE={shJ
z;tt3bz?Bwtygjc@MgPSTROdBujtRez*uOGQh~)e|G~o>oq*HB2@&lJpF|SA2n9noI
zT*y3Yfg*DDaU@W&LqVGcCKfJV*#R^G)g0!Rf`Ycb_}hPSX66Kxos-ob%%VOSX;3YO
zM@KWgu8vho^ilv68{66f&V&vc#nthmemyl#PEG)#bY;*+cPCKB>wxU|Z6q=>as#y1
zy(z^!PV2CS(%8}xHi7_~c#6H01L{1GEl~+M!vLf!ml<{F$SWb&%MZ!Cd#CC#50ZHp
zB#7;7Eu0BwFF<_83GoEbC;~$S9h`xMojprFO%QaQ@00yZ<;l6Zf&1TSU}_qWkwFG>
z5*EwgUXC}1$w3Ka=HL*MmyZPFHjaQl5d9z4-aDS__5UAN9d%BUN|KQ@WK$wZNJAM}
zp=2c#5h2+$sgyk<%1l;vc4hC8O=PbkBYS-B*Lk1MynQ~u-}m;r{cgASAMbNI@p?U<
z*L6J}kNdjl%aVMC`VNCBEe&*rTa!iH;mYuBv(ArRs6n@?ek(RiRY?3gy`*?W0q(?#
zisvZn$$;r^)P$6m`>?Cy1WKs^fh5GYh<V`I^XI*wC2Et!Zg-yt^6cl9@h}pL)vchw
zIn<JCX9@IP(h3SOV7Km$Ha>$;3y{CJCjZm0q?_nBhDS#&ARZ%KBf1so3m2||m}Cs=
zK*cvJSUCpt{3ZbFyU>f&Ei|gpSXOGNDY#(e;el;__~?=4YX=9YpenY#3Ggbip0x9t
zcgY<yH!<Paw{IWfTKtHR3s2^IPtV(BzMCEsU&eDXEaR6OYO-yw)@6tDCUp7_S$9?v
zZjYIn`PbZBX>F~Cj33v!prLI>Mn*WV9}#`hkG7-Yi^B&(2L<S4oU~`>9krjGYtIY5
zoMk<IOZv9<pOfn$$(@{=8^U+MHwssd^)*k&0~WcO8mAf;J=xySpuA9ku6lTEY`TQW
zj3VgUUshID(<cqDs;hIZ-K=)@@`m?V@i`aoferUdqK~Dm+OC@m6K}{iy>v<Ahx1)M
zvp6H3Olw`sM)L-N2HP{;Pkm=pM%NCzJ*^4-*fjD|wsmwU!>dNr|6ZCzejtC+S{cpH
z&fUuC)DNuXrwd9B9N%f_&beJ@+Td%IX=PN~CRi?C5D^}V=s?YRCH>#;7?0m!1?9Nm
zT7@qs8nf*zEQyUhx&E0r#L8^Ts;4JC9k>38&WCLmO7wAu`NNxNSo$H6z}NK-47@T-
z`(g-`MEyIZ18kv$VS;{vo?jb|y+=5ZqJ9u*gn~lL)5)Q}oWn~qC(oQYW598$dF)}4
z_0_A4c!hl^_mPp2Z>HybcA)+7*ZcPI<MB{2`x12K7Cdh5?rMB2Ky)quR6uss9yCZ*
zmOF|rYf1JgCa7@_Xe-7jgbiYP0IjKEJAsYINc-H**4F55fb;eZ8@DKqd(to+lk2nY
zw|(->m0l@UneF91n)F*uy*>)!x}%M;?^ND1Q+tpe8<qQGP7eJo)40yrC{`nTTU%uD
zphjK{rG7`5es@Iq#fukzZr=Q*wKb453m1b+P^^V!k7n9MtHqU<m0iR9Tw#68sNrCV
z$6f^)ndbuM&x3*R3uPwKNIN?_bbfK4Y^xGjZUkKJs_^HHliSwuLH7&@wgn8zf-bpI
zXU~4nE!+r1YFe4)%)xv&9o;@rS?%9f64btCTNxYJTt`g-Z7_&k_~e!K<N}I>b(l`O
zdY-+-lAP|>irco59`-(Pvw{w(t5ej}(jr_thN>Ibp^Rg^+PQ&vLem{)1p^`szo)UH
ztE&rImN_4DsN!_e!!JfjbH&pSkBM>3%*<>^WfKw-D*Zf<xtS3L5q|zEkN$$mM^_n-
zeOnH4E3cPH@>@13aP;m^+v)zTpeRR;nj>Pmc28-wQmM3@{g<pF4wH(()yDU3<<`en
zelb!Qjovk>xLQ}&e{qWyb*t0TL2G4}ZQHCKYWrC@Ta*^;Lzf8&9N;Mx9-q|pSYyg>
zPgB0kz7j3RP*q+1%+2j<c5dWOL6+I^Z?aHlbai#fB>69ovkb5=c@}*5aCqP#2XvDV
z;?yT<iRQ1&YT*4rCaLN&sxQXLY0qM5e9g9gw{!ixc7_Rq^?0W)C{304D_-Y4SO!E|
zRGOc3;+UWQ;WXaU^BKU^ar53kTxs^I9ip#}bDN9fN;)2|`1Z6r%X1o*lVw)QZOhES
z3?O|o>^zr=L4=%0V`$3@u8ptt^z}tFYGE)2mT1vgUd_1UlIQpjwzrsuPThzwe98Dq
zY-dZ7jsiL+-+eB%_zx?soHu9lw|#{&<{18@<zw6$(vkcGXw;f>w_@JBj>Qym(pH&)
z(eJWYCF4UctFIds86QLV<R^W#GJszJLtd;_&M^o_z~k<GuXHHWE|9Gt*PxbOzq#p0
z0o}7_&j=0%bd00)N5He9xdQfr`5N!bVi_MkywMb?wmgFlA8k*V9+T}JsuX_%&S4QX
zC!?E9uGsU2MPH_^&S_k=<!!mwS$Q2L$Ip-M-o1P1N4(IxqAmZyJjTGpq-SKL{(U+t
zK+I`cIouLCeA+BH4~iNaeZ?IYIlg&druG}~_xG>Z<HiHs(%LPSH8=0I&<M7%>*@hj
zZeLTf4J_i9W+u+xiitgHUo$*9d_%)On&)eE-+E!=J!K(}k1yG&j|AN4YXLS4QSJ>K
zUd7F<K2aER87+%W+D<*j0Wxq_r(>#NC)5%ce|&u&fg)aC?Em(yuDgqm{oHC$1TPLk
zA^{5$`vwse5(|{Z2Ms*TsHmt=I0dgS4_12z&14;h5DmKYOp6|C@c1WNgoK4-(A(mF
z=lWLST?W$91TmGyDn)Drv|QTVy;oLN7PV2<bd&b!h2pobUu(GwxIcZW$YQCv4RJQu
zk_KImc@`HJ8{ezSE>w;sTIja6w{vx*B0daFFFyFo^UXK~FtM&C6)mC!2@M*p|7iD{
z>%@r@S<%kJb^Gw+&F|hVs;}Q}W@d)!gMT=9=+H)c`z7Y?Qc(7md7gFtvk-$mefI1v
zybgd3xP0>NO>}9E`2>artj?uvU~rzBdR#RjCf0HHkA<dGG~K^Yn+%zK%(`-)B_{Hz
zsi|QIJa)d%>%jxbw@w99?_Jxc)G|%ANJn08V?I52abO8^Cy(YwPs|Jct@@Ma_DyP8
zY-S?;EYx5YRky8iUTZR?ZBChZB2rqxe;W^mhnH7qR7O*i8Ka`==<|%UDUHORABAyV
zqI$+mGGJQ6vsa8&;emLkPjd*$>7tU7UBiPFl`I7dUQ!JEv}v20oAGTeRu-)wiUw?q
zPUxIbGIYb4AlVN>vsmh}Hx+Y=rpENSaqouEH!{u@D2{=n0S0BkY)AD6ZN17fZT-DU
zmX7`Wz-e4_AvlEn-P%S!nI}k?BNmezH*VmUayetNfl!n)34IdMW$>?d><wGEn~xvQ
zUAfP4i<OB<{M5%YnCo#8RYIcz2xAKnhN6ZBZzvS$3~i0xD@Sd{^FJ4*yq%uD6k|}V
zO00MDd`fciK2A<)qsPbL<Z1A<nCKEijr61Cz|unrE`%=pf~;&GSess;wWKmC#~v0C
z2nQi<@-5pBfYEqoRw0gPnR}&cyO@|N(ca;iiTJB)XjrZ;+d@jR0KG5~zM<q)>^Xvp
z3lX5Syu1{KXDA}cxR3r)66F_I(e?RXJ>Z(RG9Uj0D*q#p0eo|af*;M#+YFqosjKtE
zAV2WR<MNY?;|@@0;pgD{33cXJd*E?Bz_KT^*t+(<Z33=G@M;DFEqR2`y<8e<Yi%W9
zG33ZuR%5$}Pe~)w9h!bRj=YC>SO<?CQ_C`bou23GyOW292Su#}9awAY6+X?6_aR7u
zJVMRR0zi#)P^v!EiD(2Lp(P=@S0Yr#jM<iPn+fL#QHPLj4|6|CTPfD#-)K_!V^>#h
zA7f)#d+7Inw5Q8TbC2~3u(F;SnVP_~EZ97FdG^quLxM&Pk1-Q_dwPCC%h{G~#f`5o
zXx61^EXI8)dJE*GK*Y>P8rTwb3ThykkigHE3KB3N3X0F4Ka;r&NDPj6r~+KQYr`AQ
z+_p6a1Oiil0UBB&8ihhR)qc*@;9U($3mN!HpMK)R)joc1iKuh`z$+iICm>Kv2Kt94
zsx8l67+BdG^v?HhI2d<W-|iMOEXmABLnBm%Pw??h&w2orU%r0z!5OBUXJ?gQWJER-
z)?+Ew!*Rz&L3E*HtiKc^PZT03gP2YPfLjj&!s*Pmq5=~0UM2R6hFKn^{xR0#k`gqp
znEF*4Frhfd_FZOT$Uj(Q91hmuxQNJ+8&$i}{Q#&c0aO8qp3@`mHJBVIm`>WwJO$SE
zeR%ktd5m2DMd~W|&hq^^56<45)n9oTHhd|If$f{wz-sDw2M1kIs?oV2Ls8+=*K0O-
zzVe!u-oeHRJqh%1%pO)QReXt<47ThQ*R-9$C=D@}a{4XR*&l6%03as8cu8NH9;)3W
zaI-B8_!^XldeC~?*xUPfdY(dk{53s&Df_aqhW0CTR2a|6=y63|y=Qb(26H?<>cTzl
zB=yuo(6i{H@e2$L{MD>sM#RLB^&Phy+=4+?xx|=>kx{_7nFqblBdo)%TerqvNq$Ha
zG58R)%*-!<$57GpMM4It607`#`~fB|f14MjB_%0%eb9hgbZS9H$OSFs-SN&Kysy92
z^Z<A8r6#AR0b{UKg-L|1+pzHt4s<k&wSA=?3;;|qc>q7y1b`av%iO}E7Y*h=VnqXi
zzIbVR2&-$sTafpQ)`u;-HtL)P^Q)jBG#igVjR9~~Nz`Nz78Z`0RMuc#UqPuj8}qn-
zpgrCA-1DVQBJ@W|A$SRSnRo9Ji65m*5-VtqD&S}Fx#NJyJViJS&}M=Y`HUS&V5wWT
zWJ=xl0PjgjSw-9XAtM98^a(~wLCL|QR~t8Ol&SrIe+|8^OF@AIVDJe1DPAduB`Z{_
z?f_8wdV3%G`Kjg`1qTKiR=xIYs!Y6I{9I<D6$2d^cNql@-=zNlusZqsw?XR%-II=s
zzWB`OY#t$@0qR4yX1iIm$avkfaJR^Tx&)|k0|&vW!HaK*P7SaWc7h86O|-J_>f*3C
zRX?gLdHouQT^Rl3M%0gAFZy$FW+WmWa>K~R*dLoOdB{Bc2ZBk)FF~8|rK5w%+1VNB
z5ky5_nw!<ioz<}U<{moCwe@Lev}4^I6hUOM<)Ejx_i5BOztU!7S#ALVf$o8JcYD0U
z^OrBv!*(_>*<xyHD&rAMWUoM}2F$ylSsQTU&sVG&0^}}eny6oFs;F2eyQiRiSS6|D
z`+(D-gl$RBK3s~?8MXxC9q1>_<DVFr6uf-Mv@$%^xv0Q5m>%K5&7(DsROmz}mP?fF
zZxWEBxX?!_YDk<juATFZqS4OC5N*1ouldi{cEtvt&dolU|HLL8)BwvN2~|5Sv7{NZ
zeVg|^w$Z&M;3{98)Z&qTQT+R2-*K1M>cKZ3{Uh<|9oY9$;Pju9dow3*a4?zWYx@M@
z??4eS$>sUX>B+YJdxa|1{qF60uDT*Dvu1SmUlNL^at$2F^;r02e3IGn(Ph1m%&Z4T
zxS3WnS+;Zh?dvXzlOqD1v*LEDw`3e@)1zKf|4WBb#C^f;KczMMt~dHmNzNRUi&7ZN
z?y>xvHyrJxXv3xdh=C5@c_HFIv`J?<J<%on+kg91nU#E#fBWaCQ;h#92U_NV;D7n8
zD-AXGw}sna8f>Wf;_U6K@i|w1VCKZnxOp?LY|f%M*<OvOEdlsDlg|$yJI42uXL$%^
zlQVO@&FhL0tM<#2-TSRBJ-r-Il({YG*zK2z0uKLfhu-%8{X<GV6LXA}P93~E*2W|&
z%iVijuXXkJuJO)%Rps)$4=yi*58Dji5w{9fZ&&~K`0FC$$g_+FuZ|giE<4gkaY07r
z;7qFre<y21lG&-u&^*J=GzPjVF3$(AG?bJc|FOw@AW4EMjaqccrL$n~c}){J_m-9<
zE#1Dwbbepqe|vVPpVF)De<|?I?zh_NoaS)N*BDOz+=MwzmungcCmwWUT1;pQy0{n^
z4b?rE+<URdQh{c?wAkpIRDkKXg~<y~8#sJc(nq~EH$}wphe-UVAF6~O>aV6&vDU_<
zKiVPueX6+Z^zAtLJiBF^e)~l21uBZB19Xy0b9dI9co-ONQEaK$U6;9bic!$yv`C-D
zS*?N^gn&vvEvP+zDf&{X+HDgP6A^l+U1-`~whVn)Q((x~H#96t@e?;`|KKh^kt=I^
z=@L|@u$dg48$Y+<SH_u5*>j_h^7F-GoJ1rU3I&FTM<;&@Ys4zPT|Yt1BK7i>(7HXQ
znmJP6-4jka{Ce}0jqBf6*X4`P<Yt2N<|<r$q8mP#(?-jMNrvUGP~|1$)LR=iMf2|3
z<<B?~wmk61Uz2m|hFhGsH8-nHPF^jENxfmww<vT-F7!FTMC1HlJ>@>7CT(dCZm(Mv
z(Y_fF8oKpVaOR#XnI$x}Pr|m_Pw<J^&8_=X((I21{_CgvZJt2k;G40vhVAi`kav>@
zqEar+6F5}zWx-Nf&f!$SgGZb5YES$6Vj#wucLsJk8By-jPYXciZWb2KWL~3h1kNxI
z_|DDO6++;vnWoiEam5{$f`WoO&z~>7{w<nl;ELiRuh>@%kBl94=-=(M^qW3pWA3I?
zj-vLX9c>Y6acyb3T5mHKehPOmoHRLZ`AzI2{hn%6(<}#0Z&@!def`LYq?l5TgpLoB
zl|l#E4z0g4UnhAYcbYH#Rtx8^+@o!;mj{l=)+(?2I5iY@*DjNaf|^li-{>H9O&HZC
z*8V!lu3O)v7DANTEDo|u^uppp@yB?p`{Kk#rhVEQJ2K5;&=SLYkaIR;4Z758dU}r%
z5^g^;DG=0DD*kTg#3WI4&fDATYI~clu7MTxunESyh@M7)#4G!aP>5Zje+Ss*4nP}y
zWpPsz9W5=b!E2!N#5M*n82-tJQ%(Sf(KOX0SA%cW)zdozxiu>9^5R$$#sginTY#^U
zQ&Tsv!eI$107S{vXb0ZGCX3E13jHoyN>VWtp^}l&`B%O{%Xtt4F<LNsP8u9+dT6E5
zMMPcb;Czlo7z!7;wbdsD52ka$+2HdaP49ME((?2AU9Lm5VWllC0dbd;t{WMZd+s~4
z`|!2<Qw!*Ek|C=l&c6KlUaG6<w<t*`3m4a!L?a9U#Fa4^6qDO4UNAESCs8d>XA#J3
zU0hrMu5O1zXy*5tNK`d%9t6!k!1ac*zM+z)*!{jm0Vselydvl}i29q16LzTBY=;g>
z^`)W%FI*k}_3ya=g@p&Y9U!(kYSDiI*cKT}v<=tN9WyCKHr`|a59Z}1VxLq1zmUUJ
zIXeZj=)D(&a+(|00<H~JP_}o0#OnM8P)U5+xlg^kwqvnghYBMwIGDR58x3!m<1E9j
zUAq{U;uADcb8(LW5f{LZsD#NBJjX?RqIGGjEIZkLV$Q~p;y1Q<#&xR!enuAGQsxDR
z027CsnShVMgZT}eAT-6QHpmfrcJ`Rl69pL)8LS3A!QjOOKq0woVF>pP$gqt5!aQWb
z9RubR%m!XYFMj1ohxu(xOiYCHM-xu*b21@;Ie%>x^nO>>&yGxTc3`m>01X@-8Odv$
z)G~P~V7IvVVvmH^;w<&y%(QE3p;~E9IeTzG6cu&$<$Pz|UweM1UCy&-Gz%8h^ntHb
z-{1%YMBuuwP|9<eBgjf;o&a)^K>~6i0%D~%t9g08Cw-Za?JYbzu-2HSvZcaz-KWOJ
z7xPPNGwYS(n$C9TC*-cK-Z>mma`BC1p^Ikr?((*yx)mR|v2)Pdg`<Pt&BPQ?HY<$J
z40D@KtW*%qs+m~9!R5KWd1)!G&qs!Ad}n?2wpzM5E&;iKl;E1NaV6S3o8|c<gyqBP
z#r(hRJ|)$zJ4>^-->W4MsRDjBAho{-ct;Gh6p+SvTur!vULDK^nQj0{BEwAzv;+v}
z$(fN$8D`z?kOqLu{g|C?0j8*8*>Q`rI>yJ`UpEWCeEE=>Sz1^3;eu@)s2EHm=h~%|
z&H*PyRKs;6UtnE5z$TNlB3@)1my?m{#pruuxb7_vkWOrsDbV15(^zRnXTX>eecSBp
z?C|KVd(p=P1)(#)(3dA_J$~47P!4(JzBfas+?JLbDl0L4KY#Y@FG5lS87?U-d<0<v
z5f}^v6S}K4-8f*%uD9qJMx%O|nkmpuQ#^g~LLajVq)aDTW}r|)W_?VF_)W)S5~BBh
zu%0;a3VSoJZq<0nl*(dDjVYcV<IB(J_+dU!$|4PUQDNZ*wC?yIMeu<?hV63Qx^={@
z3L@BUZoC>2Be<YTF!Z5`PX*URL9mCx>R<x;fw+Id6@Yb@3|$0VAn()?7zsg4h!nKs
zzPuW0V-u1}4W>=+{iMVmR8dv2$@=@+B}qJ+@b;MC0Yul2LABQUHOc`{7$QIf<W#Yw
z{*t4Zp_`I3IM>G3cEC`j;a-hOU7x1uKqO#np^tq3leXt-pJ;)_{B*5^`iE=l08GZ<
zfW^q^2C3uq8#hW&dbCI9`TToiQS~WMvSYO)c2&~z>-&%GRO8c_I!!Im#wPA?s?{u}
zHEYEfX|x_&f5`_VR?t)o$<p_nuzgt4J#vX%hXZhuW_L?{{XQ|?i+y=peoKhyChFu=
z?4Qf}(UD3eCgxajG4QNeOn8{)W+i4~LIs+4rNBuH6Ulk#4}qv}WjT2P!1uyzhuMQF
zpM4mg5ky}^9s~e1-`fziJj9MZig6G=jTb&Xv>4qezejk86YDVsf$!tv+FVOlI{#Mr
z<hA<rJujp&s~uEv?d7ffRTNyDoyUU}3WyKGkrYUW52>ko5NL*o*{i9?0I+m`i$5?Z
zXkgv}&TAZQfTET9_{YwM<3$oA9!o|EBQTB{klr*;Jv=sj$N3GpDkUWGTd1i=Ix_iz
z>WYld>~xK9#jnx@bOV3TBOu`0>FA0fRYjSgAd?FahlMJ9D-zC%V-YKt_(KfTwa@sI
z!wU;6VKNk2Hw;3`+F>G=Qbuy+{Nnqj#~Yx3F$YzSZea-1Dc1KZf>ZX$sxMiC!6W1A
z{dF6N#}!X<g8)-mO1IHwOyBq=o!Nd2+?b%5$seXv#xbKjzKo0Gc3z&`1Wvgh`ioP8
z=f1+Wi!HkW0@Y=_h>8rNzJ<#hlsHk5@W9&+Dv2<KC`_$cmN6EYQ&w+zw>r=FYyv63
zAarXdY<kgnWW?Hr0=4ef{G=WXt`HGs33rO`4MVj1AY?vot{3OpcMs6dwKv#z0ri<L
zSX+`np?H#zz>EET6SOyiL~!ZDYco5HwXLnK9L^|ufv;Y1B_*te(j0-P6`(6xDxU)@
zFJ5c`1euYM!8qWV$1Y>~TjJ0m7wAfWJy4~u!OyBR&iBt=Pdxo(Gvm@7s4L*llg22$
z?mvmRird>?;e||rQNMQW+I`&Rf=_x4lP*CQKo$@dA8wj3rrr1`P;RkxcRjcDtHcRW
zgy%-Y5x_)=Zco6V;?DBC`Kcwc&G|Gk;-$nO88E=ni$A3VK72BB&dhV3uMLnt3@893
z8BW|abT?@06U9_3+-36!{HKwxhFae_^Ac;xibKK@D>Fp-1bMK0-^y}L&}NH}%A}CA
zrb6&oeLX#r7=eLl?x?A$!6O1$Ovk!5->kNkyj=iuX=dFlfOKy)zLSKwiC~iV14Q%P
zIyt5t9&PzF;O6C!HxL(Y$|%dtE#=PQ_Et&#<y=_w$$f)eVikTu`$a^a`LZj#Q$Ckk
z+}PO}UN$1ZFCy}nr7ZW$x%kv5jr`od&^n4Z^M$<bD7dlIqG8jqZ!Yov>E#Y$gCl1s
zSoXFY>m(`R0`T>9Io4*xY7bN)2-uOt@~;g*j9_<v1U1OIH%Unf@FS745^u-h*XK<D
z4Ys6TMR#V5Y3~M5gsd*VCH{u5^=u+Pi^Eths}$D6N3EHO7iU)&rLmKJj@|39x-i73
z)q;@lq$A9v3fbPH1%h~J-@XTgk;024htNw~Wncilx7pa)Q?Uc_EMr0pMUEf;1)=PA
zG-wcP0u7CZxPnc9nVtI{6iFq(kpA4Vr5~O!IDM!9F#ykhiH+az{Z3yAH6k6#(1wb@
z2|hkPPSkR+7408l<KdAr^2H`z2iM{HQ+Mth1|kJue-~@%p4|8qbkKVt6avWXipTZA
zRBLcsKg#?z7M2<u)MaI5pDHWepgZ6ab3z`$MXV#sexU*j!>0Fi_=wRECBUSu93e#=
zMKuMOa2};L5RxFGl$`ArQ^Df7g#BHLg?biD9ROhBsU?!S@89qLeUZcjzXiiufT3F<
zUctceNfX$nl<9$?Yktpp0-T*FDPigA&(U@=*9n|qojx6oQZ7Stf&x+$ur68lbBWC}
zo5KOE;8<dBA)wXzYp8WwSWX6_&Gf*bFolD_;C1Kd8Wc~vku-p<!Z=~vu?D3abWQ6G
z*Z!`>(ATWT5mD0Ar204T2xRauFftNd0(ph6<vNfTXlJ8+EkO+-^(7o<OvMmD>EN*^
zcK5Iu(eVq~9UmPYCZez~=Nt0UZ+_0b;V`-xqZWr6_`u?UX8XZ>*<<;sz%)?;r67f}
z;HhNkhWP@@0J4`z<O%ebe{I>K;$-P|G@nZOSS{l2<FBSa$K+!?)Bj+(_CGct0JeIB
z>rg<CDRSpK1r$KQteMLs^3(m!pgF_P-wQw*u42NJtWK=0@}G~`nd>mA6)6>z%cy@W
zQ71U!e7PHhIqOt!n=ptvtxq3oEN+Znuck&f(wIdx`;u|{cJr<GbrhImj6Jkf;#K|<
z6Vqx>pD5dsX)B{wlX^4u%2m~>X)DPU^O5~Rx0=JX#YAUjevdRHxHd4pkBF-*O&zMs
zlD&+9{hDIQ{aa1O+t%jvi%#dp+szD1q7rgwWbgpZeglRC82leND7qZyv;YKt!jkj-
zEqZtO4Kp^Oi8R_a8tp>%7gj0p9_^g>2WI&W&Rtbl5srso=y0CeU|{S2DjpgvAA7jC
zA`Puko0Xkc>zHif-O2DEBO!{6^uV&N=Abi2Jw&Poax%iU%{S|_%ynIOSEyOFrDEOT
zjH~Cva~8~->fNGdA1R7b{_;m~HHV+`^6wTMLc(Ab(;GT!X=&m4n*$T?=m^G0hY*cM
zW?CX=!RyVw1C|VGOJCZT=ue3*57N((##mZ>X(Dwwcf$5-G(dlh2ucuPzQ3F#5BB(o
zu<-fw=UuVbxWvw*Ga?5878?Yeb^n9JNYJEJ(Uw1H-eL9!1MCij$_Y}~7q9N~V8f=t
zoE6~J+y&+k@P5aKqd=PhLChAIJaLkMmvBX&&KbreW_LG{J?{yxE1IIOaPW?{Bzc5}
zvY_iBh65Dtz?qr5klDS6jpalEQhBfPm$UO4vvr=1b#19Gs8jcx*U{0@n2A2rb##3+
zKY(7N@kE%Uc?I{{C#s)kbj56^{@~{31}k3b%_bX&fFOwN8Uty@78duyEQ9O^#Kt(i
z{c7Bv7Hd&Id-8T^>lfxn8`iHk?9R^<n1S@+f7575P%nW%&Rv=9n3?D%Dr34^;x5Y-
z10*~Noqbm8GQ?L4(6fOMYP`aq)cq(t^7S{6Fn(|8`42ps=%xQhtu*bf?=gX|i5}b#
z>SoOM$3;a`F#)5Uzw{<;Gi^7&@-dP*1Lc?+<EfO&iI7;<(yZl**f+oLe11qtRFV@D
z9=MhS%Gic0p&Aax+^%3%Kft+52B1feHlTZp1|U%3Ak>y;f^B%gl11PJroq;arb2q`
za$L<D8Sc-d39b&MdXJ0Q9o3)5XO@#zkUel>ajS-~S?`zbmjc~;PCR|<weOOage1nN
zVbM(Wf)bAy&L9b9c4slkBysu11f4Ky<IBdm;tQ3})(;I;=r~WU^jve<y7!rTC`;)X
z=iY|m3j$@QUVA-QbKxHmt_w;Ov-k1}t*K^eY0J(U7IS&bA#Ikw5Iwa9czw7r)~93&
z<;ghhi-v)Hzhm>sU7VazEy0m#kt<@)to1H2U0ut)zof9&NGmfomUmVnJ2|sS(7z++
zgUIM{BZiUOw`ON$?6`hA2cA27Q=xNori9Jpw`IqLp*^yq?R#~q0$QB=UGJH0iEVfJ
zBpS1z)3=@Zxk#z+)1-xz5sv#OH|nm6q7x)iYMifX;|_*CD_eO_p$>@vzku*nE^M_n
zL>E)uAXYlz2O&~JYL5q`aHuH7Wo0DQi0D7IY|#e@fKZ^+qCv%!wB@1L`vw)hZ_$-i
z7(>|<D(<*h|6Y{Df7dp><8fAkOj__(;{`qOpxoZ0LPCC6B`<A~aA@Us)aECk<udHg
zM30JnvKy=o;zXz#=T%!RK0?BQzdFBUEY4XEWk0A5l$^()jxf>@hZ3qMosm=M<%@sI
znCR!PAFISMk!3v*TJkF!7{o0(j?sYuzp-!SU;f5<mX4aV9)5XZA@|F8q1!t&T~K7G
zXt%sqbt9T*)N8PJ7R<)js8!f$=GNAwpFX{5oqGE-hqvm;l_+JB%>&{$Y`Q64bOl;G
z6?a<1JP;o`a=IY$q`IG;E(8x*A5JeK04MTuc!&}fTGaSpwjx;vI8?4*yLJkv6q=cf
z?i(NGI?+7$zUTk+>7U0;T0fyxvUtsrl_u>Fu!W>py?zZYPsudCA3utZG4Cw;z|UA!
zt(j(F&A}`SoIgZVObsld`GuVL3wj)j6*;FNIZBZly66zrIlJSK1)xoWTMN*f9~4Zt
zW(2BuQQr#j|8d>bwfb;ew$kDM?i~k02V{$%(+Qcf<h_{GN*k;#s9lr|mpmk^e0~1|
zQCyrLe{1yUy`Rf2TA~HzR<;-JY}@x)(l&o}W}@VETAGR`yKxPp)8O3KkcE}Bsm0QW
zZd!}uS8T=1EAFl?9<>a)+E~prpRkyF-~Lch<y%&3$&^rzjcZ*rea^+v!4j6x`i-P}
zhyBb{@DB0+lDrgP)AD|u!QIs?&u`3DA!rUmWM6!VHW@GE=ReflGgDY)E7s6B((0T3
z=52ZK?oq}ME3?w$ktbPMNB_v<8p!3IGQ$}68LbzNUpiawCTu`jCZ@Pa?dId((GyMr
z&$B?APl8J@Hb67)CNS%Wh!B!_g}!XCoigkA$-Pvz#U&8M{q^UcpE^1;Mw+JfTUW1p
zncRm(DI(uGRdJ?yD5W$f<JqQZx8D%4fOCelv>z|OF-b?qxQj|-D*!@=<;hapF6q1G
z=AY~9y%6BAjghee$S9m7MxhGZY+v`&xzcf|l+~wBVmxJ}eokqQ83%3C8>O)L`1sar
ztGKCb%mw^`OU{4uftx^8ZU^esXKD;db4sotbhUfRaxFC@TyD@5V+2D|p4;`;XEi#G
zWPB+79_GBtfYR}@ODsD(TjibN1I)hM6Mk^)VEXOtUA6uG1n4b-QQzRfkopEq`yu&|
zcSrs>AlzON1(gm$Gp2wsf!`%<JXD>G3YQ;tI@6@>nV_0_4Y>kY<cH(}-_+Ai8bHD#
z08Kh^K3O{M(3b>2oN%G=#`L0Tbyd}7&0|mopd)!f*zddxDQM1~h~KPm3dsTBl0TqQ
zXJ`1|HBrVV_Z-V46A>V$NNk!4>OsH@M4=8Px}Q`~fKa}hpabWf(qmub*Q8oUx@96I
z2MzRYYdta0&KERn-0kSN;RlmYv|7Rm&3v1;X{m?KCfgwU!LR&eD(3t%edF16zRPpW
zyz2CM+4|aL{!P^jMPV_{63U`KC;s|kWpy`|SN4+s$e{U=ko2wk@~1-_^WtY@Q|o_V
zqz7+~5;uBUxXc6!U>|lN_L~LJ8L7Tk>A`V|imDS~Itoc^OiX~tI(xelp0@kF&p~lH
z5s-l$4`3o{d7hn}otBO+>bE5pi-?^UL?H?b68{ob?c$(OXFt=%zPCo4^QP`?IF9i0
zQW4vM24u?di?sh2|3c(8#L6uP3}B(^>+8Q!i-QdKQ)g!giG~7gO3b4;bhK^4wCVm9
zQ|+PWGYm~Vd-m+k(fY}M$*CaT73^whX^DX+qC&@fMlm%#T{YvTuI_`pJTW9bGSb?d
z|65KKI?>5mJb=#t7|STv`uC_RP%ev$Yrx4#*3|Iu(};)zsQmB{;veQu`*<3QmgJWm
znMWTjk}q2pq9|m%m7$C|n-2ajoRuVy3fjT1#|Lj{eWLFdzMzpsOb<w}xMpbh6o4ia
zg5NP?BO^+M0B>J$$KF4BslgNV#zsE#d?FYn_5(CPEr4C1?444Om<NvjQ0TNQ#-3TA
z(9wrh@)b;E95%4Tl!u=3aZ*x}axLcT^FU2&U=>IYJ!&LcW5msV`}ZBlr7I!})MtMG
z#>`&N*xg>S4?VkH0qgW3<=GVn^}d`7Vg?Og8(MdHI$sXIT>dSm{>SnSZut#eg;k9&
zHvRS2kIq%0OscxuvQO96<IO@8Actux_Hq&nQAgstP=<<h|04)$f4QU@;5++=>f)uY
z<g~uH;I~_BQ-2nCo9a*94mF6J%)clqFOge9<W(*IO<u()rU@k&^s<WMH!z`~a6Ntb
z5;}Dn;Ke{xfEDOLYe&!zG)-WJoO@v&i;7~yNplSfNBF5}_4M@a{b+pv_6!qxVNuaz
z6xR;`mx*0DirZ95O6q~Df?p&S^PQPtCHznV;-X0hz+t}Tv})-NblKC_w+IvBJ7A~i
zoqGYJ5-pJZ+&E@%o$o%kA)7);D?zXoK)VAN;h{*%uUjS3sHB3`SC~4LQg2+u<P4xT
zbE+{N|DqlXmwCFvkb4vUG7&z@$wdOOK~#$;u>v6MvJRMIO_)S2j8Y_xh<qhTFo?he
z&=%y>WuQd-1gWX15vijV>OPr0^Xuy_SIC?A(B=@`6;V4ueZo;#$7*SKzWJbsr-+oq
zv17ZSs*G}*gIEK<lSfg{5uTHLa~;o_l+@(pw?Nu)5DEa~h8g2Zrs*DJEpaK@QF;kQ
z@{O6AG!I>rll$=D1McEM)=C9ApHL4V#fZXuQn4)CHnxVsAjG!~PCb$~hhy3H!K?&y
zJA|;Ir>9To{)x&nrIi>L=N1q^593?iaZ~u6I9s$2030GfCSDLYunlMw?&DSBi(ER?
zg#E$>kZ=Ig6iHPj(~J>?yPMmY1T|bQMzly%db+xA(=`Fp5Jd*$86b8MS_E?Bw_$r4
zCjjaN@I695(U)65`bG$_mr^EWxp%52q|dTl?9I{dBl0iC!byaeEg)zV^-yutYIgpZ
zfWVj9S{jIMi4zzC5?JU11Zri>A+kzY=Q|Izmy>&GFeKnaFiy<p2}5!SCthF~O7pvP
z>(;IO-*q)L?f{k)VUmH}u>?a5flXkD_G_LNv$ULcsC<jbjc^*UE|O|Znjh%8h$s7#
z?4Itmt{)eZo_=L_9+)ZDkrib+?fcZa%hnbBjQG-zqdRu&AP7E;U!Z~FPK5zek}z(L
z?}4cT2Y0|7Qysor*Y5Sp?`oqy7@o>LX107btfHD@ME3JiEz9KOlb<~Ay2B!VcK-QH
zgyz((l7bG)BY*3xY_QJ!_0(aW`(Kn+s0_%Yb3lk25q4n*5GK&T-4m1pNmztG{{omW
z4Di>R-mA(8+bSq1kSl_Yne2uyB?{CU3ccY^sWmfb#SY<DLa0cz!T@~{F-0hZj)Yt+
zWRjdj=m3bKpg=nZ<QM^peOM{zw%;jEt5m%f4S)x(A?`9iJWs_qgh3J7y=COVt(7FS
z0n}e(ygKbEhU+l83ZuI({FgAPrk*1rfjRr`$QNXGT|{~yL}3v?hKc(eUja%n(&z%C
zQe<o=-YDQgklwMF<xXw{PF)fC6pQy7BBjVa!`h@9b70{=dfVLa#tj$ftHi~{i6|}0
zf?THL>(+*uxvy`!mbM#H9*w^I$3UUW7n=24sVug`gOcvhm(MyPW`;(UK-f^T>gnr0
zMwP*Y%!A!WGOU~s6FFc7?B{-!G^hQ{@B{o3g2{E|k)@7{ehIGU_dB&^?Z>qII^a@(
zh~I?F1HpnNEg1ojXpz&LG6Ak#Em*>GBVwwTQbBkJngx}38H75@&C5eweFH-nq>OKq
zk~|=i!tVe~2>a~mwiE-S`fy651SC%_#8XxCsC%$(-MqQNyl2`W>+V?dOTwbT6XgTR
z6Zp?71kH+Xn6+2*O+&C0fF|Wpm3vQO&$CJP=JfZ8+UqH)DKz1!a!p4Ycue5j=o=g?
zLBbx<*Ak%m^$9;LiS@-y-B8*t_*1{x-i`Y<aC~7<^P5oZ5V_=3Dnd)^<4}nT!O?98
zBd5(>D=SPi>_Fe4PbW{lOR~Ke6cd3WAqc#Q;{>{PvYVOr>;cuBrtHse>@e17Hmhb-
zvx)QZe8;oB9(i>`P<|ZdHk)t%EyuZ)a-=@u|6N!0;Qimas$6-oFzo@y>asFcAtBYE
zKaXNzqYX4iAD%E>`Ltn<tL5T8ZR;J~r*qp;ZD@SLxbnEd*u|hX>XneYI9M0E@Ov>i
zqkNO5Gjr*OqsG%Fp4*d>;KP}OQ43@p;t-IK`!(aXhLPvrIv$R5f6J-X%$dwwQYLR0
z8r?jT+fRI0h`-tm!w!&`G{gFb2x9iXm+`kEMcepa0<3rHHP4Mb`qGl-_bRQu^mcyu
zz(z#<%9Rh$+cng<{GDu6Cbh^z1tr!pBTZ@N_om%Lw@t5ARk-lC9H98u-9R?4|GxgI
z?0k~U#b*;)8EL8iNOo)}|MR_2|5ac0$G6|q|CS4|?f+S8^<NcUe}C?OWLip_BbEMd
z#a(a0{9j#dx7~Jn=LSC+)pqrH1#b)Pz?Rq$?HEV8HC|=mCpK2n4pfti4g5d1{JHPB
zYjU!=(ajzSP=C@{bf3ml<o~-;&dB(#Uytnntzzu|pKtL$NYtKqhlI#s%+5l4Uf|sY
zHWK8-HTShAHmZPw|C@kEcE9lxi?L>2NO%a`=#_D)vow&N^AdSuPo3T1-Z=H=zNw=a
zbD*-8;a%Z=zgx4`tk3o11!VzcS>C<pRMlGU*QlW+GRpJzJ!kVSL7hSsql0Ciz>Zjx
zpzI+gUiTgB1K}3XI-`GMKolLZSBX1+|FjNGk`(msaQqTsEm~e*n6er$o@#!DX{;Z_
z2IY4g;qlseuh8ILhmZhu%m@YK*$-oLV7}X8WBJuGf$76k7>+oz;*hwOuNcF?aJ)rd
zb*`(KgbKcVNe#NK*faGZ_bp~|``H)xeZN4P{VJx{;W(mFcf6_^V<<X>>!4U6o0Zg4
z*B%*QgC!Ctzvb)?bwZf7CLh4<mcwIfmNLN_cFwB{?2xe6TITR-Waz_5LO}uxP<Sj5
zRZD_;@$oHIs&Jlx^1qxvwu~%i@-3jw(F2T+`m!6r(da{-bgeDVuHdjnLb6y(?UTok
zuOS(8Qu}{ZjgX{0^#2X>FJPkqnDfVXm<T>Wa0|83b$$J_m^}k=zXw7+D2T%v(jp>^
z$GA&k=Ajs9Gb=05Mlss4d-ny{9^phK+0p1AV#;h`nu~T`TNSA=gjE1UFS2ke;?+|v
zcuVn01fZ$c3|P?sA0eL4uley4qH~CD7U8;O!UZ^2lcryN8MoK%LpiF)G&Fc+j`)({
zmV-=<eHlUVeR!3y+590YDhkIus0gd)Z2V*%!jJflKKjbls{)9bLek6TQ~$`PCfiVh
zA)ks6%12cB3m~Nd{5nXS5lAy>+W`&Iz||fs^P3<PJM$fbH`8&|;c;UwzaJXfg<gpq
z5jL^N!1uegh<ufx(gEMRb;}*m9Dc{1?;rDhUG{?Kk%_dw($nM{JZ+oWTvB%KXVm@S
zlb6h<@#W8>H{|?Nn2dM&g->M|F0IrjiRNA9yguk45jHn%+dUUzUt>8gR+~3;a!90h
zkDaYpLGg-Kw1Dr%@*pGTXPXDC?6_{m-|(|rP*+z+^&%=U2z}&0OHl3NAp;3oJYpY!
zU6Gv3XwLgFKckb`grbHqxfuA@ubG*m>S}5fDEZKn<@hgwf)T8EKl})Z`531O1CI>E
zKR<z$M%rB=?0et<rhr{TjP?XFblhYe)z#Hd)Y>|q=RpmC2%w^>YLl|>aDgnCOAtU&
z*L~YyUqCF*!aJ!T?@?WlS|pww|KYiFwl{C#zuy1*ums7f0nZtWPZpZ?Wt96VCX+X@
zvE^u=P|Uv|gcJMjD5k5^W57ENV1aI!AQt1BH_xL<Tc>#G(uR}?HZ)M58X8g*MNGSL
z%i+V?T#XA?%0a^sB?W5r5H=!t1VC5qW`8Wy{N#`SiQMp7OGjixfq(El^dk!c#sH>o
zqJ$^uFwD$V5V*X9J|8p+!dJW?k3S4g`AA?$xiQoc7$k_W0c4mD<|L$Qsw2VXpEw76
zf`<31+-QbuR+mMvzd=(x!{4WPGUo;i80R8Ek+GLxpYz5~fJ2B6jEnaEHk>&mz_q(u
zr{<KerTf(k6V4U|){eSl1fN0(?v^XHcgNfAz1jsdFvx&9_{U%Oq~fZt6TMKPZ9qmr
zoD-I`rfD)ejE8tq7o?6rBfy7M?&`V;@0i3Pkgf;AZ1}r(SN5yJMCAtllgI;cwmp9Q
zn9v01eh^L2hi5NnSVsYZH%q|c1=o`iYe?NOTb0z*Yz3%_=sJ8kBI74{ERfETw+U8d
zeyWn+cB&u7KDkpG8ca}dDqJm)HCR&4tZ8Nz{pi6IfP2Tji)UN$bx6@|QkXmUvHG=E
z^Yvx!;g%TT2d-Ov(|14IkMI(<<HxToikbJGU7VZXU%^>dkergTAFwwPLa|#PqID)|
z7U*c<ODglTMoPj)SaX3JF94Q=0P2tLP*xHZ20G(ugtT10eY+X}CP6e2K16IHXgTqf
zD9B|T2u6dyVH%v;QT)nS9*z!PSqAl>$80A#eX`fdI|)6KXs_XJ5=bhM;A@()c<Sbc
zQU4Fjn|O8ZxEUS4V+de31zzfoJ$v?G!${$IlK?9;@!x?{QXo-fFO+)7El_~mirD4=
zUtmE{Yyp`r4&2@VB>nE)`t~bu2)QBns6NZ`CaMGjHZr_Xi>w<Ng5+E<u)<hDq+S>`
zfG=LKu{lm+`7!WpVGuZ*xEErtotrjo!jR{Nd<PgIy&5*RYg=OO1KGK6E(~uQK`fq5
zI@x!h;e6acCTx^U7w|&Bi~jhI`IDS1Xl_CI1>#ZyEGQne1!5-y_6?9i0JnPJk0Sk~
z%Cx0}5mij+Ih^pQ3>OpQ5mrm`+<;;XBf*<Q+F+}l%CPn<C@Aoq!(oI28Q22H%H=w-
zjo-0z;IIinXATsl5Wst68mVSRM$!PpLM>k*VH<BOIXyiJs;w=If+Pr*f{1Tm5P{m(
z9%#r0Rz#>kK6YUNY6))kQWWRYI4H1I!hskx<lO=pLqf;^I1E;EYwh8Cf#V1VCe9|L
z?JZMho*U71A^}AtwyIXf)O^%F7!Z>=$N&@+cOtxlVH*03Uc5x4y3<_^d;WZLNl8h=
zc?7rf^74*kLb2^BwhzHp@M&b65`iA{j<t0_uwXy35Q@Pd-~S=40Ty<*h{Zu*lSH$G
zX-K*y;@vD_duzP|&M4jHznmD-nNHN2(C1x)sAoa`sd3}G2hc!apojo&jW~#isHkE9
zKatZw^*AoysEL$5<Z}eMJfJs@z?28*4&tt<x$ZWq-H=iqMA!;&UR~60q`Ht_4#Q5s
zD1W?8uET;ixd{eVEaJL?a;L7T2?CAyq7=w!!{5G@!~z{~uMJ8=Vbo3xGc+<vMm7?}
zRUTPcwhtV8^;l<?3db@Lo=Yk%&WT##6|I?^cjncujT6AN$_HpRZw|*~4YkhJvRU6?
z7?1!@MB<z$v3-CQLM5EFud9<hD?Hg@2*)6Cx;xSJ8cRT?b{Tmq7_+8lGMNiybr-Rn
zF2bk@v;A3BRXY3=&cZDFIX+J@QzFB}xy8ZF4PVf6G!Af4uM@w$!k4TRt#Q*hH-LWt
z%g>}E*-hBU$cA6%>MfTbw;`t}ov>U}7oGH!{t4sD91wZLHeTADZrofnTIrqi>aRZx
zq*46Ig*GXhe6fgd1;CT}c^isE&8*Y-xQa?jx-dtoBwY1_#EL}wLWu!h$&cF%3y&O#
z7}noLN0;FES*NI`24~+!>|7L12x1UuPYquWPVZ7U1hejr>?l~7Wy12gh(JXo7?OY{
zxZL4Xl;{oO+|5RLZpYV4&uiu%+{sPz?{ZG$X%guB>LZ(;%Zw)k?jyE8dutot7odz3
zP&IPbZb-t((V1&YTXyffqv$sP*u*j!JBH5!6QV44A_Z<iF}!t4z+s+HZRDPvDX|Q}
zGV=&=n9k7X7ozQhXZ48V;$0jMr9ctuV3*#)4?)Wp=+dD|M3YsF>PXO~##!%eJ9g}6
zFhFz;aw~2E`yc`Q@$o$5g!cE}g=SJ8Co(LngJZ`u6-9AOy~JyR+=pCShKF(SRVM_x
zz7VkC4iq@3Yf>!+fBvk7Ev*%nN@y<j0m4TkvMc8{<u^T8jLAiFkj;jm(E~mSGL{9L
z-Fkfm9%$^IWoO%k3aqTGh=4vN_y{FseUvOcW>skzOo_&-qGB@+N26aK0qL`xwE2Xu
zh+K3MyM0_#)F&vY9F-BDf{1Ltf4_#1oKM8z2v7!im!y`~9uz}NAa36Vy_J>4;voS_
zzDza!wQw2T*0l#3_FYlpW%&xQy{VhZ#=*!1nCYbbY<$_`^E2q757Mtb1O#+OLn9c^
za6p;~N<<Kd8&fjnszP}SD0b7*9?<d#Z}0wSt_LpRes8*%Fl@z<Am31kS-Vs4*!XWp
z5JxV06^L=`<JFI{+F##^mKr)%)Jy}o&_GF0yn#R)DC6Bww0%U0g*JO#N@hF<CuccB
z@$cWiVMq+vWwSX)9#7I@g$wH&9)H=PgoA${0P*o8XAroi_bw-kLn~S36&2S3LwQd|
z#BX0*>G_=lo&N%3poI<n3g0cw>3zRNg;7F@76nbY>{@k*$R$&5bvd~g`u!ZSJn(Us
z_vOU_a$%4sQ<a;W9>mJzq{1jxUR=yAR}iNXdm0LRqVt7xm>f@NNOTPhDD`Wt06r2s
zB(%wpb$CL+i|~oDlNQdm7PYQNR6RD2$g&+f=D2ao7riWc$4y&$k)|!TTQqz4kp!*D
z?QGrOO#ueHE~gatW8yp*0VL1*-PLq1bYCP7>^|_MhVXM#VD|r{p(#apBeq^zdOF;W
z`wt&htf5PRup4s1@PveFoc>u(E7|(r$>l2e*A(6z#;9`S!ml%D9s!%2>X**gRDnhl
zyOI--x1ph79sJWY$Ab7SwvRbV`oHFvt=e-TO}&<$(M7*)K_FIb)@fPWrMfI-y7+X5
zN`+{uJFmitr2cc6LR*B&Sy*e<!iAq58w*k@b+HK!``A+M6MeO5U2DC=mQ6gVb3a3q
zUlmXC$Mm#(35sN4`YYqrlMES33Mn<S^ZN8=;~Mt8rd=L9qB>U%gZ)3NFSr)0tp*eM
zFrvX(MQ6)9_%iSrbM1b=zcP~52B{3{q1TH8m@9C-!?tbPKH;Dy0V{Y?M9<mZPowvE
zJ-MJoMn;BYRDf%^W@H3r0QlTytj<%TeW-~ffdUtQy$KILjhcgWpB|KUw)Y?f{IO=r
zsVi_T7&)dH85s$8fz#nIx~;~hrYO2b2*h#KN8|M-U5t>__YiA`yrVwUDbR6ukYENl
zE%r+CeiRCeN3S4#AnYi%0jT04s4IY9Nz>-{D%Ob&Vj?8<JW(qrJTmezq(a>e(=YXR
z3LHNCsl1$1Cj#v)H75TO^lz%FsxW*2k@Vc?kVQaW*bktyUJnJBimEDE2KeM?eSR(e
zHpV>xbqx)tan1WiYQ}9lcOIl}m7wfWrRjc>`TLiiqUZ7_`}7`1a_JLTBgzssh>&d_
z_~fG&O#bRQ1NGtM`0Q7LM*A<ecSZfgeqn|o8nP!kb#gfa+Li10Yk<=)0nlZ&&pD6A
z6q~>=x3dIojr9c9=MXL%Aw5lF++~I5rATFPPe~EL;d<cc(Mwlt);;gsF?9^@&&I}v
zup8wRT07d%ieN~J!0`sOTi47CaZny1^a@*XkOX8<I6nV#WpzH+&57PhOx(rk%&b~5
zUf#}+ezPd)_%Vke^S~RC;gN-m4;Lo&fOexe>9ib(4<>E-$GLOoz-1Fl1Ox&gy~*ux
zoFAQa7ZcvSdy07j*9d&a&=`$sQl>9}0h;1IoHUpjunXxyrK7J`fNnABih9;U<4jJ`
zE45T9>SnX{)4(Y_#kPsskDrt;boEagzJ5tsBN%0SU`gF__sKUBE~;F#3qM3?3&JGz
z-3^-Z_jbQzcDYgfe15OU^YC7Yr3-X)bU`P~Pm1MO<E(Xa^(a)&ZS;}gTP=Q^9I;?p
zbXXuYWw^cV)vQ)_M0B)E<($t*YvLYkhsWAEB~^O|rv>*<<>{xUrt8j>^{5;b*ne!C
zE!Z)$Cr6K-!UamI@2+iv#tkSgA032z+Y+g4R!_eFly(d^w|sxFGO}<nBV5?1(NpK%
zynycLUH8{z_kuK1EhsZ5x{B?qPcZNK!SJIsjLVOkcD0`~*lD&{g4Mp*yg4lvRXIE=
zR@$e8dLhM;{nas}7ag7ID#FKlrkdiG7cQ5%=6rmpOk5`)b8>uMy{Z6^WCZ6w0z5z(
zHy~mL2N8yaH-bGC{NFVIfnhHD;|*}ThBcA6^&%aV*k`ed`#P?9>had*r9_}g-`2x=
zEh#N^h2qpZC<s;ZYCgAG7~@D#5QSiaK*`h(2kppwJ^?dYUfL>!oI7s@&iV(6eh^w_
z9tmPF<cRa~_9~%gkD+bWJ;G;Y_kCOMv>F40L&8m|U`winksc%YjC;DLn$+gcY3f@=
zn29jbRm^|5z1(<k>GKu;n}-h`e2n?`s9wp7)9gK1xfb?|(|tc@06I-AFIZ;X78Y5F
z!bywuPIDi;94$^Il>CLMN*X<t7C2Ax1Gq2Cn|gf2y$phqIEabNl!yc|Ouv2i?gA$5
zWa<Ny+js0Z4RU-yEz)8l)#K^YQxG*W%1O@pKY=X7A#=9>ynChfR&=}vFk2$?0ej{!
zvO5|qx@o~lz~tiZL);O?X3Uh`dXQ%!Qu|71Accre`4`-7auXA^=Epk^V3^Cg7H0-P
zrV!5(S1~$-reRP;+M_(yII%{MJ|0O7=yJunS5^!pjYfMq`eR(7#Pp%!7#$f2ni%cR
zse>-t$e_8t{)mEeRdr5AkK-iZnyxMu%tz(Ft}@>n?<_};j24COF59Z3P0mlSC%~<|
zaUSoq{ejesJ9q97?i7`n<e4Ihuo^wiz!WdyQE(y>3R|Xc11MpjDxZP9kVq!9rRdt2
zE?&F{J_Do6P27J*T0~5S;D^`beU@Q)z#lz*{v1v#=Uge-{Te8J{U<|kNI!e}l#I6x
z*LUEWq}@Q>uHlP@y^tT08lH<O&KaJ|$%s0*$m>&1syj%V3Slwmw?J4x{iDQlK*3y}
zP(F}#d7iYy$-DqFBgv(>A5yxN$m_B!1~x;c2Fff}aU~-yjTnPsK#Y@NklY%>t3eVX
z34aZZ!zUm{uz>wSit-L9#{n}Q#-U$duf#Qdsc~WllL4;UkzR5(dCJ_-@Kv_|>TF`<
zS~siy&9ARN9|*yl{;c<ayK)!*C-c?|qs_6^%OXb^#GG~vIW6rG)nFR@C^uBs^P{Y0
z*3tfJOCtM<>y`skZI&*_w|+0BtDJxD$e!C0Ul^|~#^UPQm)uEJc1)!)QPn4Z!=`C2
z@lf+_k;!QntGg-5l}CekWHMew3th=Dd~i_X>!Fuz*}8i!C%TybETO*PB=My6V?f%t
z;Y;uE9jVa@2D3903=#%c9~jB{+b7@YVis&{vgP%u54Sx!E@pH8TxztpQnYRAA(OU@
z*NM%q0|h=a#F+Q}mE*KwY^zSHMbM_Xy(jw@Uk2w&%SLDgBS)gZt1ZzK15;n$K>6w;
z*I(L8v`8(Q>U(Z*kUikrE*i<ncbZuOnDYlQqYxDd1ThhDag`u@Y!+u?cRH?M&yo&+
z=({xJ<*QtmGq&#9Wg=MMs)&P|U=dj5h|%VM7Z-<!ie;s5E3y@Xr8l#Jc5~V$>@2B?
zp}!!f&{O56aknu^LF9?^xQ|9*?e?%xIYWozB?HsW9gWpRfAZzqQJk_<+gLJSW%Nd!
zTJ;>=J@LF#XDehK3TyQ)iL8~a?tO&dGt5au)2{iU5o4!xvYds@!c>%gSzU8;jWy-q
z&(9Zu`2srdV`}B*;!*~EUViP*wv|ig&%1)ZR5tGD$o&>W#b~(a_#FyJCLsqpnB)(i
zY~JP9Sz$*I-)FnAulV(^{+o|&avV55UKG)`%=$WgRDiDK(<`0)hvP@UzGKGatM#ww
zMZ6zw!}<d|;M1p1_t8(&&#QTb?4~76`yGQuEKO8<b0`C_e@pOekuaUAf0m28>oSd-
ztdrflq$Hx&j_QW!$yQ-xO&2GUvd-7$=0gV$9_(H^E5GPU?s+5H=2i^~OQ5*@Ku=6s
zKlJ1+NlDI?g`{<&BK7q5tHfKN!>?~?DXpq{fwKrbtT@zWUhHAn*(bo&S<I=RK4Ryx
zd1N4KQ2=Qw09z1U+>7Q1zw1q6VvUaT$~o-3{uf10Ceiv3xhOh4OjJ+Y`MXpzGGn##
zvNd1CVJIfNHQGYAbg_QD12aos!&z7O#y>`X$Q3clvZY@EGeQ!k7Q_ol9uD~Y5rlf6
zCE`_8Cl~ghe}hKktgNgX=#!m{!SB#UQ1a~>Xr2JD-~%7vVYI8*wDom$B(|1Ft6}#-
z#@Siq%0ZJYMge^GEx;$R$<k6m3aSONX^ta-YvL3o9t-XTNm^dw&~pU5cDkce&gQUb
z_QyAVhE4a@QUZ2W2P-9CKbL)X^g`=zrjV`TvRCa+*wf5UA72h@dbzT??(SGqz<G~C
zw3XEO*AWR(Pm;~kPg=d>;Qm@#<KHyaOuMqCnx-mlOhP%M&P`kU|E%x3bJcp7r~KZL
z{vDW>qa{~<2-m1I#$N#1gvK-1zdW!n+jH_#G~KIN!TsK4H*1X=IP5zv$Wl?=TliTV
zZae!u&p(zEOG=ZPIzlH*`-jBNPXlpp5lwCR<LtJ#x-G+<$&U`&<HvQ}8$ZN14(W=Z
zRE#oPvuSG)Ui6=N_g?o&#>iN-{jqmD^h*S;z>y4#XgKN@>D$OdMKy?sj64g`1PMOk
z;*vSRCn6$J`$+ucNzKJj+IfM@p;P8K>G$KFRx&EbNjfF{TJn`%c7EX>A|18A&8Knd
zxh=bI?3#1bJv+6Gp%>u~uP3J6<-C}D|JfaRma?s<Lqv7tR}8XV-Nj<ZmO^+-`SdI!
z2nQ%x_~vx3TnXGMSKHZnQehF(Z$C>QN<WfIWjl;4F2OyWb=wS16igvywidp0s1hh|
z%C}^%Uk?vi-TC<a`&%q$N<p+oO<;SX6z{Zgz;^*2>%*i8sP#{Dr2tLccnS^!AOW22
z*`c#KKPe#@`FmzYQB`%Ir_i;*8Sq#?*4{z}Z-E_EcBx97+C>Y?ntgnHiC03;<5vRQ
zKf}nJ|82+uQ}mf9o9QAy#h6vXsV0x`9ykn$s|O?<#%y+a#XKI4XDqv1AI>PMs|Nw%
zk`7zW@W|r^?4xW8ttdR>=n4+ZIpD&HGYDaf7+%Cs19I_8Ny$dQtVRY|=#VM%pBVuW
z(JXL!4Yb3*?8@cNjBeywfxFx_QheC7^EfAk$<~UB3JwkqR-bYLFn+DXAw#=o&r5XG
zn68Q;i>+F-e=x{Q)mHlkI$G#Dy~_1TR~Z>u1R4=(*t*HPZsSf#WJYbqw?K<u#-K05
zrGY~d1Cf8+1elVBbd38zdi*eE4>FZyk&)j>DbR`jrlyamnbD~AR-}iQTUYG_$AT*w
za5G7Kh-9>&KDj9yoD1$ylaXrec3yi8pT~wajXp4itkzY4#{p4tDHmWBOrJQ_Z?P4M
z3eT@AnO`LgR`|S>qVK`^7}LUaGB3?`Y9@9@jO)ZkN=nKtGc)g$+wMQj%-AL7Fmqus
zF+9Gif3oj5t&Ok5BL&%#gH0B;2~!ve-@Si7h4SjXeN=v!jmwu`A^kn2gb9^5@6n@8
zs%|0wrUjtQVL8S;-CY{?IVS7Q;K692_p(+=sDR&c?hdx}oxk&1l*;YK#VCu-vP*rv
zI)cXSI8rHJ37VGWZ&+11a`@C4tvzmo7yrt-8<YlzMx1J2m&T)xC7QiTLM<-`CVias
zlkjOTC-r)<u?^VsQHC9Z5sw*wJmyKGH!8UD&1qqP9xAVO`Vx)M@m|SyAP`Zm)5<Fl
zbAx}~m_>HPg>{ZVF{ObQMe@oPpSyfH0O;>_##gs@62}kehmgrrrk|p0JXgxPPmDob
zic4oK=xvl{=(;9xdFJ;_&lGHZf@)a%ns*1Z=sq>?a-AqWb;yS(eDasZMFDSMYWEip
z3JOBzf)}7xGzEp&P$ITd2LYk?K?u7p<y#<Bit-@yYQrQ*i(6D$TA39j0iGLY{(IF*
z<HHad4nYx1F3<&@3n834oI1c_t9|D5pe-uG8^`LyHij)(9<|JNviIEEQe-kh_Qc9S
zxjNrRQ~qlbeLm!URC`Q<gM%;S+`EmQ{eragJ_u2<3qaa$;)2xLaN!)_R4EAk+wvVn
zF**a{Dl67kR3TA#E&zC^p<F>{{@m5oRp0OkM)od6uUD^L-L&`<Ej!k62}TMc0H4YD
z2zD+7v2CpOZeIzhndiEjkrC=vA$0v8Er+%OA_uH5eO33eswx}qVaMZ1Nl78MzLLBJ
z>|1hAfc1nnabU|GA}}1Nm`ND>1dblHof+N^AzQ;IO;uGt_=+4F?bW4!A4a}j1x?%J
z2ISri^xoeY?P>-C7N1{$zrTyzA!M(;g0=U0O8^r(d|*^pa&3+v@wf-O2N`wp&wCVA
z9E<lsHh}AQ$^(NgY2#iY@HF~Bnu*H<#^no=BUoNhw~wL(_&?MIct~<92pNvlR~5CI
z_m)aOA*O!6^KkCFjG;S_X9x-j4V>IWS_t1=;#E~uI2SgMm|XPbBtj2Y{Su`Gro}8c
zM+k?E?@c&%<N**@654g(14C#7iIfb4@#^Z5nG<xt5Ko+nlJO(>I0h~vO~5!sU>a~T
z`x8{?tzLuoIENDy-TwDtH+tnRERP+PIEh@4FF;(Dc<-1=$OD$%L{!D74|f2<2nZ;T
zU+TOaws$k=Pql)5_8qqXxeElnz$wQm#x7TyGi<HY_lhRAJ8ODqF53b+K%B#vlzICX
zl~7Ng8IU?oE}cb-1G^b+O1P-6e-H@g`jn+)Koyu6+3+T?lt=~$BKw~=PT&ooP!@rU
zjtuZK>B<eldciv+DJUOpCif!(g&n!VaIBzfW4Enws90Q?3>VI02U2PHZs_%}k+HG#
zB)bLAaMrgUzP>3xFRJSoWOI)t{7H4|{riKSdDMEJb47Mvj)OeWb?PJ+BZRhzn#Ti@
zPIAV!$#g^{iCK@YYW=vk^I&kHu;aXG|KX4l_n})?X2;I1I4_hwbRMZtZMPbc4{p|(
zvdYPbpPRf<YAWGxo4_Ub6S|ENy%yS3{?W-9qd!t251vlai81miNi%GI(Y-pKs%Ts3
zx5R$k$&^Y@a!C1?EpdvXw;Y(I6#hS~y>~p<{r@(sJtT>Y5Df`Mq>QYRnNn6{RYut%
z6&WQ>BAYTZN<#J~dnQq2izF)|d)>$DoZsK?`d!!KaozX*$9J4(;p6>&jpy@t9>cOd
z2n1F|S*F`~L8-_@#>iX&hYoq`;22OW4N#*yG=MrC!1gAb=9u~}*Nx-+6~M%R93_~a
zlN=0i`3MOF-NQ*M)mfIxmB#H~N>-*8xY=pe&dC*C(vIO`Yqjbtd)};+UEn*b|NFa|
z8N<q`l+oQL!2>cZS~&n{NjnZk+IaMuwQC6mivg<^c)DnL!N^{N;cFGF4;5%JYA10G
zII7T<ioVgwR<TU7s(Z&X&Ah^fOkgps2mA%&OF1k{<XA4fI<}Fr7#61l{)J-(Sn4D{
z0DJeQg9H7b2I5dp!E=Qq5MlN~;CEu32gnhu_Y?RQlumt_uC6Pwye@%qL5KjL@*5Z#
zag@n(y;<lv2!0cW1OuPr88DV14*>|Ge7qX5LI!Gqy%7m~6h|$G&}C5DQIL^DYK*e}
zaAP=n<8<OrbQa+8;M4SA7J`NNv8jo`Xg<xyvF<Sv@LPK`8<s#T;p}$pNBtcfapQ;<
zA=C-<yZ{GcG4yE=hx2-r$M(aIF_R4m2?1E~$KwHO3$EW-<A^c6fDez7U%trGR!^iA
zvUKtS@#4W-;%*W-z{T-d8pEpWFRUU~d4nyfFAanEl&HJDqf9^rq&dfm6dllKpiMDa
zURo@BJ!(NFCg1=N0|x9nO>J%D>O8&l`5X(8h2zAC=@OxRgb{Nirq|iGR6K8J{A|t!
zZ-WVl1lU?7py7gR{hl_y2ty|@$QfFe;GY92Tg-)sd+Fj2a8|BNBFw5d{Xz+xLV@ke
z{qLW1=DRkPmC1}3ASr_hBZ9zd82}g-kkW}p7tO0Xju+gg#YII#wbKaoD#la0KKCJ6
z2t5=B>kVsbZ;emxIj8Y}$RXblKVVB-5kPu6|H#k`wg#|+FmFwJghyj=<w_+M#*fbY
zqfZk!K_;-T;~6`>_(S^7ndsfScSClH_kV5yXaUMvo-bi$%s!pd)m#ExF+lao$}1IT
ztrA}U$vy5+2LcbpJ6nsv60n*lxK+QMl0-{}TPNty<;@6Vi^Uuj99qOzY@%}>B_0Qz
zot;E510PRp2x4~+H++5yLK*|b3g7HL9&}Vf!V@qgaGtNjJXGUVM?}@Fin|N*t^T_v
zKAC8ys8?G&Z=wx<dVAvAXy1~)pbIb6U~@&Hz6-a;o65ef4+2Kz`&W7z7ar|Qxwoc(
z+2zITISZx{!Id@i^uKKvG(?wXA{TWQhPF!X*DMWw7qyUPawvCUYUPDVBc6;m`X@hF
z&Djpsu{I@+`?z!2_IXXz>Sr-7FIPmbcx7sM;)G$RRH01OksIGPsj1iSn>=&(Th3JF
z)cl(NETQd2M0~uoxp|11UcV=+W=g$(tbPWU;3<7&uZZ1CZ}f6^tXkzn&o^n9*0{bp
zKJH?3$$fs>z2t`-Nu2er_^Pbg{p&-gW1)q1_RRr-FrNHb=Z4h;&3R?rayFqYZRzo3
z{JD<{@fmv-mlO6{+FmwjDR$)*pD4)DIpeq_Jl%GSHPFY$^}5Vw6>E;gq@BK1kHxGu
zE_KmA(`(vC;cI5sXY|ZNoW`Zc((*&);K)JY?;iViFORTjT`w3_le4aCEWEd@qP-@Z
z;f2-4)ysNr&XlW{Ey0yZ+Nv6J)6Pn@=iDWiD;f(wq${RIf<%j$pnE#F{9=ddUg5^f
zKvwrahw8qOt|UHxs^6sP{Z_wo!TJ}UUX5Xh_%ibo<|7fR50c`}6o`3lo?`s5Nc;8Z
zE&-p|C(OV*AI>sNGXA)rj7E0t+7^2i6;+V-Uw;crud(8*iz<wYHKFqJ2k+!<e?4FB
z$9><7&p$P%@%H`{uey%P&TiB1Nv)X@mN0P_n2<>TQDtdQrF?l&8sh`$Q>UKneZow$
zB>19U@OBUbAG*U>w5M)5Ih)@3$46fK`32kRbCzBIW(w!|&Gj`I>z-`?B&Vgt)b_LE
z%9jX<r3Vw!XR;joxKX%zEY@w9+_>$E$;XiE7K-#vy6ju>B()5!LZ4|TF<5srH?%~o
z@C<CCzw(r3{pyu>q}aEtUmd=gV|=J!y8Bq9wGlwCGd?|c%%zLBy!<HawWEyU!EnAg
zuFCiLXM4S}ywUERN0PLqpA7D8&vSb4OEq;>kKU$ixA~O5+UFvxo;=<@vySC!<u56^
zZK)P2JHqt#>wYWum#niLnqoDs4X%iHy9w5S(U({JESrQ~o44LL%|_WBKNYIkmr8Fp
zxp8=^!xi+8%+YqEnIFk{yoOyjkEP81{30_EdunE+nf=9!7g~9>w2NJnK}T)ZCR<y3
zJQuu|&D+Q%X)FlIhED$VCtQt}0kvygIKP=;Des|y%dO)}g;tWkTkTBMgua$mHL8Ts
zzC3MkK1!4)V81M?{|8<>_#J->FBNdIUEaG+OJ%FU-qRO5_cPqzyj{MskH@@yuqJcW
zy1b#7ZR=OZl$KW%nLFxa6v?dl>*1{|%2j<aax#3Qh_+kK^ir&p!Evo$Ts3=V(zdh(
zN=TGhGbC;k^k1jI_A|Yj?Kz*|rtHtwRYzGT^ljpo_|nzK?03$^N{x-m{K&+Ae^2cy
z*n>A>^yo%Z(T`UPN7pKfau4pe8Z*gXd4{|y@<V6%RHu?+@DHxajL)l2Jsc^>cvJS*
zpW%O&k1uVL4JMUeVc&o>`6&PX*~&W+!}wT#zxY3Yg=&h6e*Z28^6&Poayu*g_mBJI
zt0OjTk!AXGwfyyay9!7#8vXzDjk4dY!B2^~tF)KLj7H*QsXfn*<(P@z`lj*S6UTp_
zy3^g|UT<}$yU_h$HGaRXsGMugyM5RkthBdIn}3Ec^yUA0B0Ltzc|3CRuh06|{}|mS
zU;m%~&TmEWzTN-%c%;s(T_5G~$FBJM?;T@e_YnB|AO3s<Mz>Q^9xH0q{Fg^0H5M*?
z^Z)htFLH51F9fc2HiRBp?z^_Ew;|~#D80rV`FIgTLz+|jB^MC?V7G(5EZ}j7Q4y#`
zAUyDx@&EN(NibF$9k`7pB1{yt!2B*48mcwDaMWn`mEoUl-F&*dot@)Q!kaRCt7@Lt
z^~btG)T!2~p6uwp``H%eA<i&a0;<#U_TpWgR$OxUKdaEE5(78f+Ku4LaV?@Y*sqo1
zh9c<<;9f8SD`5zQnu0LMW}7n61w+Xq4?Yo!GJ>Fj$#S0vVKKaf-NbTH>-qD)hnl_8
z(x!*B(VK%b(}?T^m4Lxs80{8=%>@ho8;@!nX2y2H@F5L?pi(1*IWmBNtR_(sxD&l8
z^bH#m_409uZX`wx0Lo=mRcUXdfJ-+0%nc($Vrl`tdIZ=o4ZpyTxQLMnA^k!4;*E*M
zO1hKOls!;Xq5y0tba8>>&4ECTGfr!0;INMB3gnfIuV23g@a%~(Pt==*4^NL2&VkBV
zgFy`C{^sK1m7r)-=;htK1E~{nQ$t)h+FGtI12Qi`Nly8G0+J*cHJ6}3Kyg{#)D%Fo
zTQ(vhVhr@y({1iNZTRuoP%(xr7sAaEP0-qR5O@H}`-<mIJZT__S17;;5fkH5kc6IA
z8A2`f5H6TiPxv=F>>y<A_z92zitFkUD<^!sz3-q1BhHOz+fdOG7v?+1Ixn}i_3y;E
z3Vs9qx15QiI56UgQ}b$D{vevXwXV%glRR|Dmvm;Zrv}CC9^|aVOAgk`Rhh7K{@INZ
z8Gn2hb8cu0K}V-yWepXxcefp_BA=CD#$eydkC#<c^ukON+PKr0twZnw#t(S&<v_*|
zmZ?%;^k<WyYbYsZH%NzO`a2#jLO(F{W<dG8N6USX;ht_3;C!@???I*DI+w@-d<VI$
zOmJVx27(~K2q6N-vVn=cFW)Sat-BzHx#SCUpGF7DFIUvp49y<+IhsNrRl4VLto0sl
zzvh9skmP5R#|DMroP(mBh}KY$SH^VY-$H-G0B>tWG@KZ|UxW@7Hi`JefDK6hMWXxg
zjS0B`Z&eoTfjISedX$|ueXt}PgF{*)@?0p;KVkJ7A+7`S7!qd)&+1x$p!oFd>rAXn
zz_wWEthf)200;#@SGg2_|5{H;*^8wF7B}oF_8dN(UMd@m0jI_rO%g0Ac{EB%LxUb9
zfHJ6E@#x`VUFy1qlAu|rX7TY4BGr`aJot6uxB#)Nwg?mrsG^Zt_6|c@;w*FaY-jL!
zb@g<4@meo51QSrk6Wd14gtv1WFF_{>+%g45+7O9?gKmJH6OB|x{T${NEilsheGB7&
zFD)&^Fr5M%1qw_)*Z$uV!C#Mz?rK9z(C1Nv+ZmJ>*=H=sT_nzjIN3;iAX%|+YlqeZ
zS33#B6LDS;hIJJob)!*EL6jYWJ6F*yi2+VOaqQR%^h;I3YvgHjUew{0XcKpQpii>k
ze4$-A1QsebjM_K*D=jH8I+C}|rOV+m026cG-y!~oj~7bjIWsg_b)_#tY{?>e?IE6w
zDm?cPGDV!iaA1<SQX6|;Utd`L#Db?v=yo`miD^1c1_Y@-(&_B^al;aWu?a>?;zog2
zg_B1HMI0ctKXUvKnFoI3#P54x9|I)*`03OB6gJ2%_>uAnuG}L;C|&D9{8~|GXF;X&
z*)N9`G3SN}9G*AA{q8C4Ede}?u9#c^*?B;Y_W~&+!1uCK^&DRY--gx8G&WZHK2?Sw
z`$7})5MG7A5DD!I$0^}ggWy^M*I1CW{X8YXPlMbM{u%T*L*a6>I|i+c2b=TE3N%H-
zBO?Rt*@r-L;c+((;Qot}ojRxd-x=8is{t!GB<V&qcD>1`S2U0ymSGZy!Bb<hfgF0s
zJHs2&(Q!ev!iZ$EKOGnMi7Qe42miXE`UiG4u|`7w4N#*Y^|CU=(?ILFC$9%&EYYPI
z4d8?#^MRj|*q_;VDuCSXF#uV5KM3y;_?hIu!2_>ieg5p(V+;r&6C#;oVB-@PCJKbi
zR-<44HV*gy`#5tcT6}9r!li}9DM)ZM)2`5<N>=H_5l0200-<PTb~)GJheW5Lvn9?e
z1xs^gb5kQVU`7K(Cmd=L9gUN)9vqMz5{{KvXvt}5Fj*A+FbnIn3z#c_Zr1=z56q<#
zklRv#WZe%Y0ETzs4T`re3cwvS72#@7$#7S(Y~5On)9(kKI!q>r>Jk<$-@JQO_ww>?
z#v}t9<CR`MIY7y8id&T8DyVN5AtFwk5yQ(!jDHCx0(RF*qHD){4m!-^Qett|A&3os
zMl#@!Yil1>K7V#HpAbE>kOcwMuL6e&U%`wk$V%35UPS}EF+o{IW({!B0lZu{loh|V
z_4U~*oiz}tb<xaBJAwrt5M-D`SG(VdnII?zKE9hOf8Hgo`%tn2*=@i}hRYr&VO1`}
z1N5Zc<}#C8XH)uOLEW@z7J%gpn0tgfLqVWPXkW>%4U#sI$wMVXfEw%{JX>PgBWT$U
ziY6_oLaNwT-IJsSoe@nMNu0G2_@)%%F3Jb4hXMRgK!}6Q*lT{fK{ceC?93F;jhHwC
zXRU1K2ynRZiI^mv#XzmQ7nYg=p2UOZ(c-xSl|whqjwB(z2dIvqS(68vdjn9mz@o*W
zyXxDd_W#WG9(Q*w`#j1*1Y)4ansnr(w=d&lBF7Ts+U|hk#vy(fAMZN}q#dVzh>ql|
ze|hGZ*U-06tE;IIv;mb3ta@(ap#F%ol(+*jlkUZdX8}0@bN@ZuLJPVa85L(_e8;A;
znZ=1XHaS_=*{Sz)Sy^lO9%}L#YM<V<4hZMPfcpWUA;@$Lu-Qq{6ShVq$atq%pipo_
zT>?~&ka%&0k*dh#_)BbHlmRAf83zFHE&Og&#&G+X<)tZ+7ts;&mmCy7GD&VhYuGUV
z!9V7_v7>`cTtMJ+hycDHJ$T3b+~>@E5eVd>*O`DEkEt-o{aVD62NqJYmfgP3f&Ri_
zyAH)*^fHJ)kn#!x@I&%52^z(%B3XGozo9AoFFrE@Srx%%z-<borC)1cd}?Yhh{zzZ
z6X(pqri2>Ix)e}V;ugg0vZhZG9957@_o7z8Za#xE8+>L$d4c@}2+nksVK;H9`Jy_t
zg$o2ohqF+$*uy3ae@;?0@Ouz#K5lDan{VqO+aN{>s8Cds^u%%c^B+D;&N9sFUnC}m
zy-a{ZF$-*-Q076yM3feo3G6v=;0ZPlc(eB)=D^>OsdmIh0xPT~*<c+8iI@pU5bhoL
z>_;ry*Pk(Mdo8gS6H0tOwYrW)fLlI0{veURO9hEsMgPC^n}1G@s<0U{>toOF?~lbQ
zCDTwGAv`GsJ@r^;V)0+Bdi(nyWMmwH4zJqx2sq{dwWtiOf`i0wW#~A75`0bkv8f9}
zXJFz=@wj>Fg(1&FO!PA>JF1~qj9JEq#dTx|^EmSEa6FQE1$*0F9C8e3DjEP$!qSIW
zHeyLO{JJMj_TX6!jdIW{P#h{GN7?M{ycZf6qM-HD`AtlW40N4+KjX?os4--Qx=a6=
zn)4u7k7EGj3fI^#@+yV_zHbDGOhIy2uKgf^i`aado;F*-Ckvd@m=x@)zc|$1JQKRV
zu?@+^2TH}xe($y2-QDby<OasYC5?f?o?dlJJY0Ez!&mAfR-CyeDTpPJ0XrTeYlu~e
zZwfS)XRa0Q8{V!CTM=BFL^@A`NoU77fIs?F*Ifj5j<c0bTDoNA5U7#*Xk=ZN4`RA4
z1@<ZQpTy`Atr(ULoX76qP#**LIPf7VV>wS2B2s<z>Qz0s;jnFk`B#Qo09Lx;BOzqA
zLJ$&ySE1B8$$uqjdJRCU{rorBKN^ecUt#ny>aU4D-$MQ3f6GaBuKz!Ck|+PKILTZ=
zPzwDa9~dN7VSs*#r*O);RtTI3;EoKFLkLO%@hn<Fiab<AYfFEd3Q~rB0`vlZQR_tT
z&hW6gKXxbVQ&e^71VpTf%_Iw35!`)50wydfssgSDky))}B3y&js}JJ)Li*zR`ZYIH
z0lQ$RLPh~F?j)K3+(mbWXZAyLOa`QgEr8_*sx8@5r>HC}EYJ!-Gf4Its7_}vDZr)q
z`2PL1WGaF?f{>M=#3x3x7}23aj6}hP+ZP(%0mn8&nCklasusv%4$AzeZR!Sea`<zo
zHl@%yhULjrg#-lwVcQ6fG|=ltm`=cnf8p5tNv$!oaj7tPA|x5Z3YyB6T|RelJ79R=
z(4PVo0`;k5<EutL-=E%zSr%$2I>x{Y*hy<n?*n6|6rCQ(H~PtgB!gJcga=)oPXasq
zGO#A7Kvs~NS|kQQkhEZF7okHym3|pI7aWm<Wbop}E)4!J;@2eRUf8oF7xB#;nx6m8
zFs8;3m2dn@$Yt4!i&<Iy7jY*x(1(AZ!R#))_;)TlCPrS^1JHI9!3GDn+^X@pP-*Dc
zh{HMbO~lRBhW~V@dZEkQ04LTtN68syTtB{el4R7Xk*E_~aT7+26*x^{_Mv&lD6fOs
z7WxyykiLY85Ta^Nj~DZ7KnD(v!&RKCq-Mg43W?9K{hJH$7;O|rJSt%jdf*K+30^r9
zY2;)&$9IW<I2XxXGK#r%6e@)VD=?;DuX)E@IS4XV>zT2O_>A}PNPrNih(5h6nShQS
zx^%XzHAZp{#(OEAq<JKZ9SvuQOLDJmJ5jTGqLG*7iikJI_s!;1lK2~Iw^y4+8%F;s
zs~W&S%;RL}4q>;MJayT%80CNb-hSNK;pQ{n1YO26>D!!X7_>TmXnV@u6Ob@xmONbL
zeAT$m`-S=6v`LLiPyVG%J{8~aHZ3h0cP#~}+~DqUb?_4xX1vihNHVCzn18~22%1<q
zv;%n4K&p@dMGA8`?{ao+a5g#fY;HmVI?#Ibj-bGUDzJC=ZfQ&PSA<7AjlG4(z<+qL
zLi1%}B8jWO@n3?NIndil92E>jNW+AlP!5<39C_|yVC;BT3S9dwG&J6F%V-uh8z#N#
zPoz!J&GBLp8Lt~T^<PP}QgK%31sjhWWu&I|;*!P02SNh{Gyq*ysol2h|B!|^nHU|B
zM3p$csnmU!q&R#>gLS0NDl2~w<DD2)gc?42n+?RLj_0gxZ#Eyv;|mK5gNDukg*ua-
zdkH!@aw}q#axby8kXppTg{=iBJ(0+{SNQZMH)LArqrhJG4$jRm>gmS+_v1O|SzD__
z&=_4`7z6Nwn+6w;Xbbr@A8~YuI6<S#0V{SCzWC~{9w9M??0IYJI%&`5ZlVuiTq&{6
z&Dli)t8+7$RivlG)Df+M|3pUB6Er4}{&k}QBCg2je5%@h>i)*wX#)o(8I0HC6SFfj
zV?AY*<lI1LJ@$|Hgy|G4Wl$-g=G@)YOF8ralGvwW>0}!3hsc%WWG=O^7wG@{{<pMQ
zupP)4A7$9K?X*8tKe-UFb*Ut8@hQ)b$Q$rezzKnIpietPSB4b&gqp>=+S-LTY%j`;
zCVErbl|20NG&UOaH&X72eR=hJ*#XhP=9eMGlJVpJN$Rwl5MMIBw3<O*oPu4PXI1Zb
zj$r+p`>$VYJQ}XYzN?R;;A?+!oX*&5c`c$#LyM${XcLgpG0c)}jfa)f$$J~e`|BZ?
z1)5d4$UsMT0t=!~V-&B9_<^C938)71k`aXya1u&3^Az1@bE-Nv6`p`jyw@HRS#i|1
z=8R61GP1}~vVk%zD^UGS$rDSQh)TfL*dL%Xs?wkPKd?AupY~Mdfir^IgfNqFQ;>8(
zG+BkII^nx;SplXa+0EJSDj@mo0sdoSuV3KEb@|Nx&9eiMP=^w^h4Z;Ml|J#9<p-eF
zDmrNc4|w|YsTj|95p83|wt8<i05rWgbYaUj7V0_iAMDOdHB&P)hSsTR{}F6bI5gKJ
zEd51h#jFlO+C&`@ROLw6^zNLB#WITNXLLi;G(qKXo(_EZz)K$6WKZimff%c^D6*I(
z+)wBv=#feE+CbQX$j;yM6UWh5fklFYA`7XDq>F))Z1%hQ*|QkL(!u@*v>_%)Nb#=;
zHKnX+6gvUMDx;8P$Tt(UEh5S4undsLR8!=}&ye;Yu6_H~Bg(|l>%c3v?`LrP;-kug
z&JFcfNpo{1@Fc=T#LN6&2%h?{qp%k56@2-o`q?GfNr8O}or0z&Bd#+)OFejS070nf
zt7@5gDvhf)vgqs5fjvu-vM1}J)x3ultnJJ4tQHg&mwD0~Q&Yq*(`}=(jfpvF@_3EX
zPup>+>sxx-XKe<T)u=9_B0~4E5o|$|r(@V0jnLdtV3P-4j&DHW(YMx_R0`|X^|u@i
z@%CO}NPWVl|NU&?8!peKZx09wv84JxNQe|IvIoEv%l@*}i*1?qlNO@a&?{w21p({?
zac5ve83l0<4oQ+c0o4<DL+dC|G0TG0s8f$TSVNOB{e<&}(Y^2E#MtxbP2lJ#U47$e
zQw)alJ}|$8L=DsY2iNo=LUXud@9rbQ#q|i7927;aI1I2GP*gLkP?UcN#^(aidC$vB
zIqXgfCQV@zKq;qACwcP8Q~Ue-10@Xj%|%6h7_Dra7?8_aWEo@e<R*gn_~XY9y6s0J
z(ulPhiWhSDT38&&{(S@Q?p<c&Uv?v@IQ_PkWpM*O+s$lP;ps4c{`hr@#`bCQo4`g3
z`Uz;VV3$gj{TsBNC|C`=%9P$bo6s$Jb1Xu$AD06)s_SfL7RV(?LJ=I!y!&_Z@KC~j
z1I?B8@P)YWtw6)r@H=s?(W*P9r6tm3O(1{h=KYu}zA=_Tj@7A9h+eW3%`WkXfuR%l
z2Db1@AtDLDmtdT&K{-L#3Jv@y1&I2w3WujSsAA8O<kT)MUd3-^?;%J0ECeLL$E!_U
z?|19$3?4M$qmE3CkN4mM;Jd<Da#CSvdEK;MoKDQfv)OCCSKjHKC;_O6!vrH@;#L6>
z6l$3odw!$<{gRyedGz(;UW@J-243||te`L-Ju>{|)TK|F$)#JLaFl;3{-DP`b)Smn
zZFwhU(U(*8uafs{FMF6Tq((=xZLFbYejOjP)xJPu7m5Cxp6wl>!5yJ3xzjD7!9b^o
zH4|XFY#@s$avj`boKttv8l2%Q`xTtNn`e~u>(HgiPWghs7dy6uhg1qpQ3+4>9LXPP
z?9wUZ!Yd{zu79{&o-wW`jtV#o;MIT-p_6zT{&5>|SW!oNen>%&LjYe`4+vi$X2e$g
z^kZlqL_4I7?9+G?BwGO9776aa--9wd>6*Uc>C<)N=|6=yj*f8dhOiVP02?4)Bu5rV
zI_!jZ0C^)cWN@bXjN9<=u-{S<F<y<hXtajqGsL_mD=X_QGNicACDw9=I~Jqy!-rH^
zc@!`j3VHBhaQCH-D<+}Tz|@HV3s{ViDsjYA1JY)awFB5S1<a*|g@r4fdBoTfepB0s
zNCrGKA6%BnVC<8WF&yD7*|waR#89ZLQbxUx0vt4pTEZ5@zXuwke526{v04}rAgSal
zm^y#x8q~P48zCEK0Z@ceY0I{4GN1^j?4JOD4E7>n4?{G%m5$C$F@{7p2CtpO%*AiN
z)>Z?9-i5gJR=3Y55QQ<u5&+#3`Q81&)Iir}MBLf%`LX{Injk|E9q=J<f4cCwCUE(B
znG*Ax7D$TXsDsl>JYW~gt(-%<b*rCL1b#|&HMjO`el<8vXejZUki2l9tA+@RsAfFS
zI$q<MmUu78QyB)A2LUB?bRb_n8D<K^))Z)@UnUJe9~tyQ#0no?1u!J^0_M0CX20f;
z?mmc#iD_DdsJ{o;73}2HhYBvgG)F~6xY@mObHo<H@pU^UCG8y@kWG?s1XL9)pf?kL
z3>3#8&;Uc{PTfm{NN61{TzEPswJUyf6%@)b%;zuwBkLKUMYSeVtLI5H!kQ4b3*34P
z4@dC3Ul>;Toc99vikSfFAfnX=?c^KD%d4UGjdm*RoU$-9^fSs=k5k(|qOEO@w%tFo
zSJ7`@5y~m>TB8N-_Qa3m;zJQ1L0m5+Ckb3W5($KlUS3?hOKv0=7Tg1C=cZBjBUT+H
z=sIW=!N>%3afC?60Z-x*iU0!;c&fhz*!8Y(x+!P2jmY02id0%ejbVWC7>DunXxC+6
z|9CcA>-DHpMdh&Wk<W;}MFHh9u0R7E?S#RGC<jafqG`TtM1_eHi@4PA@WkK9SuC82
zs10J{wCT=tTF9{aFjO~~&VTq&RM+hyx(uFT7Oyxlrw0{PZ!?lFwnv*NEm-eA>rG>o
zE8Me+=-mMc5jQ&6FcEVN>^2Mo{Q2%;%1OepKtCpCrAQr-4!G;?bVcQMa$ttQ`()aF
z$>|F%9VKZ8bV8dKJF6RK0zI;_9#w4<z54bJ^NPs0Mt06UoTe=T%XTBJ+tSY`EQB5j
z{R$uuiE{?n<YeVyM5q$0#DtR3-&zZu8}Yw_avayjc3}JDW8C4~IcdSnUh<renwlD`
z8)xl0Ksm4>S_`L|CoL;F1BTPWJ^Z-UA7jseJ+=kd95K2<Pr(Tz9^hQW<?@L{Bj|LO
z@MDqe61Gd`F|jd$okV<l1e9UxK>$U+Ee&`Ifb>Nq9Bem<7T0=)&{$b5R4qYAZ}8%<
zD*>X0^?b;pRgnE~5OI_wQZlRw*ohD-Rdq6=hxX!4mekZxVkrZ3kFPaVD|B{(1&K1Q
zT(}0oE7l7-OIXSH@a`iY7ZbZ`l%uD?nG6!P-i1Sw@X)aK8vv<71S^FasRhkNfYA;}
z_VDXO;|jrUR(Ww^1DIZzy{rMWj>hK!v4Fw!7hy=DHHVhJqrM;jCQ9Ol1C+4RhL;ka
z7z`Cjitp90#aY?eTtYp7s!QAEyO_F&-Zpyk+TbIJ$23O93N5<|PGRx+7k&smN`P66
zZ=jNMuF`N`K8)X=MAmf`I1w8WjBu+(8UpmM!#zyb;OSi2yI+9jOfau1_o_-0Y5{iX
zf9%D%g!A{{FN4#x4+|GpUJUb|M)2#fMXq%GVF*bAoetK&nd*Re(5wY=!(-qE3%Uy6
zbYcpt0ch1dI9LtovpoVM@RrWD?t2Gt7G-P^rc0nKN-Qtf!qXwnJpA+YF>F9G21GxO
zh93S;6@Y^Ll3%5<24a;E+vkNd2|&&P$<#JkBaM$8xJ1eIP+y1fBl7dkiz7$l9q<C<
zKf<$}Gr|3Rw1O`n7L2AhW7606-sfCfCJ+hC+(5J=ZeI{0#=-mvJY@=-&VprT9fY3a
z05~C%gldJD_u}Y&3S&GRuUO&@S(mGaTO$&7U|EFYE`19;o4iVVOX3{^$YfPov$REj
zWpgtFRAw3GEw1RCQJPmEWUZcMh;JloU}%V^qF2{)S#;a$X6J<7V|DsjbhmFi-5RG0
z;?j-XpI9PmGdN0Xu2*<Ou1!?qO>N`Li*Di@J{Q=ml~`P$927G3@akuIVemr1o@3>7
zqIX2?{LoCKq)oam`rYs0j0G7*N~u`J?&x$3Z{BeZjQebwP;u(=<s>1sXYC(X+z(vx
z>EB?QA+hj0cw26L(g|8~7dx3yzh6PSxOj(b{N%2CHa_SvK(wqgNuYgjvNdxH+Yy8k
zxxdO%T6g?IppX%IkbSxtEPd7I-Zf<$+`Hz~nYiCK(}y(OHR5*P>_2i)HPczzb!kIs
zoCB5fY>QXcmmqVic^P*;k!$Si&BvI~u@sjSpNT&dt}C;CXXkx7mE6;(_H~7EoOa5h
zWtH_hbW(t-@~`~dPFDNP)pV(uFK>OYO0FsI);VxKeJ66G77Ise&hCH@fm(tF>u7fB
z+vEc$o}5n?wq6KIX?I#M+{`BSu8P)W<%P@V-1vL<j`#lf>eyyQ5u+Gb)L9_h?^>5)
z-C>F&|HqeEGZsbvT{v&rGA)zeTiM<}7N}vNJ2UKV{3D{|jlD$e^N}L={tqTY4R@;5
zLk}Jl{PwYA-EeDi=zP%)enA1_fPTj#aMWnq%qrsioBDj3dC5$2)I(1VkWq^b>cmcm
z&po$re!k+$!a%=ToJOcj=fo@Zis0Dyg{2J*j|2IlW_r6vS&rH;QUrSHpN+V^p?r-8
z*V%?U3X-0Ew5o@4ribs{l{NucuRL<q3K7wa;}5619^aDFv>vT&<NecEbIYy=<AU=(
z{{DyWKG^g@Lu&6Sqn9CG{AW`$4qa3}ZvT6q+dEYk)l9v)vk`|<Z{88&=l}RdH$CLZ
zkjAQdt8VHOa`C}OOvJ)cjW3uQD`xIsx^ebP<}J<#)WiMd>G4@lSQNkbo@vb(m9J8X
z(LCtFt6H8r(OtA^j*7*tpkRf<vgFEZljqaNCda>xjjp@7G|a@o%5wV?d(#BN2QKxT
zG#|M*0i!JI$&DHJHh#>%%yxaWy)Nrx2?7hLMnta{7u-}}x4Rv`aT|}#V(a1W4$+>b
z9dWio*X-1lg1hUKDV?knwIwSm&OOZA&VQ-&R<j*fuHv?O3E$HB=;KAxR%=)N=@BZS
zX1}po(4uLjLGQ{Iz2%QlTLKQ8f7<I9G9<)4_Nj{^WP{kLkC&$C>iW`LITQn;-|Es_
zx9F19(b><ZFKdmvSM7}s6QcV@Hc-?}4yG<=I*GX~g}AxhbZ*OizH*JyKJ~#asgvDt
zg&S^dRm5eJX{l2Zsm8=^XC6Y??|P7H=8-_uUFo<6ox<z>z>)WQvDNfZ_A4kU_B6d`
zcDpB0wB&z>7fcvo=Whq`6C>l}U)cD+W|6pgJ1B^8*Dk%Q-^L<!SQ&PnD0hsXDpgr7
z`O$9?XH}e6J=#Qf`%i07$J+5vPI2b58>^SY#WwVrcbgpFA#ozXIj)vT!u*pa`(gIf
zFPA0o&HMII&-ZX7r}7j_UOv5I%QmK>CuZm3&K0g`TXd<j4o-Muev^qQ?xXsE!Vd#*
ztdifp?Vd0`@M<JPlzVEi`_@eD^Qh$fxL_`bt+qEhR+N=(MSDfBp>cI+FU8j+B|C@3
za=Vb_<&m%kqZ*rqA2jey^uVtU>#d6sR#Id6x1#rOs-^}Ym*{gvX*4@}u^_sAuRN}W
zKl@pDNYV*0tgn8niMh}(jTVS`4^-T%R8F8&-<|i_CsTLRpKr5t-9F`GOpqK<xYmVT
z?0u%bXD^3QmY(G*0gA~%At_KL**H(DN~jLRz2!UWs(Unpr{kWUzfX<G6-fVPEJiIo
zcSx+4ay;(nnW;Q6n2goO9h!R`y=b`4<`~UF<HPqxhOh3^y|1kFKFe-mZB>=RC$sve
zvG29tI#%ua*^$5MoxIR{u3jHK1)&3lets^T^$pEJm1l$h^r?lL?XT<Kxc1R9Gd%EA
z3=9{tsupCoUHHPbdbs0x{A~|%;+r-Vy9^m47V?E-qDma2sLg)$*P=APKQL|GN?YH!
zoH^v}Z!{<Jxlzn%yX-MlRi%y3BAkOosq-x&i}!GF{2JC0MyYh-L|)~!`O1g#Jw3f|
zQ+Zz0en+gdTX43BvcA20pE?Z<-_2h=B6fpKy&#X2mX%+fp0dD3eHa|ag)Hqg?}{Sn
zniKWZR|?>q{IYO4%>GHr2^m~w9x?uhm5)m=yXbE;$|?B6oR|C;&f4v&-@o3yuw(T)
zTGoWRYoQj}ncukCSDi^PKH%f)J2U@HUyO=Ub?Kgjvr>JqRLsdUnqO!Y0}oKbFH^#9
zNa&M1r-Z}`GiL2gPdqjh+z6E0No~@YxN2_gT+p-Nk1y1j>(+#F@bcbLtqc?W#i=j2
zyjAtkq2E-$O*#_Ay=iFL7nZvfWi9n`Wqp+;`|A>z;fl)Uq3gZNk6YD~dAYCyH}YE^
zmDSR_4V2#3{%9Xz-W4Ve>9bggAZ-tAmea)A@WU3eMXup6V>`8Y|4C{(^*^S%H*?47
z{6uc;eHwT+n=;E#E`N?n#CC3UQ|`V{v0t2hJi<sfmU-8iuc_5`@M86~wbV@IU7SlR
zvDDVQdsOJzn3F)6Uob-Xu2r4qVCLHk4QX1NnET309!&pgOOt5pYt1#|^xARn;H9*q
zzOnC18>)TE3MLLYX|L~|n~eWL&s#h4JQJDdO5c7($^BsdG4bQ<dWs6qg=1=ldsK~U
zdmilEy<W`DReBwDeS`w7gvFf9{Q=AKg==+LS<96}>u$hUpdzwsMSYbK1Mi<Z1U9>Q
zOr(N1{juPDIdPb6&1V?W;QR1FV8gGoqRv0ObSy~D)GX)ypdd%aL#y)@Ow-SMY9Db_
zsu=hmFLz<!_X0X$FNKWYg)!EZ!^QV+lKgQ;KRmt_DJ;tWx+EVr-2dU&zp3}@y=}Mp
z{SyZ7c9ZgV=k*nCTV|yb0utS_cUBy@B@x^En|~z!W}$osT~7(ei1tITz|}@>Gg6hW
z7DYHySq(o_Tnmwib=o${5cmAJV^*{i<*$p4^w<1<{)acR)g64vzbkg-hU&ix1@b`F
z{MS#g2llOh|J7gg@@M}2>^%pbMtJ=FM>|Wk+5h7gd6+5XD)7&`+49E^oOuY#Tf(Y=
zrDJ%~0EDhjF|ht-_AFQgBYbqUtB_Q*5r%0{Ur)-8)A!gBi@^8q4|FW2#sjq`(n;J3
z7_7*ku_e6P0)IYmZ15FmE`6*_jQgO)Ec)<)4_|OznfyvUPBGINl<aOdZP7QLKp)C<
z^tyRQ)AaN-4&*gXPK(VtDZ{olHqaSOJn6fk%33`}$vi7QyfwLMgVp}71>-mIANr4M
z`xV#V+psqy=|DK34gv77K#0&RaLg`G0Uaj=VZP|<NUjKoKhfxxDKG*|wd@cj6d6FV
zD8db(J;XR<^KGdAi0vow3jksdKn4c1h%8wz1^XGI9K;NW9rkx%G7(2i%(eB~3cd$o
z_yQGZZq7Cunqx?Ugnp>3tBVcQB#L=1&9@Ov7BEIs2K9>z9M;5fXI-Fh5B&Yr3u5iz
z@(CP14phmoMhAu@_as8Z1wju(64=QrV**dKN9ejJ;L1Wm(DCr^;a9;YJPfg<S_T}D
zE+dhW2>KvsI|EHF`(fc`&<8h7{2m*Nz%Vp8zyzHV;od@|1RCS3<o&4&0<`G8fWM3U
z8COo?Ie^wjy__CBU?DrJ3)wb?&c@FyVPi%(Toj;MAl8eEFkCPZqx4tw|9S)z6#Sl&
zHFhMJ9kf3pI0XraFddMpu^F^g7DRtLSv4oJ0?FFmMqJe~6^}i6vhA>tfWTJt4hUc6
zL+SvKs|sK^adMb5k#+>H@deEEL5lz)s4~Tq*}owI&N(FZLN~Z@ZjgtBX2LgsunIvN
zNk9JtlsphPzO=?VXPTI;(hBv(sPG^Lzni>Vz&0Xbtg-$5r=CtN&b8gpnC4%ONpN~e
z1g_xm^}^KY^bL=OD`thD_W;fh1ThVg-xI*N8AY${15s<Bq1ueOx+;B7{LlsbSfH@w
z7#;R%&dtt#?eDJuBO10*FM;|xPPJS<KXegaIn(3LC!nJjd3;S%qVDsrDbr+6&pd<~
z+*XL>z+^~E#LS#Tdf*W|ymWSiuHL}Xa;bcLXySvwlH>K>Cw<d7rF%Hv3jJo`qwSrE
z`s$U$;RU=DB;@UQ6_^)9m#2XF){77T=s*cY5W^dExva?W1Z4CJ28Iw*!Tr>KD~IA3
z=wgIzN4!x%tN^+1FQZXV)=R;`Aj=F>Ihh!huNcW-no)wz9Kj_Q&=ZnC2`sjV_<74h
zI#VmF@F5GB50gO?5W^EPGH2gt@&j#7Ngu&n5Pb6KqYQoulxcl0F_OhOJI>-~e=f=0
z1j9vQ+X?E+WdKIdtrDaHAY=v55(4g(KBOU@nZUSg!IA+8tL(i?=9P9PFCrL-LjgWz
zteFsgBqAKNds81!vk72i3EqQ`NibmnV^FydXi$!kR$pK+43^-bSq%sqGhbt9@kqQB
zp!3VY;eWD;s=KhZieUx~6m=^FU^@zsSxUj?1vjEDg#}ij#t;E&B?6Ny#^WXON1z)d
z#><0Eat8)pfLa237n?Ii;V4^LQX<{!7(LSLVv_sa;pR<*c|Atl1nfx&qKie}Gccfl
z))iJEG1$StHpt|km`Va4!Ctn@sD7rN56m}AHbN9_8a!LLB!580`yK*sB(jm@CSVg^
zq42|Rl%BD|qMtBlw@<ECS;a~cH#!?C7-u&B%>{7M28y^e75dq!*2N_LWYYNW-?f5Q
zpYM&IVy30N3$hvv6iJ#j-W>r~aSjBF-@2ZYHr{YQ&A(5*HSsQSs>Em-WO1HwxXIiG
zzQPZRJjPy?B#i~<%a=U+LmY~Jl_@)(1qDT$g_D=WB;W?z)#$wEbWyI;OK!JHA%M}u
z+nzjpkTxjd^!EXThyW%-@_fO0zKeYXLaGUXZA@+nsErlA>Mc%ZJl+aWE2}}=w_lh^
z_9;+|A-FeT5+e524;VIg4epvUOre;tb}=X>f!6q?Rso3v27Di<2hahvrb3vK5<BBY
zWyu))8US3ju(45JxvuZf;iKXs!WQh(A!Rc-J!c@&a#N)smWj@qPrvb&KYkoAHSnUj
zI><Gm0ty@uM>oV-W5d3{xeDG0?QO77h)x4T9%4_tJm0kpized7Pw|)6v|=FdDd6B_
z`9RRiDJI4u?=*OnfU7Wx#IS)84*leGv=c0R_1QEeG?Yx|$#fg9dlRduAJ`mZehidt
zpd(iZ9wF67FwTs^n4Qo!LD>b@?DhVdH#H4Qi}UzYPs%UjAcQ`c%LQoPeQd}SFkvx+
zs=z9Qym&)VQ4yGD0=K5jLB>6aDI1g6&9^GCgvkeg6X4y!f?VmI9fdAz7+!4`vQ)y4
zYwVaIZk5nQG{A}v50?ZPP>?wa9y_sljl@zVZw7A#1nEi;dz3-*2gJ3TpP%M7+&r*y
zPlKdAJDmCfXX>l+<mxxt4S2<e!)6M&;{^ku<G??)!15Kyy43e(3Hf~cP$1PrZ~~rp
zEWSUg6JrNm$3O_RJupVWu_yazE63Gq*P`*>!2+Yd4Vw;DV9*7NQ`#FDc$KifNrX3O
z2o&sK5aBYO==EY+X9?ER;iUx7l_i|!_9>q`q=JdFGeUVb-5qEhpHBj(V;szD+#ZaN
z8Td|P6!HTBLHI5>Fga=#psr5N%sjUgr^byl&#%zJ-2C<@%VbO`UqX@-9IzXMOyI^4
zVozVI!4SC;iB=n<n^G|(s7D4Ygvx|Scj}qo*}4ZAi!SMPW^I@=8sZkj!PqP;XJU0`
z;haWuJK#ACPVQr~VkMLTiX>_puyuYxSpWz0TJ#Bw;tql`kLe;opduO{@~l4eZ+KT+
zeB6L-GmEfPoJtIN;}n2)qhKloAJ<@PA%g6aqYiV%G;)x@_g*t93=x0HSSU-=h0Aaf
zDpMLNea=2IKbblD=BEMs<&mTBQ64}Y9Ep=@dw5}ML3+A=`gsxpbk)u-Mjq`8pMDtb
z7Mot#a%!rHhWjbE4pa?_t|zI6STCS-x|hRZK=Lxeg~-;Y<JAcQm31v<67XcBHq@nt
zi2HDzEq=5nB=JNUfF;fp(Cf4lWvj$i5|>WM*!VTfy9z?_z+^obk6~lAAoi(nVVn{s
z6Bofqg+`gkl_<!tiDXP;Q?#U+pxD^~K@uef|0um)M!R68qn#j(862J$fM`|+-osP}
z!@*17P!UsO7!ILUl81vZsys?8O2sXl@RfyNikt)>!)oR`9L9ZXWi-6r-;?+3qhu?w
zE<y3S{gEYIowLu3Ph3(eh@F0o8q;WwUKL;p?yc?NTA1iU_+^xhuS`*rlOr=3BYTt`
zTq@D)pE{_f+YM=8e3;aJB|A6QERUX*p8kGh<i-0*li$@_%|4OzcM`vfX%?zcvO-~H
zRf@-sA(;9~KA35eB8}u?fhbE{u5bt8BCE62!hn?^z}ONmu$2fLj{@mT-c4%&?!*=Y
za`GP7pTGoq8@4_AV4}eWi;ft{g8+<vx)viinDJe}hb8=c>~z!BCz0`S8OZ!QoD85*
z8)Gt2P1H6>86yQY3Dv>zOoo#9)L6y`Fp#*9+JaV|>bQ)o>^N!?BKt;Dmhze7BTS_l
zpC`U)fU~?LvDd}|z!`g}#*FP9c7pJYpDa+p5uYQ%V+1a}@6P3!>71EFVm69bzkPBE
zrGsJ{CKZY~Yyse|s0>~LdnT3jw**cqoO{*JX@UoE48$rwwDn;l=8Ifvub#?IXP~m!
zN<&kGV?OPBAS+1ypIb*hBEt+(W1IA&M&Wjd=ej~AS1E5!d_!DwY}!Pm#j<|FMC;Td
z=rK}*UJ1C=e|<iu&kwHz4B`$c9gR1$M5Ty3ZF}=@nxj>F)-kLBZhysI3x3pn9E>61
z{R5c)6L~v!)~c~@RkWzMW6yeFZjUNvA6{Ei>)NzX-*Yk1(FYMV#WC|ML*Y;Cf1a^Y
zYySSH3uKsx6X8^I%)sZVgoMTO+S-j#a@0m$NRJ{Z7_iD}$oU{*A>EQ6U}(qc_Q~=T
z>fMsMy3@TAI03GFipSR1D{u_H$oxrzS_nb2xP0Nm;M&wXmgtM-ku46#8X>~r6oU5y
zO4JGHuwY#I^y>^gA$8+X;Z$M5zJkHTad3VV6ctyh@cn?fITW#On2G?Vh!Im*cLmic
z3Tf!ih-)1VLHMAojDV(~`du`p<Ztu~!?0ChMu4M4=GD2RPG)99!CZ;-M5)I$qQ>Wj
z71f4})b?GG!#~~kw_G80D|dTz)|;q+?7Jz6w^}mVt$x053~(P%6`ORwW^-@ziFCd4
zFDVI+t}N0D6^=#cXl<Z4(!^4Fz5gP`!pAW==Xjy*g{_GvGPR1l?@L}v)Tg-Z%<*hX
zLvf(?d$C}x<U<$|yt4Q?M(?Tk9gOc&7cQ`aEV`l_Ylqm}qDwTIMNjF^oP;G~gZxM%
z`)Anc2-?%X3PJ|<RAa|CsloT}@p@;F+HuIqPEs<>q;ajkVi{Nf$FWaHw0T1V$yNY0
z;LRr!)a+9~JBWRJJrXx@qSNu|g@Bv&oog8rPoz7XK%d%p;H13#1rTu^r#o&CG7HQb
z$X$z?Cg<hNr*qd^QRt9>1+-x>0egab$h4isW%Bbm#AqWlhj<PhZoPr@5_Bjl&*<G)
zLYHzTPK|EA=2J|QxhhIJIzkazLjEeUw^5bZXSCkHyjp;&`rDpU7R?3lM#2S%ruL7R
zEX*qLroRn5c!z_(oC*nqQmC2leByt&G@sT8zdq0`z6p<DpjZ#4`;+7ydYQG=)Za|m
zY<fYVz!+7u(OM2;$mauI1(2s$qZ<|l-zp(bkL)dRblTV}8|n5D_hv?n7h%Cm!UULN
zLq8vG273;aqZFJopy<deDUpaFjHSWnc!kacr8ikrxF|T-H^%917@rWsh3AO}%hj>J
zv4A#3+iSUP?GjJCZ3-wGF_iVW@~zX)0~@CnQ73*K9#+C{-H@<sI$viwPlcp-OfQKw
z3B+}m%{-z)G9rilWZLY;&>4VRgWT9IL#+((moO)j!HdFKYn;=k^_dt^r2>E;6lA=3
zpUGo4sVjp7jypz!nJtBe=>95Gj7W{LmQd=xUa-Js`TcoK!{jIooK$jHR#Y=nN#zJJ
zg1jr(l#e==EC^I;*hbtPGMyZcs;Vf|4yRVk{xA$H&;OKTc{sI4P3&9wl&EyDZZeOV
ztCx3B$cba(yD#}}eKj`ESm*Ndj&{qDYg9VF!v%e2YFoW!D`F=aL!}ow-#tlkZz>!8
z%0;g+QdUrJyD+-o;QV^(00mc)Nug~#RySF5)xO)YP)Ud)e2_LrU$>^jqrt!zG`?Ou
zGn_7sPBeUo41hcX4x9AwjnT??NH1?}hwTZ0Oi(+M4WU0Ifvb>bSqOfnC|717gd$Fe
z?2~ps&<*)xQ4wY+aC_LXo(bsJzy`$auQ0uKYjnm}Say*zB}SWm>sFti-}~`EP`#LV
z2&qF{LJ<>^l<{jhgIL#Yq?4!G8tc!QdSnU5D+;huoYo4bPw(Bi^O*f%@k|?^*bFn0
zAOZ>-arqQJdKA35UZwEW1vR)ZnS?A^aJ<G~%>*aHM8oIe)k8eQQU$%`_KqR!$>@*y
zwT+F3I);F9LzBmGr5?xclTq*G>H&#w0T9bUx&_stgj{L}I<7}3WP65&o{#pv82Ity
z%&RjyA+m^a)X2GJ0zBhAM!?9b8z}c_y#AgQdMaW)ih>^6zF*Ly!;gnlC_sWpLywJ3
zC_&&7;1b~kC#`vIw*+UuLW0HwEZ6q+>KJlFIlM`rGPFD0;5>FfFHg9U_kxvg+USjw
zvUUUDDY2lZ`(w5(kvr0iv`u`pam>2{_G=Y`wb7WLF!8!Q4QreOhzA5yDBTS}MA!1n
zrw30R<pa_r%G!=DYJX+=Tp~zALjw}9CrU%3*3ZLEyGg~Sf_ldhQxKBs#l)*Tbi_wi
zPVT|CWoll-Jumfxf)iZ8-2f@`E^^zkD2~Ud5V__Pe$Gyg_@AtOHfj&Yn-n#UhzlQ6
zyR_d$EdRLbb4A7<3-jNcPL1*J+G-%oK;w~bU4H0;j;BLq97E;`c_oG7&M%LvW6KVH
z`h2<ZF0Gh{Q(aDXZyK-P(xcj3f**kdLoz^7w!@Yzx#3*C)SZ>29fXq-&^}Z<WQh-~
zbviX9rvp+3%-yR|@A<LS!e7x4X*NW~fu136YH`+zweHPne9KTQ8}h;X66h_Iy#yvq
zBX*(zY<&JJO~?($;nM`BS83^^X?8Zdq9zgZNbn@8?SkE4RDeV7MnEc57A!HLfr9C}
z^M6Faz+<0?xlrGgqRd0l)R*I7bzVw}0`w%M=SNN%Ts1&#iolV?<exZQ4zGONVhvg|
zI<+^yR<*-G4yDsR7Y1H<Z^bMJlKkB7v50O!!8s5X1jjoit)(1*IUYm=I5(wW3>FKf
zD|EoTK8$T!96l%{^x;=QAjn<vROdy7uM~*KjXcvvp$Pri-SY{u*r-H0jf@eUR4|k)
zaV0{%LN0sgObnn00Yfvf`k6N_M(FdRtf@}M$D{6V4l?>#I4PWZ<mujcTc4@BR_Ftm
z3Lednk|xtoEf5uFFv58Vizj1U*K(3aYZ8dY(9x2M3(71=8PO@9iPcR<Zy~@_1FR<{
zZ!<4o1$4N^Gv7}>L%}2fd<!fct+Xp=?^6c~yngW1flUzFZBkLE-|Cn@k;Av)mp3pB
zMsPv5t9C-~9X)^C#cmNTAGZr}14Kz^CU)QhDVoc1eW9}E?pP!6tZ7u2W^&meEqYP2
ziDUA?tK`IEzzvsN6h}(^KCu<%h~^~iKdBZlU_9O{WWg%W>NfLvvSHliT=?F54<6W}
z7RO2E&+G@}^yEPCb&v>AuHFT;8B2~#U?D&|1GX$N;|9BrNSu7a5)*k*Ew*%l)JD9!
zKuYP7m)gsTW{Gfb{hrTbA%k+CZh862m7t#%&(5vm-Mnd2G~gE|OEU-z?yOt`>T_&)
zfAAV1_ia3~Cr-G@&V#PXjsvXWd|e3GtQ@cfhle(|^3r%~f$cM#h5Fd)U=pKrph6b_
z`o{;5<{DUQZhXd(7cA)_0cDcnw81A>a{{6@b-WHT6pOftl7hllT!bWKxYrg$SYRFr
z3pI87U0PAZfFxF3{g_nP^z^aTKk*BA#l#rpSX1gffUE=Yd5Y+<Oq$*Vk00p-k`O$w
zX%9i#(cvSyc~|oaCaIwUee_x#Uz9Q}JC4iAah4ePem>054IGN-HvbH6eTRAi(FxIx
zv*Qr#Bk+N65<&Gw!36~El}gM;Zh!8sx<=AOCx+qfF|e>mIO|nXTzvEQ4{sH(RMS;Y
zCq)$Ii$FimR$6z^={XQIZGrfc=&5j@^AI8p6lhp%<&n}4zNDF`-dDY0W>$!~M-2Y6
zom#oUb(>blbYCo$36FcmP&YavKLru;_W^&ATpSEgcH@Dgtw-m22N)!9-0FkuzFOjL
zpB|hdCk$jO!9S<x<vaaodUp5ynVL=xUSL|NYlyEJq@Z~28oWNhw4*>FBqDR5T?C~;
zmx^^y1FOxdY2IDeuU`lG^D62o(3{}Qd<bt<%xO+gf1=9D`w{;u-yU-L`%in0*(Ezz
z?ddvsminRc>2J*QYeO8YpLb3T6u#^9!!QRG3hpF4QPQ8Vr^jofi6PK2JShR!@HFm$
ztKkm$#bU4w4Y3w*4f6w7A_Q2JPxX-87Z<w{YCdpUK;FdF4#mD&k{+wPlZrabaZy|+
ze4~tWias<~?Be^Fj;k1#IWm$7IE+&jL-*+P(`{{SBmobMIdr0%fa!h1q4SqdC6rF7
zc`ZMYJc&(IiggKq184STa*<(eBeJ6ibs}UiQ5x~YYYbGlQXu^JDHAZ7AY~a!%kfD~
zO)ag97cRWR;R`Y_Bha>9fTF<3jK7ris6&;AG_V65SpqEzjrexhlh6u7b$mRaxq#`A
z@l!adfcOVdD+hD}{)+b!5)uStOk3?fe)%G-@1?8<b`lX69K1k*!hE|$QETfnSdgS3
z2ag27<ELfAfsrVUU`Z`yD#dN_R8F3?f@DJC_UF<SCgnf8xB-7Qo)5zc>Qf*!ylMI~
zJd6mHIQSD*Yd9yRU<QHxj~k7s5FqnJa!Z`R{ks_pDZ3NQF1FInr;WfAA9AU4#sjXO
z*!#gxLt=U8xSKujcw%>glFeqIfdfoquvNLRW~wt#N5l2Nv}5_)P+o>pCR%N@A0)gK
z!=x}VdsiR~C~eMmhCt&HjoXR<rZr}~(QA#Y5Hf&Df$-sQbvdF5sh+$BgF%e8J^~0M
zLnFX!wNNxpOp56O^eK5cf}`yc;rI^AV+Ka#-Y|hMwOEBsSv4L4{q!9i4R0?Lxn4VF
zE-s$G|MD(}j(_;FeNG;VG1b@S>#mqy24Rw{9Wh~tbSLamqGN%h4#DDaVnF`)9{wJ$
zbh1-yM(op_URIrAhM93q%6<UfhfP1#uivp|_3EoQwxKz{3)UN;Omr2l7;2sFm8e9|
z%*4Dm)!`;UB(luFCbWkbMRw8kljVic-We-0Xq7Mp<OFeYAPQ$JEMomnlAfN<^=V>6
z2T()~jS@k0!C)u(*&xWEnF$z`{6b;c^ah+-$}XpAR`lH01{&_c{O=e15Dx;l!>$V)
zwg3Kr?!s_Pf|BiU>Fft_&Fj+#Ehx|R+ZASx3odc&=C!<p7MR7nTUP4F8j7uY_VM3O
z4Ya27U^YH`)S|iyL~sL84l#8>8N^R0n~1~#qm#Qgg^cKcrh<gD9=A8flDwF0X@pU{
zN1g)MnV?roAubY^LOCd;fLhUc`2{<nag9H_7Y7k4rn$Y>B~?-O?t~Ws79(;=OMu`b
zps50da!qsfNq=q`tRNC`i(2**W@9+mNa`d?S{&1g0gLI_tt5gBXs$Sf9DWD1=`r`@
z82bp33GoF1jva)nsI#+^B>4atLI!#nu&X!#TVWLi_Wrn7q3gMbsVF(MA^d}F2(c0x
z0CbcyG5wmvd*eUXjs*`#<JkN!EY{`%NX|*P9<crsC<-y*xPZzB#@y(M1AgYr@FHJp
z7b2?B;GqG*J%ic`9|f{{NX6v<H(A@-s=7W$b@k~-TlkSE8DNTj)|3sgkss>3A|OUE
z6Wb;MC<~qdbO+A+5zJP5cCi`Y03l}MMl6Gn09_<k|1oXn77|<LxkLQ*LMXj3cAEf7
z_D?hX!A(a9Yn5#!F@Z$!PPQ#pD@JV%;&}w41JZVWdb!X}BHk%8IT^B4X2R3N<PXV?
zK%T)!RabDqu|r&65Hw(t|9vw?H+ZlO=wHy^!*$^>DlCnLXCMq?A%m2>1AJ3Rmj%li
ztGp)YcI*hdC_aSci$bc}s|0Bs`;_0Orvpvi!_IyiLgh_u*G~_A9Qp@B#^<&D1m@|x
zLw_+(Gm<i_EJm6UV1|!Ih|^f0VDKP#-WRNceFK1)8^8T=na0JL1T+^dpMHA*nRuA^
z+K6r5Ay$b+4D!%N%~7I}g+f6wyK!n>y>NNyC@{C+x(vVTVV!b+uuq%I@6z=|U0bMU
z%Wma8a)f?DdDBFndV|-K49*D((WAHWBOAVXZa$dzJ5WsdOzPy<uG%+W?g0+EFdxq|
z813Pr^fK!WXqYV`r`aBRndq0z%M8YDVdFLFI_~%ds6F3{9)ZwpYPht)TGRy8@N%!8
z)rYMwCE6ctj;aXe2wrRW7eQlmGa+)6-m)yq-~A@*#y1NF=|6cL-qHf|K3k3(MyjoN
zo~i5Rs2<s!D{}YFpWF?$-Q=rI(EoSJTqj-lUzE8w(SLrmU8Jd7=K1jqcQ7l+AI(tY
zH$^BZJWxp+s(%y>Q=Qp5mr$+zbFDW9U9<0rm}%_4)h6=~o269S=VgQkM#GEimZ_z8
z@3!p9D;j~Tsolh08on^q&g5NPlWZVEO5CvQs<u6LGLXxC=&g6i-2Ce2%}MV+W_WJn
znfPtO2r}k`&gQ>90b;Tjp5nXedcV*-uX)MT(lb<-X1k#2N~xK~m!L}#iUTgP+zhK4
z+hapbR`T_dcZAiGiufewX&9J&M=T1j{Ni}9dG&wNT1Gedr|W*K%I=t%ow&SUzp(z%
zhDTr8803`o*>0~~vk}*!JTS7p6pr>BYjNd!f=7<Tnt6qp>*PKYFsktm3VL_9`+`yS
z{7luJy?c;l?L+~0<bxJXI$+buFCR<v<I?uzR*%1^{puh?-5Q+E$Gr5M20mr;Jds=s
z>EU3>vhNk$u;CZecgah`UNEp~jF}fAUt@cDxu~J~*^d1A`d{&hjvsqYzOgXRavs@O
zrBDU>?%k!k&g>#0k9hT6q~kMqzii_w?>osLuW&l{c$p$26SMV5wUOBOI?kD&y2T~o
z+_O|mT?aR|v{)~;eimaD`sF;(maCkYaZ*XCwDJt~s#SLv4%ExB1IGBD$xaz=ZmTc#
z`qnqr%!CGseJJqT68>(fYl`2X`h?{I=R;sCwu!pgA<g?=X|)Bv<%|?_pgRuQXPkD@
zv5ZXJym!xog03_rp06vni(m0WXl&h!sLx8z1$TVVI&|>xp%`s1z2I1Hzo3V<i)+m%
z+KQV_4Z*r0vg=)u7^O?K-=m+kK>{ld9il84^bw6$u(8=1`~7=Ruy(hI+1kdvo>5nl
zUkI8l#mMGBV6G$P686k4#Qy`hfoEPTX{}UV4)vAZ^EadE;j~i0sYkk>I>UTo6wMrs
z4Gd~HV~y=kw`Du8TB#hfmaA@cSnL)4TN@d;eB#p-{q`$d%-uEITJR(*3%IsN&pWI6
zSDM)Z4i0m{mN(|VQ(5X2%9<<f-yEZ8U|?4Bll7?lLuIK&l~eDMa^ud%A93K`M&ZCM
zz9c+zl!WMlPAe1h`t(49_~P`2*P`muUF?TPtJPoA%>AJ8l0I&e?(z?V>Zas36Q$to
z>4T^V*AVxIz=Sq#gUa@NC-;;-9*XYnGmj_w>%NQrpE#=y8X8CPJUj^5)p2UiZ+<wL
z;My6pPo@8KJ(2R=pQP1QQa3e&QZRj^!Uz3cJAEp!ATE2&(>eOuczYuEG7gZCvYT8E
zz7hC07huq+=aNC3O8WL?JS)@mLC~}WD&{%<eZ(ijTm=rBHAh~GsjluaF{l*Fa|yTh
zjlE=Ou2j`vPg(sbzKa5~O6L&aQ?p7jFN+IKY`8x1<+RGBOF0%Q*K7g<0ZSE*bi4;+
ze8oc-Bah(HZ+rTde{J}Md3L!MYw$%;naA`plgn1M(H}p5+=(Hola{Zq2<^>h+tW>L
zXB*a32OOxt8nVq?_3!hv0`)ZY(!j1~=~oooH7pS5+LxK1>(5U(?@~2KMy_7nm%!m)
z%f!e?c$*8Emfz>nd8+%l{U1l}u26}2O?zxPWam!)V@!sO@2VTP8wJB9sG=g`xCoEG
zP;J!(Y;W8XVz=l|!#WWh)0F+^W*QHoM*;D%yKJIgQEPIN$}iIZE*n_#y9IWwq@d(6
z+ZA>><YyeJa{i{!^LB&4t1XO}|2gX%v%nw3cfGi5HBWJ+C6*O4GK~OMiEFplQZXAm
zI~Eu^{8}TG9z@&)r}3m~R;8;$H<V`Ut#Vxwk^YloTJtN)1tA>D9dlHNo1S<nziTb0
z2NBeDw4?8ArF3iB&^x{*ZT=&?Qg|f74A%m(va-zmhn%k-ESmn=@HL)y#-deT#by`l
zQM;n{VxKa~ycO~fy<W=1XAFPI*ruv_2sD@)2nLLUI(sX2if!Hyss21;xKbu?|4xce
zrju>F#kUkZwWt0E_GFUS8lwi5^)vpU7H3aY51-udYr`AuRG+tR>vdjgCpk;kg)AK{
z;Z@{RUZ{F|)&O>0yDp6C<xKx9apP(vky`b47S$35-4ZQL8D7x3u)eg@W~f$w^=_QQ
zT{G8o4eQYx7r{0~DueAnkI2;Um$0am1l@Gk)4DmxoZGaOc59aPBKJ^pqDDYPd71TS
z-GO#arI?6E8=!HpnURu;9YEvYlfla>%-}blsMphLeCZPI!Ld%Xk~ZxrUkyZ0vo#hx
zo_7CqYNv!wL&3e7w<eT1gKDqzjxI`Z?o#GHXZJ#TI?Uq+v;T-itKG1h!W~!h&bL#C
z1C;V=JlW=UpKB{CFTb?(DAF;w-?e?U(f`EaRE__f_wX@9wEIf>W{+@WRI>Uj25#KO
zb2dp&dh=qzvIT?OKQvA&`GRZuTeJH`&FKQ@0~Ye^4n=yg<&X6I^A~!kpm{O7`fEX?
zJX|s`!OrRXd;9k>|6bO)^1!nGS$Y58NTDb0BXX7mTsAD~ulFuQ#0`iWC#RQ(2O(wy
zkY8sj(y8{`3j(8-mSA)T`2oNG;D~o}3UFj>*(D7*AlQY*S;J`OknI)*=%(<iO1{0&
z=g3WkZ@s%pcxj%8jAgj{nw96wIa;dHgma5?SzMZL9VcxsVD3@?L_p@v_8)~z8$e_~
z`g`KFj)eMWLROpKp=Sf`>X7prrgz|8aB^{NK+y;r84rLwRaF}xdNQ|AohD`#;D{3|
zP~7tmp{Rv@BSf|Z8BXu{Kv)6nf5VOke+ir#;?3A^lNWCxAvrPi58c#pUrX))#<9d+
zA97a|JD4dMz;g!r*OkzutwEuhWj90*ZMNg$WHaW_XIs#+hk?0~3g<+)#Y<r!QXsu2
z3MyWv?*qut!pQB=fkw>9kWWFFDzIWZW1wX`YqS?#1h5g?sbMW}5lHkQ$V76=qg~pq
z9^<*ri=vo<)CzVGM<oCS6hH?t+gB9^R_n4j$pAR3!~%_tdtsqVz!2fyg4;v}Xpp~~
zz;leWkHA_)I$bR0oe>BE4P!Qp>CjP<;Xg1eaKVFl6EGhm+#o<D7~4l7AC36?!vJmt
z@w^1r?PW6DSg0`St<um+V||J7BB38*cy$}ZH6SvC&jE0X5C))GN3VmI&j4Q%;`0M8
zUSxD|pzSsECTIoA@WmL_gD6VxxV$)xufnn`4&pZuP>LrBc&ws=jS~}l^Q=a0fn#9a
zp5=|15xSEy3`Su6eLiuT5By_v_V_Ya#TZO33od{%*q(cXPkZG5;q0x$s$AFZQS5Fk
zL{SkDqyz;45e20iq{AQt1SF-g5ET)W5|9!mDWY^E1}PvRz35h?yUuv_T5Iq1?eF}q
z6aVaMU0a1Y-}j089`^{1=G;q&5&;NA@|kh-;02e0txLwqoYDuN&v=4G1-F#9=EKC(
z3z9)FMlhQR!C-H+(I8as)uS|S%230Ce_9TquP__KSP<+cG5-qu7`)Lk<NPUIYZE*F
z=JXsU`iI3{X#BA9_p@mv>u&+Mz%1jEnJ9caJ}{o{&)r%~^%r%sEm&)`X{-T3FQ8g|
zE+{zi$6uUH5%8)&(Il)<a5jVS$*D$QYDa|PSnp?+D1WR^(9R9S_JD^+0s4M2bVanG
z#2f+Ouyz1ty@z=MI;;KQzv13VG;tYs&&?HpF0u4S8UTO9+U*b){(R2AOUq<@*7ptw
zh=5fxx8BX&_7@iu_a)fMWPpJcPzdi}s=tVs#PJWWmoP?21_F>M-ySrlNEM;c(kj=u
zgdb})WC^H-jE<SF#ObO>;qN2^d3(BtHPBQ|c~(y!rmpZ`cn>-TnK6K9jJC8U@NfF1
zAV#~uL82D~KyD!1%S#{=`Op~#kYx%8pwc23I2#m`;$V{#4i4$*@eD!!<X4#w{gDTQ
zMMy3sK=)`s-Y<IamRtvaY$$_Qe);(%n(;dLg$PnZhTNC;*FHmuxkABZ0mPtsnmz~M
zF^$abX<b%e;}GsBoSlhV8h*+G#*?=ilh$0AE#Sr{a|Xi&7Ll;j-H9*}sxh1AK(H%;
z`3&H2guWa5We+@3(Oj=3d;j#{6Z~>$d4*(UhZFKoE###R17T?&7%0K7XaK*B2;;GA
zf%~6RnO{eIhlz3<YlxuUM3Rr+-)P#_^qT>k_%CMpi-jN&kVqRi2E0{ImH3%S9tMbj
zH2)@MLMu$n0UDDS@O-+k&i6;XxDr%a@u5V#)h@R}?@Aqp1<*4#06Y?LlGqfNS7Gd#
zW?YutlE-j@{)?zkf-;%jV#Y);7hnuz*oCn+msP(UahC>O<IC>*EsLG7a4~c00u2?C
zQz~*6VNvuDW+moe*s}6!ZJ=)hNZ^DSi+b9vS$!Ms&|{QimgmQoG|HC$L9%=?T7JP9
z)PuKL*?!pM6b&2r2x8MpU_OE5Zwi*>X_F=&9NQ~nbw0ri6Q*KD3z81Z$*`^=QM*9p
znE=&dgw_p~s>I$`M1l*JA=V@l_%mS6cj7XDy-MG_b8iakieJs?o>=77Fh;@q#G8mu
zVo7F`#7c|CE1?O^%*=!vEM>t7ZjXTAHe3K{UM=5Q0K9~+e=IIH@Q;tsc&6Q3PI5bZ
zB<SJ8hF!)xj9F55?f7s^oz+M@*5}P*t^1dlpZdsAd-O1{8|g@>YsCM!`6SoxQn5{v
zSC3cE>(|4cj&`lDZ}l}i4Q#XS>3khv&>LbG;!tsJy2Y~cEssPW;0uS;A5CwNg?`Go
zj)l-$K?NnNjUhlHo*y?2!D!&&N+_6sMvE&d)?Nsg+YbLAY#!qE33e^C!Y^A|H1UsJ
z6=EYXqg)vIyp2*imgbF!CL9ldP=Ks%`cuPDh;jQGvb|%K6KFym$2MRB7LB1d@j}I`
zT|sbv?7<SC;gYQR8P2ASNte66<YCn7I6ssQyx&)>MoGsUIN%J(Tmh$Utc6nspyc&H
z3vqq8Nl=*6&x0%u#!sXmMnjlbQz}6Ox=^5+0-hcarBWZ^SS3Olb)$1uJz5SzHb#dl
z*Hju2l#t(s1+ss__rd`oHZ80;?>^`el~&ecfuTGsVYXpYVC=LV6+nrX{OeGcr2t%Q
z!~pfyty?n-<CT~Rb>p)u2!bsW^M{$GrDejfu-zie#8`<i7RI=UbHt4CJDgR);aWq0
zT5>7_$wmdzH8Ai59-kPh*mXGQVm<({nj}7AITE*WY*4X9C3JkLeP3#8eUR=nHrp54
zh0IEQr{&dVLC(W4QpX@I3zmA&Y~Xq?!h9AdI(9y6(`Av_gxwSkh!|B0iH{d=^=#_D
zV`sSmV=Dlgug*L1;SesuErq4bb?3LHc;TBlEfT;8U;;H)oYOKKObAmRqcP%QOXoDP
z10x3Tx>r<2wFS;aoedmx-f^({n6bY8aiHLznwr#y>^Ql(*J=+nL>S((^PbcoZj5&x
z3Z>_P$MFGd8jMtMrfwv}NN|Ag@Z4~|$K<m3iD3MMi6wZroq#$q2_i1HNB{yIN*PRb
zY_79N^HdtfX9c@S*}>f5!1tOe2E`YPO@nmK=B$VE6CGpqqE3e7A##!P>c_hZjQVoz
zoLVhG7{lGi+COk&W`~TV<PCT;6Ndaibf|>60xYrMVQD1zionG&@(-YRSk>Os!(jJA
zS6@E~)+gZDo{;{ceY`SG5{Lph@VmN%F)e|s##PKUUjAYif>c7+=M)FWRe<i~vIWH{
zN1m?@!8s^)C0LiC0D&#sgJsZ4!0*})?Y7~8E2CNC<KqE**31|Q5I2ioc$ooGg(^Bu
zYY5*l1J@Mb+&&O@t|OovvjyS-#BItlvJ++O&DeK8me-;dn;nc#tWArDOO03-YC?~l
zyDC9Jm8`su$}&}(6=Y@>%vl^q3fA@X&SRsNS-HFT%~2sk=t*j7>gkK?NMM+NKrj#;
zk4ZyeR9M7aDANva=@b_iw#p%fYNCe0d3X0d>n?bc%S*~4<oUN-)YRS|2c%8Xq2WLU
ztI!NX2qNUdCB>Zj3kL*>PD&+8M6mkeJxVa~?)8>EUjXA#An`l*?v3_k37mtuk}|P?
zgz4Vc*cigKdr{*@;(VYYt|?8OFa7<C?yXu^TvkS0+djJgL62j_@T)dO!5niWSoEQA
zl6=Cc#Jn4~n~(Ng9UkloJon^>=TJMnbh~AKI&~PFs#-V=fO}YjqwOy%X!#S=>Z#&2
znn&5#o`Y}zo4!%VnNUAtQ1Q~w?|2V;T$?MA6<quL2t$U5sa%-3sW0mp7<l{oGNksY
zO=u{#QHv`6!Tv@#P#2`iORxmPMNNF%Md_R_+1h64zIXDy;TiRTa>6Xoc@ttNMxGOc
z3XrWZ8sfxmjsl^Z%)&v^gD=&m2kR<(_gmnaBEfJtZxL~Yg6`fC;YVV>8|AJBOifI%
zSnJF;OQ^Vu#I$@~Z!vbX##+FGxiQRQTbFy*8t>eD+^q7MZdFa+E|&7g=N;H)pKy#~
zb|T`}rsJiX4%m4OWQ7DwYKh-j^y3$}Z&#VJhpJgay4@{Jhw65z9(PfbEMrTf8{;C6
zMUx)4{@UFu_G!d#8qF2XXy$r#Avzqt@;3L$OxJ$vPF&_VTR^^By-_&_qbo64*>yxv
zoRf17rI;Ghr7?{rgdUVkDy52!Z7DeAkUXJ0Zwk{2;&zQ|F&Tv$lj-O93mRHU@Gis@
z2fp7MaF*j<e}a1iBWuU-IZ!{v#l*reqN=_#oI8C8Bs*e8UC9!icFwaR9XV@K5#I<6
z68iuwWeWZbPXF=W#2u8BsIl@fqJc-zGYlq3?E-hg?w+0(0Rc~-FUENVAGc7fFALNo
zd+o(tf(TU^_5Ei|G)_Fe80m4y@H2K3oZNI{PhHa9tyi+`oXUZab=an;q{^O2a@bGw
zbL!X-GCU?qP~ZHBd-ujZ!laqFaDNY9h1mwKkN4m9ZGe3<w!R$a8$waWzLxAt02aQ{
z^*$(A=mjsCnzDsDP3`C9<y9|H&=zcLYQiB{go+tXO4m@Hk^R7`znS`$2av;S7~8{1
z30`9fSMm+BM5#!Xf#2>3hA0vp$YthJObQu<T*UV>jUFG3`Z?`hs+i-%86Y)w69P;+
z)XL<Mqkb`F-R2|Uk3b5r{w%N&2`vMcgBT7<@JJO}JLjBW5{7ZzY=4AjX@Ukt;e*wH
z0v7C1*2r_7&U+Pd%tBI4rG28Y53Vr#63iM*26$oJ13}HW?(H>Pv>)RSI;0%bXfLlZ
z+tIIb*tQ7DFRvvt&~b5sQYs;mhZWj6MZ0Zu=Si$0s@*sz9jh@VG=qIUQ{|Umgl@aQ
zrO4kDq9!IG<5!r&Dm7$2SK?3CBz3&F#GUnnfqeH#)FM)8oSq_#2HStIQnevo@TsQa
z+szEa8fU8qeqGP=SbE}p&}lYIg#S|)+xx7>_0NxK^^V6RI5v0gqEcdrw9N%S54X}j
z$fj0O?_+LtS$2Z*a@}Dk9Wk7KGdRT0g5QFkpW+v*5G%1y3xhjhG=;=Nrl`mbH)+0)
z?MX^_0vo~+%(0J&jV#RZs($=n5D-`luueD&5fiFTr35F+&`*~dYi)QVquqU{lP}}!
zeBRE^&Pe0%)A|G@X2~sL0g#x3y9VwX`1V9L3+Ae39M9+M3)p%%hOc3G{L<~Bp-+@(
zATfEuDATC<=gyrwYtv%ZtXt=w#W%|WZy&M13_R2v&B}BY!@H~!kdI<mj${G>?~9h0
z&=Ii%_y(K;8$<oym|&Pk>}QD<2gehNCe=?G>qrw!6g}tyfL7i_?~fYBTl<rHQ5Bi*
zVsUhUBU~@xH#SGe?=$oB$-on^#$?eC68{&VFTgw`XOGLgehfxA5FdRY4Jgdh9{LLz
z-n8^YwRzm`g(Fz5{R0EBi*+b3K7cd};cD6D$T>c{pvi2xkj}ZGt}gl>rUWN6l^DK@
z6+8@rnIF~|ND3_0C&SaIr(Q@<jtUBff=ncNqa3*d2roR&&#%$stXPaWGbFpbxU^63
z*gDF{Y(;MclYkEvJ;@G&d-GkITIcu1&f697;xNXh4xh^Y+1`Eu;4Pj92^vha`c-9f
z%Wl_S^~|%*2lMVSx&SZG54fi|g`Hk1@vU_Ul%B4<Ex@Hcrq1Mfa9gE!Y;mtr>6R=F
z?n1dfm-uOo>y<Cx*_QT9sQzMp<!`?@`Ry#*xx96Eg(zR%-RG5#tNkKYe;5C5m;d79
z_YIaA>i$ki1wVChV3J(IZ{MU)-hvs)dMD8y?*MtRFL!i+cVKkrFaop{xHzb)&v$_M
zK|&f~?lfPjU7GrXf@Fw$pxR(V9<fWksea|8`<ue27@_Xml~iptBwc4mQ79q(CO9t3
zi^DFcaXLU`M4jUs*oIj#$Vrwcm^jOb)j7GvQKJ%HL#PH7R(UN2k$?}t6D%O*qR<p?
zgVRy!C9m@82{9C+ufs41H=1s&u6~KTPCOL+;-%Ns%bvv4^IiaMO~3&xAB;3JQrq<o
z@JSF-45&H&_6nMI=npM{h=Jr7HcIWE#KFZ?6E}o|0>v~;#6bhxk1|0IY8r-fS5Cq$
z6Wt{a&lA)e0kZGo(w7QgtP6Pc3Q?UGEi7PTb$YS}2R(`9M8mZv45-ZJ1KiI*eNWxX
z2%-UKeXvUG24Fx6QdB5@&9Y6c5%}_onHGAuP(;<$X;2iuls}GQ3H2R^^MdUe*)Ke<
z>6i1%>}58F)_0<ERvY5t;ZX@%MP2&h_3O7+vQL*YY)t<`Eq$`(rB7g>`t>T3%tAtt
zG>5$r29!6`xe2t4LeRKMHIG#*=a&rz?TyVo8)zk_q2{g-uguEys6C$60S}g9e#=gA
zQsb7+&h@L=FX4KnT#a`{AD8=n@5g4L-sPg3Opa=Gly=wj`|qwj$>Cjgx$iA>rJXk-
zK0@P|^byK{-)Obwt92XiZ{J(4qPi@Ys=n|xGAatPlzTYQx{c;=yh%ha5?Bm9L%bFV
zb_MhUUlS0h@8i8m7$RmIOs(%|aDndN^%J>*LKcXG;P9ATa>1^xijqDsP=o*?#rT?s
zP~AxM%fqpAVi`7kFc4g{aQ$)LKXx2Y5_TSmMtSmNgWPTAOLo=<`uZ<@e2zIyLwq)H
z8LN>|*TA6W&E-u1L<y(?z|MQ+!@NxhFv1*I8IFg6JH2gC3!V|Uf4?s|rM*QDo`z?^
zW_YrX79Ce@f`-c6$(&I3`?<NfN+EwjX^`c||FI0H0*_qzXvpXIc906mCjrWXW_-5W
zdu8Pp@Na$WcGlpHXWCCPLlER>`e1X|haqC-jWV};Ip5&;LgiWYrn9yHLrDet;>8Za
zvxHL~{`Pl#=57nZhBfMvMid5Tz-CB!J(6w?GEx*`k28kt*-LnM3b&iym{jSXt5=!^
z@+O&ci)P<GF}-*tW`eVP4=dPYr<23ndVJBw!h-ooC3Z_>+o#UCgjgq#d&yX~e8g&b
z$tl5Fr$!Twi3H$?H3`i{b`XYo6#IdLycU->dbOe2#jY>FQQi+0Hy%572mIEaf*c6F
z6l?v7H{}h=+HKT*YJ+SET0H|^$JJzCpFI+6qf`uaVdUuWmFEJ1g?>D0`6R1i`#CP4
zyXS02s4_KWV17m>QK%wtaYOG)FoZ^&<3IO|(=iB-QfG3yO|#OT`jPl?-I?ZP`bq6F
zM={g9`<}n}uB(L8&<{zhJ-HAqCL<$q-1~@sSxH%$F#f~4M2^|FySJAUDkp-zBkvg+
zVbJkWRIjIgeKQ4h2TGfVa3Tlly#T2Y(o9wnD?5TQ16i;eX-5RbiWJj70`XXHVDF>6
z0HLN6Pyw!J$x+=_hvD4%IyzTkF^?6FSA|uLj`O;SiL``-L}q<sV<Rr<Bm1eH=ZAO(
z&X$1<hu$F6Flq5<PE3Uk7;m+AKcNLCIoPvfdej@&KySuH5Oe&?;-0ac*8H&D?C&o|
z*C8$|%Xspndt%<4L{kV+KN5)mS}J@?SPg7II|n0)Nbvyx*OUmJWs~9_3kd&a5aof^
z%iBusxc7_DP+4#>OTK+O_9wSfCgfZRPJBXdlDk^V{B4_<`5t(;Me^a|M-^Ug<Q^y#
z?p0cb2g>G8?_Cn9Sd|i+cmjM)@=&0c2ekeX3xe?Ss3R^bIyHHPgglozuITP@)Vl<D
zk3NbTK%hbBmWX#g(_w2>)mJGLQ#^1ZQ640QbKNN1jC!4tv{A+8Olp2i>rEpEl-4NH
zuY!CBXFGEc@AD9XMk++R^*F{QMJhpnhBD!#M=T202y|57fvtpq0$pec0DY7$9binN
za=2k^><+(Da$Ex~2qtw6L|+8JL6jS29Fadvu<3Cpe8lV%F0!4VToFK1fiAyTzz8C5
zi1vHI)xxgc0ZJ#zH%d~vNpm4~5UiJJVLxx=;yOKGJ(@N!O(0q5_DGI46!E|pUxb8c
zLsA(vbp~z~K>Oa~jX^s;+vO?PfUWdIabsCTPUb_<zW|e?{JsrI62VqM9>#X@TUoQ`
z$1s@h@8RS(pmu;u|C!aXTud>RXDeOsY7BrDlP=u^FLQN>bpDyiEipgSqq1}^xt%UC
zx^+tm^8gfN^zda1b)I_y{*h#52hRS}9;{|b&dUzd)JTX_d4%+B$hl$GaS!L<c3N8U
z&v5R10h=60mzdw=oi)2T#+%so@NPXGr$P1ehI3)UoI{S0podQjOO*B>1)oF?U9y_!
zv8~=sH8z&Y@6oQ;3A7_uY*n>9v06r@w-$NmsJ)P7775#ad{MDc8Hh0NLa`2)M_oNV
zc~A@qT_1{cD*DX>rBD9m0*F38hJ_2T`9*NBG|mQ4y7QD&<m9$v`p^v&mjT5Y4v8`7
zP4agXP_O|Aa~W46@x&)G(7-@csJAmsdq^S;GKmOv5$I4m8cxJE$ep0p%&~oe3db+o
zb5U>X4WA3P;M8!N&e4WM9K$Hy4`Z9)bnocw`~=q84CLVCqC%s?Ft~O7`m2DpH}B)1
z5*8MI9UM&f%v6LRhtnF!^FCLhi>O@)GZjDKD*!j(ZyYwiR3W!R2iSdbD7n4>)I<^w
zhoX<68WN@FC_~6h2w*WfDaBlSYs|qIx_Y2B{L#6UU^XY#hiToMVRr0bwx7GKhGCK?
z#yzTY;F0SAVu^(bBW6=S;_^C40fm4uU@abK3^AMY`AvzMOCdBvw2UHinm5mCXWTvl
z(DaJCpj`h!eFSK)@ot6q7zif8Hvp4aSXfB(Kf>`&=z$GOo%V{_&E@6g&{bc<L5QiN
zJitT@{0MKBGB!QbEQ+0L*phJy>z8odiS*~!uUj}fi{J{+;Q0ce%LmBI&;zfdUd^zG
zjOSy+L1VfQeoJI7*5bBD8%$W^B(e@G5Id9r^Hg|ZXnOPj?^Tax01tk7=c9W|1ll2z
z^-abOK-3YJ5e;;S%r{Pa_eQaxP~>J{_gs4o5FE7iD=~rPHfxmvM-uKW26(`Fg(Kgi
zobawl{?6Dt+EdprWft-66|K?i#M0`4HW$5qm=g0qUBUsJR^HX_gLkTIP2@&e4&ZWa
zPJ$CNF@4|Tzmc4tz!qJOFV;nwJsl*Q(CYO`**Z905Ob0{ZBC-7Ch=Iw@<XM#BB%O;
zXidY|@t^535!0{RQf$3e7Vwv3hRO)kTjSV&b%ooW>0ReAjYX#Bjr@UMbfeqE#~u5r
z6bGj|<U?L-ndk57M;x5G)_cCe2byYgHamSC8n}LhOA9V)*!njy+h%XC{7-1C2%G=-
zS+3|yANz$KMw9H)oUbt_8u-p6c3i0Arn@}ht@}tvQzPo)e-d4Dc>fGJ&FQ(7;}YmG
zEt_xpcY^5Zl?7Z!S1xW`z49V&ZLBJ1=Tfs&ghb-f!=3+5e+@hMXJ~5A_Ud0Z;`T4_
zPuZz(aa^<W=J~n)!ry<ZT}$L&rRRN%+o`4(jq+0yH8%hKXBS4;Fa38?YR=mKj+|{j
z^S^Re6Ic9qQmyTl|Bh=dF#cb;wA!oK7sY;ky;$(-mD16ZC%x_RYIJNy|7WD@@<#2f
z=x0yF8K`i4EF`%*Q~G}%cz=D8&#0;1-cWBV-KoHEZMwXavHy`DyWn6u5W>kGq-MGI
z`juS!C&RuH3_3C)F{AcB2e~nfF#p->p>m{^-}PSjiiF^1izR={L=EbHKL_N;w%WJa
zMr{6ALgzU;KdV!lrx>fGuGJiu$~Cuk?WYstJ8$2Pk(}Qe{7}Ak%VjqIeA6AR5|{D~
zi?VBFhmnG9wzsp9di_%F`o%r#TeY;G%123OPdScM74K|IRL$LbH@G?7k0b8fCJVbg
zOeH0HQFnefc|2zeJ_RXmN{Z6dBF}38nBSX!c$f+}L<n6TpH@%0xkSstny~NJ<cidv
zwHHGIN@N*jN6H#&6x8<g?%8~3@Uk?&!%IERytb5kkzZC*#RX_^+>BvFg>X?t*1ybU
zv845n?BcTWRbdY#4dA0G?fP_g=Du0}te#t2<25rkJ~)>f15?B~`?)Wd+Pd=j?|Aw7
zZM=)Kc-6XX6vOf9;>yatF^c=I=HvquA$illd-sl*{yuctu#OfK(4C!!EUva~JNMWl
z++w%l!m9hKojkIGvi=oXhV|j}1(N>lwJG}_taY&X)qjM~`nLoqMu!T|Uu~Wain)@_
z-F18h(dT8=J@Kj^SiD+Z(>~gK;JI)x-`%aJrho6qvpnDlxBK4?thUbR2({DKn;pdV
zoCw;JBe^)ihNNbjBO(8eB5w0I9`RH13DYjSj+OrGi)u#dwUqqFIk%VeloXkVQ;noO
zTb&x_7VpeB&#qZFz5MajXy`T5YXzg9*JXl&X&}4!?aizu^eERRqIZc&JTs_TXuLJ=
z%tgNHt?m=P^&ccvY)rS^=%Cf%<g6a3ccG#JF#hb|@_xfurkV24uRHVYUIi-aJvO-b
z?bTpf+UC)@y8_vFPPI)-;zF*@5KrdpIdoR{#O{-U@2y_YIgcB>@b)e{EX&U1^zmbX
zs+x*{-S?f!YuCvag&%U7o2q}+%YA!0-gigP?y`{}es^MJWV5gu@XeViy*veRJjk~R
z@yXX46;>|v-7rxM<{oMqpH2v(ZAtgfShsB?m^%P`-nF)yMM44!KJn(wlm|)M&(W{l
zdT8z!kNiJklJDQ~^1tp=QmL{tZ6JH+qktGmmmO(#t0eT6%3`9Fnyhbkr0Z0Sjufm?
znw{0m-}yB-f4MMII(w&`@eiAi)t{cyyKOyE`Er-jFq;Oq$zggf;nMN40L5br$B+6O
zn9nA<D<zt)x+@%<rK+xGe!K1bn8mo4K?$$(#9>wq{)ohA(ed8l9S(wzeyY5YJK?K&
zcKKuplb*x$!)1eYLEMh+njx2`YHls%%&fCnrqflGmGxJyFga_tu+Ou)T1-;<T2b9_
zrsceHrXiI{^PTph8=}x^?Xa`Uq~&+?db(RWMlt%G@}eQea<YuiS9$pd6)pDfdn@^5
zVAWO4@S}~qnP^pBdN2Bn1oJl}ndd4`{xghv<lT7n^-^jYeUWF6dRf);lpZ__nm;_Z
zZA5OK?bMNwc8cWt_bHJVKZ{KKs*z<C;5zxB^Oc6`VV9SeWu_DdvcY*?u_l^*MPyW@
zgds-9{Rj3qnq9m0BroK=PQrR7dDGp=aj%rm(6gSA9&%7qPzW&L<l>?%Q*HY-WE>t5
z?G7(VKE5@EzRW>{XK6IJ{EW}sd>a+VnRs=5_1!hhXkT9XygEVY>DKjLnmKg^nHI8-
z*%c2lxtMO14P8ofp?-=1&Sr`7`L3$Zj-00FJc3Sl6iym1Sf6^CeaF=Jt?)lq!ODV7
zG<y0KT8HgkQUN=>Yo_9Md$Dx4sb+p*H@g%3&i$)*?d+U2da}$_Z#mbuerZP9X%m8W
z4nLRFHf3{I&UR0ZcBxZ+F0qD>uZMqK><NLpw@tO#EHYnbaz*<FzDqQa>r@wBwJJ%n
zBtAagZTewlCg^%A+_{nKDh;d1+1p==mp4f4PxA9u-a0p@*D@$1>7|r6r6<ysUG`>8
zvSD|_zUV^f{XEV``zk_uzc0~+h;#psQ~R>^&3Og+2b(XH2iiylatC7%I-Z}DJo8}l
zT@Q~T%OBn^UdRXu<uvJB3v2S}*1ct1D_5oipBAg92M*k=_0c87&Qr0+oa*0RmZUj-
zD^mW^C*$%sW#2q5)T5;mvMxmKU;FMuN)mG_3oKdV0)i}iYh}B;sb85G{jiZUHj^>k
z`osO!fu!U_>E@|}WwMf$hZ%W96GA<nJ%f`yJp;r3%i3&IYv-279hun1ljSlkc4IeW
zSj_Iswz;K;l|0a1J)2p!>mO^dU8|Gw#fRxBg|d72&hQh8-o1<0yRyz0E$7{G=5=`F
zm(cvZI2JTu``TCyPj-Xy2$?_ZsW2XqPY7JIn^~#dS<33--KL8VVy_!L#U9*zU};B|
zy*<rOyX^-ge=Y7i_sI78b%hOG8w)p&(iRq1-MDw(1VN7c-y_v5QO@-@#BRDGB`wK%
z5-mYaizc|CZXqFT<$?L4!S<6Jr#U_qXRHL2E9fjJTX}x*eNtLs%cuL{pU;2%RGrjv
z`tGJamvGU<^Gc_X<oKPce#NR1F<JPT20>=%^Y*ROV4WEi^}fWw)5h<tb^4gbVs5Fg
z+2t+Ke}IP5x|bzuvY*`1YagwxjT^cET}NHdhJW1jBWw`{*A#DbjBB^N(L0F>LDMt@
zk3(!3K+Z^6Kuu3CyG(S2mfZ}8->ZHHN>uc*vf>i3)$j7ZTU;j>tu64JmhWTgN%;#G
z-#6i^t&T05e?7|!l#Hz=%EV#qX4*^iqKq=M{H38UTyRI>Yb>5!F5~5_u37OuLH@zq
zmILO!eW6q{^L0?mm=u022+6P-EXAmxVKQ{6ySIDf1gi(?@VP0v3zgbVz-lk}y;`4@
zrI}AdId18k_i|#QXu{eu+F&>j1gO!_A&uKcEe}JS<}9ZALNlzpj-N5A`*Pzwqe;`9
z_TeC&vyN8<XJ=<y@~q>(r8wLfzG|SeiRaEXJfq7pGTa(GE{q31`v$(02z7pEWi=qh
z>c+RQe|Ftes_{7L1XWe_Dm){ZC0nVNn3wAJ5BA??7~~xLCZ*1sPEpZO`Q4ILg0J~~
zcJX({HX5P&>1^-N#A6GB&0Yq20yP4As5$JrWBRgW!sV{siu4Q*@7<NQdJwDZiF3{U
zJF%gyl(dblY+sU@wl6sBm}A|(kPR@1o?k^xUu;LP$S|*<F!hdm7e?aFPS?ctWwG(|
zA4o10fhIRc^Iq$UZi~!*9#&ibxdAPs`1T>8b3rQ$^7n?f;eQWgYF2c8qlGiQq_oRG
zv;RNdJ~_DpcZlrAkJThJOH6$8QXE$nWJ|~&v^(TP*lsXFDvIAel)1y69e)|6W!OP>
zt7B;w4%^-VM$!v0CRC7A9N;fuY<*fg+9Z$1mw)V7lxAZ^Nw=|XUw-aTOqlTn9!W;!
zGmEdXj#EN6PjhAfPz1JG1g|}4=wm2=k%^f8Hjq4UMfSmx0b{0>htVU0Fhn%>Ao@Q;
zk4+ryAQPrK;VU5|Bs2pG$cwU`(`K!-Xp!D7E&K4JUk7LLjdCc30yWD)dp#2;wVcP#
zBcr2tA*Kd1H0>m%Wm;$`0E<+CMzNReCzQ|yu=9u6MtQ(8g+%b6CkNk-fsA<C@&pv4
zq{4wJQh~AQif-5(SQ$R!O#6dvkjZ;lIbmE07-FGMaJd7ftH{v2-*6Z3yVY;axee}s
z;9#_vD;0o_?-C|XAlQ)vb|XW*A1Zqg0s@8RC`h!|;DL$klvkX3Pn*s!Ru9gDi!_Vy
zhccFQpfPXN6mOrnjPV+jYy|EAk!W`==hla+X}9(RPGaM!gx0zM$T?U8(9&-PMF(~d
z^uaslScd9rr%(v*fU_cc$5T+~;DN$aD)XB+_cq$IAAttKN9YaOJ<{L-l%w)`@!}$Y
z6e5wutwS1B(4z);X`rYD%xTm!`TLIp815(NdOUu770o3<LBaJw)<iiBJtCcRkk<33
ziq`|+@>qu(-B`gox|<9^;E`qz=iLCj3~-OAwJ~1!kji>Cc%q2TMHdhWnYH1cRD;h7
zo{cB84rD%tZ$g=>2V<!ixN2FB;PPsre4Sipe;!XJ8M`?oo8H80RPGD}H-G~JIEymY
z^J%XIT|y8D{iZetkQN-BrG~P{dX<`5jHN5p>~2UqI_6Bglk)+A5%juuA9PL++_77X
zjQ#yLx_k372Id%cd9OwE2!F!68t%5B(ip+|aml8kde*{C<EI5ZKa2a9D0G7?Fm*Dv
z3!jb%0c+z`JP|LNnnDORSdn<vB7p7)&lAuE$w2S#7lRG%x~;TVAzvgE8}#1E2!O+l
zAPnq>$j4#b#(4NJ6>df{eJ11l-`T@=?<)?SpJ`up9;OYk6-nAJTTg3W5{2#<i8-H&
zi~AWQCMqou9tzY0t&%=I3yeg^g3pwK`ioCNxM*N$c4C-7uoV!%iGor@WG#@z9>`tE
z$0L+ZXtJ*x8%u)uf`hg_x$^vHP`<UatPPA{+6gIO%#;?!fCMMPDq>ZP0`fQpZ8suI
z<&P%h%#{*Q4CyqkkncXnD6)NcxDsO|;zU@QPznA9LGnTwfuCWTi+8ocYid>}+lH`U
zFx73g=*a*T8_|z9GVK615)m)q*l}=p0T()jkuM-(2)jRWrRV3Q2|CSDL#qmUVkI!4
zVxYoMLjp8Hf{lcaH8POk*Z_7}5p?R9cXA?58xAnS1OrFJ2Pn$e$&kcV0-DC(Vmy0x
z-(3u$06EwGcB)d{&{IOQd-qoWKg1~mJPW@$3a}#3z>fNt&4TMjjGr(+C0>WXg~+T2
zwv_SmX}~;h|7tizGNAFR2z!)}WARi7LXUtxFML9bgDau<Bs5pVwUC@0z(6qqjB;1|
zRg-i#0Pd=__0(qg_bPvWd=bWBnN9cIg~G35$Van9k>Wv|F`3O>WL}>wAS2#0$~OZQ
zeeWcm5ikfW48(#b6x4i|d|k)2$9T_7x*uO;OAI~zV-c`TL*B9NIl>UxZvk%*bU6te
zPvn{K@a(;d5p^dR(8!7=7Er+A4UkKV-3o*1k08VoK0eVK^YN)Sg^a-c<~zbGL6&F!
zLGND%E=C9P<`tU@Z-dqe%=i*kIyj{u&hry@P5d;;dW^~Z@upt}1Z<$rv3kDm)P4ME
z4GgRB+LlgL9-uIX#ynfMET%;<Px>t7{4=MW;%CRSxFpG%cmks}LS}~-XU3%_ESZ~i
zZ};Oll9@VyDU!=H(2C(0Ih+V>1}s2~_n{`Rz;KERFaJS$IuB}$a16{~?&1N<J93nV
zwYxO{=Y=`oKxIqIf^Ui<n?H$31ENW+SNmZ|hxKzDE)3W_TsOZTCNyarAXepgN^s?V
zgQ+e?FUerXF(tfBIFIE^kFTmSUjgp}_))6QIbtzl@vQmycn3Y)O8;ep2o?+e(XJgk
zj`Wn5lpMkG!<mg)d%?pEyRZqe)Pry$yW#`GMX(c~dv9y*a<HQ<hQNe?hHq(ZZLNnB
zN}&m(9-=|u40wBq-$#N0(@7F&ji)+ZB}xb2f5S(z1K|wRm}<NiVEu)AD%x^#UOvm%
z-HJcU2oDeUH$sT+15SrSEmd_{D-Ipi_w7A{<;_Cs>NH@PqAVa2SU4RcG<P4F@K9lU
zN8(!%-yxVx1cN104MG>LlXV~QyomX5vVp&825X!S7@Qz^yF%<Oe#n?o1y@tJhBog!
znb}mUg23W^OEBz)JH$PlQE<`w1X44AU5qesWPJQcg#&m1LWFG~KMf?~QkUcKgIUQ+
z9-eg09t@8#uZr7$k3@QRpc1)IAgS?x&t)Za-;%P6ip@P1yd;vVsAwIAk>E2v4hlMe
zjLp25_jiW1;h{y;`_P<VThf9xkNtH|D7+mv6#!K^#5d8>(h~7FY*rzzb6r?)#MlfE
z$f#1d!`<_^+Lq0mNkSBX@v$s1t0qT-cpb`Fu%JF;JrTY&hV_IY4fNm0M;a6&F!_<M
zPCQ$oxG{jY2T58#q1pjDVHgf*V)zCA1*}^#vHz&hj>tL4fc>BbpA4{Yi84a({I368
zi}ws_hH;I?P4*Ex7RBhT*s?2XC$qhhpl}lwPE8`t!gx_&5R1gFWtX;$8~dFa)hAV>
z>Kzau4n+g(C6(hNzH=yR=ijV0lm5reXe$aDIq|8)9x}&uLr`fDJ|~1C5))<NR)D&S
zylNctm}q?lJ(!rnLbU_pmltk2e2v4t;FM{gCpzo0lr!-M459C1@(o6q5ht83M&Q&8
zX?+8XMghCkotOr}f*iGEt_a2f4lNH*I68W)p01s+vMN#1U8cA8EgW$-9-VROk!0o4
z8db84>eB_Wjw16d?4xUD29F!YPA<!fJXGL1__p+pkByzZ-A)C55y@B!kP=Z>4{X{N
z1x_BQr(VxC1_T6X!lhC6{OoG%NVsZ>YihQ{-;C-OaUy)M1PxK7O~WJO8p;wD)%SOC
zTFb$|s$>LV@(-YN!Iy<L6uucNA){d^Svra+LkW@n2uQ_<V-`Z11~_zL0TSztYF%#3
zbTNb{Lp;!e3}IG_f{LDzQPijgv{&TM62cf*9>k<M?CKaVhWa2CLgaT9lvcQ`x`XGu
zYR#@3EFnL8`(lh*NTxZ6W*uPsO#J>Mh|Hh-{oQboz*ZGQ5An5GnEzS8IFXDVus+Bk
ziqG8L*Jp|U6E!uN`H->;ey?v~;)m%8G1$gC!n6TInB3cKc^<@^5)PcPCMu{1U!<A9
zH7DZB7ZUARoeZy5>jafesPZJC07{`mvY=-9%$ZvkLOFjoh{p`m<pllP*8l&Rw%|h2
zva_>auxtjc99HTXwNn_2qv#hxsU^WWk1-5G$Ql^G<DR&u5PK<BDbAzOb+R?jDF`=w
z*hkg#5ZVx*CtUq@W8F`blYl=;XeeG`-i->p6Ej#yJ*jSEC^cB0Sc#oK0It9Aqs=e0
zAD$_JC7USfa1`!1G{3`_1v4&jNy$|k&uzu%nTRy7vOwDzhwE51-pWp=NQGF{jN9Q8
z3UgUI<`xGhvvce=p9^x{%YYbo$UlhoYap92&FyYT$|I@%F;W0=OEI0v&EdUb{<IAx
zYe3Y8<6K<3u!bPYBin&c&v8^&YewccS4Dz*KA<+}Tr=?}y?ixTTQI7Aigyl<0*3q5
zc}@;^7Dsx}P2K>3?ZUly1I)TGX=X~-#1GA~8u)~X5oH)x&Sj9>B^En;%6j0{LoUTs
zflrihC1yOR4IqVslXlI-q#TcUbYjBskzYPdmilR-o<kyD-g^Vy{WMf6S?lYtPp6jk
z)y=IbhEGZbp4I7ZRcKY4{KNLUF$0s6@P0j=k*?JDFV^922dK6ATGg9n*3iG2mNH)P
zKKI9J=bIYu-DZ5sZaq&8mB~onCOc==ol<t|+h*pK9BImXJ009^ryFqGlMx2Bx8qi?
z+|$~`ZOFVp9ZcknR7g)`gywK!!Yb7fBxtm9u3#d<RsKHs-9FJ7?(hEO-mcvkqT(u4
z03(p~a2Vm?@vl5T|Lpba*D7^U*g_G}(W02Kk>o%SwMg9uWZ`?H_^w0ePK+e|Kk{?s
zf_$uhx2Of4O$EyU-2e=Q5a!tlRy!W)Bams3ckmD|XaD~FU_OXvwZhL{T^>9r-^gVQ
z0V&XXkOWB#gmKsG<J5iJy%JuPUvYOxoGAtWF$ptu<Xa$b4}l<n#GWa5=ws2*o_B=4
zuMmOfPcU-8`=vi~#urVTI~F~P!N^nL;0?b%Yc3RcY*X$3<n}6s91_@s!MQG`%rr%#
z{^Dw5t15py>bnR^CNexYyLLW1B#`yZKM$cE+hOPfqCsk0JhX+?l0j)Eo*o_)@NLO{
zfb@&=#xb917Fa1&f%uB7Q`@--CNO*P8pva{x93B;#aB$YVNyoS((@L^B#FoiyDn6`
z4s}xvoM#9X3<Sv&cH4_}IZ=nnVBSsW2~edKw6%reliu`^KJJaot1@VGR3RK9j^Wr(
zkm*rf1#JT7FfP;2c>Um4h_`<J+L&e%l(ME@`cnV2VCDGW9a5R{St~TFYbfPk9B)t%
zLz#nWstc_AsuO00mT{dov+BQwCJU9)7^A3ySqgDn2g`tn%h0+upkjTJ<UWnMx~^8X
zQeiqMs_keLSnXTQq5s6K`0X=AyVw42E`ZxMjDUU9Sg5a~&BxOEao)hdc#4|H+VD9+
z=>TLu1JFS&Gs$Y(He|6_XkBxE6CGWI6Pg5#;_4%|Fe)nbJV#|bjtbJ<)sM1C5lHs(
zdClTsr}3((Yr>mdFeN|=+Yr3UH^nLn;%%>P=^gTrsW=SgL*C?k*Y3<H)%_B!>9-?m
z8oxRoSlq?PKR0&K!{%X;)>Z4|9kk+E-}>Y=X45Vgcv_X5xmOSF3Fs})UMLGgPh^X_
zo1}BA=i$l#N8&5aivUi&ji{knlcg{j9NLfRySI81-Xs2K8>zMeRt#xV!#;6f8TOPg
zyS_4a>+03R`yYbyPa>iL&Jc4?5UpQ^ge-kp8v$Y*JdNVg-YE6I*&^14ZS4&TgpADd
zK>r|IKd2(XxDz{RbUBd+K(ekQ!du{o!!Xt1&s}ixIa(t)qLRKJU|}j%^jG3NN_Mv3
za?T}n2xw4}5hs6;8%W46&Sp{6#VUg#b9aLAn?WG{3^Ptit%IzQF^3Gx2&G0!N~u}f
z-^(kk_bDAMt!CVGK{5yGe?wRN>JFny1M`s7EtQi0W)X`&QZXUrJqYcL$Bsp|_|Ei&
z-)x3ueFFrk;2rCNriyCSPqn;0>Ma^=PAEaM?hHQ%!-39mWCeIsDD;R`-kwXjkVg^i
z40bFSVX1zpKyY3%7V)$>J^&~Jjv~5xk|=;aU<GMVFw;7I^yo@a(IN{yOj&W6bAggM
zU>ATC(bm>h@CSF%(Ro5F2~WW{D6R>G8QyWEoyPrnOe0+7+RdB&2YB<=FFGfmkj+Pp
zjE>v)db_V{+6_q*Jg^<BDs9e5;k{CI`C0XEYxz=#3TzER4(=`JL~;5ba&Yyu-lU`*
z_<5lz3G>pmW@N10x&wrYA{>9O&`sk-2>+RU8uQi2wv{dyl?bA7Kckc_L5&y-JqS(<
z_A`l5SNuEK9zjJr@vG4rU6whh_r%xs>ecp>4pq*|+<ypup8RH8VoW(_bMBmM)X^YC
zCZ2xN#(l!U%XT|Wo(M>0bu#(a-1rbLXV2pEGr(NaR&#roaJa&Cm4esDuNYmAH2(P9
zt?x;h^Ci_^yqXCbIj;+Ib%{MJ?AHM(5S`ig@85T><@;ZxSRAxeBanjuE<e`e1Xshr
zBauX}1rrh2w=a}7DQfDJR)?Zi{SV#PaiU7J@`{1{BH{U-61P8ekj;pe>8Cv!19AgH
z>oobThaGAKnDe3_ybCil<jCuVbj$ZspkGMiRH0v7Tm&;yme{l7rtrOQ>(|S<^p4;@
z06Re8d7)0#LohddvecZO0eLl?_oTs&_vnKT5LWxrbDF?a`+SyM-fCtlJUs&ZK?Itk
zC%eZ#nJ}?8f0w5rjSbrSvGrAcknWSdACEj_p7+fEnR6_2l{r4=QxfhZf_GSC(n7Z~
za48~b&y|fj+x0jD>XKk#8bIj7@C>f5u7>*k^N%09ff+I@D=kZ>e)#a>x`Yp-M#m=Q
zs<w@2y23tYkAS!aVw@1?459Pj6i0q7+kU<3ni@3zThUIjTRIf~#Bm<vdVKM`W$$Ku
zzaG;dd%q7oI5XjpD|50@B1p0PHLqgA+s^4MucVM<p_GHhRJdm;djxlu{`Mc6n71oz
z@3hX3onuX7->`akeSM-%5qvCB_Zw=+8;Vv7kWd+jO?&~15dZudICdrIY{i{hdu}c2
zeabRes`x@s%m-4JI768RtKW7?@gisO!ty>=SN5_j>XhuiImnS||C57Ub;s2%?C^T?
zDo5AJ{MdML)RgEPFd{jbNxuvV^2<?E!j9$mBm|c*G*<9;T#4iKopvrWg@KU~DOeY9
z%LD!<EwBJT)=IH%5>Mx40f<JhrNji6(92+_8|A#qFuj}Qj7Fpy%F6^@*v=N=$lLgA
z^O|@ih+s}uCgVzr)7rGgThAoN33iM9ZTa~VoGKIN_e7)mfwWzIqll_l_^4{Q9HB^p
zR0X{G6pDGoUkjPccV}1NJX3|#37rSisTVd@RxDM^IGpv?rm}2-zLHdzGjy&v-xOg)
zIgpr=aI5m^f3cAdex*eiI!1$$dxup@fUSVi_zAZrcvKS2>)=GL*efnYJh@Rpftfw(
zT1YQ#B8WGS7Km|qS%9m<#r-g4kqu^*zP5YdEPB*K5!VnuIQ+!66z=WNcRxaDgfRor
zely4jWjai=q4tMd^`;MksZ$xW;{f>|<Av95Oj;_<#<ZM0G%HKJ%l~2(Yq?-LLGmqA
zQb<!Vxr6%INmrc2fAW+s#@>6a!y}a6#*$JsjIQ0czq0cte;OKCHyqDK6AH{`GFQaZ
zrfEuDDo%TxA@=H^a~joy2A6ng+2;p)&p>*VbG6cR(AzdbLdv1X=fcyLftU(7JWQis
z1_vkXDbG2Fk`KH)$Y^qFP1d2+?t|+ox%fa(G-UM;4i2WS5<m+%B#LP0M<Du-VU`e~
z#Edqj3&$|!Q0`1tiQKu%@4j_7Z4#B5JUMc)d}>)Nx1N*kWl&-}efIN)D=~#)*<&s<
zIt*Y0qXq-UfeI7<0fDFlg(#l!0E^JELUsX8B;h<`zuvoF(v8D{5LM9@((+k7ZgZZO
z9(zo4&Xxn<MHgNiW(9XayafSX8qb@^EAWFz`Zr)8uyOC=ih|0R;l6bKRuJyV`@vU-
zZw4H~KcuDA#W;Yxi}Ols?Nj_{kNN3MGL;fiQpb?U@v|fi$>hMd2>yV7fij)=X5*ut
z{QQ4nXrGjO&zFa@MIoIH&-!*x>2B0|Xn=_ACORE)Z7DQR;7S7)c>=;G_BS!DhW~Py
z+zA3vkWGNkhpL#vwB;;O8AG{*F9j`u#4a`<=J-ls=9|9e?*>a8EIM#mnQ-F1+*+#3
zIW|5Hg%Cfs=)*^kUc!?R=prx5A~c#SHp)mcecQIioK}}JpsDITD2o_hDJJVndyIj#
z9t$1qxsvSwHsh?FE`w1JfeF#-)vF=QS%pbRAz-D*eOm(uYaV^dIOckC%C!eVO)kuE
zY=&FQ0sA!OIc4j<I&n^Z`^GedJ!>O#Y=&siOp<^oluog4KmBl#9zu}QOKJ{H#by-S
zQm~DKQw$^2p{Q+$|2}DkN)(TtJ*%qzY(GMkz||#kLaa9u5r9LQp?(<@OiYt5p)dei
z0)X=s<}+8(`9Oa_%9UfsRzo=m@RE3$pzbe%)n~+8T>O0?sNxvCix_XTb&Z*p(Y0>)
zb4CEL*aIMDgMYjY_LCGyb7}OzDfogM1-MtB!@Y>Df)gSN143{*s)0?D`wK@Ca6%k}
zNd}dNN-Xt(Kaoiuz=|Dobcs_cO#>Fo#{jk`I1A5?@3ZAzWa|dUlTxAKKA6sZL-Lv$
z-0<Z$oskohU#vSFeLrdVPpl07CWLSN-!$d$C}$>F5SqQCvf6YP_h8rx!8f2F5+{cK
zjDwrI5HfDW2XY`g5tA9^>+e})Pzw`f2g0PVn|#FX*w_$d4Q|Y?{{EO$O&s$#z#oO1
z&30S>=P@6Fq6x!*kC>?7IwbD&xQ&SAE<hfJ`yRO)V(tdi+k7ZC=aBznr7GPxm+6nT
zt}F8ik=^>ICI`3f;T}8uCW5`l`yG{+%9r@w&`)J$l0$kKBgG}a)1hu8Ko&-txL6c$
zWdjt7%wRzsiCR4gz}A4RF=ktauKH*fp$q54(!y>-$~yxly8eT}-uGj<_-op0q}(h(
z%{uP6mWgE(FkI*rF2P*<eM*WhL~lfKgR=Uah8<clf)~Td;|=DlP#zLT8>k5&s{NNM
z|Gs@US&IOSuiv^=ACo3fjjCY^jjX@;J<CxnD0oCrgu|r+*TN2r&2U%HCn%KYauPHp
zJKN#O?phSm9mB&!xlaP2@G+zDi@t>j1YzM25j3==BpgiiIV}u4g8*%l4UJDg=(d>S
z;CLc-7g)=vJQ(TeR{<EoNq2nB`pJ<ILbE1Txv*GBnD1@-^#6tyZ3p@8-TNQoFL&L;
zlHYdX?2AYaHt~*4UfiM;ZT}y5(WGNn{}H_fPSxmOxT^bvK96E(HPD=%sJ?JdC>I_;
zFVD&Gm^3|vvk<-vK}Udd>|DWnkd_umWOU(_4$w~QFUf)nWyaaqoOq6~KG_I_jaez?
z0$fjD@ma?yEdh?a334>HU=$jE%mb2O!bDb`PX2kYzI~chV$zA}0uXz+Fp$)Wu&a_^
zu!ITW8ekxfD-fOcLc^4jB@3^gtH?XKg`5UFt?Q<yGSKYpg8_vcM=N0=0N^Kx0V-qR
z+qd6SZ%#SaNOgX3LJ^}T67`2G2o2IHBpQZY&7Q=&gTcBUY~I02txE1&{&1&FUS88|
zRZ;$XYW{<(*L-dDD5Sadq3|igo2r;6r}6?DzQ?Fu-+SiG(I*U3+UpCoA2VEBjJ^0w
zm1Bx#(-o%p6umaV^}Cd>?q#`HKF;fA*^tX+IUF2dU_&NZ38;+(y$&&A;2@#KRaWLa
z!6)XJzcf>K=g<wLHAc@=03it;n)^oE1`BB}+gnxXEZ;rMg!`2Cm)(Ec-1Oa9zh4!}
z7dLQ<lk_cYD;QD`H+_oy4>_%guj%2Fx+jKtc=J4%f5gp4d8}jl;!-_IpP&2P5s01Y
zo--~CTH?#bwMMB0llm#i!}&^qdvC0^^;>*g#AKA#x*V)_<=j5GIHsw2x3D^0mv9K9
z{G-oVB!{%_UZ!L{O?UqlB$ShVEYH<89ah;PUl^Hg^a-#pn;qGB<e}{~^=i7{xwPvB
zezgnFG-T-qob<(?Z}}^|_A!s!X=19XVfr=ruyV_bdoq8<SKBrhU&t3)A1)doWHYPv
zP$f>`1<&}FwSO86F6<SLKr(KBhf2h@x~Sno%htLm*8r8Fa{D!5f10i?>y6F8k+r|7
zwL{=dGi%B4^}n3iS}#^B{wHGhD4iJjL4W<(rSo1Q|H%q|?0DGY9}&B=7ij*G={t6h
zeCoeF7`s;){v%bmcwO~BGJRici<JN8FMQQ~XT`(qiI3D1Du$2d`0D2NRJa%lEcy>J
zx3VRfZ5;jma%N9wz9fE`ttdj)&gQ$1)WHQWsnwz*KP6;I(t5Yq-bNl*+dJZpn?_B!
zYWtZz|6wHe-=8EgLB6m-^>X>Nk$lR{5B0wP&IZR5|CxHa^i_<~#Qb%t&@D59kDf0)
zdh?Y<Ta=p})rij;K^97+WULEAzFE%k?=j-ZDp}uPx}DVSM#0+3t?tQtTrV&9_ao@c
zZ};UX#eS@EX;)E-*Y=L=J_cH}n2dzuK#w1*N(g>jkN5e-v2$iU%s<{I-?1Iw?0zI{
zF3PMN_tvpB$#B))3fH^|3$FSjOiTfnH}%2ed$PLBDFg}cTmGQQ9qYkL`s+p2pEU7-
zeygkOqK^DK#Iq)<l{}@mBPI0Bg?snebAPR+JAHJ*bGuPpoQK^Z|N5kIQTUnVTkW^#
zTI92iRn2@lHj9kF#~w~&)n(<HZYig?AcvfRmv@%pKYvc8KI!yA*yu@}cmG}%R=G(k
z*Ms(+DE?TWqxdG0>!)&JnA*5sLsMh&wQ>o2=O#ClhEMtVKG-*ULZx_Ewu}u<UuRn5
zU58s58yflLvSkj+91@I*^b9)ds<Vx*yS8L`MSFk$mscCS_X#$6SFT&2(<}A++}P-9
z8E(*+Ww?qejXTZiXX}HP6>OJ8F1@$;VeyGhV09RrW>bc~Z$N?q&dAxJ;v>%d7VGcI
zXl2Vs%3a$T5*I5Mz7uhRJys)3Q@@)o22C9_Y>nHZo>KevO3;A!@ez;u)iS{|bVZ&^
zk8majXIn?xm#ahKYR)#XnLlk!n7B0MX4Q48$^MI(W4k%z18##p=iHP8Z}XdZG<-tQ
zTLqU>)(mHEnlbG?edxR+0TZ;cUG5tPaN^pv7%$wCHftu5AQL7rNn<tCTX1jD;bu$Z
z{;!}l{roM!{Z{L8wWYu-W~H}Z{2#c%GveDXyG?2wclLC69_pyeVDbp!hDzyaOpF-5
z)?=^sw&YukH*V}+l~402Iob$rw)e0Wg0rk5V4F|Ptob-Q-SmTA&D!g4A~<;1KmM}I
zd#j%3qfeI>7UQ}GhuSUm>_@;e!W8z`^mHAnwN2d9+q-7H%Y>I!bNatrd58G_-uGXE
z27M=d5GBW<v*n<SxhP}ZTTKx-be_<7cW%#~JrlDFo17c-w;ed3@oVT{|MyJG5dUT8
zKjtopJVXY;Dxv!>(HDi&H7m1c9CXlFmNs1}Ys@fB9n00I(ZAK0@tkQFaZ#aYxyewe
zHaAqev|oL`X0b5i6usKmXCWG%MX#($8mchyA94|O^DP<nyF(kf)W#mLmusXIez>$@
z<@E1fg@!fH7pG3vFiICI_{jukUmKQtZD*<9`IF0y^IgwOjLAAGK9`nYA=iyu4s%LT
zGBlzJ3Y=O3_WcRMk5)X$>m5)$Q^P3x#b8S6sTy?zSdCPXhNr2M-+wF!Kf9^7qR^q~
z7%i>4V&cWmEM=MYJ)GHh7QQVyOpnl<c|9WP88fO4PfaU>vZyUm`}kizxHmuBUE|#N
zyrib*#x{(M@nucy@nVXqKCI3=pB!+u_kd|zR!P{A&m5ebLJ?I|0|H@wY*U{d29F&*
zBoJxh_T0s#ZC^d7UI4%G@h(x%_AjG19OoMM?mG}~k=gV23H6w#S(2xenn}SY(ar9<
zp2_Dx-?E#{dGr*mvJ(T$z8k=7g{=%ion|J#7o6*pUtYySF(?f1s_{87AY~ryf1rEH
zMbw3Up^CnCaCJqnfbeMNbE;YpapztB=<@Wsnqp}9P|&`3`8gd$`|~y*yNILo>$7cF
z+{G8h+xl7%p3%CX#C)SQQNvUC-a1>_UBXgU)IoKLJ@BcenlWqr64xX6Mw!uThUJA|
z#p^=ey$^QyGiwEQK9?c>#gUPhcJA!twY^GrCGN`SFJGvsKs9(yyLt6t23}YGbki<5
zO&2?^(>MDI2ij!K;cR?5@N`A+;sa2>6(f2b_-f7=%^lgztbF}P5(S&<>Kg_5bmvuA
zh5i{0s?f_e<eP2#`czFWP18;<&wH6)M8aYtRehrNmC`F=S1+E9rP&!OARHmyRr{n%
zYSD()&@fQbSL5#s%eE%Bwo4KfSJ%&u5NcNaf>OG@HK`8UBz&xttKl-Fnr*>5#Fy12
z*YbkmzL4QGE)p_!+lI*_B4U@z>kTqG`kE~D?=+)2)|uYgHZ$N_cIe>lgoRMpX*^N0
zU-bw9yEx5m6l{~Uj`Do6WH8rP^cbys!M9o|Gv~`s)vs!YQGq{IdIy6w#ijI=lrZ6F
zwu}s)Phxt{B=qjTc+p{x#`(qey>9BkVUBxuEUib$22_~}&Lo{+*GbqL8FA`IMLpWP
zwV|QOqGLfVco@ecamJd}{Gg!6tddX|w_A|8=Y;;XC$RzhAGkd)PLeV{Ko;ei3%|To
zd**#=sin%R>u-#d?8;G@cRF7A>Z@;=%TAjm+HiyA3qkP;n~r>Gz5&hzurm%|+QG|~
z@#z1afmwt`IImD)P#yCj(iOs7h756#A#!`<YO84$n3t%j{&lbnzw|fqiB*f|-um^R
zxP%l^T9I>}5DB-$SJv^$-?4XKFs?SXDD?Y}+~B@*G|ufL*Sm{RS|v|0Am%pPm8V+#
zX%XVm<(!_}dp-6y(XtJDD=M6&v-kUP()pX6_Ryx&TNVU7U&z;0h!++zLpxF$>d)3G
z;B-b@{0X^&wVlS7qGI7`vDBKA7|!tdm}10p<Hn?iTIXcvr-C!=nVu<mJo53GXk~9J
z53KkMXHce~fws$KdACPL&A$Z+c*Ad9o}zBeXZ2g6OP{VY{o^_l^``hlui|9DEeIMu
zRj#+Ht$8qukG68t0bc6;BG=U=ocH#*?mo>;$<*4tM|oJd@l&E%`#3rYPWU9k(hU|N
znKDffSgYkZV)oNg02mCj$tqxo3<6N*{$<3PhfxoZo#;p;JhlJ)N#-E{jYvc-kQI68
z0;o>YYyod|0gxuVLP_F=zkhu`ckz5#e`{{G#kX%H858C_k|6(Ro5xzgcVihB?0)1e
zQxPjuSdzk$Xcc;h&qYOjslA~9OE9Gcf1*s19k`MP)TT8MFssNV@l>Ld2|!>4npe_r
zAddoc31VGHg^(^nxg?p@;QgGR?cN3ITimx$McU&a0>feP*7(HK6zOev{S5KDK==6$
zp)+V~k={}4zmrLj33!HQ;UR`e4UB83Wo0W}D(ozZhw<$(uw^Xjse{`qe!z<DpbnDU
zwyj%x0Y=9tH45?xfV~KE;e?DOh8RTp4o)HZU}En@jEeRxI`y%#Px2_;5pF)8oRV^y
zd~tv|wivsE8#6J~><>tn3h8OYO%>ST1*Fe`RZH4bJ+((;SujW=+~7RN{b+zeCVc=e
z7>G83w;gU)1$X)!kTD`<$LiM=-?o1JM@TiVHeOgZlV9s0B8;Z|gzEb+PHD)KG4m_2
znFE%13S%zX^ve8;o%54LcTA^(Tk6`{+UUTpgUi)z8ykJFY#e7g+#1=6zNeK-I<9KT
zvGax-$aduDqTIlop%dd&`Dz!K2as=!?vU6ufq+mtbt>f`3H^XEn2a-KOV_|MWY5*!
z96Y?g6wZr>!0QAb5L6=)QVu8>9paKm(X`~5(go*1m)e-wLxHEa4Dnm{e#{dfN3NO9
zYmcAx?W5vma6~QLDX0^yeI!#)U%${{xc<o1pZf2#XBB5*ly=IoRyD3ZM!cWSKulb^
z%JA6x4{3HCe3vhaC>*IdnQ$am6z{xJOxkI5Qxa_LU%vD{p`DY#8TLL|((tu}PkWPZ
z8Onm&6Y2D&?b#HG?A~`d@-L{Fl%IXNyfH#X%#1qu&WYzD5y%>&anE-s%ZWjSL>ua$
z^ex=hJb1+&m&SZgTmTh3H;QVaoJ2|C=jcfL1c}|<N<z`{g-uP5P`_=48dwxw+T(@R
zrmYzjiEb{}0;e@!zm~YYoR~8#+4%#ACkcRpE8_29GoRUCo_Y)Hz3R?;yC?#ZlGn^;
zcy}sz&m>gM)W0kO+(+zAF><D7W0PSV!cqkZ=oBK0NRAcYE6BvL6v%L97s3WHgSreS
zFb?jDCR-4jZsE#qfT$Y7P<`-?z<wnV8j19S%pV}h7g&Q~G=_0%A=nA%W_yfdf5vwM
zMYMfG3nYsWqhQOYbL~lzIz9y<#eMy{#zW*Y8S^1<3>yhdq8o;Wv+Co5@My&p-<H9H
z6GS7B^K-pDIMoyUz#1e1c7QyDNq~Q70N{XVvoR$jOiWM%0IRKqU+h&(O91{8eqpZp
zO;ghffZf)4*)ReD1hoZ7W90`aQ29H+$$WF^$xgNE&0n2tKr;~gD+e3I1U;-n;&Vq_
zD$JZQX9cW!A{0&l#C?j8Zm8C5q^3H|!txB%9tE%gb9*u%+D9g~d#fS9-j5g@l6fp-
z2Au%5VL!G5sscW1>77rt|K<V=`t;5HjL$}>aSm|X51@_0V@n9>>Y$=rhq(}FwvWI}
z>KYo7#^9B(SdjMz76ySkfSzpb^$iSsirtM34gMKbs(Lw&ngC?S0M%l|-T~}v^SdSX
zw9JaquX;dk0bkvKfPhag?Sr^re!U9!_hk*AM!Yjy7=(bkd?gQ;V@QSb%7HBhNj?#H
z(QDJIejXcLoa^FGpO-Nmbb+Td*}$ORL+rj0VCBDpyIXSt6ew11F&rr-<1}rk^obj2
zrlkR~_{Hf)XpmSm5y0agy1J5255$A`W)fim@r%T`9%nR7%T^#ni1hjS>%jh>GkW#z
z;o}0rb})?IkHHb<Qa(W<pv!;!<Bvs;=fnOqipNoveQlc`>v}Uhs?jbCff%pd!r23L
z?;=$~ovE3XUR}=Hq#bi{ZF}zYPcOfyj%h{4$4{RrEuro>Iw7@wa{15*4=3mSq@J20
zCSdiHf^{BNe%`NN-%kj3dZ$e}xO0IY)!O%@D+i>c%fW=~C`)|wJxA|1w-R_?b#-af
zEHOd;%JDrD!;FTL^8CLJ(!T$YN^z)^eV>|457$^o;s9>CN$5#=1g4%)d`GJv)hiKT
z8Ta`Q{&c&U_VYOS3TnUkT;H=N#jyS!x=6?`O0NW1mxcxk$-7?%j<DMI$%g#U8M@(m
zle?0!)iFwiweJ-78uTeFnDeOyFoNge<D<*{PDePom(`rrd#TH&bLNzKx`}7*gH_DF
zr%XM9I7^L%-laW&*2;0rP-o*_w)-zWoI<5X{w<>?U0<e5C!HWt-nFu<!m+`Sd$k6~
z`r*ZPEv#wGT4u+}*a@i^M|K}}5uvE#GO9+B7#2B6rNa9aiKzMxCMQDaDlp>;0GS=D
z9vsI9xRH~=$98--R917d<}97Ri^pBJ^ZUwTk9+G3a0=fT&Z+LvivlYy+a|$+hdvo5
zFbWYOTTrbLl>){>5x7HtwPfzP3mPK%orRv2c?JF06NIseXe1md12B^%k!gRt#9;gs
zyz2=F42Qn`V6B5J1LLN2QGH8#_R*Ku;Lbx#7Lm{n2)6<s&Nl_7sa-uiz6_xdGPpwE
z((l*@N(-iFzLl^x>Ht%JT^Q!z#Muiot{T9W@SFRF48-xM9E>Hf3;SUZ#tQFd%v=bE
zOT2PmW(0&tbHtQkc0jP|o2@ySV~eB;*tk(aMjwo4jo@rK)Fr23sNyhP-G!q<gru)G
zPX^ZTZQQz*j0FIseh0E`y0|#=6FU_35kDcUqc`TW-m+msI1Gl#KSwFRVNgK}=P4op
z0;xq0Wf17(1{%-P)ug00|4H?fM>-rF&ZSVy@H%iWp6Uiki;(xgOq7A#1KC*-_<w#i
zd|1Un>jnxlp9|rQf)!rVOrL=MbOG|CM(&pVrNegVW^KK&>bQy-5x9|ZNEIj6o}hgD
zXn*7FF@UBJMm1y6NXL8sUhaHzW8;c}J8FC3(2wbeC5xL##5J5iu%bLEsov|f0DBuS
z?;fpKwHC+<p<hEwawW|zd@d0>o`IgLF~1+BEsi7DvK)Uc1}r>8lY(6a`?3N+*y7UC
zJ)qfaMu-+UCI<&gF?r$zI}G#Ywc}48KR%49Czy=aOiiCd0sxsrCvLq`J~oBO|BJV`
z46AbO+D1{A9oUE>SaeA!(kKFw(nyQaiU>%TiWnduEmG1V9fGtX4bp;wf|3FvQW6sT
zyw+OJ`@P5a?L78A_Ved)8O%BFdEet2;~ZyTf3QQ~k4lxN8u&oyjx>Ms1<M#^UVpxt
z&m@jwi>vq!WW3=&0MAB$Fal3t)6BkyvIdKfV4Bc5%O~@0%aazSy^bq<a{9}3$euyp
ziEo-8z3?!MHxOKLA7yx5A^uYL(5X@oA&8S2gc241L?_t&_!z@02CJViJXUS!q-hQx
z9{G?$MONwU?d@Of;4~=?hw#3>*qk!MpIOt~V-md!Q8C36p9{osT$2?Eo>t_*hk?e+
zQZ{F4?NSEF>snhY@{NY3IamEKFh#wL&Nlt#a_o5d_NEAr`*gg04I{lduIER9W^wg}
zXI;|n-uc>|vt-e=DqqE9C+vj$J<1f*B;^O?g&8l>B)Ll2v#7qT7#*yi847!{v#HKV
z_WQ>I*0gS0u{4FR4I`I#Ebo4r!u?=rMbK4bq6x7hVcc%13SEsB-QR~=)-_ocU-%Gj
z{qqOiUq8EL&CR#0SqV4m%;JeGv^)NzTtb~)zg$CHIP8qkK@~=ak#>W3&(s9!brDUX
zTjYGwaq&6=4mKA#_zDZ=4ZkdIDx$IThiII~tdLKXW2%3tAm=0h$LSH1WoE5-rd_+f
zExjIarWI*e)SAXXK0Owr|NYCH%~0dBw|88fPjX&vJlWKO9X;*mRc|Bj<qI+{i9)48
zfziwPq+4W=3%f64bk1S^xO#?8B9EPKO*p;@Vm1nTB9lfsjr+<1BNTgaAoABmE|Q%y
z_7zj$B4DIKE4>ZV5|N)^(#f(NQ~%fR6~ZQi)s<zOMGsMFYzAs}5q23mBqE<7G&Jm<
z>elynUobM1b1{$owpl;0$0X#k97j}jgU82qllzQLXR#8i<6?)3P}Xt><`pbA)`{Vv
zWllGtn1UTQQA83s7`z`VAgO^Eq!Lj#1r#+)9_DcRLN|fFB%o2ZS>tHjpBp#&2hj+k
zY1)Uz8iu;WFbc%dP3Vc-M*?qS2Ug{KI3;Kdm0<`{Jlv~~(EXi+{U^P`^3oDn=wqQ*
zjSq_ZoaBq*Hhzmq%SK3q?C#O&@ZfkyFx@@LxNjbmBA4+_;pOWCty6*!5nJF?03!n7
zEW)UrP;lM0emsKGhqkm{nbLI(U4avMp0P;Jw6j?3UUpj;q(a5;$jIP?RBf0rdf@qp
zf~%NqD2<k_25bXFYchiAg87tqbCG%k#Q>9LwqdF0{a=LB@e3y3BQ8|?_IbAT3hS*x
zw8i#E2i=e+j5;r$*};Qu^8k<nBlMF_N%iU9j*06{dCUabZrr#rq53Z|^uZ5(d<Jm<
zps5^r&&kK_r09A7{?Hj8kQBf+BBM!ytZns?hGM@?41SnrzQ;pSH`U`j!YO-Fbrrn}
z%l3T*$wj4T^`MtvUQLRR&vajPL)|7-?Vt}vuQ;2A#v0;#2Ze;9r5>(t5*nr@yjkK3
zkHZGuZ*p;xBYg4zd(f_sNeOyfI)H8WP~?c{33QN$etwLodU&rk(?jxD@R9gabeE?t
zoyN^mQYJx-)s-v`0^6z!E>Y?!$iZf=TYu9n@W0nH$0*BR2t7LiOTABeVg23Bd8dL_
ziov^6Ds^#$9<vE-P3TjGkp=P`r>=|>zCQ9Tf;E){3nyY(in{das~r<6?Gra1Hta>)
z+f^a4sR8#HkZrSU29@iuGul0;>BbjxI4D8OJ;cDk0B&m(kcAPUwHqz<P|qZ(ZzC;w
zCd;U=UvpqsR_<22EW72m;t6ZHBIn`L#~<ua7io&_PYe9XKM-xw3DlM0=ETqIZ4`|W
zJBH*Eqv(KmHD(uYbG9F^nTniim#$lN*DI`<Z#f>^B$8vovYM2bm}%R#A@4@l6C>)k
zNea7NM&ldpZA_M@h0;m|2v&^dGKYO)P}ab~r&V~efn#+W9Gi`Y+AVEM1(#%xJg_kh
zs?!m@?doioW!c0rX!EAy{a@F=L>QHVK339wHcg>fFx{`F2u9-gc5o<)B`7N)bs7rF
zhcXGuPHMK_o7V)(NI+x3tXs&7=TJl85?UDI&1S7r3g+#N8zUv1P$R(<d_RtV*OWs>
zGiJuxkMzG(O@Db+;xgEExA1J>LQW-(5a*4GImsiDhp*+7^lTd4AfNc~5r0{skI7O(
z^nBf`_3PD)UH0UKowE1iN>HYf47R9$oFYiAAG60_dh(X&vare3iOk96w|lvm#XRCv
z7SdWAcAsLdNDzthc;_79X1!;w*VQp#Dril@Gww8HzNiHHe)m=T;yU|yy=FrN(SqRK
z6lo=py0B}1G4tcK&F~JeJ32-R)0?1nI{>j58oG6@6W<pW7h{!^ANt7Com^TNehKLY
zunp-DqY{<^A1ZKtfB*dA4LFhl4{;TE+o(5Xs&P;;@`5=_bY^w-q)Sk^4%%xy`b{Wd
zc+naezz`5bSzUf<TF4@xwFa3+8R8onKT1afGqYMWS-&PHzd=A(1^ZT1N>*Yp*ko5)
zoE`^hA{kde;rxpb=^R0E{#52Jia#F)Urk0A?0ceRi5i>YcnyjSNMVY!V<-ugEiFnW
z&!~I?K?iTn&@W?SEX+^=UY2LI0|^d+G@Och3IEviNA}10^N;saKu+6-#uK_Jo@z60
zxGv5GZHOrDSYEJ*4usPisR?*ye@#!r;(X0*)KMb$NrX8iD1p1hsjIbJ9jOl;;=w=;
z*-Grpvoy^d2AoRkTAdH>V^SplpgHLx9pSoQ7Y@_}i3{5S#Qx(<N=PDa-iU#&K;r6|
zwDYb<)rCZ&Gy`(0htTh1zNNlzn+5WILG>xl5_YFAU3FdT)22&PuZQ>rSryN$^&<F7
zqfMCHwkJp-=^8vKbkh~6%IIycpdbZt=sv@lMqCEb)({(iUteD~{n7|PH-tBN=<^Pi
z;4KjHk>d(91rlNplj!f?O^Zu%%G?_3om%Wm=YD+RDRCq}9}IekY3tEmk^>Xt0e}$!
zS@D+e{k<8ytyuWTyw|dQZ8y7R(yBo4<d&l=hcUAz0O!Ex_CYD_9~zRxCBL<!n40SR
z6OqI~wM4E*Sbofk?4Db)i37n5RLG%|v)!Dt6Kj&LT{@$(`h9O~fc4MHV6JiJ{T!<N
zeU-nR-i4_oY`pf9_V_7z@m+yyPnavexMjL+INZ5kt#qC6x&6ZV+qTnnsV7cmQ7<`+
zZF=yzcs~C8x}}MY)8am*KemciH&2f(OqMj=>Ete*lO^%K`Yw~}p-2^5l$a-Kc9c__
zQ>*v}m=vE=K*gVk&@0$J^0>_3jI6#LmGr^f=F9i#W7dZ_u|L6G31o^k3MtS)o-z7x
z&O9_T23G^xOWk2#tD!Th$*M@v*aHqF9vXo7uM1ar^fUo^lA4W^0l^+EUnh^|<NJCC
z_*C=tO@s79;!}mbD~n^CME6zV^r~?V%13ldr7Mfq$QX~A%=BaCQTSiFCuceLNaFS6
zo}Rozzz<wtnj~lcGX&(s87$z}DeN+@Xd<SB79$~MMZy-e*$0$u)!&d@n?JSboSmLY
zs>x7)zsG|I8-ZxnU3DzTGHYWX6rJekURFAfk%huxyY6*_{z2w7+@PeLf*u;j%vC@;
z|JoBMJ{Ma<&|5rk**ftip&AJ2Aovc-Oh2){!`1=n$xz4?2)`a&Bxz{jgN>k@u?Bk+
zjmue(fP#7-ZNrZx7Rv+_MF{Rd;q_0B0GJ@hAdwhO)fIvOq)>%S(93Y%qH+0hqO_M5
zmz5}o;gk&7*LDR<H2KEe*IsEsD3&qv@ERs&(B=n0U;|}#*KKfAm{%#Gd<I8zZ2ah^
zk#2ZH-$7@^)EmsM9fGSyBA*azi+1evC8-+6lJA1OJVE*DDG5jese4n7W(D(z2d1<U
z-n!yPlgl!PjIexK*|hnzP|VIgeGFVrp^+yVP}m%ppy$NhbRQ1`v+myL)t35tzssXG
ze$<I@M*bigTkvYMQHi5c^i6B-lecDk%eDdY?dRRR7X$a(sd4cv4qvf-|K(~$qDa5a
z58a5Z#-f)N66XK>C0ejq?4`Pg&DldQ_pv@I$YKs(5vX0Rs7@_%j`+RfQ?FyKC8?Mg
z8v%aMf}V!h=!lg3<KUK{=d8x#7(61nx?}@IS{*2k!GiK6`=IcHu}hv)?c2uLT8m=h
zyH21mP|FfD>XGrWc+Sz-?T<dPWkdF45BDp^wH$c-4vYJe>IcO=k$94kKDQS1adPJ-
z@Og_k>Pi7hgyBH|v{r`UJ)mjh#Hhprh5{9fNxtFPDc0(I@8WB~HsE_|0EU>rx`W!9
znv?SdS)cSyDBxhefZ6I6$KCNCKR#xDi;jBj=y?4oBm5fc!fRoOji#m6x>J;aK~mcN
z3o26;5RhzFo+pq_ion)22MrKaX}2YE-ckyObH{D2n3z0(T?x+fA<&+{y!XLF17&MD
zx<bX24*<SmKbUJ4SSK`c2__Z0tuEVxc6|V67^Fs|x5JD~0y>cOlkIBw0+tGO2d;i1
zy#hS&DGFG$6$t1GUT;P|l_jj@5mR;<^i%=iUA=pE_gea)@sNCc;11?rC_cE)FqOs3
zzqfGd{`ir}Z@1CSTelD_u;rgs9g|k>ivW;P@8j>n?6*Lq!%)5Omf4Y#2MR;sqWraH
zB?kn0>pwpY*X_Z?EHHfMNoj_0sq|7})tv118P<Ca&H&)yNb3#WIvIQb`9X3x`gr3c
zH~D%Zn<xPpvFb@JW%sSp#?kj*;lH}=>D?-0%|!XdKfzteT{BTURgzU<t;)f?{WKi0
zJc)N^&OYS180x<o-nDZ-wl1h$uq{z9d>aKZ11{ge2o18R-tJ1BtCcoYf~El#9bTwP
z((v9Gz~6S-=(Lni2+@dTVisM&7Y=KS&aW=GM>L(hK>N6`APOl_y~Dn+iO-C1$Axki
z$P+#u(CD#kE~)A%!JSH_b^Y&f_mX@o0+Lr(Giq37){F_TXl9>4%iFo|6Av&L8O$D0
zTH4xeAe&+il7b=!I(v;Bvd;N5qHYo3d1k_AosDrEcS6UbJs0%n93SmTQ<sGTpIhX@
z2B@Tw$eOY=`1?k(2w<DKDbzJYvv0vyA&?<1j2eWBtV!GLa2QV$kshNKC*cWqS#fk~
zs_+w8WUA)lT1J))E`UE8lH&G$s((ig;ypl3aoPg}i>X6|18(!@w*|03lK%mvY&odW
z1v%-Q8IR92u-SM_;*NuS!&||r>Lb^amG2F;frWlEy|1mrrTJ7(yW-W8wkh<yRAVK<
zi;&L&S3xv84VnaCTwt@5%lhe05h|Q8R^G6PJpuF_1k3Kr9*=SF$+~EyUh+pBP#G?Q
zqL|6Y3@Y|!Y4_hhsPRcbQUVMNKmEq3kL_R>f{Rf1!LBv`pM_8nuqZggC?;7=fqy4c
z&@(U}0`Aw!aSY{^@b0NaBL~=|A8!%D+p=cqD^+V|@Hd5=LwcC--M+&g5YPzkQwQET
z;M|tB3czbwIXb4}#AJ+x5u4nWDe2n#t1_hqlkWZzA$3WOH_lMyCPv#Ff5%h8fHz2V
z8R{vh{zt)|L~n<UCU%@8l?y>dq4*6*00^9pce0_iD9A*Pa-@kJtqk^cQrIrMK)(iC
zegaHkqJy?a45IT^6_QX1|JERY2t<$#qgbdJeXTdri(>8vJ$XBh2D~_m*Vc_2Hx9}l
z<ww*L1NJy(E<|W-|1-W!cnmioKD7z|ClSXfl0tI=n^~Y_SIy03fFa;YmV+LB>RQK6
zYHDft#}dE-AQgty141IW-HGTMRKgx^z@*{$cRY4KE}@@1kH;9o!#e?`<{wznb?X<s
z9L2|KVAh154g6qe>k{$i!4J0XtJsXI0bG-)%@HDbqqj7z*ij~~WhbsYzRMt~BH*>e
zj2zFQCI?Ngo%ySSFdkW%SY4sS@`yf>Wah}q63`b-VUEM(6%_FbfNroa5hV=!=b}4!
zh%*qj#4;glW|>0NC4c`LX=$Z{YvbbLY$ElI(NW;*-H4xy22={SCp_H~a26NTaq{8)
zLNKrRbFT>-C(Nx0?|bLYH)Q&RYTeq3^x6qj>O-zVY;4<rf<xCY4x|3;)W=1Q_ebdt
z9(*YjYepbR;rO|ao40OV*UI@7x2gj6++fY4gLnXFgL(Fh%lt`fr-sp5;VwH%%~*%L
zwaa?A^5^03fOsG9z#jSd7~xE>d##N%(wn9xKcc5a(~LHG)22;|zs0f4!4HIPfyArg
zDYu#(RU6#SvRJoa(cK%UZw0D;ki~o@l|IS7CcP7?9|n`J;QYEQ42ELeD>lq|RdA5%
z(M0E=-skSUYrf2%R*eFe7VcN|RQfJwRaJwyEdYN$Kh%3a&qA-i2;Bv7{z2{7xog*3
zc(c5An2hCC@J62ow*N3<0kB`^fmbmE8JI>x-i}{}lLbbp$?0j>2;apWm3{NuIe}Z>
z#qO+KuV+rq3!Wf*2zg#8#;nCgX#kZaLd5kMFau`4zLMI><q4mj6ZdK~u)+FV<{pj7
ze;4-JsK98A2;bY0wwt8iqIz>(enUb0?!~Z7e(gBTfK~BZ%yFn}0@Z68dL*<iU;n6{
zsPVIEVW@|#Xqok}cc)Y3ghCw)3;!K|Dn2ss?kIBHb--=S?V#LL%QWXNM6qbo5;a*@
zi>3_h`WoCe1Q5dRB37rs8U_c<{n=PPs0@eoS(eGu-7Lnpi=KB4Zms<sIwYQv*kzHw
zy12;l<?El>F_O-P`SCdJEu0rTX04(gnZt~fl$7udH|tD449N;Mr@Idy_VM%c>$x!q
z@FfP?1roV&rP7Pc&O{DlZq9<;LkvE&X4Uzd_Vy+)kdF{{-VdgE>7Sp1gX24h)eWX5
zB2`B(^im_E5vhcTdHUe&Lh-#dVJp4}23SQ@-&y}ki=Axp@PuNSxIxUZ;ss`Bk}`^0
zia1c=M^ESaqBpLE1eRo-fI9FRA#hM2<KNMs=|GEM2&TQv@h^bd!?4K%KRXuru1Fia
zz_0$wqB{g)su1jivMqZ>O8RArE%0GM>okVVj%F*mENG-EIy<SL6M$s_vtIET$T&$7
zB32Ezt*=Bbyr<zWz!!>+K}jT9(0&IVJeeS-w@~Xwq%1}8!RG>)sW>`XW(-F-YhrQ5
z$iobun71f-!A;cLtBEfgZYqI(O2Z{P<KlGc=1<i?3*?lQ16t!4JkXF}*yXyk3J5C;
zn)yL4VOQIx_j$e0=;A^oKnYkECqcY@(73`$AM42=!C%Cm4I>h&*&)!th*cAo;=w7!
zU^S5e9S<#F$jgvT;!Ope6~oN@7&$&z+>m8BeoEvWVX`j<#)g>%U4~+!95t4w@sGDA
zWROL}_XXNw5X0XA8Cwv6vlZ6ZMkU4}q08TG|Fd1FrRlw2XEXoHfYef62IF}wVyK0k
zaur+-b>(5Z<>+OJE!a>~bQAUz7~4)^+6G+(7CvilW19j6kpa{qSQ{$>zQD;8B-Jrv
zu@U1ph88@uS0R9bPL(X004D^bj2oJgXSOYrFWyg@fDCv>&SGvHfrudcaPPqU>6fZ0
zKZ|U`FFed||DTEI`t4Yop}f}ouI`f$313tD*zWgosLb@0#}rN3bdzT!-go>d<4N(_
zxK8F&rQ7Px_Gdp1b?5#Zn+lTB+i=6VyX3v?GBO^p&r=EMl=rfK*IjJ6<>*Wxh}B;b
z)l(dIN5_9=a*mn-XZvCP(~uddq|&sHVf3d&`#ah$I7Mp)T=n>u6yEp#DB*xlhG<(c
zKHO)o_x|?#e@LSb-TepwT(1kIY`SPuhCFEMpIr``Ih5z0PdH}TduZGFpN4L_$$yiG
z9RzE-L&09AEIa6$dD@jPYC7*Udqc6gWd|$8KXk`=&cG<VPK=cEgSm${@=ug`|I2oE
z*eHGR{{|&J&2en@KU@IvlK(I0=_gQCdyW2!{Csb|$)CKn|FEwY-kd1gdgPwNsdjT)
zH>z)GC&t+AS7gUV%2YKb?fhL;9@>Xi<nLV71qHrBFc#<o$ou)e;9SgxY+X&5ozZ`p
z;!spm%3M(-+o%1|K0HQJ!_h_hzkdAxFNA!(mr9A(edd@oilTbVw(R9NS1GW4I#;KA
zH%AbYzVrm|dhfmOE3JJpb8Tu=dYYO-i(LLgJ;#+D@;qeJuyx<LIB9x%F8{j{-X(S1
zyOw`(()PSgw0~x@d9x1X_7*|;JHSY??Hg=X!iMYRMb0fzy^j{9<K)a(;<&%lvZNtv
z=9tw7_&q2@i!2Lx{q7>U1*n@KghkS`W8sfq+o1ltFoltCqN1#RK*A(9+rCd)^{=j6
z-qi8K1$1;t@t=a(JbhF)^D-w3J@Qg4&9}8q6!SlJ;1Kmyy%#5$Yo#lMiv5B;_N?Es
zk74PjeAM~-SNkvRo<8UK+I^f`?a=9O-^LH^&B=b7digA^l+dxMp2J)AGvAd>FxT14
z|0v9Hjf{Hg-ABp%l9D^8zprVbT#daI{OpCC+|4v~?+5wm-*ig3o1&7rPMzxSs8md)
ziO6Kt#Qb+WU{AEwL>)cvGu6li+ApQ)199uUih|y@Hqx?dMKM%Nf9=}W+RDoxf?Gub
z%_B+HLt{k&L(9mZpdc5H4`cSahkb`VeQ3P49p@S!PqRFGRpnW?nt{QrND%w=)qhgw
zF<6(Q=foywEdH>tQxJZEl6)Bb1kny+kXCQCM=OtxY%?Wgl3W-!IU47BoGEWZ6^fb#
zh=~DREw;S`FCl62DKmVZ>MN8n_+o*RfPGlTYgJ3Xf0>S_PPrxz3b{Xa*8YO-0votJ
z@GpYz3v|B~*s))!Y_)u@i$MUWi#3{TybYqM|K9Z~h1(s}1{|ZtK!J$UTzg7r&v5~G
z1p@9g3{Qe*3%gcsO_m%Y+TY?NCJ7JlgNV$Hn5vfs=!W12(hs7mZbNMadd0=HFdTHc
zXbF;S8Dv;m>)b#~eu*S)U{_5zOi<VpgE5(eI=d*y6nF33`P}{)x=0cl2lU7jc4sgY
z9KgoqO-&6`(`=Lcm)XM}JZPJ*VpaotAR4$2GH}nMdnc_11qgO%VXV-UV|E~}61Xu{
zejgV%B7_OFs{)RB*u1018gWT#G5wBsT}-I$%o$i|Ap;I$4$?&$Zm(H4kBRcmOn(m!
zm@`&=e*uRkD`zM;;k9f;k*mc{f<ADL5JG4Bi?`Uo!+CNo$rgcj%nOY-VnW5?d^isx
ziBhsEsJ2`<xvzI>g02P22?yV?ncgG+FpRkVy5Fze>y~=au6n<C_lhIzoeZ(=1ZT*=
z$VdWze;(gX&@I=oqxqBJDw?xtp`b?sO|M4x0VjocOozzL2m!QAaldJpWVvE%h(QSM
z4SVhF?Ke=;rlwBAAPSpDFs#lcD7R!A$$~ldsGwls(BWRr&ni{r9loz?Huc3GXTD;Q
zlDaA9u4fjfrq{KYqdLNe<nG+{40g=z;`P$%y1BX-Jd=A)g30`9eWYlU%|sXd4_z6P
zTCnx5TrqAOmmMx}{7FfpQ+L@g^^i~=y{!MQGxt+W6s*VnE^pZ{-OEq+xv;M7^`#rS
zLf+~rm8q8vcE`pQ*mCU+e#A^)r}p)CWsZ)B>)rSYlaGR-4DxX;VVpdy+8e!)&vc6S
zDeKWBjC1OB5#iQbCQlQ15*tiK5uEF2gu-0dTFUx!L_@L|g=W%jJXzxq5>npt%f`jZ
zuJT&_Re0NwCKd)VY-Z5TR@T>hV?y48IS5}i;m?spHw79{a$log&%riZ3+hcAnT|{I
zTok~bi31|q$Sf=?&^dX6frb&dK*l|=M2^k#e{lV*l6!UlacGDZT@B{lDT>GNkl8CO
zk{}HQHHIJJnTDH(gr6K)KIaVmB05jF48a@zz*}S|Hem)1n!yw`jV=3QAKQz&5Zdyo
z#5upQ7eE>_R*V0|<TC)fB#24rnC!FCC2MZTX|Zb~k~%<g=$u2qZKG~zf`b6+!eCQl
zqb~?2Owp(>YYBcq0!DxTUObcm$BhcO(8bz6L*I6iFe6WylQ|2ydE3z48Dhi4sp>9n
z+iAbet>>cXGTFCJ&dv_v(h#hg$fi*f*Njm05e_2yCW67@ev917EpCJ)s5jl++9vJ`
zh>OV%x(Y1%?-{KK&3rZ<^3ugoRy4?FK#l?7eQk`K36BKJfE{)ZgnB{-c}q(_Tx%?g
zZ{zBdy}xl&)O&1lGGP^n>nY|GaWRbB6K{%qo9NbI<#`!TCI!4`FPeyw{{o&30c$g`
z8;`MBpuXU+M1~&V-rIZscYlPT{dKO~@#rM=6l#H6Oo$qS!x9cZPT;jKXT(nB(pn!X
z`xN}4*@^rlnA3qjzX8oUXxz0}@Hqg$dA{nxf!PPZ8|?jvTL>|E0f!TNY>8TTyf|?w
z#~h53B6@Rq(G~%*6vdw=m(TfdOQc?R2-zv6^=yNM*1^$_2fVbp6OuHw0(Q>*C2!3w
z`KG_-fxz_3{wpn}%3Ny$0(VP4e6;4sg61&><4@75Rm)$x8BU#ApC;*1Yh(XTIWUmv
zikbY|W0lSEX0M$W)|$D~J>}uyzFVy{lIHfTeQ&t}4Lv{euG{w*{kYgKDY}<fTz8oI
zepE~TAc=Bwo4Fku(ow*Xv~vNw$;WrrZES^s6(#|=hUQzhIKkAFxU@h9OM;XLAsxhq
zb7|^(XlNee`+>$i24xkwkg~&E-q_f3U8&ggjL(voI>JQzb!)i@7~o`WhT8)%OwR#$
zr|OsKF{^;Dg(6Kf{De#ms-4d8UuhtE;ZJFynZ}Er!{WXG8%Rh+;e@jXMQ!k2zuMp2
zI{S%NY=V3{Tu+9m$TO6+8r`odEv0qAz6fhn<8Hx0SYl#~^T1hRU}<>~I~x-E2mtP{
zui$zl!U+h9h;0CuVBQSL$Z<RYe|`PmCEB?eGcBtrr+gr8EZ8Oz+b*(+MZqtCNdtI-
zNuZ(4jCJCc>p`L}T$!Ika}7=!sU-C5Nm3z%(*cm+`E(@aC6J^vM55vOjVGS&wutLu
zrrWX;u|EY%=Jw3i3@F8$Unm{Nhrf%Xi2`iU7*Gm{X(pKviLGXtyF0DO(lDR4ei$t5
z$j%YRZw#=05*Cm5LtYokZdp7En%Hb{yW)T*OdhNWiJcI5wcp#X!N-X#WxHo1+pJj8
zV&GVbYcVCUu7Ex^9)W2A3K2>0C37J9lVGF4Td8$F56qp0A>vzbnem`t@hL%=5J(j?
zK@PkjKI2Ycwk|6R!+SaPXkaEoJ~gkTFrET@1}?Xy`Rk!T6Eddr5qImc{Q!v<Agr6#
zR&Lp6F-uYQfN59e`zZlLd3bwo1rO!Q*Ee?vPcKb9g-;YyX+&gXuxPN1C;m6}sgYw@
z=rr0;9OTW|G0@b<w3w175Rge-KnE@&GQlY0^&|ezD0ff73&#XEi2j`p4j2srZiF}x
zxi_#2;<<@omFzsA#9-1d6#}yRm`*eb(uH07_8DceAu=9)fR2vNt>2-;6W@`Gmjg^q
zNJ!{bsXGo2IM~L5zl@6!f%3T*{ys2#qa>3mx$jXWP{Z%yxtfCaCnDrp%wG{*IEH-U
zc!8fve3B8L`d90m2ex{x>AHe&8X{Jiz$p8>Ud<Tn*|MMQMNTwkT9Q(Cf5%~bC2HH!
zJ3FO`av?wFK%FcmXFr~5`}+~T?1WngfZ~7Q<()-GwLSg8=PFADqf@zhZp*V8aOYCM
zyC+}>9(a;@geoAmy6_n!FvMpWU{48dkW!JI#fEJM-r&yM_67(raqUFhH(82<R!@?>
zK^D8iCs?Zg0u=wZ{;}$Isumybz1$vt*`WV+u&Wh?Dg#4&LOe^GIrlQ<^Y@=G#mXO-
z5C1*)fcLRAlftv1Xd}~>Df=WEi3)xDhwd~IwNt^#%4J-3^s+`pH1g(KsB_F;Y5kB1
ziT&Yh%dDNF;MBDLadsr9NAe@;<mA=QF#VT5Yh)ZUX1&Ef8m$|?H_|c#yv=r+HOJ;R
z$eR~?2;!lLbvrnqM`5Im`=9Ka!JMqdxBdcTeOS6{{yc*25^Y%}jvJiGd|-_d4*G@F
zJAz2N2Oopj^8vH<CoMiqppPuy<%Mg=zZrfiSlyxv3o;6S`ZN=~cfyGU-blnE<Q_pa
z!p*QA<qZz64?43ORVAw`k{C)ujD{sAcx1m%6-}_}8eboUy1BRk0Cv#$BkFj21GiGX
z2S7p5)vRxIzZboFHdQ&nt2HnY^jcyg0>B!5dKKO<NOEe0aff8wgSiWpRuPm4?0qke
zGQyic3-naTksHM#4mL(I$E&brAvFb9$~V+F_~nOTTwt+}*O$C-;bAKi;PpB*P(WpP
z$+?Zq4=xNBuoK8uo{G2%pd%Q>Tqr};k79|9XaioKZ0`UjzE=yAmy<h#>qP_wK&WCc
z3=vCRq-&D47Uu(D^<u?OLEL6cc@M(3#V0yC+Pa$UofMtxc|0{a?H7Bk>Jc)xkG0j=
z%}B^@2Hr0uEf1hA=r=>ejvi!IEGMXH7A_fmKQNb<nU(bo?)&e$7NZYIV*HSy0SzZw
zvoDpvV0P?!#SZBc`)LL39)pQ6dh0<G@m#ca$z|kRIJ;<74qghL+rc7`Wk45A;bj`F
z=i~#EPz+GwtU~|9gdau~0AmdS9VpDW?Kj4Ya&sA!{}nj{rzs=n125eX(@XpgpA`LF
zYMNkOi9yE(To2Gx$c%vxOdxz8Ne?i~`Hf8mobhKKq=TX${R}DEpddd*C7DEL7|Bhx
z{P<@3zP}J$i9^k4bPIm^^uoDwce8s4$h!m{LKChh(V3u%5uh1HyQnYFjco-UUX2#`
zX_@6(9Nh4k@1hu~4#oBYgNHcI_3YH+SZo124chv3iGj>1-HO`==}WhdSBLcriYxpx
zsldJ|4trlx3vsaj0xOTzNBVw;_>F$Pr0j!Qoam3A8Wp;o#tx>cN|K+h-CiUV%1fDq
zR!3xGH2UI7!}#Y#JBbWM4l<J7SIbJKcX*G^AN(b&DW)XA#KL5^Yv)$4FCP!ZX34gH
zy!z-AOT~e$TVA|)NH4kE{_)C>?c2*tQy<YEST7;JcVAH6UQeU-@viPWZ(L&bX5Yy(
zF+E??6Xu-sncoJjJ%5`AnhgK2<d=T8vl)9c(t=uATP1s&9|~$T?r~Zu*I#W^>3Or0
z-GW*(EX>q=m7T3?fn~YGKT!O0+oqqruj}4D8GEXh6_9r_`F#CcevBslHY|2-joFvq
z^>`wxRK^nG@9!J(yVpldTU&Cd><zEpk=vgYEOC`^g=lqkbziC`pF;zjAk8TzDY*g8
z{uE;H0Yt+{D*vk{b*8;UHE2Cp2VZ_a2yW2FE5Al@079_AT3!y#cmp0n3Up5-T@?;L
z%2<LB6<+}3ZPXFK)^`&V8OWFqe^FGpHOR(>7x`-ODcOxVivzEJUJe_-ytm}EQrTU4
z{&c~odaU-Dot@d6@oQ6K!{e2+FZ#;^)7>iOKE6rnDA?2NIr}H(`>RI<wod--W7@R0
zekWuZq+fBgZ+k>@gX{2Z8;jC`>X4jI!@QnUCHXf?--jNkty_08&&fHqaA8kJC6#6O
z9lYq9+85X5St27MFntCDSz!o=j8O7fE*8)GE_rhC@(uu^pdfCKFlu%B{X-i18e(>e
z5)!<@WVF0@BLXQUWo5lVNhUf8jAeIVhk5YeLF7qDkGF!Aivb7Cn71559C|L0fUwjn
z$(Ip5dh`yeAKW|RuMyi8bUvyt6z@QZ&CAPsl9%_qtn5|{k8X=2jAmk+zasb<0xtL+
zekFGEXm*(PdhH(kggZAt93mz-V}a)p>ISMF;TR##natRDit)Ct7#JvBrf3IK>)bMR
zP<(G48RA}m@q`_V6kY|T0|(?0<~!}PYIFyoB{spDoZJ+OoF*CX$gIV09q*O#U`}3X
zVPnsWZI*X+I85-&ODxhK5O%ud9~g-<YZ9i0*acmR%>`#ZLAtw$!x^_0@z9EPnc7T5
zgh*K+OE6fC?!(;%`W|uP1atw9qHK%q)4931u#{5{4@EbFl_WDd8B(SJu8@`&<JNgE
zcjz~;jwFbK*LxEMg&nvB$yMI+T?mvBal9T7s_LdD%I({?!xQb<vu7lPn@q(xE3x3)
zdZ~{9To7+^VS@n%l^h1|t??x|>|lj^f;Bw*{*wv!D8Ar{@-8d4g$=W=vTk~=a~TMg
zAPKW*p^4}MBi4NofvFb88!k!@%-K#YnwOx@Ab#u8Ep~_ifYTVK&qnV<O`p2DV$;&z
z<0PtWYz*0Nd(^%tLWd(XwFhq4<@jQ-ReZAl`Ls&Mz@Jz2@0(+H*TtIzP-}AVGeuQi
zHB{O>I6ZtxJ;O84cL$J$lMD5Chg`4dW*luAXkm(?pW<fsNlo2$WMj5Xb9;vqeMUje
zEyH3t+2ew&TiMwy9<#Bm3OjK2l@3%muxNgIa$t{yg5Cba;FKpzsb6b%tv#zr4+1du
zGo)Peo;sCaaljD<Qp#CZB!YX*%tqNI(BQrUl@ni?zA4P3h!_d?ukw6~v-|so1}OX2
zSquKg2u#327);dy0z2aDXq@EeSXZX}JS|O^#Z8<$$0luwW?P!6mBG=;5oYs#frDCC
z|Ktch2)}q0PkWw}&Iukt?=4+U@kU09t1~p`1f0I<CGmN9bd*g!W)tDQCf4mOJO8_-
zDdNU>WAn?#AKt}P0uOdYJl;Mu{Up+5?93KLwR55C38fl%0Ei$I*8BF6gBw=iEWb;I
z+>J1m!7Gk@Ik0K`gxLo}GRcDx!|uys{?8j^aV%;}No@q(W+Wde-onC%YhLXa!~!2O
z-miG}P0h_o-n(ZRGg>UzpQNN34~M=&S!{(BGU81x0zWnVQg{m6QB~@hA-`yiD8LKg
ziL?(be3-%}NCjmuxdAsLT;hl;q`G=Yow>v8sHb-B{`-Y)tfEjh(!-Hf%mFeMidokW
z56(m9OPFqWVk$$p;1w8<6JU+w79~_QuTw%wD&=Y4pT$L)x_Q1qRD+NWKVePA(tB6K
z@e6k`Ge}X}4)ShdWlibS+DY8laFA8?_Lfz2u+b07*I~f1!fEpk(XkKUI)x7fFen<G
z!(|f_qA;yQ+>ty8D9vqcS4mq9AG^r-Yo?||Rs=NksBQ{4&uBi4A!A0&6N(i9b)Xnz
z>Nsof<Rn1$oTpFk7cIN19yivR0nK9+DkL|2)Nu$fSVS*kK9B#+?Kou!()vX$t%FWZ
zP8482DrFxdi3wU-T2La%I@v)^1F?rOhC&GeWp?>{E}`sRftI%8XZ!+wv(r1yfrJ4E
z(!0=yQ50;Y1GkveZR>}+dq)Q}^!3Xs9NAO#09u_rfBr92Mk$6su(`KlG)pK=cs&_$
z=gu0u(U4RtBtii3JcIk?oVIp&L<9}GBS!w)c{w>(!PvrLT+1k2O*3esQ@!r#rAxc%
zG&83H`};F9^Nt=JWwvU$nB4y{0*@h(!kz{HPZ_(ZsLy`rnoZV95#b;Br9&%j?sa#Y
z=D{ujr;mB2_3tzyev9}8UcGK0U6R;XEO+rZ!_v`H*AFQbNLutAf0yuwws&*LPie0}
zm2{W&qr5lnZ#Wo#LX?V;ZS%@0A#f}p-~RgT+gSh(=nbx5z+!RZ?3sxh#-bbp8P10-
z_#9WTnniN-ZBUmf_MSY{(AYRz9~2y1i3yY3r`Qrm>FY;h#Fy1(@``11jmW>R|JC=H
zOtu!Yukc0AxEi^Boh4m?FuwCr{g$l0<GZM&>*VOqFt1IqPW0??m)cePYM63OO+#(@
z%Lrz>4Ii361Z5467#(Yi$~xY+yM%?mG`zgzD)H$BSI`SKc+JgEaOz)h{s3pzEvfhD
z85rQReNQ=g0Ca59Ln|*~7?>pR6HNWF_SU@aV4%INXMINAyVx$G@c4v-0xH;$RIT>3
z9aIu-o<@p_ig(s%u51nr3E59J0zgq9^m~N<Jqv0RfMYDo`qTBszxC_Hw{Q2^Jy;Mw
z*kn^4E?OMFB{^V5d!ePREe-<>NYKU2H*N9AorCu^9vm<M`hNUi)8zx28euX#3DWaE
z&nwdNBT3Pwo#~M>&OCg4<aBJEs0;3OQ)+B#x@ay6d<qEqzOIV{o@JICdc`$3X;sx9
z%iaajjlX*pkFsTPLiP(0Zq6UJqy&Li5)Z6F?57<A&TIG%Wai|&>*{)jsRl-%Fzsx8
zBnfq!p^;IEogM)EH3J+KG&s1xjoP2-QhO0fS2X9<5FVraQjInUHF4epKLgtf5|0o-
ze>v*zfhT**L5d7GRtORU=&pqO5C~@m-~=ZUu!7%>H`PxfX0pz+v2I%6(B8|~OK(=K
zI8~bP!hV$nSpq?v83G)ya&u3Jh?L$-P^K?i0uGdW-jV&KUR@}sA5fx^krABTu}Epc
zd<NsbJ6)4{ID>(+ZO7wyf{_uaBTdBB70#dV7$=paMr0uGL$T*&rlP6kE}5{6Z_j$_
zT~v6?$j>z=QU8wa7^ORtC;j<B7OUN{$EA-b7q0y3==BO{c)aZ#XY{%wBHZT+-G=KV
zf^V&?L{`zA4PA3VUg_7@A<OksL1F%H>B^RmEtlGlPn6|w^K1zk{Q04*t<GIvPXNtW
zg{082)3IOGlVYctcLr@oW%U3l%1b4q`07+o2xdE^?~MR8g!LW4{%{}2?1_ZH^<{;h
zmsdHgH9&6yQ;Ay0A=B_Z5;qn*78V$lmImYKEwfV>LM>lfKU<%FBXQOCuF8;pX)f<6
z-f2%G8G~mMayO>?#M1ZlElp0fa>{N=Spw<cCR9L}kWYmDZ6w^v;)?+p8qSc2tg}B`
zqQLkGR%owLIVg6+aXLL^E2jlO0HRl&nbcs~izU#D0@hBJA8LaVa&nIiXLs%0TXA>2
zgy7xAh6ecF5_?FLbsPx9V}(5Btj}@41k)Upl#swjzC-pZ!v!Zn(`{*PMnIO<!H>y;
zuE+d3$McEA1<0goIv!Dct$sj~x=KgIzXI7OVq4s7vQm$Sh=QL8C9T;{oEUiJ>)TXY
z`wc9E^)4Gskxiy>qIVzgHI_093yVkI-p4@=4e)@34T#m2d3r~>2qDJ+TuZa5sLlyY
z&XFL5x8XI{&XF_|0&8F|kgw(M+G&KH07tXbkVY%yXTiXXq`95Z|H0rlStElMEV;^|
zL5%GrGGQ<`Br_8&GcPPVNKwIEDYGJpzz>IoDblwX;3>r2$89qthjSSNiXwjjIhVjS
zBh;^vb^&>LdGw#?uAk$DNE?nbQzkG$htl^yT!2Eb%F!ml{9za=f?(R8HLAZW#}HT=
ziGzrQwt<Ylf3&6`ch{6|9+N^Td_KIdS7#^(;JCp9g<8#elSLUi*+*>RA8IG?D7O#2
zdhJA*cOWhj!xA*b1PVb@4(ooeu1OtCVW4C}yO--9<&4q@Tn%ME7HBajg(*zOK|W9T
ztr9Z$$H%W?|E9lIIY5L4`>78{0S@N8>z|MgrS<65P+?&qZn`HyLGjtTOsuTl;L{U)
z2hQ04@-kVpCh-IiDVwn|119co7|cna0kBL&Q$UuBc#}XJ`D7o9e+9eNiQ*kSjJ09O
zOgXI!HK}XvcMTrUN*fdnxbdQonKOrHq2lE!^+CA<W@^ov-$W%~%n94^1Z8P_BK!hw
zyO>Wn^-GCO1}q$og#MlJ2DKny#<c~;4J4xr8wyZlGOhY0;d1dE5ic7yYyiFKAyAAb
z020t>04_f!C>V~}{>64q3o^Z8Zv^j2P<9AcQ#Cn2>r+m4_Avm*0M03hE=D>Ggi~=m
zPFWt~m|3`B&jRryn)4x$(Q%Dl)C_^y_@sU?9#TN(xf=*P@G31`A<qk95eVW+UKHCD
zpe7^n_k<wvqhAQC^FtSB`GHGFC<3z!q33{dhFh6YSU3`(2EOVli~t{gt4YjStukOz
z1KEnK`(Onjy#ZeS@Ors5+P)cyC+I2xTz-RHO@x507Zzd^1xX15l@D}8cl=|t%<O}a
z5f_A5ns+Uc`@E?hk*mq77*PPlFj+Y*z*969vm|^(CI@QwoD&x(Jj#I-F<mEm7y@oC
z(BVk?2uDeF_U+)nVcGKrluWX~8whg4!Y<%qJmz^Bk?rIk;-~^lc$A%8-buY@w5)Kd
zx7bm|`apX64@DQcZKy(yTj?-C3?gs@`(S_c7<iIjyDVf6Xb(b1gd(~d^hx}@U$e7D
zSY=|qc=_HNyM7!GkkTNOuE6!rX+WAW;0d5hCu16fW~?9jaiEX^m2|Fv(ID-Q0yCFT
zKauRFy2JC_9gw6^0*Dz1`WZ~T^b3Jz_<CR$4k<|=at-kqIU*t(Fk2jmb|fJNSUZkd
zGP?uI!hxNIK(Uc!2vfZA7s#yuiofd0U`bNzxth5@!Ip}g;u*(#D_>nz47Rj&^)9rh
zd^v@mYKaN-<KIU55gr>Ut+5RNDv+E<+g_VdSo|_26qN{oGWlRwix}Vz$EJ@G%(GYh
z{BTqT6sehi<1mh9GD?CXK!**)5&I%#*llPc+6mC#60lDiAqPdRhb;9|%T11!yEpxn
zAcL`mWXfTmi3`OAUIU2UZ&2$HfEY5<!r_IXmaymm$p4y~3r)XfW|jrtVd7JSmu%_i
zs6vD)_EpSe<K>8K4!j=1#yp_;=>Pt-s1iw9{MR8e!y>R5k!b3vm)^p32@HhjTUYAJ
z?$BJm@txA)^!JMwq&QCti+IZpR+%^6a(3?1PdqvOn|6Q4M0Hrl&%dgMXir7>>o&J7
z{V|630!v-4(AfQcgsVa87c1e7RK0bW$J+l10j%YGgq;>xrbK=LDhaVg0*;!yn*^9Z
zNO04}2Gdw18W)6NGA>XlQ|Ud!VDk`DK`XQuzzC3#wgFcXRL}j_lGU+}0B@icC?(g)
zlW!oB1_J>>hP61hpt0iYpd*w+5Vl=@e=<RHBD=#5&nV~iEr`q{G99wSLTQE7Nts%d
z_Z3j|NL5Egg1f-qf;xaS@oxtJaz6C*lvra@HoBNbB!<O~Hjro6gJVHx_2?mSXX6mt
zk8L+GhyYxv+^td4RXsSXw8{YfgEY!dOrtlv2S`K^zzRg-f&xz>ji8xM!kHwNKHat?
zLJ0;T<$!?ddu{%vaEd|EqX|s3A}%$6yAygLR3ghZoY&SE(RL@yu|T*+9tM<tlH-FZ
z0GN&8qgK|<vLS3rN;`*`ec`Zm0W?unb=PUOPYB38QFagaJ<0k(D?%b6;R_Cbjv$$X
zP+9<**05Oc@bG}=`HO*Vxv#UuCtWiU)dmaZ7|7{KU>rg=o&*NIBdleRk080mBQMpp
zn+s8%fYcvjfy5p5m>5-=wZ`u**$6=p$d0%<haooxI!I!#YLBs(iLy}OTEI%(@RK#(
z1<bHgukde1j3@=!q-Pt|gV%W#v6@IpQ9;Hb?r8eiIiUJS;3}`>I01Sr$iZu^2VL-}
zUH?)@H1z0gNGKR8{Cev_Fzz)I^rjsm?Pf%FPA#ttYDaD>@pVbLR=qIT{pQW{kEH-O
z+?4+OoUYFYa0f?aGFaiB+zuWO=uPxvCv0aGBbHv)rxZGkbfg^u#gps<Ky$$~37uYy
zVOru1q2cjyAN0f+Dk_oii!I5%RY~0IAbws@p9h%wr01$;h^5cL*@Gdc+@Gv{>mKl&
zwX<D{<sN>{W0uiUK9fYtdVHZce2k{<1qwYds*JI^RUsM_&L_U^sZxqy6L-+kPRD(g
z-De-C_0W2&s3;om`<Z{d+Eyy2(>wOW>`crredd&NG0%a=faWwD86Lm2hjKMI4{_C0
zyQbK8x_m@e5XIU`Z_=M}jLis9(O>oDb`)qQ4Rwyy^ZAGjws@cUobIj?e@>FbP9sVB
z$j+d{_ms(htqfk@EZP+EYdRrvJNf;;|M=IlO$m>YGo69Uk&~PAOTC@Vvhf|2)#&jR
z*%$gT*P|{UnKvN-KbAl2<JbTFkxRq7k`U*y_AJ-D;I``XzYTs&pY|WgX-&U=cn#Bk
zUUw;UR|q%Wf#NpIlL5`s;jNAL|MRj(<|+R9!~c4hsE@Z5>;C=u|9R(Y&oLkW&yV~2
z_Y}AM{dWJ`@112n5=36*|M3qp9Si2v?{fTaKMFr&zUk=SSM|UBIGHu$t&O*FiTId;
z>slMj%XTYS()X9CUR+Jc-m;?m5Z{f<>rD&$H?0(r_x9_~^NbArF3tH)M7l|o1m9j&
zhMjR8%e?*3u0*k4-;NDvADPcoO1ic0e+~(kSrdaCpMSoyfBuhY{XgH_|M<P<dw0qp
zNc_Kj*t^PNOyoZJZ@>5d^$*JM#2pFk2>OHI`6ws@4${#@&pl<m^R<`U?O@V#{<4>b
z*-byPX`LAzYdKRa147Fk!iPz6DT>@g+VsEgSW&%&V|-iCsUI{4xePzvEVW*Z&CNNs
zb5k7!Wl&bb>sR4zRx$BLCP8*~Jx{HlaSJ@_&aQGh^J<2@M_Yh6<cwvM!Nes9%cYci
zgkVTi7qqm#=p+c)h{R8p`(cZYb_ha{1d>7vM-Cj^%u7H)LHCG4>y?_87KZ&H{^>^4
zpI}UiRzE-ULsIp3He}L8;AR37X{i%lAgBcRPa0dWf}RKg6434*tMncY{e-sw2Z&1j
z)2D^BXj|}w;39yDf8vPADjN<b!q3A2ha3fhxe{d?9NTZBP-lUS0Fe454-Y}*TwpTM
zx=dPV;A4afnF?>7fGi~I;keW=eTEJbEoE|zP~;h_wLm&ao}x*#YvOKoRVNAmCr{p>
zu7b<40iywNcYs&Q^R(r;CwZAOD@c32Pf4dYU=xlAa4bpJz`eo**cl-jkYICm_Ox>o
znh2AD?HAMOM$Gr*Z;@ULI0)>Ah%X67F}<Rt(Yh57CrHRN*6x54<FFirK6m?`J%Q(<
zHFUb5ee6RA!!ij989!Ex6i^3LfWePr`FLRMO>{fp=qnd^r6l1xqq%8ZJBjfP*=`wi
zukc-v&xFo1!9FZF*b_7qkV_<zRa?>Kq5sOttXa;R9cg=jSu=Q;D9-`e+hBeKIHqFi
zN+_(rDfS&ySO5D=D0*$xkOBblKAKffqV|vz1f?FEKXI&f;Fw1&RY2bW>K%tBfh;%4
zytl|^JEa{^SWD71u%U>5GYe?vvXM~&+QC;jedQl&=emcsd$~!CwsO=@tu_X6FD~vg
zZA%y4e)yol4P)Q?_cu(P;g2~Am#Ukz3EYG4xnHoyX*cPeIdi(|W6jg+)(*ROoxS|V
z3ideDx<>kaE$=p7|1|Sn(EVrlu{QsfhUE33?ggr`^V_eF<6AneK${|xEp|k)KB>&I
zFSO!MLZnYV!zn?J+aE70bGPw#4%N>ER1rK4iD&54!P?cN{{dbEiRi${&;q|OEXYa7
zHPYOOAO-ks|JYbPKqYd2lh{#QKJ=zLftF)HAj%x{Zve$@e*e%^&(M1hc<D*4Av&OG
z2pVCD;sG^0Vd=pwhKAqzFZuV`7JHxZZF1a$*Fn^-goei4;UT8b{8|mOod*tJs$0}%
zHNuE_38^Ch)R#J$jS!hm_%gs0aJmO$t3@*Y0Ma5)YZq3y<R~WoKA@K1@t7Y?$sqbn
z2+q*rLF{t^{Nb%NKI!QkpyFy2?8iKUh6P#1uKtc%uWud&G(wan>&v}lGnfe74+%r_
zWvhQgv2lNk&;1GhiU9aoP77m8hH2@@GGwmD0E~cSeV9U6SeOFWAq)x}P>-2T)4_-J
zoBQe?{VXdC6Xb2<<Ojnr99#b>7?7cLI18pRo{h?2Vbl*mw9S|((4jv7PKuQ`zz?+T
z*=w7WL-P=shbJ9(s$5|RAD0YB#h|;L5fto4)CE{+czVh|ete2~^<`QT08}y)1Ybk@
z5)j0)00t!c$)niO9fB6Fs=j_JW=*WoAr;%WI_JK+Q4A0wY6QzT_rx;d5Oop`i=`jC
zirqWhs}jT(jW!?cozO4!K2%*S100^X975=hk|;f8apg++^Rpf#q!&DE17anFcxfQ)
zJXom_oi<Qt)hM;y3u+pC3qUsBV(tK)DtHW#qWRcaT|pJ9bcNDh21~^yLFG_8&5%`l
zZe`n>*UO7Nqi#(M-VF{u6<(@YUA6rh2H8YsPO2gHnRx%J{d`WpZ@(2cGaZJfXwjva
zR~zd?opw)t-__6P>Kj(D03pPdy1n#%bRjMfURPBm?q}D2#cs9K_@$6)QEAU6%te1E
z8av|}!prFVqATnM@N01Z37EOaT|`K2h#e%^@X&wOO%swA26Ez6@${s@TKp~LkKo?I
ze1sCLZ$t2r1_lN$7$DdS(A5su;iB|bGe*0d!}f-PxV|mTPqK{YAj<|<{z<@;vDcUU
zqpXbKPX-uQ9SR*IZk!5b9p7KvX3`_K#XYI1-Va!Iuj|}lVC8H($sQ4h#&;O_5Z`pL
zD{!({&3sp)z{2A^$RD^h)`3Tbj8W33k}WX>vHHad_5#o@=(`LtZIP3qHJ%?R2_A1k
zF@)^zDehkkzyMc@r>$9nWw5Y5d-?JaLiPeLlK3a!ydszdYIg%zv}%T=NRwPf@cO>N
z&y7-a>4@jPS0%%^(dn?-Q7;&Ra~}@#_+H{QgtAIO90^hLxgCC82G8vF=eO@sAPKyR
zsq-CfbKI0Nb5x8e8AD^}z29O@jh{^@nd#tM#!i*g0oWr!x){!{5)Z!;C$%kqeilur
zs@qNj#eRs}80Yn1oSz8sH&H%p2}asP=^tMN`hi5Par?@jEbR5Lxt0VyIAIFI{^Zo4
zEVu|V0G>d8BusdTkT^E*J03z<j~Yg9Vwee^G^`;>MQh&RTPAi+*eeibJ@BwLJf~RO
zu6=`b17@oe`fi%9`#O-XHrR{lZ2=-F@5A=(Y1*MU5ceNH9=FzDwADEnMTb;EBHKgj
zK*Crs4HMC(ayL7RaF`s(RlzeCv4h7fK9awne^mx35LjIh3NUli;nu=9n!?03MRK~)
zTdcM2z6^g162(F+t`K00*Or|S*Ik&d_bAL}4VED>EX1%Bx5f*=q|mH?F4Lcny<3>O
zZ_9f88<q({%hp@i*kT<XhM;tWCy}i#q39Fb`9&1Aq-s&9b@ez2aogXODF*Pj8<YYd
zDQf9-LJm&=m0dM4ks`Me3LGG1g8f8B`Y0z?z&M=Vr+D8ANFvF(>+qRM7lsarz+Qq>
z;WY2;yH6(OID0F7u8OIZ8gWx2Qjt{o3MA)Y4+1(aN9||e!Q`7q0l%cBH3be7B*gD<
zcCS%eP-iToPYz!~#ukp}t;KCZ>rJd?pQlGAZ`EMzwG8C5ow%UeWu&>%tHs>^_2a#>
z;`gm)r#Lb6j5tM2!rf?KbWs1mnTm0ry*#$yCWd+sZ+5;(XXF)7anHe*PPpRRI?*SQ
zk=>h&1h^L|Y0EpKdgfEL-o-a1UA<zy;dZ(nzj{XZh3Wn5lQWucr6L7$$}JD$=V(Zq
zbfxmojJ8n;K9FRaoD5Fq%Y1b;?~ewX_Fz*3KW%&ZbbhVo7pK{<)7N&0l)AC$^oc+4
zjZ8R+Gqg%R;%=vxnnT*9_w$dUuNq$0F{SqQ($3d&#h;v0V`X(wPmfU^tW!-jeN)5L
z|7%9`&Yaf=xu-My3=9QywbIcSlZ?~49@7Z#$ln$B!t`>@sO=%OAPr;;eBC<dNMUMb
z#(nvh;(ljN&Rmzfl-_u%5$UvTU`G(?@(BJbBeV7^xFpb}9to^{3YS_aF9-3gA{}m1
zflecc7iv-VXi`xW>(Ks?oiN613XtS)gF{Hvh~R3XH@GviW-UpLC9!$1&|AXeKwOT1
zFam`q=q&(q#E;2Lq7{_F83pZe`JeRIwWemKu{Clkbd$p0?3NEL>drbRHObY<xuP86
zWOm(h`03g7&C@9zG_b%}S};kk>_@@b;<6LV1ww4501$#$`jbvGrlj}+HH<$=ffwDE
z^BpKKRt4U?-R_5`<UH}R)%ctQ(Zus}1z;BuIsm`Bg3`y#0MMZU_|#KG=7Nbu<e5Yz
z03vp=tsXj+6A6#y82UlhCXrNVV*LSoU?#A-dGiP)qCh~ggE_Has>GPG@Ce%?9F=IY
zY~Y`TQ)eET@(#FW*Mi}j{)Y~|Z8cO*c&5lk94BfeHhF7I+h6R$o8jQ4#I+%SHO^BT
zLRpxZ`8E4~Sr48pQ8+|SqMrKF3d?{nm$m$n$kLIxg$hUf=*UEXMLr!nJ3Em7wQoT2
z0eaV~T^#97aQqNX{q)wK=*WmgFa_XN_9G@ZXo7mwfIG<+YdK8zNdVZ~a!Ind4l&VQ
zpSz|7M$X<4Rl?R^nxCRz`8;-pkUf~Uu@c8~^L*i--T9R0Dqy{;bL2XxwglCy`NGWw
z<w)=^T>TN(7p(4Xj*1#~ScO1rAD=BHAz_7!(v`>VVsKHn3$fD>SP|(7Xw>NL>AAUg
z*Nit|<*3S53v`dT0%*QrPLG-*Jt#a|n>#y0)0u;12&jq6ua<YdcF-DiOsy*`Cgv!)
za{;rru5H92O%40RbsM%_#)m70US6z_ENOIJD?U>VvAyR~=DxsjgJvDzT&%Lt$8Q+O
zOTf@&4fO+#lXU}ikV^aB%0PFHrls{YW0^}zU~fRXyc;6NAf6#J432vSxu?(joYP-B
zDRwrtdzRIuOf8>wTsJ%M;&m>e^sJ`+-R&RfI~~!RuKVqK%(^AJS#AmylSbpu6}2^2
zuP%&_4t~zOrg7lM>9wxQo#B@xq$FBD7tklVGiy%0UaF_xy{8ZH!InotLewUwXTPQJ
z>;IZ>5f=&P-UohDHaE{2)6c2YD=8pVm9JlUZNJg^k7R4kwr$&A=)Jq&n~@?Q!^?H5
zzb&hu-)7OB?J3`bYZ`7w4fBt_Ycy9^v_Ed?XSAMN;ujif7znq$X4<`SJmT5#Gx@oZ
zPP&9+VV={UHF;NM0|KI2@>k!StG}fBS#<Sv_2lsf4_&7In$v81=<_IM;`SYEiT(VB
zkL`CIKkKw8D?%H@+I*;E(f`@v-HE&##&f<F=3^ZNYTDP$JFa-nDVIhFN9uFxg1=S$
zJb7U#GV=KkBIA%|o<_5wh%f@26GV4T0hJlCxy0TOHzj#2K@ve|IYH@BaMYG$VZTU+
zQwks}VQ*l(XTYG1o5%nwNVL6}sIf$OfX-fe4rrb?s>T%y3o-`af0zvRz-|MiX0k7A
zP53<SgcS@NY4j>5E@;MhXhI5TpV?q{(n~M=h5p+Bn$E*=8Nq+<{Ji$*9)8WslkMN<
z)Nb`nT0^wY`TAFtvCov_<%`RTGhG#*1xhZA&azVq{AvA|DL_#at}t-ZdxRq5+BCgr
zUc`HmB<AApC7#n3r4<*{X>VtJ=-%_;eRL*AsYCaU6V<jG6(mn5D6&cr$sinP40VyJ
z+lU0g6A70gn$Hagdw~1ADO!|~k?{eZFhs8tZ)Y+(!(xZDu<h-4WfH+4BsQLaat*VW
zM81D1;=>w{PymP#9XK%9#A4C;1`Jomi`Hon&ZiO{nqln!H92t&?mL*5*W!RcU^>`J
zEO6OWRyIx!{IIly@)n1BM#QHO`<;a8Gw@q^b@dKZK9o+9kpP?^E+Ihz-;Y^WZgTDv
zwlbIEm8(!MahO~+HND`uW#4xQJ-x1Qh>k9DVa)^1Bm{)mE4RT05A35!b&uuj8dOKP
z_=FnXxfBsm!U2x90d#7fi#!hcdxPD-`qcems2Q{d+ekfL|1J=5D*hO<^#S+|rAB$R
zM@E1?t&G-hw7IaMk|=XqMyJ$s=+6b5ZpX3cM5|0zCwiqWwOD~%xOlO;qhmh~9DH(V
zJG;Diw)OGje~peZ`=Jw@T3WCn>mTdoZp*R+;9M+jl~bc@n6eMU#1gRx3Sh#LwT?c#
z<<RtUv_BxR5%KIItCIIzR;Twe^rGiZK<Od`Q|w~e0E!>6|4eGXw3+q4T*6o1%1iAf
zY9|0<fIv%4O-;5Skl7JE7q%VxV^4gA^ejv=_UJuzDXTBuC#B>nOKT**(ks*2Wjp^6
z&Dgj0So+&DqHhLeLodiUDRk17#Ao8STM~7h*Iry7bjD}7cf#Od_svqBOfa6YXV})?
z^F{F|l20QeJ@Z2LE3ij=ni}5_uxdV#q!9J|i&W$bwW1w<bi!+oeD6}LZK`{JsH`nV
zgKo#+8r{lVdsD30x3&2Dv(!anJG*<&;mV1#ofNNceG`Hf1$?@;hGc&Ki_sShvbb87
ztVh<q*Usz9zoya5szK{{OoDq)Z@xVxwxXUPleT?7|F}_7jF=Vd@$b!8m0UgRNqPB0
z46J`O!!+X)5(9#R-v{e+TFusFNF=h)+vCZ(2OTh&DN8GVCe8>5knaFiFksd&LM{ZL
zU=n2J?Ck6<w)6Yp{sXIrHL$lWyd`{5kR!Anz#kSO%7dj#Ryee<I6aOpjRE`5%1?9d
z;yM%*`zEB%pH)37hF+Yce8V5(=!p~eu=O?j5X0ub5E^mjfL2Ri`MJI}?;gEis?L_?
zgWb_z_~B<ze|=+)aNn`8PnxRD9mm;OJr<LOceb`{of9abrpa9iHZh#^*Id`7r&FHq
z=Qecfn*DusTVwr!Qyu(|zZzaY8U5hLfOfSK#a>=xcHRGl?&u$Xn{^8w&RX7l_th1$
zaJ)@~SeP}4;jC8P(w}Z(FoTk4){#n$m6X%Pgxbo69}^Rv;O0~<q#i{#j*BLio;;4m
zf$;rNW~5Y90<m^wUXq7TTX|29Ugg@653aw_@so`m(4bhXaxF^Mw%3`vL7uWzNN`mw
zDSpryK7C*nUhhsUys5a`n*n_!9(?Ghcc9859eA&KUSz0()$&uU<IruzU^_sFe3$@}
zb>FY%6Fv)kGD$uG6f4Z!dI|~(F^!tu&=Ot4(E8$fhPSV;`X{HMu`%t--L+#=Aok1d
zIY?5$x1KX7zCqoy7l0>bxqFzc;vLvG6PN-`5<sa?hv5A90nQ?bA+T8<!i+~;aWP_1
zWp*%c2FR+mPy!qYx}rurUPQ5tN4yH~4JgD0moLA;)K~!DX5L4fX2Rnivpfj)BDXT}
zrKlRpDb+V4mR19=`Uz8|@!=XAJ(XC)5S0onWwp2{Av?nA6+70LH->Y)x1UU8i(}tT
z?;Q^$E*4dhNUyoB`~?F!a<+xZNdn+Oj0=Z)%Phl`_N6ZaKCh;TFEM1SUr~TjFiI+n
zR7mSV#n3y!VmZphHZD{byHpmeoEYQ!(~NQv4mjHO6e~;p92f|gc6Kz!v|M90!jV2b
ze*e{hgVZWXdct^{?-cWQF)8o8u2aO&>7p$4;88S{%Oi%w!~kW6qau2sHk^5SR{V2j
zcHWTm`M-Af`V{O^{dGo3#m1&@`pd?Gy2CYxA9o@a@59*Xm-iSMPEh<RQ(5!);2ib#
z@gJ|98G{aWdTer5oG<O^d~^-b&=VrdnR)5H_d^)8w7QDTL~X~XGR~YftGi3zvt%{F
z0W9=$@uYKDc*EwN?HFQXv3(`}M*tCF<|>N8k3i3a(4>%xE-ex4HgGfxn};zKQtS(C
z5JJ;Wn8?5Gpm2u<@q-}_H&GIXik0UDcv4M{_QF*bvw##VeZW?W1CTKBq3fH)r-N>H
z1ihGQ%@fZ27AkpsjK{}j(tgCSXXjy`GL6A}FqN5kg1^RZO05gq@3eYY;zVbZ=wC;8
z7`K8J`H@;xTtlTQDk=1loO6}$L)n>^1DC!pC%nhON1y>EroGsBW*fZQV3twn@2_;{
zLlmK$J$~HW-i|b@OXlKFx>s;616~eH7shY}5QW4hV4826(~HvRc2x4HBC5%&)jI&Q
zvTME~+Y!qkV>fy<3W|5mDz3b(#-F2C*g;E6OJt~+1IXW8Fu+t&nGhM>$sCRD2S5Z{
z>%l}OR6w%x#*A;gy0VPmcLI&W2S?RVpmO#q1ty;pD3{>hXF)0mjG-E%qaLfiQ84sU
z#HMCuM%Bs%V0;4x8Pz@!=ihP?F_(4|6besiQfm*|cXC3{6ycPyeEO#hzBYkuyx@OA
zWx<jgU9;7_mpJ0#@Y`o@t3-pXIax1YtwLqim*E?`SW}!SgfMe#q66s1h{q91lD6ew
zduL}gfSpmBZXkC^><0de_dboYHzqC)gg%2uW6~U<vI?iCYZ@Dg8xxLH*$|3_+G{D`
z%&L6q(9sc0SBkqI6a|VLz{!SiK0g>X$yK)g>IF8DErIiZEG!8)4wesKzGg%n{~ypD
z&-yp9$hgU}tX2Yjh2FsNQN5a~Agh^!!PIj4RHAQRD@V%Is(N=Q5_u-|U)?>GqW(gs
zsix-ZWSmrcok>qHRa5!W`-o-+VRy;q53Ea>CX7*AhvU|`v=^kDXs9m{4&xf+33l&H
z*ZJQnyYhG__cg9Xit4D)V$BvNI!Lk<g&ccF6Nzj^#gU~fMV1aKIv80RBtq0=Xc0m~
zWSO#8%2tWGSyD*G5%>E$=bp~}<J>>4zsl!RGxN^-{+{RgZcoz3<|pj<S#t}Mf!H$t
zTX#J5Ib+j^YdVW(i#MCDw>-r_PTSt~5Wmm(uCUG9R`<K9if>z5eY`4JMB@Y(%mB5g
zx6pf;5u;|Cj@p@-Db`xdq-AHn4>+mR?;fiW#2PP)w{lYAEPBmrph7vFblbOGUE9Po
z!~az*C#ZJgX7-ek%o+7u^hH?DMYMbXCW$%+UKt>BiMTb$`2{>^x14}Noe^dxp{W+c
z>-`k+-fRpX9-I}Wkfj#VjeiO!v!Yoo{L}d>iy?u9Dbx!gYM9%sWs8*t3_mBwCY3K?
zymJsMVjmTv?$4R?&GvIOXAWGr7U}w+&{W>^&bfxu_9FGZJJWRR?WbLQ)#Tx$!EK#E
zB1G<nz!thrjooAH=I(Brp-BAR(~dyztX&w!c-{f4#pf7OsR9rRyTAlGcW&o9Ul>9&
zG1Oby2=GQknF>TOnaAe2Uz~}F{`Jh6BOoqlUvXma0L;QPpY5T6@@HA1Y12rs)PRW&
zNkcJGOK_tV>_r;ijn7aw%y(g19n3@~v<V_mFxMwp-5*cRDLfH1R0mpN$Nv56Fkd1_
zB?1`f%604ZOL)%h0{UD7;LnB?d^#-52eS!py$uppY37Q2QfT)f<Xm0o`1JYnYnXo9
zSPv&Zv6MiGw2k9Lyj4^rgV@1=ipcPAM`vft%E6)2UKq3?1^s~K6%atuZhl5lv+p-D
z1&T+K7{M_N{3fUp+Iicd#A_aEr=SfxmCE|)zvDW!4?!_)ub_Z~E{~uEXgFa;y-HPp
ztVS1X7*cmh>OoSH)%hXFERJLFw|zt#MzcX68KUOGxd9#_0>QU{7$<*3V)D^68cVe9
z(W4cjqGn($OZ`XF``r~{zpFMel9APHNL%aKDXNx?89iAP*kS7YC_}obY(p0=VoC5f
zP0*F(d50<+>Dac8CSn;@!4Ad80C+sa1hJP1$8}=K4+_l7iP9px$)o<X;`rUvKOjN3
z$$U<S#HJAIxsA#+!CsU4h6dR$5rg(2%L4M3u;`^4Qiibx))rr06i(cQhSpim!Tg5^
zN&4NVRBV@5V>BHPwiQtKT-e&uJ5MW+=c?qDm8-3HYbEoGTja2BEUVC~Yr2$b%P+qA
z>;UCjw;*L*Mm{$GGzHMB@?WQtCp*wD*pRV>yD`sU1CvHuf%0m%^{eWK52Z0rZ*<6Y
zdg{CG`sl|`pL`YbVyqwmLOEC=tE&rn(zc$ul=wKw@j%6{u=@f*Tgi$<WTK(1Ra%w}
zhL>bTlWZ3soxx@6HWR!9ySZrb@ecvr@m;cj73m5lMQ9F5C=OEl@auLYO@Or0KtjnT
z`*L{K7bplF1~iO^B^n+#LVJK?2*+=t9_gXcokAy#v-0P_jYn<PYp4pkSZRvW)hc(F
ziRdwks3GlI64cKL$uH?a&d=5{d}J@&RjA0f$CHK`46lp32Y-MY3t)D65GS4l{_yjM
z+9}n+iwt!nLIC*sQ<UeRhQnP3G^ZN187kKJdkJLBK~Wn=L^<hR!TDiVahCU6JDxEV
z48nx<_e<wck{`c172Q%sl)FHpp`3v1xEf6x{w`Qp6C{X;KCCQ}F{nbu>*61pw{4>!
z=o9PDoO!zN8F9IYbq((nb0m>E8e3n!`7Rfg2}<ii#OI~!gfyYiBa%OKRCvg7#aFFa
zQx7czVG{^a(b#DAsCci_26Z}egR`=*6#Yj!ot}n}6SOUHNlCJzDj5uh3C<m0Ug(8a
zcf~5g+zdG$1i!KapqTmab5v^|<iVNSquDCPIV%xe0DvhJl7Og<kUo(BTcA$}lO!>v
z#F{(!R35H9u6_l^Sf3uVV1B6`(`Wd|pW)&L)8cFkSJ!J3<rgk2#Ycm9G@Nxa$|T-C
z7~?(;wY4Dsv`>zO!&8fxN;zPc$@WG-gLk5OGTKfygHnRJ_*b&=12S0Xv=z-}{fA$y
z_ekuz@5?yhY<%R19K3S}0i+^h*Ql9o`^L(8c4jPtISf=$T2nIx7n_JbF{%?+4-m`v
zobZBzg6t<7l{}CL0hL7^@(}|NKtN=Yghsq>$qirwRUc5CD~KZKaX-P`bQ_5_fDgHh
zsTMG}PCoOaA~p}u2i%KzYnb38Fh>Ljm&S}j2})8R{v*At0?!0Ig4AZ5k%&jBL~;sd
z5sZSUWXpgE?Sj1(-Jkc+b4Ah*B6^d}@-MZVBQmkz0pTd|y3iXz>d+j+zzJe|7Y=jG
zHAEWc_7+TTNm-f6$caA%o)(tu{$x+zF$VJ(sEtHp5^~dBesUFF57mc*J2<C(Ni>7U
zcf|BSfLH{P1>{Q;r10_W8P>DOoT;rE00yl}{obC6>n|Iq9o=zaFn(x4Ws^O%zkQ|7
z99R)*(QVh^spiGng1XRCYpS5X7A-6)eqT1%wY0JzS*fkaa8tT|_(gv4v&R|tCQf*}
zeC`;RHe?m}Xi0}x>FH#id~7u{8(5WZ!nLD=*;<jy=g}EbgT0JiUcc-t7OPl%-!C!4
z-TFiC<A|mM_q}JkZ4|6-*5|&J_0pP>)%iAR=-Tw<bzkWnyK*m~`n~DW(gGqGZb#gN
zgw>@~e~pS<^sgc7*9L=pz)iAU8#|?I>RMZvE7aUOb{Sra26xidZh4ZUvOx7X--$15
zT1twsanzapzJti!jDSYKZ~1QloDON1mclnj+$zJwC&wheaI3jLTMz2;eZfBc#oI-o
z2(5+9VDBV1`AYCDni#L;!czjND&f>yT3f5I#0k%o#Mi9F1b!mC6P`w*TmXT+Fa!7&
zh9*%Ahp@DxG3OzLQF9RU?ro&nYWfZTgqx0oHK?d_ugOj*98f@~Td`k^M0~<wn&op}
z&qkK#lJN9`^kvhl+FGN{Vw?LcOO;2vj>*ir@Tz)_Iyrp{PCGhc?l`Q-rE;5Z^!MHk
zs9jbX5t~N0R-;7z4<&5$KPq86iXnU<eFCOYLVLpFgBUQNVHZ<U*a$_Mud5q6IJplO
zA#ubzrwX)u3BXgrs38g%nx440xX^+E&s(koko6t{Mn)7(5L*I20L(_g8D+-`77Yyi
z-FYAj69<&jDiH60bXbGnH?ji|QW(S=N8?!*qA)nO3JV<(6F@dcpg|^PXIy)jog3T}
z3&<Nq3Ip^DG`vv^*brsL-*e*T;W-X&V18FB<}xy!-~c242T41Dc=ksKG;kgoqLl|L
z8#i5y(k9dudm1ZOF_pI?t3X9n^*WXk;&ECdEKDFm%+PB=f8tUe#s`uK?#OAx*Z}Q2
zBEWNX_kqrV3<+ruZ?Gi_;@v#EQWem<@jm1D#@lLE$C*DHYR`?$ZebHmEqC_+rK!#K
z&sM64Cn+WfrI7g6v`1u<T}d4Bkn^U*>-S8*(`mwG$Oms}nQJbJqY>hQQ}gDmzUyfn
z63_Ork6|4f)Jo`+oIq_SP^@FnKoe`q2hQK(+T9+VNTep^{DQFh^7@f1aQc+|-oU^>
zY{oM{oE$1)bx+TMF=Y@~8TZm9iWN~`uRk?Q_t~t2S4Ed(;&BWY2xBoAcoN`@+n)qt
z>3-ZI48<{0tu(NF7Pc&+{~}hwQlGfAG`l=ImbsSvvcEWzgHBGFlCO}Z>im!D+6-VO
zsJY5`_h1vr(pdy-#mkrlbCk}{2wAIVD7->63~BDLvXd+sC%IJk!evfUm|{@cM0p%W
zJMGrBUO?$prR~7?Bhme-=kP?WlK!dEiJarb9~C<K`ucyddmkIQ$n=u7;JEcY%H`!V
zw9vPP#%YmZnd^H3C$6RED=u0TdC0{TTy+EI&f&!mK5KEQ(3dmCzt-LI{x}((SD!1Q
z<rDX*F1Gb~(yfP{ij?HQ@y(KU123~`%_@7VXpbC1<mDy*Ru|3>?erZ|c5ETmrSs>1
zd-Ec5fp*E2zyzDir@nZ9_+2@XVtbW(&FfpSdzyCe1-J%pGCDFm=XOx9TO|(P-1tyj
zr?0;1Tg^LF?#8T=61WviQ#4nB6n}7FG!_l#wgb~wv!tXZo_oZIOotg=X|Akni8C1Q
z{_wP71Dt$sX20pYm}xvEB9i*LbM&B!s>=E3i{o__Wp{sRPZ}^;omJovwnMKcZ%=_3
zfRvir+D~sAR&|#OTK0XF3h=j^=5!19Bqt?B{%p|W?`%BnAjN8DU2WN_*(c6!OwFA4
zB=6bf!)uL$&y`0Nk4V&7dB#4vE-!b7w|HfPchBejM-#Hsw+qagxCqXa@q6r%nDY8>
z1#$GmMUIs*J!(<p6V4b#fhyN6?-=$3mYMEA<p!gO)chq2=Ul=q-(7jHx0|i|k@mvj
z`G}t2HYu@+bJcH~w#Vqt*&hnZOps5Rv$Wx!Q_}AeSiIdXJcw_h_?E#070;s6Mzpk=
zpsz0nrFfxEeO+-&W=7lgVRN$ImhWQKDtF14mr%T(an7^pEr<Bn{JKNt@MXvE>ed<S
z6@RE*<ramUeRHXP`_hZftLWP)BkboZLjO{{R)x@uJ0D0x#w)J*k2+&cNOMciif0oc
QN4W4~WMHn(-067c-z+{QVgLXD


From d63ca857b415036dcd7e72ff2ea26cc8993f27ea Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sat, 21 Nov 2020 00:55:28 +0100
Subject: [PATCH 060/119] update rainloop to php 7.4

---
 webmails/rainloop/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webmails/rainloop/Dockerfile b/webmails/rainloop/Dockerfile
index c67c7496..ee040f25 100644
--- a/webmails/rainloop/Dockerfile
+++ b/webmails/rainloop/Dockerfile
@@ -2,10 +2,10 @@ ARG ARCH=""
 ARG QEMU=other
 
 # NOTE: only add file if building for arm
-FROM ${ARCH}php:7.3-apache as build_arm
+FROM ${ARCH}php:7.4-apache as build_arm
 ONBUILD COPY --from=balenalib/rpi-alpine:3.10 /usr/bin/qemu-arm-static /usr/bin/qemu-arm-static
 
-FROM ${ARCH}php:7.3-apache as build_other
+FROM ${ARCH}php:7.4-apache as build_other
 
 FROM build_${QEMU}
 #Shared layer between rainloop and roundcube

From 8dd5dac3ed6adecdd129aef42680ce3a04cd7413 Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sat, 21 Nov 2020 00:55:38 +0100
Subject: [PATCH 061/119] update roundcube to php 7.4

---
 webmails/roundcube/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webmails/roundcube/Dockerfile b/webmails/roundcube/Dockerfile
index 79b911b0..1c303342 100644
--- a/webmails/roundcube/Dockerfile
+++ b/webmails/roundcube/Dockerfile
@@ -1,10 +1,10 @@
 # NOTE: only add file if building for arm
 ARG ARCH=""
 ARG QEMU=other
-FROM ${ARCH}php:7.3-apache as build_arm
+FROM ${ARCH}php:7.4-apache as build_arm
 ONBUILD COPY --from=balenalib/rpi-alpine:3.10 /usr/bin/qemu-arm-static /usr/bin/qemu-arm-static
 
-FROM ${ARCH}php:7.3-apache as build_other
+FROM ${ARCH}php:7.4-apache as build_other
 
 FROM build_${QEMU}
 #Shared layer between rainloop and roundcube

From 54ccfdf97508ca034f5fc928fa4af09693d22423 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 21 Nov 2020 11:15:31 +0000
Subject: [PATCH 062/119] Bump cryptography from 2.6.1 to 3.2 in /core/admin

Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
---
 core/admin/requirements-prod.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/requirements-prod.txt b/core/admin/requirements-prod.txt
index 0e627da8..a3c32855 100644
--- a/core/admin/requirements-prod.txt
+++ b/core/admin/requirements-prod.txt
@@ -5,7 +5,7 @@ bcrypt==3.1.6
 blinker==1.4
 cffi==1.12.3
 Click==7.0
-cryptography==2.6.1
+cryptography==3.2
 decorator==4.4.0
 dnspython==1.16.0
 dominate==2.3.5

From eb0dc7f90a55c5023916d022bc73fcf95576cec4 Mon Sep 17 00:00:00 2001
From: ronivay <roni@vayrynen.info>
Date: Mon, 23 Nov 2020 08:55:58 +0200
Subject: [PATCH 063/119] disable php version expose

---
 webmails/rainloop/php.ini  | 1 +
 webmails/roundcube/php.ini | 1 +
 2 files changed, 2 insertions(+)

diff --git a/webmails/rainloop/php.ini b/webmails/rainloop/php.ini
index 39abbdd5..27992231 100644
--- a/webmails/rainloop/php.ini
+++ b/webmails/rainloop/php.ini
@@ -1,3 +1,4 @@
+expose_php=Off
 date.timezone=UTC
 upload_max_filesize = {{ MAX_FILESIZE }}M
 post_max_size = {{ MAX_FILESIZE }}M
diff --git a/webmails/roundcube/php.ini b/webmails/roundcube/php.ini
index 39abbdd5..27992231 100644
--- a/webmails/roundcube/php.ini
+++ b/webmails/roundcube/php.ini
@@ -1,3 +1,4 @@
+expose_php=Off
 date.timezone=UTC
 upload_max_filesize = {{ MAX_FILESIZE }}M
 post_max_size = {{ MAX_FILESIZE }}M

From 1ef62f5a2f7f20a8d6cea9f5928e703a6967fc9f Mon Sep 17 00:00:00 2001
From: ronivay <roni@vayrynen.info>
Date: Mon, 23 Nov 2020 09:17:40 +0200
Subject: [PATCH 064/119] changelog entry for #1696

---
 towncrier/newsfragments/1696.feature | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 towncrier/newsfragments/1696.feature

diff --git a/towncrier/newsfragments/1696.feature b/towncrier/newsfragments/1696.feature
new file mode 100644
index 00000000..7e6b4e8c
--- /dev/null
+++ b/towncrier/newsfragments/1696.feature
@@ -0,0 +1 @@
+Hide x-powered-by PHP-version header from webmails

From 96bf16605c81ac03f3c4614f41eef8658a37cceb Mon Sep 17 00:00:00 2001
From: ronivay <roni@vayrynen.info>
Date: Mon, 23 Nov 2020 09:27:55 +0200
Subject: [PATCH 065/119] fix changelog entry from feature to misc

---
 towncrier/newsfragments/{1696.feature => 1696.misc} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename towncrier/newsfragments/{1696.feature => 1696.misc} (100%)

diff --git a/towncrier/newsfragments/1696.feature b/towncrier/newsfragments/1696.misc
similarity index 100%
rename from towncrier/newsfragments/1696.feature
rename to towncrier/newsfragments/1696.misc

From 0b14fefb1acef5b7f8dccce56a1f94c8ad3854e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomasz=20W=C3=B3jcik?= <tomwojcik@users.noreply.github.com>
Date: Mon, 21 Dec 2020 00:19:27 +0100
Subject: [PATCH 066/119] fix typo in faq.rst

---
 docs/faq.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/faq.rst b/docs/faq.rst
index b292cd05..4037800a 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -129,7 +129,7 @@ So when you have something like this:
 - The admin interface generates ``MX`` and ``SPF`` examples which point to the first entry of ``HOSTNAMES`` but these are only examples.
   You can modify them to use any other ``HOSTNAMES`` entry.
 
-You're mail service will be reachable for IMAP, POP3, SMTP and Webmail at the addresses:
+Your mail service will be reachable for IMAP, POP3, SMTP and Webmail at the addresses:
 
 - mail.example.com
 - mail.foo.com

From bee0261dd8dd802e79ade31bc9e3a98f8c8a55b9 Mon Sep 17 00:00:00 2001
From: Stephan Holl <stephan@holl-land.de>
Date: Wed, 23 Dec 2020 18:48:11 +0100
Subject: [PATCH 067/119] Add details for postfix-overrides

---
 docs/faq.rst | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/faq.rst b/docs/faq.rst
index b292cd05..0a171bc9 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -257,7 +257,10 @@ Postfix, Dovecot, Nginx and Rspamd support overriding configuration files. Overr
 ``$ROOT/overrides``. Please refer to the official documentation of those programs for the
 correct syntax. The following file names will be taken as override configuration:
 
-- `Postfix`_ - ``postfix.cf`` in postfix sub-directory;
+- `Postfix`_ :
+   - ``postfix.cf`` as ``/overrides/postfix.cf``
+   - ``master.cf`` as ``/overrides/postfix.master``
+   - All ``/overrides/*.map`` files
 - `Dovecot`_ - ``dovecot.conf`` in dovecot sub-directory;
 - `Nginx`_ - All ``*.conf`` files in the ``nginx`` sub-directory;
 - `Rspamd`_ - All files in the ``rspamd`` sub-directory.

From 6ba40bc0d79e82d55b34694fd62093d88c470617 Mon Sep 17 00:00:00 2001
From: Stephan Holl <stephan@holl-land.de>
Date: Wed, 23 Dec 2020 18:53:56 +0100
Subject: [PATCH 068/119] Add newsfragment

---
 towncrier/newsfragments/1712.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 towncrier/newsfragments/1712.misc

diff --git a/towncrier/newsfragments/1712.misc b/towncrier/newsfragments/1712.misc
new file mode 100644
index 00000000..57c5a3b8
--- /dev/null
+++ b/towncrier/newsfragments/1712.misc
@@ -0,0 +1 @@
+This adds more details about the postfix-override possibilities (fixes #1628)

From 2b37be9889ef5e36b7e827a2fffbe9d3c1e187a9 Mon Sep 17 00:00:00 2001
From: Michael Wyraz <michael@wyraz.de>
Date: Fri, 15 Jan 2021 10:53:46 +0100
Subject: [PATCH 069/119] Use alpine 3.13 to fix CVE-2020-25275 and
 CVE-2020-24386

---
 core/dovecot/Dockerfile             | 2 +-
 towncrier/newsfragments/1720.bugfix | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 towncrier/newsfragments/1720.bugfix

diff --git a/core/dovecot/Dockerfile b/core/dovecot/Dockerfile
index f6f8f2e2..e1c20eff 100644
--- a/core/dovecot/Dockerfile
+++ b/core/dovecot/Dockerfile
@@ -1,4 +1,4 @@
-ARG DISTRO=alpine:3.12
+ARG DISTRO=alpine:3.13
 FROM $DISTRO as builder
 WORKDIR /tmp
 RUN apk add git build-base automake autoconf libtool dovecot-dev xapian-core-dev icu-dev
diff --git a/towncrier/newsfragments/1720.bugfix b/towncrier/newsfragments/1720.bugfix
new file mode 100644
index 00000000..0bf2b8e6
--- /dev/null
+++ b/towncrier/newsfragments/1720.bugfix
@@ -0,0 +1,2 @@
+Fix CVE-2020-25275 and CVE-2020-24386 by using alpine 3.13 for
+dovecot which contains a fixed dovecot version.

From f56af3053aec9980d1b8b022307208b676c8bc06 Mon Sep 17 00:00:00 2001
From: Mordi Sacks <MordiSacks@users.noreply.github.com>
Date: Sun, 17 Jan 2021 01:28:25 +0200
Subject: [PATCH 070/119] Removed email address

---
 core/admin/mailu/translations/he/LC_MESSAGES/messages.po | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/mailu/translations/he/LC_MESSAGES/messages.po b/core/admin/mailu/translations/he/LC_MESSAGES/messages.po
index 4fe58afc..e884b737 100644
--- a/core/admin/mailu/translations/he/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/he/LC_MESSAGES/messages.po
@@ -9,7 +9,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
 "PO-Revision-Date: 2019-11-27 22:20+0000\n"
-"Last-Translator: Mordi Sacks <mordisacks@gmail.com>\n"
+"Last-Translator: Mordi Sacks \n"
 "Language-Team: Hebrew <https://translate.tedomum.net/projects/mailu/admin/he/"
 ">\n"
 "Language: he\n"

From 82b5920b160e8be37ab9b6b27311c19463739dee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20P=2E=20Barazzutti?= <raphael@barazzutti.net>
Date: Thu, 21 Jan 2021 19:54:47 +0100
Subject: [PATCH 071/119] typos

---
 CHANGELOG.md      | 4 ++--
 docs/releases.rst | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a9c78f33..579f3e82 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@ The Dovecot and Postfix overrides are moved in their own sub-directory.
 If there are local override files, they will need to be moved from overrides/ to overrides/dovecot and overrides/postfix/.
 See https://mailu.io/1.8/faq.html#how-can-i-override-settings for all the mappings.
 
-Please not that the shipped image for PostgreSQL database is deprecated.
+Please note that the shipped image for PostgreSQL database is deprecated.
 We advise to switch to an external database server.
 
 <!-- TOWNCRIER -->
@@ -66,7 +66,7 @@ configuration and upgrade your mailu.env.
 
 If you run the PostgreSQL server, the database was upgrade, so you will need to
 dump the database before upgrading and load the dump after the upgrade is
-complete. Please not that the shipped image for PostgreSQL database will be
+complete. Please note that the shipped image for PostgreSQL database will be
 deprecated before 1.8.0, you can switch to an external database server by then.
 
 - Deprecation: using the internal postgres image will be deprecated by 1.8.0
diff --git a/docs/releases.rst b/docs/releases.rst
index e5bd06c0..141b66fd 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -33,7 +33,7 @@ Upgrading
 Upgrade should run fine as long as you generate a new compose or stack
 configuration and upgrade your mailu.env.
 
-Please not that the shipped image for PostgreSQL database is deprecated.
+Please note that the shipped image for PostgreSQL database is deprecated.
 The shipped image for PostgreSQL is not maintained anymore from release 1.8.
 We recommend switching to an external database as soon as possible.
 
@@ -95,7 +95,7 @@ configuration and upgrade your mailu.env.
 
 If you run the PostgreSQL server, the database was upgrade, so you will need to
 dump the database before upgrading and load the dump after the upgrade is
-complete. Please not that the shipped image for PostgreSQL database will be
+complete. Please note that the shipped image for PostgreSQL database will be
 deprecated before 1.8.0, you can switch to an external database server by then.
 
 

From 444529b7df2fca33f7bd3cdc9a89c3bb51e4e0b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20P=2E=20Barazzutti?= <raphael@barazzutti.net>
Date: Thu, 21 Jan 2021 19:55:53 +0100
Subject: [PATCH 072/119] rewording in doc

---
 docs/releases.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/releases.rst b/docs/releases.rst
index 141b66fd..f8b1c731 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -35,7 +35,7 @@ configuration and upgrade your mailu.env.
 
 Please note that the shipped image for PostgreSQL database is deprecated.
 The shipped image for PostgreSQL is not maintained anymore from release 1.8.
-We recommend switching to an external database as soon as possible.
+We recommend switching to another database as soon as possible (SQLite or MySQL).
 
 Override location changes
 ^^^^^^^^^^^^^^^^^^^^^^^^^

From 9e8183ee7193cffd42cd3e3ba9678a67e53a621e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20P=2E=20Barazzutti?= <raphael@barazzutti.net>
Date: Fri, 22 Jan 2021 05:29:54 +0100
Subject: [PATCH 073/119] rewording about the usage of PostgreSQL

Co-authored-by: lub <github@lubiland.de>
---
 docs/releases.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/releases.rst b/docs/releases.rst
index f8b1c731..7a15d1fa 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -35,7 +35,7 @@ configuration and upgrade your mailu.env.
 
 Please note that the shipped image for PostgreSQL database is deprecated.
 The shipped image for PostgreSQL is not maintained anymore from release 1.8.
-We recommend switching to another database as soon as possible (SQLite or MySQL).
+We recommend switching to an external PostgreSQL database as soon as possible.
 
 Override location changes
 ^^^^^^^^^^^^^^^^^^^^^^^^^

From 612632e4fc7b498d8fb1fc714af1a02d0e1a1859 Mon Sep 17 00:00:00 2001
From: ofthesun9 <olivier@ofthesun.net>
Date: Sun, 31 Jan 2021 10:58:41 +0100
Subject: [PATCH 074/119] Need to docker login before pulling images To avoid
 triggering the Download rate limite

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index 467f6f5b..ae50eedb 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -34,6 +34,7 @@ install:
 
 before_script:
   - docker-compose -v
+  - docker login -u $DOCKER_UN -p $DOCKER_PW
   - docker-compose -f tests/build.yml build
   - sudo -- sh -c 'mkdir -p /mailu && cp -r tests/certs /mailu && chmod 600 /mailu/certs/*'
 

From 788d069b5379b0ae86e5d955994e144cc4d246f8 Mon Sep 17 00:00:00 2001
From: ofthesun9 <olivier@ofthesun.net>
Date: Sun, 31 Jan 2021 15:39:32 +0100
Subject: [PATCH 075/119] Modify docker login cmd to use --password-stdin and
 avoid warning

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index ae50eedb..f2a85630 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -34,7 +34,7 @@ install:
 
 before_script:
   - docker-compose -v
-  - docker login -u $DOCKER_UN -p $DOCKER_PW
+  - echo "$DOCKER_PW" | docker login --username $DOCKER_UN --password-stdin 
   - docker-compose -f tests/build.yml build
   - sudo -- sh -c 'mkdir -p /mailu && cp -r tests/certs /mailu && chmod 600 /mailu/certs/*'
 

From 88f992de16ff6273b345136a0dca068c33cea9cc Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Sat, 13 Feb 2021 13:34:44 +0100
Subject: [PATCH 076/119] show flash messages again

This basically restores the behaviour, that got removed in
ecdf0c25b3d9bbaa028bdc46cb721d2fb406dde2 during refactoring.
---
 core/admin/mailu/ui/templates/base.html | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/admin/mailu/ui/templates/base.html b/core/admin/mailu/ui/templates/base.html
index 8a841e47..74d5653c 100644
--- a/core/admin/mailu/ui/templates/base.html
+++ b/core/admin/mailu/ui/templates/base.html
@@ -1,4 +1,5 @@
 {% import "macros.html" as macros %}
+{% import "bootstrap/utils.html" as utils %}
 <!doctype html>
 <html>
   <head>
@@ -37,6 +38,7 @@
         </section>
 
         <section class="content">
+          {{ utils.flashed_messages(container=False) }}
           {% block content %}{% endblock %}
         </section>
       </div>

From 3ada506dbd08451deb24bfefa53efa7f4fc18b19 Mon Sep 17 00:00:00 2001
From: Stephan Holl <1610827+sholl@users.noreply.github.com>
Date: Sat, 13 Feb 2021 17:35:33 +0100
Subject: [PATCH 077/119] Update docs/faq.rst

as @lub suggests

Co-authored-by: lub <github@lubiland.de>
---
 docs/faq.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/faq.rst b/docs/faq.rst
index 0a171bc9..f200199d 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -258,9 +258,9 @@ Postfix, Dovecot, Nginx and Rspamd support overriding configuration files. Overr
 correct syntax. The following file names will be taken as override configuration:
 
 - `Postfix`_ :
-   - ``postfix.cf`` as ``/overrides/postfix.cf``
-   - ``master.cf`` as ``/overrides/postfix.master``
-   - All ``/overrides/*.map`` files
+   - ``main.cf`` as ``$ROOT/overrides/postfix/postfix.cf``
+   - ``master.cf`` as ``$ROOT/overrides/postfix/postfix.master``
+   - All ``$ROOT/overrides/postfix/*.map`` files
 - `Dovecot`_ - ``dovecot.conf`` in dovecot sub-directory;
 - `Nginx`_ - All ``*.conf`` files in the ``nginx`` sub-directory;
 - `Rspamd`_ - All files in the ``rspamd`` sub-directory.

From aa8cb9890693b1563cb873df79d50a2fab6230e3 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 18 Feb 2021 12:31:45 +0100
Subject: [PATCH 078/119] Set sensible cookie options

---
 core/admin/mailu/configuration.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py
index 2cf6a478..982a1eb0 100644
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -123,6 +123,9 @@ class ConfigManager(dict):
 
         self.config['RATELIMIT_STORAGE_URL'] = 'redis://{0}/2'.format(self.config['REDIS_ADDRESS'])
         self.config['QUOTA_STORAGE_URL'] = 'redis://{0}/1'.format(self.config['REDIS_ADDRESS'])
+        self.config['SESSION_COOKIE_SAMESITE'] = 'Strict'
+        self.config['SESSION_COOKIE_HTTPONLY'] = True
+        self.config['SESSION_COOKIE_SECURE'] = self.config['TLS_FLAVOR'] != 'notls'
         # update the app config itself
         app.config = self
 

From b6716f0d74681919384733414b8ca93c0dbf3dca Mon Sep 17 00:00:00 2001
From: Dario Ernst <dario@kanojo.de>
Date: Sat, 20 Feb 2021 13:03:08 +0100
Subject: [PATCH 079/119] Remove "CHUNKING" capability from nginx-smtp
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

With `CHUNKING`set as a capability, nginx advertises this capability to
clients at a stage where the SMTP dialog does not seem to be forwarded
to the proxy-target (postfix) yet. Nginx' SMTP parser itself does not
support the `BDAT` command issued as part of a chunke-d dialog. This makes
Nginx respond with a `250 2.0.0 OK` and close the connection, after the
mail-data got sent by the client — without forwarding this to the
proxy-target.

With this, users mail can be lost.

Furthermore, when a user uses a sieve filter to forward mail, dovecot
sometimes chunks the forwarded mail when sending it through `front`.
These forwards then fail.

Removing `CHUNKING` from the capabilities fixes this behavior.
---
 core/nginx/conf/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index df598c94..f7d9f074 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -215,7 +215,7 @@ mail {
     {% endif %}
 
     # Advertise real capabilites of backends (postfix/dovecot)
-    smtp_capabilities PIPELINING SIZE {{ MESSAGE_SIZE_LIMIT }} ETRN ENHANCEDSTATUSCODES 8BITMIME DSN CHUNKING;
+    smtp_capabilities PIPELINING SIZE {{ MESSAGE_SIZE_LIMIT }} ETRN ENHANCEDSTATUSCODES 8BITMIME DSN;
     pop3_capabilities TOP UIDL RESP-CODES PIPELINING AUTH-RESP-CODE USER;
     imap_capabilities IMAP4 IMAP4rev1 UIDPLUS SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+;
 

From 76e5614d13abf71fa39f9bbe0a4c450af897c665 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Sat, 27 Feb 2021 10:37:59 +0100
Subject: [PATCH 080/119] Add mergify to the list of trusted authors

The idea is to prevent backports from being stuck pending for review for
too long.
---
 .mergify.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.mergify.yml b/.mergify.yml
index c1141a93..2af387ed 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -27,7 +27,7 @@ pull_request_rules:
 
   - name: Trusted author and 1 approved review; trigger bors r+
     conditions:
-      - author~=^(kaiyou|muhlemmer|mildred|HorayNarea|adi90x|hoellen|ofthesun9|Nebukadneza|micw|lub|Diman0)$
+      - author~=^(mergify|kaiyou|muhlemmer|mildred|HorayNarea|adi90x|hoellen|ofthesun9|Nebukadneza|micw|lub|Diman0)$
       - -title~=(WIP|wip)
       - -label~=^(status/wip|status/blocked|review/need2)$
       - "#approved-reviews-by>=1"

From af251216b0fd9f16b778d7808a1c672eedb1f2b3 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 11:31:51 +0000
Subject: [PATCH 081/119] Translated using Weblate (English)

Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
---
 core/admin/mailu/translations/en/LC_MESSAGES/messages.po | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
index 2ada20b1..91fee01b 100644
--- a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
@@ -8,8 +8,8 @@ msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
-"PO-Revision-Date: 2020-03-11 23:03+0000\n"
-"Last-Translator: Jae Beojkkoch <jae@jae.moe>\n"
+"PO-Revision-Date: 2021-03-03 11:35+0000\n"
+"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: English <https://translate.tedomum.net/projects/mailu/admin/"
 "en/>\n"
 "Language: en\n"
@@ -17,7 +17,7 @@ msgstr ""
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 3.11.2\n"
+"X-Generator: Weblate 4.0.1\n"
 "Generated-By: Babel 2.5.3\n"
 
 #: mailu/ui/forms.py:32
@@ -593,7 +593,7 @@ msgstr ""
 
 #: mailu/ui/templates/relay/create.html:4
 msgid "New relay domain"
-msgstr ""
+msgstr "New relay domain"
 
 #: mailu/ui/templates/relay/edit.html:4
 msgid "Edit relayd domain"

From 3a9a133226cc67ad3a2c7260763b1fe3c646dea4 Mon Sep 17 00:00:00 2001
From: Anonymous <noreply@weblate.org>
Date: Wed, 3 Mar 2021 11:34:06 +0000
Subject: [PATCH 082/119] Translated using Weblate (English)

Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
---
 core/admin/mailu/translations/en/LC_MESSAGES/messages.po | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
index 91fee01b..bdfe5716 100644
--- a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
@@ -9,7 +9,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
 "PO-Revision-Date: 2021-03-03 11:35+0000\n"
-"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
+"Last-Translator: Anonymous <noreply@weblate.org>\n"
 "Language-Team: English <https://translate.tedomum.net/projects/mailu/admin/"
 "en/>\n"
 "Language: en\n"
@@ -105,7 +105,7 @@ msgstr ""
 #: mailu/ui/forms.py:80 mailu/ui/templates/user/list.html:22
 #: mailu/ui/templates/user/signup_domain.html:16
 msgid "Quota"
-msgstr ""
+msgstr "Quota"
 
 #: mailu/ui/forms.py:81
 msgid "Allow IMAP access"
@@ -229,7 +229,7 @@ msgstr ""
 #: mailu/ui/forms.py:159 mailu/ui/templates/client.html:20
 #: mailu/ui/templates/client.html:47
 msgid "TCP port"
-msgstr ""
+msgstr "TCP port"
 
 #: mailu/ui/forms.py:160
 msgid "Enable TLS"

From b9c2dc1a79f33bb4c38aca5b80501f4b74de6a2a Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 11:24:19 +0000
Subject: [PATCH 083/119] Translated using Weblate (Catalan)

Currently translated at 98.6% (149 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
---
 core/admin/mailu/translations/ca/LC_MESSAGES/messages.po | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/admin/mailu/translations/ca/LC_MESSAGES/messages.po b/core/admin/mailu/translations/ca/LC_MESSAGES/messages.po
index f63b7083..76594a3c 100644
--- a/core/admin/mailu/translations/ca/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/ca/LC_MESSAGES/messages.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
-"PO-Revision-Date: 2020-04-26 13:09+0000\n"
+"PO-Revision-Date: 2021-03-03 11:35+0000\n"
 "Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: Catalan <https://translate.tedomum.net/projects/mailu/admin/"
 "ca/>\n"
@@ -304,7 +304,7 @@ msgstr "Resposta automàtica"
 #: mailu/ui/templates/fetch/list.html:4 mailu/ui/templates/sidebar.html:26
 #: mailu/ui/templates/user/list.html:36
 msgid "Fetched accounts"
-msgstr "Comptes trobats"
+msgstr "Comptes vinculats"
 
 #: mailu/ui/templates/sidebar.html:31 mailu/ui/templates/token/list.html:4
 msgid "Authentication tokens"
@@ -324,7 +324,7 @@ msgstr "Administradors"
 
 #: mailu/ui/templates/sidebar.html:54
 msgid "Relayed domains"
-msgstr "Dominis tramesos"
+msgstr "Dominis delegats"
 
 #: mailu/ui/templates/sidebar.html:59 mailu/ui/templates/user/settings.html:15
 msgid "Antispam"

From 725cdc270c0cce7f1e9ea5c3a14a4f7c5d22f39d Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 11:37:34 +0000
Subject: [PATCH 084/119] Translated using Weblate (Spanish)

Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
---
 core/admin/mailu/translations/es/LC_MESSAGES/messages.po | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/admin/mailu/translations/es/LC_MESSAGES/messages.po b/core/admin/mailu/translations/es/LC_MESSAGES/messages.po
index 94b39439..ff6b9f36 100644
--- a/core/admin/mailu/translations/es/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/es/LC_MESSAGES/messages.po
@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: Mailu\n"
-"PO-Revision-Date: 2020-03-11 23:03+0000\n"
+"PO-Revision-Date: 2021-03-03 12:37+0000\n"
 "Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: Spanish <https://translate.tedomum.net/projects/mailu/admin/"
 "es/>\n"
@@ -10,7 +10,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 3.11.2\n"
+"X-Generator: Weblate 4.0.1\n"
 
 #: mailu/ui/forms.py:32
 msgid "Invalid email address."
@@ -425,7 +425,7 @@ msgstr "Añadir una cuenta"
 
 #: mailu/ui/templates/fetch/list.html:19
 msgid "Endpoint"
-msgstr "Punto final"
+msgstr "Endpoint"
 
 #: mailu/ui/templates/fetch/list.html:22
 msgid "Last check"
@@ -437,7 +437,7 @@ msgstr "Añadir un gestor"
 
 #: mailu/ui/templates/manager/list.html:4
 msgid "Manager list"
-msgstr "Gestor de lista"
+msgstr "Lista de gestores"
 
 #: mailu/ui/templates/manager/list.html:12
 msgid "Add manager"

From 5e0aa65c8d29d6fc16d463fe4e34fa777b552a69 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 17:02:15 +0000
Subject: [PATCH 085/119] Translated using Weblate (Italian)

Currently translated at 96.3% (157 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
---
 core/admin/mailu/translations/it/LC_MESSAGES/messages.po | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/admin/mailu/translations/it/LC_MESSAGES/messages.po b/core/admin/mailu/translations/it/LC_MESSAGES/messages.po
index 9ef5ac84..6ec219bf 100644
--- a/core/admin/mailu/translations/it/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/it/LC_MESSAGES/messages.po
@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: Mailu\n"
-"PO-Revision-Date: 2020-03-11 23:03+0000\n"
+"PO-Revision-Date: 2021-03-03 17:03+0000\n"
 "Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: Italian <https://translate.tedomum.net/projects/mailu/admin/"
 "it/>\n"
@@ -10,7 +10,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 3.11.2\n"
+"X-Generator: Weblate 4.0.1\n"
 
 #: mailu/ui/forms.py:32
 msgid "Invalid email address."
@@ -576,6 +576,7 @@ msgid "Relayed domain list"
 msgstr "Elenco di domini affidati"
 
 #: mailu/ui/templates/relay/list.html:9
+#, fuzzy
 msgid "New relayed domain"
 msgstr "Nuovo dominio affidato"
 

From 43133d85154eae91c662b8b756dc3e89d26ac7cd Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 17:05:23 +0000
Subject: [PATCH 086/119] Added translation using Weblate (Basque)

---
 .../translations/eu/LC_MESSAGES/messages.po   | 669 ++++++++++++++++++
 1 file changed, 669 insertions(+)
 create mode 100644 core/admin/mailu/translations/eu/LC_MESSAGES/messages.po

diff --git a/core/admin/mailu/translations/eu/LC_MESSAGES/messages.po b/core/admin/mailu/translations/eu/LC_MESSAGES/messages.po
new file mode 100644
index 00000000..3a72c9af
--- /dev/null
+++ b/core/admin/mailu/translations/eu/LC_MESSAGES/messages.po
@@ -0,0 +1,669 @@
+# Translations template for PROJECT.
+# Copyright (C) 2018 ORGANIZATION
+# This file is distributed under the same license as the PROJECT project.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2018.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: PROJECT VERSION\n"
+"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
+"POT-Creation-Date: 2018-04-22 12:10+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: Automatically generated\n"
+"Language-Team: none\n"
+"Language: eu\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.5.3\n"
+
+#: mailu/ui/forms.py:32
+msgid "Invalid email address."
+msgstr ""
+
+#: mailu/ui/forms.py:36
+msgid "Confirm"
+msgstr ""
+
+#: mailu/ui/forms.py:40 mailu/ui/forms.py:77
+msgid "E-mail"
+msgstr ""
+
+#: mailu/ui/forms.py:41 mailu/ui/forms.py:78 mailu/ui/forms.py:90
+#: mailu/ui/forms.py:109 mailu/ui/forms.py:162
+#: mailu/ui/templates/client.html:32 mailu/ui/templates/client.html:59
+msgid "Password"
+msgstr ""
+
+#: mailu/ui/forms.py:42 mailu/ui/templates/login.html:4
+#: mailu/ui/templates/sidebar.html:111
+msgid "Sign in"
+msgstr ""
+
+#: mailu/ui/forms.py:46 mailu/ui/forms.py:56
+#: mailu/ui/templates/domain/details.html:27
+#: mailu/ui/templates/domain/list.html:18 mailu/ui/templates/relay/list.html:17
+msgid "Domain name"
+msgstr ""
+
+#: mailu/ui/forms.py:47
+msgid "Maximum user count"
+msgstr ""
+
+#: mailu/ui/forms.py:48
+msgid "Maximum alias count"
+msgstr ""
+
+#: mailu/ui/forms.py:49
+msgid "Maximum user quota"
+msgstr ""
+
+#: mailu/ui/forms.py:50
+msgid "Enable sign-up"
+msgstr ""
+
+#: mailu/ui/forms.py:51 mailu/ui/forms.py:72 mailu/ui/forms.py:83
+#: mailu/ui/forms.py:128 mailu/ui/forms.py:140
+#: mailu/ui/templates/alias/list.html:21 mailu/ui/templates/domain/list.html:21
+#: mailu/ui/templates/relay/list.html:19 mailu/ui/templates/token/list.html:19
+#: mailu/ui/templates/user/list.html:23
+msgid "Comment"
+msgstr ""
+
+#: mailu/ui/forms.py:52 mailu/ui/forms.py:61 mailu/ui/forms.py:66
+#: mailu/ui/forms.py:73 mailu/ui/forms.py:132 mailu/ui/forms.py:141
+msgid "Create"
+msgstr ""
+
+#: mailu/ui/forms.py:57
+msgid "Initial admin"
+msgstr ""
+
+#: mailu/ui/forms.py:58
+msgid "Admin password"
+msgstr ""
+
+#: mailu/ui/forms.py:59 mailu/ui/forms.py:79 mailu/ui/forms.py:91
+msgid "Confirm password"
+msgstr ""
+
+#: mailu/ui/forms.py:65
+msgid "Alternative name"
+msgstr ""
+
+#: mailu/ui/forms.py:70
+msgid "Relayed domain name"
+msgstr ""
+
+#: mailu/ui/forms.py:71 mailu/ui/templates/relay/list.html:18
+msgid "Remote host"
+msgstr ""
+
+#: mailu/ui/forms.py:80 mailu/ui/templates/user/list.html:22
+#: mailu/ui/templates/user/signup_domain.html:16
+msgid "Quota"
+msgstr ""
+
+#: mailu/ui/forms.py:81
+msgid "Allow IMAP access"
+msgstr ""
+
+#: mailu/ui/forms.py:82
+msgid "Allow POP3 access"
+msgstr ""
+
+#: mailu/ui/forms.py:84
+msgid "Enabled"
+msgstr ""
+
+#: mailu/ui/forms.py:85
+msgid "Save"
+msgstr ""
+
+#: mailu/ui/forms.py:89
+msgid "Email address"
+msgstr ""
+
+#: mailu/ui/forms.py:93 mailu/ui/templates/sidebar.html:117
+#: mailu/ui/templates/user/signup.html:4
+#: mailu/ui/templates/user/signup_domain.html:4
+msgid "Sign up"
+msgstr ""
+
+#: mailu/ui/forms.py:97
+msgid "Displayed name"
+msgstr ""
+
+#: mailu/ui/forms.py:98
+msgid "Enable spam filter"
+msgstr ""
+
+#: mailu/ui/forms.py:99
+msgid "Spam filter tolerance"
+msgstr ""
+
+#: mailu/ui/forms.py:100
+msgid "Enable forwarding"
+msgstr ""
+
+#: mailu/ui/forms.py:101
+msgid "Keep a copy of the emails"
+msgstr ""
+
+#: mailu/ui/forms.py:103 mailu/ui/forms.py:139
+#: mailu/ui/templates/alias/list.html:20
+msgid "Destination"
+msgstr ""
+
+#: mailu/ui/forms.py:105
+msgid "Save settings"
+msgstr ""
+
+#: mailu/ui/forms.py:110
+msgid "Password check"
+msgstr ""
+
+#: mailu/ui/forms.py:111 mailu/ui/templates/sidebar.html:16
+msgid "Update password"
+msgstr ""
+
+#: mailu/ui/forms.py:115
+msgid "Enable automatic reply"
+msgstr ""
+
+#: mailu/ui/forms.py:116
+msgid "Reply subject"
+msgstr ""
+
+#: mailu/ui/forms.py:117
+msgid "Reply body"
+msgstr ""
+
+#: mailu/ui/forms.py:119
+msgid "End of vacation"
+msgstr ""
+
+#: mailu/ui/forms.py:120
+msgid "Update"
+msgstr ""
+
+#: mailu/ui/forms.py:125
+msgid "Your token (write it down, as it will never be displayed again)"
+msgstr ""
+
+#: mailu/ui/forms.py:130 mailu/ui/templates/token/list.html:20
+msgid "Authorized IP"
+msgstr ""
+
+#: mailu/ui/forms.py:136
+msgid "Alias"
+msgstr ""
+
+#: mailu/ui/forms.py:138
+msgid "Use SQL LIKE Syntax (e.g. for catch-all aliases)"
+msgstr ""
+
+#: mailu/ui/forms.py:145
+msgid "Admin email"
+msgstr ""
+
+#: mailu/ui/forms.py:146 mailu/ui/forms.py:151 mailu/ui/forms.py:164
+msgid "Submit"
+msgstr ""
+
+#: mailu/ui/forms.py:150
+msgid "Manager email"
+msgstr ""
+
+#: mailu/ui/forms.py:155
+msgid "Protocol"
+msgstr ""
+
+#: mailu/ui/forms.py:158
+msgid "Hostname or IP"
+msgstr ""
+
+#: mailu/ui/forms.py:159 mailu/ui/templates/client.html:20
+#: mailu/ui/templates/client.html:47
+msgid "TCP port"
+msgstr ""
+
+#: mailu/ui/forms.py:160
+msgid "Enable TLS"
+msgstr ""
+
+#: mailu/ui/forms.py:161 mailu/ui/templates/client.html:28
+#: mailu/ui/templates/client.html:55 mailu/ui/templates/fetch/list.html:20
+msgid "Username"
+msgstr ""
+
+#: mailu/ui/forms.py:163
+msgid "Keep emails on the server"
+msgstr ""
+
+#: mailu/ui/forms.py:168
+msgid "Announcement subject"
+msgstr ""
+
+#: mailu/ui/forms.py:170
+msgid "Announcement body"
+msgstr ""
+
+#: mailu/ui/forms.py:172
+msgid "Send"
+msgstr ""
+
+#: mailu/ui/templates/announcement.html:4
+msgid "Public announcement"
+msgstr ""
+
+#: mailu/ui/templates/client.html:4 mailu/ui/templates/sidebar.html:82
+msgid "Client setup"
+msgstr ""
+
+#: mailu/ui/templates/client.html:16 mailu/ui/templates/client.html:43
+msgid "Mail protocol"
+msgstr ""
+
+#: mailu/ui/templates/client.html:24 mailu/ui/templates/client.html:51
+msgid "Server name"
+msgstr ""
+
+#: mailu/ui/templates/confirm.html:4
+msgid "Confirm action"
+msgstr ""
+
+#: mailu/ui/templates/confirm.html:13
+#, python-format
+msgid "You are about to %(action)s. Please confirm your action."
+msgstr ""
+
+#: mailu/ui/templates/docker-error.html:4
+msgid "Docker error"
+msgstr ""
+
+#: mailu/ui/templates/docker-error.html:12
+msgid "An error occurred while talking to the Docker server."
+msgstr ""
+
+#: mailu/ui/templates/login.html:8
+msgid "to access the administration tools"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:11 mailu/ui/templates/user/list.html:34
+msgid "Settings"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:21 mailu/ui/templates/user/list.html:35
+msgid "Auto-reply"
+msgstr ""
+
+#: mailu/ui/templates/fetch/list.html:4 mailu/ui/templates/sidebar.html:26
+#: mailu/ui/templates/user/list.html:36
+msgid "Fetched accounts"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:31 mailu/ui/templates/token/list.html:4
+msgid "Authentication tokens"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:35
+msgid "Administration"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:44
+msgid "Announcement"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:49
+msgid "Administrators"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:54
+msgid "Relayed domains"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:59 mailu/ui/templates/user/settings.html:15
+msgid "Antispam"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:66
+msgid "Mail domains"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:72
+msgid "Go to"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:76
+msgid "Webmail"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:87
+msgid "Website"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:92
+msgid "Help"
+msgstr ""
+
+#: mailu/ui/templates/domain/signup.html:4 mailu/ui/templates/sidebar.html:98
+msgid "Register a domain"
+msgstr ""
+
+#: mailu/ui/templates/sidebar.html:105
+msgid "Sign out"
+msgstr ""
+
+#: mailu/ui/templates/working.html:4
+msgid "We are still working on this feature!"
+msgstr ""
+
+#: mailu/ui/templates/admin/create.html:4
+msgid "Add a global administrator"
+msgstr ""
+
+#: mailu/ui/templates/admin/list.html:4
+msgid "Global administrators"
+msgstr ""
+
+#: mailu/ui/templates/admin/list.html:9
+msgid "Add administrator"
+msgstr ""
+
+#: mailu/ui/templates/admin/list.html:16 mailu/ui/templates/alias/list.html:18
+#: mailu/ui/templates/alternative/list.html:18
+#: mailu/ui/templates/domain/list.html:16 mailu/ui/templates/fetch/list.html:18
+#: mailu/ui/templates/manager/list.html:18
+#: mailu/ui/templates/relay/list.html:16 mailu/ui/templates/token/list.html:18
+#: mailu/ui/templates/user/list.html:18
+msgid "Actions"
+msgstr ""
+
+#: mailu/ui/templates/admin/list.html:17 mailu/ui/templates/alias/list.html:19
+#: mailu/ui/templates/manager/list.html:19 mailu/ui/templates/user/list.html:20
+msgid "Email"
+msgstr ""
+
+#: mailu/ui/templates/admin/list.html:22 mailu/ui/templates/alias/list.html:29
+#: mailu/ui/templates/alternative/list.html:25
+#: mailu/ui/templates/domain/list.html:31 mailu/ui/templates/fetch/list.html:31
+#: mailu/ui/templates/manager/list.html:24
+#: mailu/ui/templates/relay/list.html:27 mailu/ui/templates/token/list.html:26
+#: mailu/ui/templates/user/list.html:31
+msgid "Delete"
+msgstr ""
+
+#: mailu/ui/templates/alias/create.html:4
+msgid "Create alias"
+msgstr ""
+
+#: mailu/ui/templates/alias/edit.html:4
+msgid "Edit alias"
+msgstr ""
+
+#: mailu/ui/templates/alias/list.html:4
+msgid "Alias list"
+msgstr ""
+
+#: mailu/ui/templates/alias/list.html:12
+msgid "Add alias"
+msgstr ""
+
+#: mailu/ui/templates/alias/list.html:22
+#: mailu/ui/templates/alternative/list.html:20
+#: mailu/ui/templates/domain/list.html:22 mailu/ui/templates/fetch/list.html:24
+#: mailu/ui/templates/relay/list.html:20 mailu/ui/templates/token/list.html:21
+#: mailu/ui/templates/user/list.html:24
+msgid "Created"
+msgstr ""
+
+#: mailu/ui/templates/alias/list.html:23 mailu/ui/templates/domain/list.html:23
+#: mailu/ui/templates/fetch/list.html:25 mailu/ui/templates/relay/list.html:21
+#: mailu/ui/templates/user/list.html:25
+msgid "Last edit"
+msgstr ""
+
+#: mailu/ui/templates/alias/list.html:28 mailu/ui/templates/domain/list.html:30
+#: mailu/ui/templates/fetch/list.html:30 mailu/ui/templates/relay/list.html:26
+#: mailu/ui/templates/user/list.html:30
+msgid "Edit"
+msgstr ""
+
+#: mailu/ui/templates/alternative/create.html:4
+msgid "Create alternative domain"
+msgstr ""
+
+#: mailu/ui/templates/alternative/list.html:4
+msgid "Alternative domain list"
+msgstr ""
+
+#: mailu/ui/templates/alternative/list.html:12
+msgid "Add alternative"
+msgstr ""
+
+#: mailu/ui/templates/alternative/list.html:19
+msgid "Name"
+msgstr ""
+
+#: mailu/ui/templates/domain/create.html:4
+#: mailu/ui/templates/domain/list.html:9
+msgid "New domain"
+msgstr ""
+
+#: mailu/ui/templates/domain/details.html:4
+msgid "Domain details"
+msgstr ""
+
+#: mailu/ui/templates/domain/details.html:15
+msgid "Regenerate keys"
+msgstr ""
+
+#: mailu/ui/templates/domain/details.html:17
+msgid "Generate keys"
+msgstr ""
+
+#: mailu/ui/templates/domain/details.html:31
+msgid "DNS MX entry"
+msgstr ""
+
+#: mailu/ui/templates/domain/details.html:35
+msgid "DNS SPF entries"
+msgstr ""
+
+#: mailu/ui/templates/domain/details.html:42
+msgid "DKIM public key"
+msgstr ""
+
+#: mailu/ui/templates/domain/details.html:46
+msgid "DNS DKIM entry"
+msgstr ""
+
+#: mailu/ui/templates/domain/details.html:50
+msgid "DNS DMARC entry"
+msgstr ""
+
+#: mailu/ui/templates/domain/edit.html:4
+msgid "Edit domain"
+msgstr ""
+
+#: mailu/ui/templates/domain/list.html:4
+msgid "Domain list"
+msgstr ""
+
+#: mailu/ui/templates/domain/list.html:17
+msgid "Manage"
+msgstr ""
+
+#: mailu/ui/templates/domain/list.html:19
+msgid "Mailbox count"
+msgstr ""
+
+#: mailu/ui/templates/domain/list.html:20
+msgid "Alias count"
+msgstr ""
+
+#: mailu/ui/templates/domain/list.html:28
+msgid "Details"
+msgstr ""
+
+#: mailu/ui/templates/domain/list.html:35
+msgid "Users"
+msgstr ""
+
+#: mailu/ui/templates/domain/list.html:36
+msgid "Aliases"
+msgstr ""
+
+#: mailu/ui/templates/domain/list.html:37
+msgid "Managers"
+msgstr ""
+
+#: mailu/ui/templates/domain/list.html:39
+msgid "Alternatives"
+msgstr ""
+
+#: mailu/ui/templates/domain/signup.html:13
+msgid ""
+"In order to register a new domain, you must first setup the\n"
+"    domain zone so that the domain <code>MX</code> points to this server"
+msgstr ""
+
+#: mailu/ui/templates/domain/signup.html:18
+msgid ""
+"If you do not know how to setup an <code>MX</code> record for your DNS "
+"zone,\n"
+"    please contact your DNS provider or administrator. Also, please wait "
+"a\n"
+"    couple minutes after the <code>MX</code> is set so the local server "
+"cache\n"
+"    expires."
+msgstr ""
+
+#: mailu/ui/templates/fetch/create.html:4
+msgid "Add a fetched account"
+msgstr ""
+
+#: mailu/ui/templates/fetch/edit.html:4
+msgid "Update a fetched account"
+msgstr ""
+
+#: mailu/ui/templates/fetch/list.html:12
+msgid "Add an account"
+msgstr ""
+
+#: mailu/ui/templates/fetch/list.html:19
+msgid "Endpoint"
+msgstr ""
+
+#: mailu/ui/templates/fetch/list.html:21
+msgid "Keep emails"
+msgstr ""
+
+#: mailu/ui/templates/fetch/list.html:22
+msgid "Last check"
+msgstr ""
+
+#: mailu/ui/templates/fetch/list.html:35
+msgid "yes"
+msgstr ""
+
+#: mailu/ui/templates/fetch/list.html:35
+msgid "no"
+msgstr ""
+
+#: mailu/ui/templates/manager/create.html:4
+msgid "Add a manager"
+msgstr ""
+
+#: mailu/ui/templates/manager/list.html:4
+msgid "Manager list"
+msgstr ""
+
+#: mailu/ui/templates/manager/list.html:12
+msgid "Add manager"
+msgstr ""
+
+#: mailu/ui/templates/relay/create.html:4
+msgid "New relay domain"
+msgstr ""
+
+#: mailu/ui/templates/relay/edit.html:4
+msgid "Edit relayd domain"
+msgstr ""
+
+#: mailu/ui/templates/relay/list.html:4
+msgid "Relayed domain list"
+msgstr ""
+
+#: mailu/ui/templates/relay/list.html:9
+msgid "New relayed domain"
+msgstr ""
+
+#: mailu/ui/templates/token/create.html:4
+msgid "Create an authentication token"
+msgstr ""
+
+#: mailu/ui/templates/token/list.html:12
+msgid "New token"
+msgstr ""
+
+#: mailu/ui/templates/user/create.html:4
+msgid "New user"
+msgstr ""
+
+#: mailu/ui/templates/user/create.html:15
+msgid "General"
+msgstr ""
+
+#: mailu/ui/templates/user/create.html:22
+msgid "Features and quotas"
+msgstr ""
+
+#: mailu/ui/templates/user/edit.html:4
+msgid "Edit user"
+msgstr ""
+
+#: mailu/ui/templates/user/forward.html:4
+msgid "Forward emails"
+msgstr ""
+
+#: mailu/ui/templates/user/list.html:4
+msgid "User list"
+msgstr ""
+
+#: mailu/ui/templates/user/list.html:12
+msgid "Add user"
+msgstr ""
+
+#: mailu/ui/templates/user/list.html:19 mailu/ui/templates/user/settings.html:4
+msgid "User settings"
+msgstr ""
+
+#: mailu/ui/templates/user/list.html:21
+msgid "Features"
+msgstr ""
+
+#: mailu/ui/templates/user/password.html:4
+msgid "Password update"
+msgstr ""
+
+#: mailu/ui/templates/user/reply.html:4
+msgid "Automatic reply"
+msgstr ""
+
+#: mailu/ui/templates/user/settings.html:22
+msgid "Auto-forward"
+msgstr ""
+
+#: mailu/ui/templates/user/signup_domain.html:8
+msgid "pick a domain for the new account"
+msgstr ""
+
+#: mailu/ui/templates/user/signup_domain.html:14
+msgid "Domain"
+msgstr ""
+
+#: mailu/ui/templates/user/signup_domain.html:15
+msgid "Available slots"
+msgstr ""

From 7de94275a0c01f9b11bcf533b42a7e7148b6b4f2 Mon Sep 17 00:00:00 2001
From: Anonymous <noreply@weblate.org>
Date: Wed, 3 Mar 2021 11:35:58 +0000
Subject: [PATCH 087/119] Translated using Weblate (English)

Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
---
 .../mailu/translations/en/LC_MESSAGES/messages.po      | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
index bdfe5716..0b050560 100644
--- a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
-"PO-Revision-Date: 2021-03-03 11:35+0000\n"
+"PO-Revision-Date: 2021-03-03 17:17+0000\n"
 "Last-Translator: Anonymous <noreply@weblate.org>\n"
 "Language-Team: English <https://translate.tedomum.net/projects/mailu/admin/"
 "en/>\n"
@@ -30,13 +30,13 @@ msgstr "Confirm"
 
 #: mailu/ui/forms.py:40 mailu/ui/forms.py:77
 msgid "E-mail"
-msgstr ""
+msgstr "E-mail"
 
 #: mailu/ui/forms.py:41 mailu/ui/forms.py:78 mailu/ui/forms.py:90
 #: mailu/ui/forms.py:109 mailu/ui/forms.py:162
 #: mailu/ui/templates/client.html:32 mailu/ui/templates/client.html:59
 msgid "Password"
-msgstr ""
+msgstr "Password"
 
 #: mailu/ui/forms.py:42 mailu/ui/templates/login.html:4
 #: mailu/ui/templates/sidebar.html:111
@@ -283,7 +283,7 @@ msgstr ""
 
 #: mailu/ui/templates/docker-error.html:4
 msgid "Docker error"
-msgstr ""
+msgstr "Docker error"
 
 #: mailu/ui/templates/docker-error.html:12
 msgid "An error occurred while talking to the Docker server."
@@ -669,7 +669,7 @@ msgstr ""
 
 #: mailu/ui/templates/user/signup_domain.html:14
 msgid "Domain"
-msgstr ""
+msgstr "Domain"
 
 #: mailu/ui/templates/user/signup_domain.html:15
 msgid "Available slots"

From 7c0158c5f8fc64ca4dc913229e81e51367283ca7 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 11:36:15 +0000
Subject: [PATCH 088/119] Translated using Weblate (English)

Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
---
 core/admin/mailu/translations/en/LC_MESSAGES/messages.po | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
index 0b050560..a09ac1c7 100644
--- a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
@@ -9,7 +9,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
 "PO-Revision-Date: 2021-03-03 17:17+0000\n"
-"Last-Translator: Anonymous <noreply@weblate.org>\n"
+"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: English <https://translate.tedomum.net/projects/mailu/admin/"
 "en/>\n"
 "Language: en\n"
@@ -328,7 +328,7 @@ msgstr ""
 
 #: mailu/ui/templates/sidebar.html:54
 msgid "Relayed domains"
-msgstr ""
+msgstr "Relayed domains"
 
 #: mailu/ui/templates/sidebar.html:59 mailu/ui/templates/user/settings.html:15
 msgid "Antispam"
@@ -601,11 +601,11 @@ msgstr ""
 
 #: mailu/ui/templates/relay/list.html:4
 msgid "Relayed domain list"
-msgstr ""
+msgstr "Relayed domain list"
 
 #: mailu/ui/templates/relay/list.html:9
 msgid "New relayed domain"
-msgstr ""
+msgstr "New relayed domain"
 
 #: mailu/ui/templates/token/create.html:4
 msgid "Create an authentication token"

From a2933d00f3e9ab6834de095f9a6a5975be9c4bce Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 17:17:19 +0000
Subject: [PATCH 089/119] Translated using Weblate (English)

Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
---
 core/admin/mailu/translations/en/LC_MESSAGES/messages.po | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
index a09ac1c7..68f0177d 100644
--- a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
-"PO-Revision-Date: 2021-03-03 17:17+0000\n"
+"PO-Revision-Date: 2021-03-03 17:57+0000\n"
 "Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: English <https://translate.tedomum.net/projects/mailu/admin/"
 "en/>\n"
@@ -51,7 +51,7 @@ msgstr ""
 
 #: mailu/ui/forms.py:47
 msgid "Maximum user count"
-msgstr ""
+msgstr "Maximum user count"
 
 #: mailu/ui/forms.py:48
 msgid "Maximum alias count"
@@ -332,7 +332,7 @@ msgstr "Relayed domains"
 
 #: mailu/ui/templates/sidebar.html:59 mailu/ui/templates/user/settings.html:15
 msgid "Antispam"
-msgstr ""
+msgstr "Antispam"
 
 #: mailu/ui/templates/sidebar.html:66
 msgid "Mail domains"

From 3d17000ceb419014c9a7fb20fb90e4f9257cc33e Mon Sep 17 00:00:00 2001
From: Anonymous <noreply@weblate.org>
Date: Wed, 3 Mar 2021 17:20:37 +0000
Subject: [PATCH 090/119] Translated using Weblate (English)

Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
---
 .../translations/en/LC_MESSAGES/messages.po   | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
index 68f0177d..026f47c6 100644
--- a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
@@ -9,7 +9,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
 "PO-Revision-Date: 2021-03-03 17:57+0000\n"
-"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
+"Last-Translator: Anonymous <noreply@weblate.org>\n"
 "Language-Team: English <https://translate.tedomum.net/projects/mailu/admin/"
 "en/>\n"
 "Language: en\n"
@@ -71,12 +71,12 @@ msgstr ""
 #: mailu/ui/templates/relay/list.html:19 mailu/ui/templates/token/list.html:19
 #: mailu/ui/templates/user/list.html:23
 msgid "Comment"
-msgstr ""
+msgstr "Comment"
 
 #: mailu/ui/forms.py:52 mailu/ui/forms.py:61 mailu/ui/forms.py:66
 #: mailu/ui/forms.py:73 mailu/ui/forms.py:132 mailu/ui/forms.py:141
 msgid "Create"
-msgstr ""
+msgstr "Create"
 
 #: mailu/ui/forms.py:57
 msgid "Initial admin"
@@ -88,11 +88,11 @@ msgstr ""
 
 #: mailu/ui/forms.py:59 mailu/ui/forms.py:79 mailu/ui/forms.py:91
 msgid "Confirm password"
-msgstr ""
+msgstr "Confirm password"
 
 #: mailu/ui/forms.py:65
 msgid "Alternative name"
-msgstr ""
+msgstr "Alternative name"
 
 #: mailu/ui/forms.py:70
 msgid "Relayed domain name"
@@ -109,19 +109,19 @@ msgstr "Quota"
 
 #: mailu/ui/forms.py:81
 msgid "Allow IMAP access"
-msgstr ""
+msgstr "Allow IMAP access"
 
 #: mailu/ui/forms.py:82
 msgid "Allow POP3 access"
-msgstr ""
+msgstr "Allow POP3 access"
 
 #: mailu/ui/forms.py:84
 msgid "Enabled"
-msgstr ""
+msgstr "Enabled"
 
 #: mailu/ui/forms.py:85
 msgid "Save"
-msgstr ""
+msgstr "Save"
 
 #: mailu/ui/forms.py:89
 msgid "Email address"
@@ -139,7 +139,7 @@ msgstr ""
 
 #: mailu/ui/forms.py:98
 msgid "Enable spam filter"
-msgstr ""
+msgstr "Enable spam filter"
 
 #: mailu/ui/forms.py:99
 msgid "Spam filter tolerance"

From 0dc8817f326d03f7d0478d8e3356520b0e85f3d0 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 17:57:27 +0000
Subject: [PATCH 091/119] Translated using Weblate (English)

Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
---
 .../translations/en/LC_MESSAGES/messages.po      | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
index 026f47c6..6773c1f2 100644
--- a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
@@ -8,8 +8,8 @@ msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
-"PO-Revision-Date: 2021-03-03 17:57+0000\n"
-"Last-Translator: Anonymous <noreply@weblate.org>\n"
+"PO-Revision-Date: 2021-03-03 18:18+0000\n"
+"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: English <https://translate.tedomum.net/projects/mailu/admin/"
 "en/>\n"
 "Language: en\n"
@@ -59,11 +59,11 @@ msgstr ""
 
 #: mailu/ui/forms.py:49
 msgid "Maximum user quota"
-msgstr ""
+msgstr "Maximum user quota"
 
 #: mailu/ui/forms.py:50
 msgid "Enable sign-up"
-msgstr ""
+msgstr "Enable sign-up"
 
 #: mailu/ui/forms.py:51 mailu/ui/forms.py:72 mailu/ui/forms.py:83
 #: mailu/ui/forms.py:128 mailu/ui/forms.py:140
@@ -80,11 +80,11 @@ msgstr "Create"
 
 #: mailu/ui/forms.py:57
 msgid "Initial admin"
-msgstr ""
+msgstr "Initial admin"
 
 #: mailu/ui/forms.py:58
 msgid "Admin password"
-msgstr ""
+msgstr "Admin password"
 
 #: mailu/ui/forms.py:59 mailu/ui/forms.py:79 mailu/ui/forms.py:91
 msgid "Confirm password"
@@ -131,7 +131,7 @@ msgstr ""
 #: mailu/ui/templates/user/signup.html:4
 #: mailu/ui/templates/user/signup_domain.html:4
 msgid "Sign up"
-msgstr ""
+msgstr "Sign up"
 
 #: mailu/ui/forms.py:97
 msgid "Displayed name"
@@ -143,7 +143,7 @@ msgstr "Enable spam filter"
 
 #: mailu/ui/forms.py:99
 msgid "Spam filter tolerance"
-msgstr ""
+msgstr "Spam filter tolerance"
 
 #: mailu/ui/forms.py:100
 msgid "Enable forwarding"

From 58c22fd2c6128e208c1fb7dc128ba7ac548261b0 Mon Sep 17 00:00:00 2001
From: Anonymous <noreply@weblate.org>
Date: Wed, 3 Mar 2021 18:09:32 +0000
Subject: [PATCH 092/119] Translated using Weblate (English)

Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
---
 .../mailu/translations/en/LC_MESSAGES/messages.po    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
index 6773c1f2..f931b362 100644
--- a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
@@ -9,7 +9,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
 "PO-Revision-Date: 2021-03-03 18:18+0000\n"
-"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
+"Last-Translator: Anonymous <noreply@weblate.org>\n"
 "Language-Team: English <https://translate.tedomum.net/projects/mailu/admin/"
 "en/>\n"
 "Language: en\n"
@@ -147,7 +147,7 @@ msgstr "Spam filter tolerance"
 
 #: mailu/ui/forms.py:100
 msgid "Enable forwarding"
-msgstr ""
+msgstr "Enable forwarding"
 
 #: mailu/ui/forms.py:101
 msgid "Keep a copy of the emails"
@@ -160,7 +160,7 @@ msgstr ""
 
 #: mailu/ui/forms.py:105
 msgid "Save settings"
-msgstr ""
+msgstr "Save settings"
 
 #: mailu/ui/forms.py:110
 msgid "Password check"
@@ -184,11 +184,11 @@ msgstr ""
 
 #: mailu/ui/forms.py:119
 msgid "End of vacation"
-msgstr ""
+msgstr "End of vacation"
 
 #: mailu/ui/forms.py:120
 msgid "Update"
-msgstr ""
+msgstr "Update"
 
 #: mailu/ui/forms.py:125
 msgid "Your token (write it down, as it will never be displayed again)"
@@ -200,7 +200,7 @@ msgstr ""
 
 #: mailu/ui/forms.py:136
 msgid "Alias"
-msgstr ""
+msgstr "Alias"
 
 #: mailu/ui/forms.py:138
 msgid "Use SQL LIKE Syntax (e.g. for catch-all aliases)"

From 6da597887060fa66bb3d711dde96749718bfcf6b Mon Sep 17 00:00:00 2001
From: Anonymous <noreply@weblate.org>
Date: Wed, 3 Mar 2021 11:39:11 +0000
Subject: [PATCH 093/119] Translated using Weblate (German)

Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/de/
---
 .../mailu/translations/de/LC_MESSAGES/messages.po  | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/core/admin/mailu/translations/de/LC_MESSAGES/messages.po b/core/admin/mailu/translations/de/LC_MESSAGES/messages.po
index 941c22ef..4ae71561 100644
--- a/core/admin/mailu/translations/de/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/de/LC_MESSAGES/messages.po
@@ -1,11 +1,16 @@
 msgid ""
 msgstr ""
+"Project-Id-Version: Mailu\n"
+"PO-Revision-Date: 2021-03-04 18:46+0000\n"
+"Last-Translator: Anonymous <noreply@weblate.org>\n"
+"Language-Team: German <https://translate.tedomum.net/projects/mailu/admin/de/"
+">\n"
+"Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: POEditor.com\n"
-"Project-Id-Version: Mailu\n"
-"Language: de\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.0.1\n"
 
 #: mailu/ui/forms.py:32
 msgid "Invalid email address."
@@ -64,7 +69,7 @@ msgstr "Passwort bestätigen"
 #: mailu/ui/forms.py:80 mailu/ui/templates/user/list.html:22
 #: mailu/ui/templates/user/signup_domain.html:16
 msgid "Quota"
-msgstr "Quota"
+msgstr "Kontingent"
 
 #: mailu/ui/forms.py:81
 msgid "Allow IMAP access"
@@ -699,4 +704,3 @@ msgstr "Domain"
 #: mailu/ui/templates/user/signup_domain.html:15
 msgid "Available slots"
 msgstr "Verfügbare Plätze"
-

From 6143d66eb888cc02a58ba91bc5e912cdc1d31424 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 18:18:39 +0000
Subject: [PATCH 094/119] Translated using Weblate (English)

Currently translated at 39.2% (64 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
---
 core/admin/mailu/translations/en/LC_MESSAGES/messages.po | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
index f931b362..4db1dbf1 100644
--- a/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/en/LC_MESSAGES/messages.po
@@ -8,8 +8,8 @@ msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
-"PO-Revision-Date: 2021-03-03 18:18+0000\n"
-"Last-Translator: Anonymous <noreply@weblate.org>\n"
+"PO-Revision-Date: 2021-03-04 18:46+0000\n"
+"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: English <https://translate.tedomum.net/projects/mailu/admin/"
 "en/>\n"
 "Language: en\n"
@@ -196,7 +196,7 @@ msgstr ""
 
 #: mailu/ui/forms.py:130 mailu/ui/templates/token/list.html:20
 msgid "Authorized IP"
-msgstr ""
+msgstr "Authorized IP"
 
 #: mailu/ui/forms.py:136
 msgid "Alias"

From 5e96a4bfcfbe93a3a45922811b4e88ebad874fa8 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 13:11:18 +0000
Subject: [PATCH 095/119] Translated using Weblate (Spanish)

Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
---
 core/admin/mailu/translations/es/LC_MESSAGES/messages.po | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/admin/mailu/translations/es/LC_MESSAGES/messages.po b/core/admin/mailu/translations/es/LC_MESSAGES/messages.po
index ff6b9f36..c70ed6f5 100644
--- a/core/admin/mailu/translations/es/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/es/LC_MESSAGES/messages.po
@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: Mailu\n"
-"PO-Revision-Date: 2021-03-03 12:37+0000\n"
+"PO-Revision-Date: 2021-03-04 18:46+0000\n"
 "Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: Spanish <https://translate.tedomum.net/projects/mailu/admin/"
 "es/>\n"
@@ -578,7 +578,7 @@ msgstr "Lista de dominios externos (relayed)"
 
 #: mailu/ui/templates/relay/list.html:9
 msgid "New relayed domain"
-msgstr "Nuevo dominio externo (relayed)"
+msgstr "Editar dominio externo (relay)"
 
 #: mailu/ui/forms.py:125
 msgid "Your token (write it down, as it will never be displayed again)"

From 480ec29d3d8dbde9bb1ad7b7ba9fb79b630d87a9 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 17:03:23 +0000
Subject: [PATCH 096/119] Translated using Weblate (Italian)

Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
---
 core/admin/mailu/translations/it/LC_MESSAGES/messages.po | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/core/admin/mailu/translations/it/LC_MESSAGES/messages.po b/core/admin/mailu/translations/it/LC_MESSAGES/messages.po
index 6ec219bf..9ed5e132 100644
--- a/core/admin/mailu/translations/it/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/it/LC_MESSAGES/messages.po
@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: Mailu\n"
-"PO-Revision-Date: 2021-03-03 17:03+0000\n"
+"PO-Revision-Date: 2021-03-04 18:46+0000\n"
 "Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: Italian <https://translate.tedomum.net/projects/mailu/admin/"
 "it/>\n"
@@ -576,7 +576,6 @@ msgid "Relayed domain list"
 msgstr "Elenco di domini affidati"
 
 #: mailu/ui/templates/relay/list.html:9
-#, fuzzy
 msgid "New relayed domain"
 msgstr "Nuovo dominio affidato"
 

From 7a01a6338968ceba61443416f697dc78662c26bd Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 12:15:37 +0000
Subject: [PATCH 097/119] Translated using Weblate (Portuguese)

Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/pt/
---
 .../mailu/translations/pt/LC_MESSAGES/messages.po  | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/core/admin/mailu/translations/pt/LC_MESSAGES/messages.po b/core/admin/mailu/translations/pt/LC_MESSAGES/messages.po
index 58338380..f9673767 100644
--- a/core/admin/mailu/translations/pt/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/pt/LC_MESSAGES/messages.po
@@ -1,11 +1,16 @@
 msgid ""
 msgstr ""
+"Project-Id-Version: Mailu\n"
+"PO-Revision-Date: 2021-03-04 18:46+0000\n"
+"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
+"Language-Team: Portuguese <https://translate.tedomum.net/projects/mailu/"
+"admin/pt/>\n"
+"Language: pt\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: POEditor.com\n"
-"Project-Id-Version: Mailu\n"
-"Language: pt\n"
+"Plural-Forms: nplurals=2; plural=n > 1;\n"
+"X-Generator: Weblate 4.0.1\n"
 
 #: mailu/ui/forms.py:32
 msgid "Invalid email address."
@@ -183,7 +188,7 @@ msgstr "Erro no docker"
 
 #: mailu/ui/templates/docker-error.html:12
 msgid "An error occurred while talking to the Docker server."
-msgstr "Um erro foi encontrado na conexão com o servidor Docker"
+msgstr "Um erro foi encontrado na conexão com o servidor Docker."
 
 #: mailu/admin/templates/login.html:6
 msgid "Your account"
@@ -700,4 +705,3 @@ msgstr "Domínio"
 #: mailu/ui/templates/user/signup_domain.html:15
 msgid "Available slots"
 msgstr "Slots disponíveis"
-

From afae5d1c24a33f8f6652e5d23105c63b18d5d546 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 12:16:00 +0000
Subject: [PATCH 098/119] Translated using Weblate (Russian)

Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ru/
---
 core/admin/mailu/translations/ru/LC_MESSAGES/messages.po | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/admin/mailu/translations/ru/LC_MESSAGES/messages.po b/core/admin/mailu/translations/ru/LC_MESSAGES/messages.po
index 72e5f0cb..790119fc 100644
--- a/core/admin/mailu/translations/ru/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/ru/LC_MESSAGES/messages.po
@@ -1,8 +1,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: Mailu\n"
-"PO-Revision-Date: 2019-07-22 06:23+0000\n"
-"Last-Translator: kaiyou <pierre@jaury.eu>\n"
+"PO-Revision-Date: 2021-03-04 18:46+0000\n"
+"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: Russian <https://translate.tedomum.net/projects/mailu/admin/"
 "ru/>\n"
 "Language: ru\n"
@@ -11,7 +11,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<="
 "4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 3.3\n"
+"X-Generator: Weblate 4.0.1\n"
 
 #: mailu/ui/forms.py:32
 msgid "Invalid email address."
@@ -189,7 +189,7 @@ msgstr "Ошибка Docker"
 
 #: mailu/ui/templates/docker-error.html:12
 msgid "An error occurred while talking to the Docker server."
-msgstr "Произошла ошибка при обращении к серверу Docker"
+msgstr "Произошла ошибка при обращении к серверу Docker."
 
 #: mailu/admin/templates/login.html:6
 msgid "Your account"

From cd9992f79cbc399b30e713e9bea5ed98f4371227 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 12:16:15 +0000
Subject: [PATCH 099/119] Translated using Weblate (Swedish)

Currently translated at 74.2% (121 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/sv/
---
 .../mailu/translations/sv/LC_MESSAGES/messages.po  | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/core/admin/mailu/translations/sv/LC_MESSAGES/messages.po b/core/admin/mailu/translations/sv/LC_MESSAGES/messages.po
index 825888f1..071040f6 100644
--- a/core/admin/mailu/translations/sv/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/sv/LC_MESSAGES/messages.po
@@ -1,11 +1,16 @@
 msgid ""
 msgstr ""
+"Project-Id-Version: Mailu\n"
+"PO-Revision-Date: 2021-03-04 18:46+0000\n"
+"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
+"Language-Team: Swedish <https://translate.tedomum.net/projects/mailu/admin/"
+"sv/>\n"
+"Language: sv\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: POEditor.com\n"
-"Project-Id-Version: Mailu\n"
-"Language: sk\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.0.1\n"
 
 #: mailu/ui/forms.py:32
 msgid "Invalid email address."
@@ -183,7 +188,7 @@ msgstr "Docker fel"
 
 #: mailu/ui/templates/docker-error.html:12
 msgid "An error occurred while talking to the Docker server."
-msgstr "Ett fel inträffade vid kommunikation med Docker"
+msgstr "Ett fel inträffade vid kommunikation med Docker."
 
 #: mailu/admin/templates/login.html:6
 msgid "Your account"
@@ -699,4 +704,3 @@ msgstr ""
 #: mailu/ui/templates/user/signup_domain.html:15
 msgid "Available slots"
 msgstr ""
-

From a49b9d79744282ea3b404845a262ed8324595504 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 11:43:04 +0000
Subject: [PATCH 100/119] Translated using Weblate (Catalan)

Currently translated at 99.3% (150 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
---
 .../translations/ca/LC_MESSAGES/messages.po   | 34 ++++++++++---------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/core/admin/mailu/translations/ca/LC_MESSAGES/messages.po b/core/admin/mailu/translations/ca/LC_MESSAGES/messages.po
index 76594a3c..880709f1 100644
--- a/core/admin/mailu/translations/ca/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/ca/LC_MESSAGES/messages.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
-"PO-Revision-Date: 2021-03-03 11:35+0000\n"
+"PO-Revision-Date: 2021-03-04 18:46+0000\n"
 "Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
 "Language-Team: Catalan <https://translate.tedomum.net/projects/mailu/admin/"
 "ca/>\n"
@@ -139,7 +139,7 @@ msgstr "Nom per mostrar"
 
 #: mailu/ui/forms.py:98
 msgid "Enable spam filter"
-msgstr "Activeu filtre d'spam"
+msgstr "Activeu filtre spam"
 
 #: mailu/ui/forms.py:99
 msgid "Spam filter tolerance"
@@ -204,7 +204,8 @@ msgstr "Àlies"
 
 #: mailu/ui/forms.py:138
 msgid "Use SQL LIKE Syntax (e.g. for catch-all aliases)"
-msgstr "Feu servir sintaxi tipus SQL (ex. per a agafar tots els àlies)"
+msgstr ""
+"Feu servir sintaxi tipus SQL (ex. per seleccionar tots els àlies catch-all)"
 
 #: mailu/ui/forms.py:145
 msgid "Admin email"
@@ -246,11 +247,11 @@ msgstr "Mantén els correus al servidor"
 
 #: mailu/ui/forms.py:168
 msgid "Announcement subject"
-msgstr "Tema de l'avís"
+msgstr "Tema de la notificació"
 
 #: mailu/ui/forms.py:170
 msgid "Announcement body"
-msgstr "Missatge de l'avís"
+msgstr "Missatge de la notificació"
 
 #: mailu/ui/forms.py:172
 msgid "Send"
@@ -258,7 +259,7 @@ msgstr "Envia"
 
 #: mailu/ui/templates/announcement.html:4
 msgid "Public announcement"
-msgstr "Avís públic"
+msgstr "Notificació pública"
 
 #: mailu/ui/templates/client.html:4 mailu/ui/templates/sidebar.html:82
 msgid "Client setup"
@@ -316,7 +317,7 @@ msgstr "Administració"
 
 #: mailu/ui/templates/sidebar.html:44
 msgid "Announcement"
-msgstr "Avís"
+msgstr "Notificació"
 
 #: mailu/ui/templates/sidebar.html:49
 msgid "Administrators"
@@ -324,7 +325,7 @@ msgstr "Administradors"
 
 #: mailu/ui/templates/sidebar.html:54
 msgid "Relayed domains"
-msgstr "Dominis delegats"
+msgstr "Dominis traspassats"
 
 #: mailu/ui/templates/sidebar.html:59 mailu/ui/templates/user/settings.html:15
 msgid "Antispam"
@@ -546,18 +547,19 @@ msgid ""
 "    expires."
 msgstr ""
 "Si no sabeu configurar un registre  <code>MX</code> a la zona DNS,\n"
-"contacteu el vostre proveïdor o administrador de DNS. Per favor, espereu \n"
+"contacteu amb el vostre proveïdor o administrador de DNS. Per favor, espereu "
+"\n"
 "uns quants minuts despres d'ajustar el registre <code>MX</code> perquè la "
 "caixet \n"
 "del servidor local expire."
 
 #: mailu/ui/templates/fetch/create.html:4
 msgid "Add a fetched account"
-msgstr "Afegiu un compte (fetched)"
+msgstr "Afegiu un compte extern"
 
 #: mailu/ui/templates/fetch/edit.html:4
 msgid "Update a fetched account"
-msgstr "Actualitzeu un compte (fetched)"
+msgstr "Actualitzeu compte extern"
 
 #: mailu/ui/templates/fetch/list.html:12
 msgid "Add an account"
@@ -605,11 +607,11 @@ msgstr "Editeu domini llegat (relayed)"
 
 #: mailu/ui/templates/relay/list.html:4
 msgid "Relayed domain list"
-msgstr "Llista de dominis llegats (relayed)"
+msgstr "Llista de dominis traspassats"
 
 #: mailu/ui/templates/relay/list.html:9
 msgid "New relayed domain"
-msgstr "Nou domini llegat (relayed)"
+msgstr "Nou domini traspassat"
 
 #: mailu/ui/templates/token/create.html:4
 msgid "Create an authentication token"
@@ -653,7 +655,7 @@ msgstr "Ajustos d'usuari"
 
 #: mailu/ui/templates/user/list.html:21
 msgid "Features"
-msgstr "Funcions"
+msgstr "Característiques"
 
 #: mailu/ui/templates/user/password.html:4
 msgid "Password update"
@@ -669,11 +671,11 @@ msgstr "Auto-reenviament"
 
 #: mailu/ui/templates/user/signup_domain.html:8
 msgid "pick a domain for the new account"
-msgstr "tria un domini per al compte nou"
+msgstr "trieu un domini per al compte nou"
 
 #: mailu/ui/templates/user/signup_domain.html:14
 msgid "Domain"
-msgstr "Domini"
+msgstr "Nom de domini"
 
 #: mailu/ui/templates/user/signup_domain.html:15
 msgid "Available slots"

From 5bb67dfcbb47fb0b0c43e631337676b17f9569b1 Mon Sep 17 00:00:00 2001
From: Jaume Barber <jaumebarber@gmail.com>
Date: Wed, 3 Mar 2021 17:08:54 +0000
Subject: [PATCH 101/119] Translated using Weblate (Basque)

Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/eu/
---
 .../translations/eu/LC_MESSAGES/messages.po   | 87 ++++++++++---------
 1 file changed, 45 insertions(+), 42 deletions(-)

diff --git a/core/admin/mailu/translations/eu/LC_MESSAGES/messages.po b/core/admin/mailu/translations/eu/LC_MESSAGES/messages.po
index 3a72c9af..6ca737a3 100644
--- a/core/admin/mailu/translations/eu/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/eu/LC_MESSAGES/messages.po
@@ -8,32 +8,35 @@ msgstr ""
 "Project-Id-Version: PROJECT VERSION\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: Automatically generated\n"
-"Language-Team: none\n"
+"PO-Revision-Date: 2021-03-04 18:46+0000\n"
+"Last-Translator: Jaume Barber <jaumebarber@gmail.com>\n"
+"Language-Team: Basque <https://translate.tedomum.net/projects/mailu/admin/eu/"
+">\n"
 "Language: eu\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.0.1\n"
 "Generated-By: Babel 2.5.3\n"
 
 #: mailu/ui/forms.py:32
 msgid "Invalid email address."
-msgstr ""
+msgstr "baliogabeko helbide elektronikoa."
 
 #: mailu/ui/forms.py:36
 msgid "Confirm"
-msgstr ""
+msgstr "Ados"
 
 #: mailu/ui/forms.py:40 mailu/ui/forms.py:77
 msgid "E-mail"
-msgstr ""
+msgstr "E-mail"
 
 #: mailu/ui/forms.py:41 mailu/ui/forms.py:78 mailu/ui/forms.py:90
 #: mailu/ui/forms.py:109 mailu/ui/forms.py:162
 #: mailu/ui/templates/client.html:32 mailu/ui/templates/client.html:59
 msgid "Password"
-msgstr ""
+msgstr "Pasahitza"
 
 #: mailu/ui/forms.py:42 mailu/ui/templates/login.html:4
 #: mailu/ui/templates/sidebar.html:111
@@ -48,7 +51,7 @@ msgstr ""
 
 #: mailu/ui/forms.py:47
 msgid "Maximum user count"
-msgstr ""
+msgstr "Erabiltzaileen gehieneko kopurua"
 
 #: mailu/ui/forms.py:48
 msgid "Maximum alias count"
@@ -56,11 +59,11 @@ msgstr ""
 
 #: mailu/ui/forms.py:49
 msgid "Maximum user quota"
-msgstr ""
+msgstr "Erabiltzaile bakoitzeko gehieneko espazioa"
 
 #: mailu/ui/forms.py:50
 msgid "Enable sign-up"
-msgstr ""
+msgstr "Gaitu erregistroa"
 
 #: mailu/ui/forms.py:51 mailu/ui/forms.py:72 mailu/ui/forms.py:83
 #: mailu/ui/forms.py:128 mailu/ui/forms.py:140
@@ -68,57 +71,57 @@ msgstr ""
 #: mailu/ui/templates/relay/list.html:19 mailu/ui/templates/token/list.html:19
 #: mailu/ui/templates/user/list.html:23
 msgid "Comment"
-msgstr ""
+msgstr "Iruzkindua"
 
 #: mailu/ui/forms.py:52 mailu/ui/forms.py:61 mailu/ui/forms.py:66
 #: mailu/ui/forms.py:73 mailu/ui/forms.py:132 mailu/ui/forms.py:141
 msgid "Create"
-msgstr ""
+msgstr "Sortu"
 
 #: mailu/ui/forms.py:57
 msgid "Initial admin"
-msgstr ""
+msgstr "Administratzailea"
 
 #: mailu/ui/forms.py:58
 msgid "Admin password"
-msgstr ""
+msgstr "Administratzaileko pasahitza"
 
 #: mailu/ui/forms.py:59 mailu/ui/forms.py:79 mailu/ui/forms.py:91
 msgid "Confirm password"
-msgstr ""
+msgstr "Berretsi pasahitza"
 
 #: mailu/ui/forms.py:65
 msgid "Alternative name"
-msgstr ""
+msgstr "Izen alternatiboa"
 
 #: mailu/ui/forms.py:70
 msgid "Relayed domain name"
-msgstr ""
+msgstr "Igorritako domeinu izena"
 
 #: mailu/ui/forms.py:71 mailu/ui/templates/relay/list.html:18
 msgid "Remote host"
-msgstr ""
+msgstr "Urruneko ostalaria"
 
 #: mailu/ui/forms.py:80 mailu/ui/templates/user/list.html:22
 #: mailu/ui/templates/user/signup_domain.html:16
 msgid "Quota"
-msgstr ""
+msgstr "Espazioa"
 
 #: mailu/ui/forms.py:81
 msgid "Allow IMAP access"
-msgstr ""
+msgstr "Baimendu IMAP sarbidea"
 
 #: mailu/ui/forms.py:82
 msgid "Allow POP3 access"
-msgstr ""
+msgstr "Baimendu POP3 sarbidea"
 
 #: mailu/ui/forms.py:84
 msgid "Enabled"
-msgstr ""
+msgstr "Gaituta"
 
 #: mailu/ui/forms.py:85
 msgid "Save"
-msgstr ""
+msgstr "Gorde"
 
 #: mailu/ui/forms.py:89
 msgid "Email address"
@@ -128,7 +131,7 @@ msgstr ""
 #: mailu/ui/templates/user/signup.html:4
 #: mailu/ui/templates/user/signup_domain.html:4
 msgid "Sign up"
-msgstr ""
+msgstr "Erregistratu"
 
 #: mailu/ui/forms.py:97
 msgid "Displayed name"
@@ -136,15 +139,15 @@ msgstr ""
 
 #: mailu/ui/forms.py:98
 msgid "Enable spam filter"
-msgstr ""
+msgstr "Gaitu spam iragazkia"
 
 #: mailu/ui/forms.py:99
 msgid "Spam filter tolerance"
-msgstr ""
+msgstr "Spam iragazkiaren tolerantzia"
 
 #: mailu/ui/forms.py:100
 msgid "Enable forwarding"
-msgstr ""
+msgstr "Gaitu birbidaltzea"
 
 #: mailu/ui/forms.py:101
 msgid "Keep a copy of the emails"
@@ -157,7 +160,7 @@ msgstr ""
 
 #: mailu/ui/forms.py:105
 msgid "Save settings"
-msgstr ""
+msgstr "Gorde ezarpenak"
 
 #: mailu/ui/forms.py:110
 msgid "Password check"
@@ -181,11 +184,11 @@ msgstr ""
 
 #: mailu/ui/forms.py:119
 msgid "End of vacation"
-msgstr ""
+msgstr "Oporren amaiera"
 
 #: mailu/ui/forms.py:120
 msgid "Update"
-msgstr ""
+msgstr "Eguneratu"
 
 #: mailu/ui/forms.py:125
 msgid "Your token (write it down, as it will never be displayed again)"
@@ -193,11 +196,11 @@ msgstr ""
 
 #: mailu/ui/forms.py:130 mailu/ui/templates/token/list.html:20
 msgid "Authorized IP"
-msgstr ""
+msgstr "Baimendutako IP"
 
 #: mailu/ui/forms.py:136
 msgid "Alias"
-msgstr ""
+msgstr "Ezizenza"
 
 #: mailu/ui/forms.py:138
 msgid "Use SQL LIKE Syntax (e.g. for catch-all aliases)"
@@ -226,7 +229,7 @@ msgstr ""
 #: mailu/ui/forms.py:159 mailu/ui/templates/client.html:20
 #: mailu/ui/templates/client.html:47
 msgid "TCP port"
-msgstr ""
+msgstr "TCP ataka"
 
 #: mailu/ui/forms.py:160
 msgid "Enable TLS"
@@ -276,11 +279,11 @@ msgstr ""
 #: mailu/ui/templates/confirm.html:13
 #, python-format
 msgid "You are about to %(action)s. Please confirm your action."
-msgstr ""
+msgstr "Zu zara %(action)s-etan. Mesedez ekintza honen berretsi."
 
 #: mailu/ui/templates/docker-error.html:4
 msgid "Docker error"
-msgstr ""
+msgstr "Docker-en errorea"
 
 #: mailu/ui/templates/docker-error.html:12
 msgid "An error occurred while talking to the Docker server."
@@ -321,11 +324,11 @@ msgstr ""
 
 #: mailu/ui/templates/sidebar.html:54
 msgid "Relayed domains"
-msgstr ""
+msgstr "Igorritako domeinuak"
 
 #: mailu/ui/templates/sidebar.html:59 mailu/ui/templates/user/settings.html:15
 msgid "Antispam"
-msgstr ""
+msgstr "Antispam"
 
 #: mailu/ui/templates/sidebar.html:66
 msgid "Mail domains"
@@ -586,19 +589,19 @@ msgstr ""
 
 #: mailu/ui/templates/relay/create.html:4
 msgid "New relay domain"
-msgstr ""
+msgstr "Igorritako domeinu berria"
 
 #: mailu/ui/templates/relay/edit.html:4
 msgid "Edit relayd domain"
-msgstr ""
+msgstr "Editatu igorritako domeinua"
 
 #: mailu/ui/templates/relay/list.html:4
 msgid "Relayed domain list"
-msgstr ""
+msgstr "Igorritako domeinuen zerrenda"
 
 #: mailu/ui/templates/relay/list.html:9
 msgid "New relayed domain"
-msgstr ""
+msgstr "Igorritako domeinu berria"
 
 #: mailu/ui/templates/token/create.html:4
 msgid "Create an authentication token"
@@ -662,7 +665,7 @@ msgstr ""
 
 #: mailu/ui/templates/user/signup_domain.html:14
 msgid "Domain"
-msgstr ""
+msgstr "Domeinu izena"
 
 #: mailu/ui/templates/user/signup_domain.html:15
 msgid "Available slots"

From 0dcc059cd6950422588a694c3727a443cf56feab Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Fri, 5 Mar 2021 22:26:46 +0100
Subject: [PATCH 102/119] Add a new knob as discussed on matrix with lub

---
 core/admin/mailu/configuration.py | 2 +-
 docs/configuration.rst            | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py
index 982a1eb0..dac913fa 100644
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -54,6 +54,7 @@ DEFAULT_CONFIG = {
     # Advanced settings
     'PASSWORD_SCHEME': 'PBKDF2',
     'LOG_LEVEL': 'WARNING',
+    'SESSION_COOKIE_SECURE': True,
     # Host settings
     'HOST_IMAP': 'imap',
     'HOST_LMTP': 'imap:2525',
@@ -125,7 +126,6 @@ class ConfigManager(dict):
         self.config['QUOTA_STORAGE_URL'] = 'redis://{0}/1'.format(self.config['REDIS_ADDRESS'])
         self.config['SESSION_COOKIE_SAMESITE'] = 'Strict'
         self.config['SESSION_COOKIE_HTTPONLY'] = True
-        self.config['SESSION_COOKIE_SECURE'] = self.config['TLS_FLAVOR'] != 'notls'
         # update the app config itself
         app.config = self
 
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 5ff3546a..9123054c 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -142,6 +142,8 @@ The ``PASSWORD_SCHEME`` is the password encryption scheme. You should use the
 default value, unless you are importing password from a separate system and
 want to keep using the old password encryption scheme.
 
+The ``SESSION_COOKIE_SECURE`` (default: True) setting controls the secure flag on the cookies of the administrative interface. It should only be turned off if you intend to access it over plain HTTP.
+
 The ``LOG_LEVEL`` setting is used by the python start-up scripts as a logging threshold.
 Log messages equal or higher than this priority will be printed.
 Can be one of: CRITICAL, ERROR, WARNING, INFO, DEBUG or NOTSET.

From 58b2cdc4288854481e8914b3a1b4318708906e15 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 21 Jan 2021 20:01:57 +0100
Subject: [PATCH 103/119] Don't do more work than necessary

---
 core/admin/mailu/internal/nginx.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py
index 1e0b16c2..de4248fa 100644
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@@ -49,11 +49,14 @@ def handle_authentication(headers):
         user = models.User.query.get(user_email)
         status = False
         if user:
-            for token in user.tokens:
-                if (token.check_password(password) and
-                    (not token.ip or token.ip == ip)):
-                        status = True
-            if user.check_password(password):
+            # All tokens are 32 characters hex lowercase
+            if len(password) == 32:
+                for token in user.tokens:
+                    if (token.check_password(password) and
+                        (not token.ip or token.ip == ip)):
+                            status = True
+                            break
+            if not status and user.check_password(password):
                 status = True
             if status:
                 if protocol == "imap" and not user.enable_imap:

From eb7895bd1cf5ae41ccfda384f06480767ed75172 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Sun, 7 Feb 2021 17:08:52 +0100
Subject: [PATCH 104/119] Don't do more work than necessary (/webdav)

This is also fixing tokens on /webdav/
---
 core/admin/mailu/internal/views/auth.py | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/core/admin/mailu/internal/views/auth.py b/core/admin/mailu/internal/views/auth.py
index 825dba56..26d57b3d 100644
--- a/core/admin/mailu/internal/views/auth.py
+++ b/core/admin/mailu/internal/views/auth.py
@@ -53,10 +53,22 @@ def basic_authentication():
         encoded = authorization.replace("Basic ", "")
         user_email, password = base64.b64decode(encoded).split(b":")
         user = models.User.query.get(user_email.decode("utf8"))
-        if user and user.enabled and user.check_password(password.decode("utf8")):
-            response = flask.Response()
-            response.headers["X-User"] = user.email
-            return response
+        if user and user.enabled:
+            password = password.decode('utf-8')
+            status = False
+            # All tokens are 32 characters hex lowercase
+            if len(password) == 32:
+                for token in user.tokens:
+                    if (token.check_password(password) and
+                        (not token.ip or token.ip == ip)):
+                            status = True
+                            break
+            if not status and user.check_password(password):
+                status = True
+            if status:
+                response = flask.Response()
+                response.headers["X-User"] = user.email
+                return response
     response = flask.Response(status=401)
     response.headers["WWW-Authenticate"] = 'Basic realm="Login Required"'
     return response

From 00b001f76b7818f2561b9212fbe22edad113a970 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 21 Jan 2021 20:37:25 +0100
Subject: [PATCH 105/119] Improve the token storage format

shortcomings of the previous format included:
- 1000x slower than it should be (no point in adding rounds since there
 is enough entropy: they are not bruteforceable)
- vulnerable to DoS as explained in
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html#security-issues
---
 core/admin/mailu/models.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py
index bbc00f2d..164312ad 100644
--- a/core/admin/mailu/models.py
+++ b/core/admin/mailu/models.py
@@ -493,10 +493,18 @@ class Token(Base):
     ip = db.Column(db.String(255))
 
     def check_password(self, password):
-        return hash.sha256_crypt.verify(password, self.password)
+        if self.password.startswith("$5$"):
+            if hash.sha256_crypt.verify(password, self.password):
+                self.set_password(password)
+                db.session.add(self)
+                db.session.commit()
+                return True
+            return False
+        return hash.pbkdf2_sha256.verify(password, self.password)
 
     def set_password(self, password):
-        self.password = hash.sha256_crypt.using(rounds=1000).hash(password)
+        # tokens have 128bits of entropy, they are not bruteforceable
+        self.password = hash.pbkdf2_sha256.using(rounds=1).hash(password)
 
     def __str__(self):
         return self.comment

From 7137ba6ff18c87185e25b9913377d8e7ce3fa8b6 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Tue, 2 Feb 2021 20:10:18 +0100
Subject: [PATCH 106/119] Misc improvements to PASSWORD_SCHEME

- remove PASSWORD_SCHEME altogether
- introduce CREDENTIAL_ROUNDS
- migrate all old hashes to the current format
- auto-detect/enable all hash types that passlib supports
- upgrade passlib to 1.7.4 (see #1706: ldap_salted_sha512 support)
---
 core/admin/mailu/configuration.py |  2 +-
 core/admin/mailu/manage.py        | 24 +++++++--------------
 core/admin/mailu/models.py        | 35 ++++++++++++++++++++-----------
 core/admin/requirements-prod.txt  |  2 +-
 docs/cli.rst                      |  1 -
 docs/compose/.env                 |  5 ++---
 docs/configuration.rst            |  4 +---
 7 files changed, 35 insertions(+), 38 deletions(-)

diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py
index 3d4d8668..cdee1084 100644
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -33,6 +33,7 @@ DEFAULT_CONFIG = {
     'TLS_FLAVOR': 'cert',
     'AUTH_RATELIMIT': '10/minute;1000/hour',
     'AUTH_RATELIMIT_SUBNET': True,
+    'CREDENTIAL_ROUNDS': 12,
     'DISABLE_STATISTICS': False,
     # Mail settings
     'DMARC_RUA': None,
@@ -52,7 +53,6 @@ DEFAULT_CONFIG = {
     'RECAPTCHA_PUBLIC_KEY': '',
     'RECAPTCHA_PRIVATE_KEY': '',
     # Advanced settings
-    'PASSWORD_SCHEME': 'PBKDF2',
     'LOG_LEVEL': 'WARNING',
     'SESSION_COOKIE_SECURE': True,
     # Host settings
diff --git a/core/admin/mailu/manage.py b/core/admin/mailu/manage.py
index 62f214d3..9c576404 100644
--- a/core/admin/mailu/manage.py
+++ b/core/admin/mailu/manage.py
@@ -86,13 +86,10 @@ def admin(localpart, domain_name, password, mode='create'):
 @click.argument('localpart')
 @click.argument('domain_name')
 @click.argument('password')
-@click.argument('hash_scheme', required=False)
 @flask_cli.with_appcontext
-def user(localpart, domain_name, password, hash_scheme=None):
+def user(localpart, domain_name, password):
     """ Create a user
     """
-    if hash_scheme is None:
-        hash_scheme = app.config['PASSWORD_SCHEME']
     domain = models.Domain.query.get(domain_name)
     if not domain:
         domain = models.Domain(name=domain_name)
@@ -102,7 +99,7 @@ def user(localpart, domain_name, password, hash_scheme=None):
         domain=domain,
         global_admin=False
     )
-    user.set_password(password, hash_scheme=hash_scheme)
+    user.set_password(password)
     db.session.add(user)
     db.session.commit()
 
@@ -111,17 +108,14 @@ def user(localpart, domain_name, password, hash_scheme=None):
 @click.argument('localpart')
 @click.argument('domain_name')
 @click.argument('password')
-@click.argument('hash_scheme', required=False)
 @flask_cli.with_appcontext
-def password(localpart, domain_name, password, hash_scheme=None):
+def password(localpart, domain_name, password):
     """ Change the password of an user
     """
     email = '{0}@{1}'.format(localpart, domain_name)
     user   = models.User.query.get(email)
-    if hash_scheme is None:
-        hash_scheme = app.config['PASSWORD_SCHEME']
     if user:
-        user.set_password(password, hash_scheme=hash_scheme)
+        user.set_password(password)
     else:
         print("User " + email + " not found.")
     db.session.commit()
@@ -148,13 +142,10 @@ def domain(domain_name, max_users=-1, max_aliases=-1, max_quota_bytes=0):
 @click.argument('localpart')
 @click.argument('domain_name')
 @click.argument('password_hash')
-@click.argument('hash_scheme')
 @flask_cli.with_appcontext
-def user_import(localpart, domain_name, password_hash, hash_scheme = None):
+def user_import(localpart, domain_name, password_hash):
     """ Import a user along with password hash.
     """
-    if hash_scheme is None:
-        hash_scheme = app.config['PASSWORD_SCHEME']
     domain = models.Domain.query.get(domain_name)
     if not domain:
         domain = models.Domain(name=domain_name)
@@ -164,7 +155,7 @@ def user_import(localpart, domain_name, password_hash, hash_scheme = None):
         domain=domain,
         global_admin=False
     )
-    user.set_password(password_hash, hash_scheme=hash_scheme, raw=True)
+    user.set_password(password_hash, raw=True)
     db.session.add(user)
     db.session.commit()
 
@@ -217,7 +208,6 @@ def config_update(verbose=False, delete_objects=False):
         localpart = user_config['localpart']
         domain_name = user_config['domain']
         password_hash = user_config.get('password_hash', None)
-        hash_scheme = user_config.get('hash_scheme', None)
         domain = models.Domain.query.get(domain_name)
         email = '{0}@{1}'.format(localpart, domain_name)
         optional_params = {}
@@ -239,7 +229,7 @@ def config_update(verbose=False, delete_objects=False):
         else:
             for k in optional_params:
                 setattr(user, k, optional_params[k])
-        user.set_password(password_hash, hash_scheme=hash_scheme, raw=True)
+        user.set_password(password_hash, raw=True)
         db.session.add(user)
 
     aliases = new_config.get('aliases', [])
diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py
index 164312ad..905af4a2 100644
--- a/core/admin/mailu/models.py
+++ b/core/admin/mailu/models.py
@@ -1,7 +1,7 @@
 from mailu import dkim
 
 from sqlalchemy.ext import declarative
-from passlib import context, hash
+from passlib import context, hash, registry
 from datetime import datetime, date
 from email.mime import text
 from flask import current_app as app
@@ -370,17 +370,30 @@ class User(Base, Email):
                    'CRYPT': "des_crypt"}
 
     def get_password_context(self):
+        schemes = registry.list_crypt_handlers()
+        # scrypt throws a warning if the native wheels aren't found
+        schemes.remove('scrypt')
+        # we can't leave plaintext schemes as they will be misidentified
+        for scheme in schemes:
+            if scheme.endswith('plaintext'):
+                schemes.remove(scheme)
         return context.CryptContext(
-            schemes=self.scheme_dict.values(),
-            default=self.scheme_dict[app.config['PASSWORD_SCHEME']],
+            schemes=schemes,
+            default='bcrypt_sha256',
+            bcrypt_sha256__rounds=app.config['CREDENTIAL_ROUNDS'],
+            deprecated='auto'
         )
 
     def check_password(self, password):
         context = self.get_password_context()
-        reference = re.match('({[^}]+})?(.*)', self.password).group(2)
-        result = context.verify(password, reference)
-        if result and context.identify(reference) != context.default_scheme():
-            self.set_password(password)
+        # {scheme} will most likely be migrated on first use
+        reference = self.password
+        if self.password.startswith("{"):
+            reference = re.match('({[^}]+})?(.*)', reference).group(2)
+
+        result, new_hash = context.verify_and_update(password, reference)
+        if new_hash:
+            self.password = new_hash
             db.session.add(self)
             db.session.commit()
         return result
@@ -389,13 +402,11 @@ class User(Base, Email):
         """Set password for user with specified encryption scheme
            @password: plain text password to encrypt (if raw == True the hash itself)
         """
-        if hash_scheme is None:
-            hash_scheme = app.config['PASSWORD_SCHEME']
-        # for the list of hash schemes see https://wiki2.dovecot.org/Authentication/PasswordSchemes
         if raw:
-            self.password = '{'+hash_scheme+'}' + password
+            self.password = password
         else:
-            self.password = '{'+hash_scheme+'}' + self.get_password_context().encrypt(password, self.scheme_dict[hash_scheme])
+            self.password = self.get_password_context().hash(password)
+        app.cache.delete(self.get_id())
 
     def get_managed_domains(self):
         if self.global_admin:
diff --git a/core/admin/requirements-prod.txt b/core/admin/requirements-prod.txt
index a3c32855..f767f431 100644
--- a/core/admin/requirements-prod.txt
+++ b/core/admin/requirements-prod.txt
@@ -29,7 +29,7 @@ limits==1.3
 Mako==1.0.9
 MarkupSafe==1.1.1
 mysqlclient==1.4.2.post1
-passlib==1.7.1
+passlib==1.7.4
 psycopg2==2.8.2
 pycparser==2.19
 pyOpenSSL==19.0.0
diff --git a/docs/cli.rst b/docs/cli.rst
index a9cff41c..8e94026b 100644
--- a/docs/cli.rst
+++ b/docs/cli.rst
@@ -85,7 +85,6 @@ where mail-config.yml looks like:
     - localpart: foo
       domain: example.com
       password_hash: klkjhumnzxcjkajahsdqweqqwr
-      hash_scheme: MD5-CRYPT
 
   aliases:
     - localpart: alias1
diff --git a/docs/compose/.env b/docs/compose/.env
index 7f91c270..432b20b0 100644
--- a/docs/compose/.env
+++ b/docs/compose/.env
@@ -144,9 +144,8 @@ LOG_DRIVER=json-file
 # Docker-compose project name, this will prepended to containers names.
 COMPOSE_PROJECT_NAME=mailu
 
-# Default password scheme used for newly created accounts and changed passwords
-# (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT)
-PASSWORD_SCHEME=PBKDF2
+# Number of rounds used by the password hashing scheme
+CREDENTIAL_ROUNDS=12
 
 # Header to take the real ip from
 REAL_IP_HEADER=
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 9123054c..bc2027c6 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -138,9 +138,7 @@ Depending on your particular deployment you most probably will want to change th
 Advanced settings
 -----------------
 
-The ``PASSWORD_SCHEME`` is the password encryption scheme. You should use the
-default value, unless you are importing password from a separate system and
-want to keep using the old password encryption scheme.
+The ``CREDENTIAL_ROUNDS`` (default: 12) is the number of rounds used by the password hashing scheme. You should use the default value.
 
 The ``SESSION_COOKIE_SECURE`` (default: True) setting controls the secure flag on the cookies of the administrative interface. It should only be turned off if you intend to access it over plain HTTP.
 

From 57a6abaf50400802be5da48913c75cff00dce6f4 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Sun, 7 Feb 2021 09:31:07 +0100
Subject: [PATCH 107/119] Remove {scheme} from the DB if mailu has set it

---
 core/admin/mailu/models.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py
index 905af4a2..9ab9088e 100644
--- a/core/admin/mailu/models.py
+++ b/core/admin/mailu/models.py
@@ -386,10 +386,14 @@ class User(Base, Email):
 
     def check_password(self, password):
         context = self.get_password_context()
-        # {scheme} will most likely be migrated on first use
         reference = self.password
+        # strip {scheme} if that's something mailu has added
+        # passlib will identify *crypt based hashes just fine
+        # on its own
         if self.password.startswith("{"):
-            reference = re.match('({[^}]+})?(.*)', reference).group(2)
+            scheme = self.password.split('}')[0][1:]
+            if scheme in scheme_dict:
+                reference = reference[len(scheme)+2:]
 
         result, new_hash = context.verify_and_update(password, reference)
         if new_hash:

From 927bd2bd8ec8051e93609d3e8fd24706cc8dc8a2 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Sun, 7 Feb 2021 17:29:58 +0100
Subject: [PATCH 108/119] towncrier

---
 towncrier/newsfragments/1194.misc    | 1 +
 towncrier/newsfragments/1662.feature | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 towncrier/newsfragments/1194.misc
 create mode 100644 towncrier/newsfragments/1662.feature

diff --git a/towncrier/newsfragments/1194.misc b/towncrier/newsfragments/1194.misc
new file mode 100644
index 00000000..7cbf2b94
--- /dev/null
+++ b/towncrier/newsfragments/1194.misc
@@ -0,0 +1 @@
+Switch to bcrypt_sha256, remove PASSWORD_SCHEME and replace it with CREDENTIAL_ROUNDS
diff --git a/towncrier/newsfragments/1662.feature b/towncrier/newsfragments/1662.feature
new file mode 100644
index 00000000..4fc8b2fd
--- /dev/null
+++ b/towncrier/newsfragments/1662.feature
@@ -0,0 +1 @@
+Enable support of all hash types passlib supports. Convert them to the default scheme on first use.

From fda758e2b4ea19751369dd122797c5210e18dc15 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Sun, 7 Feb 2021 17:34:22 +0100
Subject: [PATCH 109/119] remove merge artifact

---
 core/admin/mailu/models.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py
index 9ab9088e..b7a4d501 100644
--- a/core/admin/mailu/models.py
+++ b/core/admin/mailu/models.py
@@ -392,7 +392,7 @@ class User(Base, Email):
         # on its own
         if self.password.startswith("{"):
             scheme = self.password.split('}')[0][1:]
-            if scheme in scheme_dict:
+            if scheme in self.scheme_dict:
                 reference = reference[len(scheme)+2:]
 
         result, new_hash = context.verify_and_update(password, reference)
@@ -410,7 +410,6 @@ class User(Base, Email):
             self.password = password
         else:
             self.password = self.get_password_context().hash(password)
-        app.cache.delete(self.get_id())
 
     def get_managed_domains(self):
         if self.global_admin:

From 89d88e0c19476692abef0b0b13c4765f2db7bacb Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Mon, 8 Feb 2021 08:50:32 +0100
Subject: [PATCH 110/119] Fix the test

---
 tests/compose/core/00_create_users.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/compose/core/00_create_users.sh b/tests/compose/core/00_create_users.sh
index 49d0511b..f5108302 100755
--- a/tests/compose/core/00_create_users.sh
+++ b/tests/compose/core/00_create_users.sh
@@ -6,6 +6,6 @@ echo "The above error was intended!"
 docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'FooBar' --mode=ifmissing || exit 1
 # Should not fail and update the password; update mode
 docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'password' --mode=update || exit 1
-docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu user user mailu.io 'password' 'SHA512-CRYPT' || exit 1
-docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu user 'user/with/slash' mailu.io 'password' 'SHA512-CRYPT' || exit 1
+docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu user user mailu.io 'password' || exit 1
+docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu user 'user/with/slash' mailu.io 'password' || exit 1
 echo "User testing succesfull!"

From 29306d5abbd17ebd9b479d9438ccfa5cc00a3de6 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Mon, 8 Feb 2021 08:56:03 +0100
Subject: [PATCH 111/119] Fix the tests (again)

---
 tests/compose/core/02_forward_test.sh | 2 --
 tests/compose/core/04_reply_test.sh   | 2 --
 2 files changed, 4 deletions(-)

diff --git a/tests/compose/core/02_forward_test.sh b/tests/compose/core/02_forward_test.sh
index 595820cf..a53fa459 100755
--- a/tests/compose/core/02_forward_test.sh
+++ b/tests/compose/core/02_forward_test.sh
@@ -2,7 +2,6 @@ cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T adm
 users:
   - localpart: forwardinguser
     password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/"
-    hash_scheme: MD5-CRYPT
     domain: mailu.io
     forward_enabled: true
     forward_destination: ["user@mailu.io"]
@@ -14,7 +13,6 @@ cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T adm
 users:
   - localpart: forwardinguser
     password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/"
-    hash_scheme: MD5-CRYPT
     domain: mailu.io
     forward_enabled: false
     forward_destination: []
diff --git a/tests/compose/core/04_reply_test.sh b/tests/compose/core/04_reply_test.sh
index 83c114f6..e1479cf0 100755
--- a/tests/compose/core/04_reply_test.sh
+++ b/tests/compose/core/04_reply_test.sh
@@ -2,7 +2,6 @@ cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T adm
 users:
   - localpart: replyuser
     password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/"
-    hash_scheme: MD5-CRYPT
     domain: mailu.io
     reply_enabled: true
     reply_subject: This will not reach me
@@ -15,7 +14,6 @@ cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T adm
 users:
   - localpart: replyuser
     password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/"
-    hash_scheme: MD5-CRYPT
     domain: mailu.io
     reply_enabled: false
 EOF

From d0b34f8e240a1049ed5e1ccd3399af3ff18236e2 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Tue, 9 Feb 2021 08:56:06 +0100
Subject: [PATCH 112/119] Move CREDENTIAL_ROUNDS to advanced settings

---
 core/admin/mailu/configuration.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py
index cdee1084..429e778c 100644
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -33,7 +33,6 @@ DEFAULT_CONFIG = {
     'TLS_FLAVOR': 'cert',
     'AUTH_RATELIMIT': '10/minute;1000/hour',
     'AUTH_RATELIMIT_SUBNET': True,
-    'CREDENTIAL_ROUNDS': 12,
     'DISABLE_STATISTICS': False,
     # Mail settings
     'DMARC_RUA': None,
@@ -55,6 +54,7 @@ DEFAULT_CONFIG = {
     # Advanced settings
     'LOG_LEVEL': 'WARNING',
     'SESSION_COOKIE_SECURE': True,
+    'CREDENTIAL_ROUNDS': 12,
     # Host settings
     'HOST_IMAP': 'imap',
     'HOST_LMTP': 'imap:2525',

From f9ed517b394e3d267fcae8f960e2299df9bb389f Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Tue, 9 Feb 2021 09:02:09 +0100
Subject: [PATCH 113/119] Be specific token length

---
 core/admin/mailu/ui/views/tokens.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/mailu/ui/views/tokens.py b/core/admin/mailu/ui/views/tokens.py
index 069587e1..820dd405 100644
--- a/core/admin/mailu/ui/views/tokens.py
+++ b/core/admin/mailu/ui/views/tokens.py
@@ -26,7 +26,7 @@ def token_create(user_email):
     form = forms.TokenForm()
     wtforms_components.read_only(form.displayed_password)
     if not form.raw_password.data:
-        form.raw_password.data = pwd.genword(entropy=128, charset="hex")
+        form.raw_password.data = pwd.genword(entropy=128, length=32, charset="hex")
         form.displayed_password.data = form.raw_password.data
     if form.validate_on_submit():
         token = models.Token(user=user)

From df230cb482777e0b3c06e26174af203b5f3070b7 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Tue, 9 Feb 2021 09:20:02 +0100
Subject: [PATCH 114/119] Refactor auth under nginx.check_credentials()

---
 core/admin/mailu/internal/nginx.py      | 32 ++++++++++++-------------
 core/admin/mailu/internal/views/auth.py | 20 ++++------------
 2 files changed, 19 insertions(+), 33 deletions(-)

diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py
index de4248fa..f9ebbf13 100644
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@@ -19,6 +19,20 @@ STATUSES = {
     }),
 }
 
+def check_credentials(user, password, ip, protocol=None):
+    if not user or not user.enabled or (protocol == "imap" and not user.enable_imap) or (protocol == "pop3" and not user.enable_pop):
+        return False
+    is_ok = False
+    # All tokens are 32 characters hex lowercase
+    if len(password) == 32:
+        for token in user.tokens:
+            if (token.check_password(password) and
+                (not token.ip or token.ip == ip)):
+                    is_ok = True
+                    break
+    if not is_ok and user.check_password(password):
+        is_ok = True
+    return is_ok
 
 def handle_authentication(headers):
     """ Handle an HTTP nginx authentication request
@@ -47,23 +61,7 @@ def handle_authentication(headers):
         password = raw_password.encode("iso8859-1").decode("utf8")
         ip = urllib.parse.unquote(headers["Client-Ip"])
         user = models.User.query.get(user_email)
-        status = False
-        if user:
-            # All tokens are 32 characters hex lowercase
-            if len(password) == 32:
-                for token in user.tokens:
-                    if (token.check_password(password) and
-                        (not token.ip or token.ip == ip)):
-                            status = True
-                            break
-            if not status and user.check_password(password):
-                status = True
-            if status:
-                if protocol == "imap" and not user.enable_imap:
-                    status = False
-                elif protocol == "pop3" and not user.enable_pop:
-                    status = False
-        if status and user.enabled:
+        if check_credentials(user, password, ip, protocol):
             return {
                 "Auth-Status": "OK",
                 "Auth-Server": server,
diff --git a/core/admin/mailu/internal/views/auth.py b/core/admin/mailu/internal/views/auth.py
index 26d57b3d..edd62e37 100644
--- a/core/admin/mailu/internal/views/auth.py
+++ b/core/admin/mailu/internal/views/auth.py
@@ -53,22 +53,10 @@ def basic_authentication():
         encoded = authorization.replace("Basic ", "")
         user_email, password = base64.b64decode(encoded).split(b":")
         user = models.User.query.get(user_email.decode("utf8"))
-        if user and user.enabled:
-            password = password.decode('utf-8')
-            status = False
-            # All tokens are 32 characters hex lowercase
-            if len(password) == 32:
-                for token in user.tokens:
-                    if (token.check_password(password) and
-                        (not token.ip or token.ip == ip)):
-                            status = True
-                            break
-            if not status and user.check_password(password):
-                status = True
-            if status:
-                response = flask.Response()
-                response.headers["X-User"] = user.email
-                return response
+        if nginx.check_credentials(user, password.decode('utf-8'), flask.request.remote_addr, "web"):
+            response = flask.Response()
+            response.headers["X-User"] = user.email
+            return response
     response = flask.Response(status=401)
     response.headers["WWW-Authenticate"] = 'Basic realm="Login Required"'
     return response

From 20d2b621aa42793eedb55219c01da3b9b8ee32f2 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Tue, 9 Feb 2021 09:33:37 +0100
Subject: [PATCH 115/119] Improve the description of CREDENTIAL_ROUNDS

---
 docs/configuration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/configuration.rst b/docs/configuration.rst
index bc2027c6..26bdb024 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -138,7 +138,7 @@ Depending on your particular deployment you most probably will want to change th
 Advanced settings
 -----------------
 
-The ``CREDENTIAL_ROUNDS`` (default: 12) is the number of rounds used by the password hashing scheme. You should use the default value.
+The ``CREDENTIAL_ROUNDS`` (default: 12) setting is the number of rounds used by the password hashing scheme. The number of rounds can be reduced in case faster authentication is needed or increased when additional protection is desired. Keep in mind that this is a mitigation against offline attacks on password hashes, aiming to prevent credential stuffing (due to password re-use) on other systems.
 
 The ``SESSION_COOKIE_SECURE`` (default: True) setting controls the secure flag on the cookies of the administrative interface. It should only be turned off if you intend to access it over plain HTTP.
 

From 45e5cb9bb37b49f294c973b98ed9cf8f0607498b Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Tue, 9 Feb 2021 09:37:13 +0100
Subject: [PATCH 116/119] Improve the towncrier messages

---
 towncrier/newsfragments/1194.misc    | 1 -
 towncrier/newsfragments/1662.feature | 2 +-
 towncrier/newsfragments/1753.feature | 1 +
 3 files changed, 2 insertions(+), 2 deletions(-)
 delete mode 100644 towncrier/newsfragments/1194.misc
 create mode 100644 towncrier/newsfragments/1753.feature

diff --git a/towncrier/newsfragments/1194.misc b/towncrier/newsfragments/1194.misc
deleted file mode 100644
index 7cbf2b94..00000000
--- a/towncrier/newsfragments/1194.misc
+++ /dev/null
@@ -1 +0,0 @@
-Switch to bcrypt_sha256, remove PASSWORD_SCHEME and replace it with CREDENTIAL_ROUNDS
diff --git a/towncrier/newsfragments/1662.feature b/towncrier/newsfragments/1662.feature
index 4fc8b2fd..f8219757 100644
--- a/towncrier/newsfragments/1662.feature
+++ b/towncrier/newsfragments/1662.feature
@@ -1 +1 @@
-Enable support of all hash types passlib supports. Convert them to the default scheme on first use.
+Enable support of all hash types passlib supports.
diff --git a/towncrier/newsfragments/1753.feature b/towncrier/newsfragments/1753.feature
new file mode 100644
index 00000000..09eb834a
--- /dev/null
+++ b/towncrier/newsfragments/1753.feature
@@ -0,0 +1 @@
+Switch to bcrypt_sha256, replace PASSWORD_SCHEME with CREDENTIAL_ROUNDS and dynamically update existing hashes on first login

From 1c5b58cba4da0b411aa4cd6bb911196e8a0fbf25 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Tue, 9 Feb 2021 11:19:28 +0100
Subject: [PATCH 117/119] Remove scheme_dict

---
 core/admin/mailu/models.py | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py
index b7a4d501..fab2103a 100644
--- a/core/admin/mailu/models.py
+++ b/core/admin/mailu/models.py
@@ -362,13 +362,6 @@ class User(Base, Email):
             self.reply_enddate > now
         )
 
-    scheme_dict = {'PBKDF2': "pbkdf2_sha512",
-                   'BLF-CRYPT': "bcrypt",
-                   'SHA512-CRYPT': "sha512_crypt",
-                   'SHA256-CRYPT': "sha256_crypt",
-                   'MD5-CRYPT': "md5_crypt",
-                   'CRYPT': "des_crypt"}
-
     def get_password_context(self):
         schemes = registry.list_crypt_handlers()
         # scrypt throws a warning if the native wheels aren't found
@@ -392,7 +385,7 @@ class User(Base, Email):
         # on its own
         if self.password.startswith("{"):
             scheme = self.password.split('}')[0][1:]
-            if scheme in self.scheme_dict:
+            if scheme in ['PBKDF2', 'BLF-CRYPT', 'SHA512-CRYPT', 'SHA256-CRYPT', 'MD5-CRYPT', 'CRYPT']:
                 reference = reference[len(scheme)+2:]
 
         result, new_hash = context.verify_and_update(password, reference)

From 5f05fee8b32209d4888de324cc3e3a578ff83715 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Tue, 9 Feb 2021 11:23:49 +0100
Subject: [PATCH 118/119] Don't need regexps anymore

---
 core/admin/mailu/models.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py
index fab2103a..c8426fa2 100644
--- a/core/admin/mailu/models.py
+++ b/core/admin/mailu/models.py
@@ -8,7 +8,6 @@ from flask import current_app as app
 
 import flask_sqlalchemy
 import sqlalchemy
-import re
 import time
 import os
 import glob

From 96ae54d04db3ff26edf8413e99dc980d610562a8 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 11 Feb 2021 23:14:09 +0100
Subject: [PATCH 119/119] CryptContext should be a singleton

---
 core/admin/mailu/models.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py
index c8426fa2..a63c33a5 100644
--- a/core/admin/mailu/models.py
+++ b/core/admin/mailu/models.py
@@ -304,6 +304,7 @@ class User(Base, Email):
     """ A user is an email address that has a password to access a mailbox.
     """
     __tablename__ = "user"
+    _ctx = None
 
     domain = db.relationship(Domain,
         backref=db.backref('users', cascade='all, delete-orphan'))
@@ -361,7 +362,10 @@ class User(Base, Email):
             self.reply_enddate > now
         )
 
-    def get_password_context(self):
+    def get_password_context():
+        if User._ctx:
+            return User._ctx
+
         schemes = registry.list_crypt_handlers()
         # scrypt throws a warning if the native wheels aren't found
         schemes.remove('scrypt')
@@ -369,15 +373,15 @@ class User(Base, Email):
         for scheme in schemes:
             if scheme.endswith('plaintext'):
                 schemes.remove(scheme)
-        return context.CryptContext(
+        User._ctx = context.CryptContext(
             schemes=schemes,
             default='bcrypt_sha256',
             bcrypt_sha256__rounds=app.config['CREDENTIAL_ROUNDS'],
             deprecated='auto'
         )
+        return User._ctx
 
     def check_password(self, password):
-        context = self.get_password_context()
         reference = self.password
         # strip {scheme} if that's something mailu has added
         # passlib will identify *crypt based hashes just fine
@@ -387,7 +391,7 @@ class User(Base, Email):
             if scheme in ['PBKDF2', 'BLF-CRYPT', 'SHA512-CRYPT', 'SHA256-CRYPT', 'MD5-CRYPT', 'CRYPT']:
                 reference = reference[len(scheme)+2:]
 
-        result, new_hash = context.verify_and_update(password, reference)
+        result, new_hash = User.get_password_context().verify_and_update(password, reference)
         if new_hash:
             self.password = new_hash
             db.session.add(self)
@@ -401,7 +405,7 @@ class User(Base, Email):
         if raw:
             self.password = password
         else:
-            self.password = self.get_password_context().hash(password)
+            self.password = User.get_password_context().hash(password)
 
     def get_managed_domains(self):
         if self.global_admin: