From 592c99d6f61fc636070508d3f79215ec5357a028 Mon Sep 17 00:00:00 2001
From: anolis-bot <sam.zyc@alibaba-inc.com>
Date: Tue, 16 May 2023 22:16:04 +0800
Subject: [PATCH 1/2] update to selinux-policy-3.14.3-117.el8

Signed-off-by: anolis-bot <sam.zyc@alibaba-inc.com>
---
 container-selinux.tgz | Bin 12729 -> 12732 bytes
 dist                  |   2 +-
 download              |   4 +-
 selinux-policy.spec   | 191 ++++++++++++++++++++++++++++++++++--------
 4 files changed, 158 insertions(+), 39 deletions(-)
diff --git a/container-selinux.tgz b/container-selinux.tgz
index bd56e38017867387f66d5baaf4290d8723aca49c..dbf2468387e4a2ac83cae406d95eec7d8f36b846 100644
GIT binary patch
delta 12170
zcmV;5FLltlW4vR3ABzY80000000ZrP>yz9zlBd6_{|ZLS5$c}kht$%@dy>Z!UV9>D
zVs31Q?cFascQtI1RmEu*Nt3L8SfTyf4~aKGJV{ntv)2`ttD4OG0Z6<Oi9{l6>LD%b
zqPr;9pB?D)5`Esjc>~|CzWDu1`5WH6zIyZWvsZ6kfARW%%@=RqzWm~|m#<#GMz52X
zhsu!r+4n=*CCO*Mwhu#5rB*uM`+w2T^XJKz{eHJgyN9oS-WEyI7WH}G?7OT;(zdP2
zEFH?GPBPX`lA_+A?~5-l8Qam(^T5xMoErM$*`Mx<Y(EqddRZsKR(_B-JM`lMvtCNP
z$(L=~rMskmPItv0jtSNASECfZ#V?Yys+zkZPlhHLy0q>~D3l5G5~HHuM`b+}-8#*R
zlYj8sth#+Yl)GYu(!)3}&i--qY*W;$uJ~nNc8K=q*|XuHl}f;QhBL#%0!d&symxTz
z+I5d9UYs5sJ<FP|$aeXvFVZgCuCB}a<nvdjN6%P)hE{DlpnStqdvc~X0|LQPGQCSa
zfAwx%uA9}mtcs*B29!wm{s?lkVBOQ?#%+MTAhjIc6rM#jg=e;=pe4{XRbhbt5k2PM
zX_ggz??VNoENw5n%?*7=wKQl?S(WyEl3(w8RAF_#+VvaJh-~edG$zPb^7&N)@Vy0}
zw3W|)UzuLN(^7>*4>3rfJbbbv1oX6+I^zR@vzupWjVYbo`*dE%{IN)LEZ??kpcN-*
zhD73T*5e+zP*)7-Ef!&;tgdkOV!H>Ha*KvbQby0PIaj1V;cArRSC!XEj<T5zO;;9u
zMB_b-AZa^8*$NTlZQ22;5Ts!+;56@0ITMP1kAAM&qTBU|5vG!!B}}PtBVTw{`P4*>
z`{-i|+A?Nvz9ohWRou90e{(_O!2wE$volHD);9VKgOk_hp@U;Rg3SAE+7+LY)NzKw
z<=zp+GDPlG*$>dVts^#rGCmBcxG;pOzL|xxWc4%k7%vq*m1e*+R}dCi!-O{n^U`O3
zMx#&x9j}5KNHm(au|y!wYB+yO>vU6mq9ex+XYNxTJ7^APjUE)^HyuAL%>YF6X|)2#
z(ZY>@;?HOX;i4Z2{%fqh!P=^Ci>zFiNK!<iu<k5Ix+|7KPWmVC&s_K(P@$dMYi$eL
zL$!GHYh7+Wt&xx9DO`w@URV!r_SdL?ITu6G$94zTP{fikJ#%!ZQDzK}Tp0-CU$#|z
zI*S)JO&n<X5>V~F1x)BncF={;s0Kf&+6%5ZwYLUT&Uk`~RWR%b%T~yzWO|W?s>!wD
zP#hjhq@S8aOB$;}MH@d<IpluO5#}4Tf&=UK^*@okd)RtNrK&)wDAn-*EO+I9uuW1#
zxF3*&hcd$(DbltAQucr@m9)UND{mnkpnSv%)sSf}R*(w=K5P)<qBLu)hZ3QH>Y8CG
z#Uw>|S9q7ok`&p&8l`nz(B$%%^x*%;Nz;P-)9Me$L$|jT5lFRUuZyzY1SM<kB5WQH
z-ZVCL5Z4Z`)CoSnLjPW)e{Yt5wKM(jmv29j`4wAL+A@#Rjk<kp8E_C(A7R(UK*ooQ
z?_Tspce{vN#6o-FmhGd5ekgX?P(|-jYwz}TIcW1P!OrP2lO;rIs|50{s2Z?2BT1F0
zJ&`wzi`FM~T|jl(_jfsDfsh&YQ=}}s!|o2eN$?#N4;Rfz!b}<DPsaU!h}(|1|E6`G
z+;yeNuCOb1Xv+HSd-ENV(QeWXuG0$vfhGi-$$pkJ-Nu`=ZHqbwI+zYWvGoYa9B!ZS
zim$|cP|a5tc#>%CR~-S{;UQLAN;G_{c#}w{kA082_waycq6B?3`D)_Li`#a<8yi3i
z5`u3-Q)YzkvMrG)G-s55{FL@QmM(lqn-;B@XgI2!Y$)m>M#k_Nr{s_|W{8rvP=+A=
zd_{8!;t!C&tXtVyzQbOry{ejx>9MSEXs@=-PC_yn?YtXe8o|x&Zk%AA4k=GdZfUe9
zQ}v1YeOZ(oAUR8p`MV3mcYHb-CvUQw=^#DgUX5}DPp6=vMVpL&bDmWtYDCkKNZA(1
z$t2kjjO%?_<u~PwQZ(7Ly3xwe2V*FWm*L!?#(S=SVKmg)HfSY=JDm*=cSwd)-DgTh
zSl@RQh%Td?1@hsr8Ij7gD^a%RWn@$@(Flh2IT7Q$LbF6ajG$~V(w3U7dc*UyD44yz
zX9`>Dh#V$x{cdZ2MJpK5rCdeBNs<$T=(^lo6!q=0xZ9>5`sE?95ob}<uIQWU_5$Rv
z5HP8$9;vO@&3(ay@H_#_(s5s>ZNF`hY=p^B@vJ5K?!QCh`D-~OyL}JFC#(Rc*O241
zPtfzSPms=;!(VBg?2(4vf%hN!^RB2W{5Szc3!Yxk44klk2Y<LkWw=CTxD?4=md%Cu
z>w@JImH*=Q)kSk#bXEGW?k{-(E?-}+`!fp7bFd8b8yWhp>24N82Dlj&t<^HG&L!Ip
zSTz;}q>?xU=6ShGH^s8$XVB=MI-D;CeRUAf1Ipq`2!r;EW8NRwOmm48sO<d9pT7J0
zhoAoZ{m(yt|LMoCE{RJ?(;c%kdUeRdqYW9YFTVWo>+in({%>C$qrtK1lJCFyOL78`
zr??BEwcxJFi;D%z#xv(Cl<41T(WDYd1;XV~i$h8y4X~rqJWu|kuF4x?U>FNgjMQg{
z0*$<4<j$L-PwHl1@EAdqOQJ;iEb{^l-7Lv(nyyHHq!FuMP_UBB_#n7wtCSL`)1kaw
zYEmAdUk}~kvi|E@%+B96^?CL<RkB7i_aoHHL%u&4IL-Zaey9ZCQ10eeNp~vI!#3@P
zhexQO9xb)pYP)1wnLY7FVuegHv5)~1Z6u_7f{g_`K$-Okb(uz#4$ZD)1_#v5yS&-0
z(tKBc)+B3iEXTHjWO*k@La$x4i`kdT(<K^%X|x<!4V_%g-tIisB!jac%^ZJmJl7GV
zscYu#z|G^(n$S{fUzhhuKXgU9!#2ud_|3O`NN&I~4!NFuPCcZWJX`8&P9|-uTQ*0-
zpu<mB*phMWG7`>r%-t?g4ty-K?<h6ApMLm%M&zOYlv`h$1-C$;1=~LQ3iZ<96@q!+
zfdE)?L;wj*b!g^q`Z8CbZjbVk(ClNM2|TiwDB*M{utS#`C*!v4ntB(tdv>7hU&!ZN
z*9@zd9jh?6FUNS>EW5G1*chK@y0^P-lnL?)U}xGtBrU4847I*;Q>PW_sL99oao!n!
zC^0;_yB+7<{*5jK$%)b47d-sbFG=GE@dp5qS^{pi^TPQzLF}~n(#W8C@VL082IP0u
zVNN%QZ0vF4N`)nG^o%(NuG*$5vj^Nkm>&^!971YnJ+Ol+r_y_mpV5n@9m7`Xe%R7@
z4<qj|{PGivi-GeS6E+7kD1(hu<eA}ra3rMB<9R2%%oQ~^V#$G~1tx{y>X;RzL_#=#
zDo*75>1sr{^zlmhxEHk59u367s#1`OtYe10i|;Uo+7v1i^Fu-+xNi1!-s27fp4ZEa
zWyE=$!_SEBBeFQdZP7pgfwrjjah23{yAosWBHoK>{a{FzP9sD-NQp&rT=&p_Hb??Q
z_XV5xlA*U2j*ca=J2l{vOJ^i>#1&YiL~29I7IBPFqq_(&_Lv8_8FLx~XGq!6UOSMC
z2XeK%gdrJEAqph@HAiwo@k2sJBzWt{()c8Wq;8HJH1wko7O|^G2{fVemyTSi4)8W@
z*UT$Bk4miUu`AW_bYe3Axlqi1YjxLRo}*13j_g6kP->Em<F}r+q3j`1#;_s66ITq=
zEOH#Jr=j^^x09G9V2?9RuG7BE)H#&}hhcIKn@QWQSeN$(x&DA(;N+n81e#s0r~|a%
zFJ_6Oi5{#NiBY}~YqGpnm1>pW6+Y8t$uRLrj=m%gBI&}b?hJmRh2*M#W7UjVKYwMm
z8}ghfAhh0qNqU7*)mKa~=-CN8I^~c0{q;XrXh_PoX}!VI(+;m&H8Q}q(HuRy0i$?D
zTQ<oXZr}_=eh({ZXg!>HS5YfF3GUOZvI=RPX`OL)PJtcwO(dY0HXV%lU3v#6Kv1hH
zay0n&Hw*+TmoN&}Xf0iT4%wEy5T=M4=N_yKyM9AoKW_K>&AQb@WUR)pV-s<Gc4}We
zXdktAM4qg@E5Qz(=o~B9b1nwnKu6jMSz&R}5dGqGW^_|?1cQX7@;|vj8O8ePG%GTU
zbufYwTawZ~p6#+8)FH6`Bles<wh#B7QI#!0U=eu5teR}Yn4FV;MkC&kd`P;YO0SD*
z-8DP*8!g>-X$$siYxoFqGMI0V@}DTrctsFF?+7vB=h6=H`x)5br$8>F9Qgq%)Hqx9
zFegprx|&iLZt;y{<L6lBl<5O55EAFdWY?fJ4<-ULB~A%9Nz{5UEowL9dta09k2c;Z
zEf97@dB{Ju7}JV>_W^QFMi0Js`f=Iwt|`&DQ5o?mv7{{@HMW9dL2<W&yf|z}%5p;6
z?G%C75l&fe3n;9z`LMvI^S@kVesJ_ajV)k{fl&@;{O62K1r<X4y;LXw6`$1tPv!r=
znE0&d&Y1XIKEaXj_4adOh=ebpF13F_AwS`b3s&gRy$h*-dzt+N4(=;7tqbb4l;95y
z|C0(mmmIuNe9FU4`S)2@wq(EBc~bgk94rXi;(1bvX9*z8IXTTvsl!LD!bJO+^lmbN
zqddOn<m_NEeBg~>Q!MHdC#`?FCOc(+V_gK>*O`U!x4s|efBJ{l&c#q1Dh=oTPp^J|
zb@l4)=>DgFw{M>Ae|n4$adkl*FW*<i32zN&$<@Wx%a<1~QP0*!c`}<42bZL4nxVOg
zoeqzlC*Kwbr^9zk_2>Z}y7HpWXqb+c2Iwdt+6Br`a<?sz-Xo8>S&FqD=IMw1@v18M
z`I{e-w&?~Q$D^g=B0-134Eq|+Qi{^@`6jI&&XRS1TJ^=LElXdkTem%=i-u{uvziy!
z1?je__Pc^Cw9xpCMl;DzAtF~``y`OPC08_4Bv16nsg}1LwJ&YDX5S_!)L-e8&J_W<
zV5@Kp;FC^Bg@LrPqTP}ym1HPVD!{(B2_-r+Mb<sE!;I_@069Y;dluf^kdqO`=@Fh@
zt1>lzUdxn_H*{YQOis?dZ<U;_fw=dMA%Qa+)Tyz=tfZ!Q*!JoosEIOeeUD>*xd<e6
z!{%>69ZvKdOJ1V+LoLT`6hA+XQAcQMG90xpH`%tzCui#l<xBMqN$RHGm-$M~Uk?2H
zyc{N#yl&E=M{CfoNV=-rA=G*cS%<HWQq$UhH8pQL(v5*Datac93$BS1h4j?j%o2^*
zFDOAh_S7iXd9gnEM}fQUYL^k)05<H(5;Juu6`5DyOFZLgxYbg)N3vV|xHrlB8FWk8
zWOSw`B-~Ble_ciq7?VCY5N9rRP$19V8%a%rh~gzkdT3feNomq9$2P@3P{=@9I;y9C
ze@>LQjKvU6iLhlNy84MBkhoq%zEhwUP})F{mM{jkF(NrirNXiBOzf-}9u@IJ;6si0
zMCTvl(t>Ho8F!Z-7k|t<MkSu#Dkk&UCx{g@VxQ<-CbUrosh__d(dR^C8e>UEZ$?ud
zJmNL8Yjs40)rkxy>=8CO?8MQjf!mCKPi|{5wJO|P$F0iT#tp1vRNX~W1s^+%TGP-;
z$4N;p_i8H2X%FTV&mW!`5ytQ=;+={u0_Kt6cf-TUn1zCkl%qz??g!}|ae^CIGVITf
zOhS@5!T@Nf2ej@ONgqE0ZLcdprGdXsbQbKF<rpjju8>6<y>Xs<PJ^Vvtd!4xN#G1k
zPsw=#+n%I)x8-JwQpHYX#+h*8gex^+lrB6PI<$gE36Ma|Cgiy7d9*eas{}NhrBy=K
z$mo?v4e5(&{Vq$}^t!Cd;Q^Z3wz;d5n-Z-{*XS46?)qXV^JI5ZH+cf>0Uu4lzpl%g
zN3q2Zy7Uh2+Fc_^nA}$o=K^1U%xus-O<6&U6?Po%1C8uR|E9;C#MWIPB2!fU8)XY=
zhNwjkfsCrTAcSR|!{RKA7Pb=k9%v9a-V0_Nfh^Lt+i0^b4nf+Yj{(^A8+^VAeaEmt
z99&lYA{K5C=T>lTqc~9(e_^cfJBHVEoRelkei#EeWbIN=`+NiyjUfhqiL2xq>rDN=
zhbX%dYeF(}$R&eq20V&{_W|k^fO=<>m8dMCy%`sHt`z3-qw%p^tXk24Tb1<<m>rN{
z22clPW{)A>(5nvi#Vs5jTnZLdd|sv-4UfH@j_b-F*J7a6;rVKV{_M(Zg{Cu;B1{rE
z<$Tb2rtpE2=oCKOJ5axW>Wb`^xLkp0I54A=8F5Zyn7BA&nYiIPg0Ig8M{2_Crg6BE
zGBH7@YFI<0EvV>@d`X5-!y!2rqtVmNMn69Di<Ecc!_y<HgWH1OV~4XPz++8{H^l?f
zM$k{z&+Tq%kD5o$WAs8ZJE6gvVb|n-g*Gsmk;CBhRyU5N!%RAVCfCSC5T~_ZJFGXR
zQ4G8x(h<X_*>{=4Y@<Q65HsifhLdaC4NLIQDk@TT0#yrJc05A@#A;`X`!Komc1X>5
z7+!P+DS3{5<PpASlzpS;b6&lB0H^gx8>l%RdIX}y4L5k~#4s^V!qm8?I#PyY*cg9?
zmI4r!Q2zhyoB9HOy*&07<%1~+qy6yXcxP#Ht5Xco))zBcVPpamXZpxgrnUXhM3$%w
z@Ad0TR7hwdv&9u&n$anS1En-R%W<HDrfJtP2?Y<48YebZN@Jtb<HDOoG@p(STTCkI
zcnqIWMsePT+gK;}PS17h^IBFI_{7!}27WN$iQ|U{JiJYRFrG;DAg()zj4h~E*h2Cj
zG6@kY_z_aMI#@D76%!YW95f~AUXX*QgTn<s7gQoa<sPy_tWtfK98Vrh0)eNEuYusx
z#@9gbiMnkd`m{mT2Od1ga-IomFw?C@k(swFA7{1l&T+f$tX3WbJV_G{M4!<T1JI|p
zL>IW~D-_p%NGPtUk#JE!b5Z@Z4wFWNWqfq&rq++{_+Uu=C{SMm2W0*6N9wOcx6)L%
zC3~raLlfo(2XokS86XyvePU5)#i?L;>|#5TV-nQG0GFfCP%w5TJ&r;D&}T#CN``UV
z;jN-zdL-CB+ZK5ca#&87`)p&0qGMRooH8D3=p7e-lQ|HNivwyAAKptdxLakl&Rqqf
zOx)R9R1102d#jU`j<}`EtbV3Rd7YZW4ee)PIg~aNT0Xcq84Lk{H#O`&00P^27S|&9
z@T_4T>5wB`uz-yMj_LZv_#Bov@<8ASkuOQI>o?1niD6LxtRr?@9((Iu8@>DFy<tw;
zZ;Psb3MGar7bgmQ+uXp0azY|Q>Mq(g2ArQTmf3y~ieCcbE!R^y=cKARq`G)#xhQOh
zp^Zt5@ny|!*H*>-3J(E+0E+uYlzfex5#BBHoJOX)(}W~O)hs;t(pi%n`*bl$JefE_
z;O7w2kuqpQY|m+|Vad|n{|F8mf*^GcMUoVM_B}-P+<~i9FgOXeA6{-6ln0kW_@KM%
zmQ@lyrs*#`B`5aUkn)5|s#j~xmx;SoQ&$Z{A;gYm&N9*v@_Os&w`tzoxfqEfI*;P%
zAjOnGw0Gr%QZ;P=l5@DiM9jcKclPnYF>n<0sw+wyL?V-2zj3nc%081CGxl#Ue@!ia
zDk)<VTtfOJo(NKG3$)0}3TH7*{A|s%Mo$n-ihz8>gO+*B8BV^v1AWWaC$P@NdXXnT
z&yz8WuhL@uvxt%=?-m`Au_0%1Y8<uQ7yF^4>$JRBr~7IkCdzxK;AA$^DxHZu^w|B6
z8bMd&HcnS3qa0YTE7$%M3~G7SH8l%=T#7X|(}K!%SmuQpx9_(i@UlHi7VfUyxpyv3
z2@R1fH2EOP{Mtw6Nz{_vH5$U2st;*O7KE}T>UdCVw8z!vFc9lbqaq`=g(7XiX`Y-g
zQ%FcR6OXJt&a)J90V!^SNmcd(_Jxz8uNfrPpbX!VaJJ!&t`;nNluWW4A$BJd*a{KH
zx>rkJ+P*Ne(`ZU)*sJc7Vizz0B$JaDEq}OQclt4%`G*jwj<66aK2VfzI&q%Jd>#%I
zsqn*ahGR+}9LG?Sj9p0=QfsP_oA2-hpK>$tkDW52w%X;R?R5R9sB?jq+6^%P-<B<!
z{p)oTVrTwkU!c(yuM_l0MK&f{#?=mWF1S24oP$T^jp7KlY2%3^JdMK}*%3Wy%738@
za;@VfA+y$FfEa#d5fLVj@d^U?yn45r+oR}@m`PZBm;>Mz`E6059`0RR9_7U?PqyBJ
zImCD_1~vkUTX`AnvW!cVNdDjk<}|<~a@?ZOyzc6&oNgaVSlwbxX6PDUc2Rr7IrWoO
zP1A;hM&tl8j1<<+Z!Kf8Eqe&BgMXC0FdG(K)6eA!GhvO`g6&fyPVVIq&&qu`f{b*8
zF)%4Q%mPa=aSaPZ2wzk>wp~prsDkj=+=QLZXX%n{dS0to5lR~+pI(jS=53QYeTY#J
z%{@K!MfDbv8#Pw<#1s_4fen`n8#p5km(nIX_rE=m%{8F3SgqLZQ5mXhAAc>aR!;3V
zH466vzHJofj?fOfdmkMWJi>Gf9#b=mTNpL#9QztH<}Aha<<9#N=$Jz(Sw>bj=#j?=
zh6COZ(=l#AJkE{N)F$}4Va5L<K|n$nA*wZa7l3xWDV<X_W5LwaO6M#T+dmJsQ*Z{-
zYGY3CF;=eb!UMl!fM6qSLVqOblf02L#7n@+=owC>5MR>JLAY_4%G9ZQ%j}rR(*YSh
zUv<)IjId49r6k^@7-+Nx#k&yH_jX9i2C4n{;`@a5WC)yd!){@~Had9Iv;&D8NP=i`
zOV(|P+CIMMX-xtLi6II-@yS)A_Bv&#<iynF-+a>80!Hs=(nMZ6$A773T#@k8F*U+Z
ziM6aCiHLO|E}3r?=yPkS@d*%YXrSA%G^(Mk+WT~OooW@Im2q{6>BCzJCZACEm@lyM
zaRr2x!)MGX4I=eQD^N<Y(ut5tm^7?XaFyQKpn}Gc!0{t;+z1~pe7)b_>w|i`PrA0=
zs%<WiNOw5wGQ0jl7k|Hi79pB(HF%u1xuub!i(js*rsDW5j_6KS!>w3>oVJEcDFUU<
zqDqI!n^DI|T%;iXj+43%!y|bsdyw?4+?E;;G=@45J$8)*8ZkeN7=stqls;hPs4|2t
z9?6(NSi+1GA+)4o!ZOb9_`Jg$&K2f(gA=Y3aX4u)Rv?pr^?!S^eGH@Pu+0qqVBh?>
zquR98)NH41Xp0sP*y%HVh(XV{!A-$jK*ROTW|p<=pTksF-Si+cfGt&Uu$8uM++`e=
zUF@{QzCXAc{QiiHoZVa-u(Y)8p0~pAfPTAoE-V;$^-bMS@It&Q-FcxLMc+e+^e`3@
z8J4Z{y_Ce1Ab;G*zz*T+c+U*wdN#qlU}D;#x+-g@m4RFbWy(Wd_q(+JC9LRHlr@@C
z?@;H>gK;c%4ciO(WKS9MEq_#CM7H8`tX#inPA9Z`HYLV0{-=i9Z1E(e1DgoRs5qvy
zlyuK`Se$-KfpWr;?e}#CPGYDbvCFr|&uP?qWqgz_iGP(y$uslDn@rci$uiUSw9~N+
z=S&X&uVm6%Z7g{Id#mm;Dgp6568=jc3?5AEPEOwnQv#PSn54UvoZp;>vDYGZYLVoi
z-lXx-gb7!5Vxt<)hB-8ywIqXD2$ltrrmqyUA_2h~j4DOq@rgMlV;47*#&`6X@dp;n
zs7K%PyMHgA;U#pK<0ql@xjSN_U<0y=d`0gy3d#y2_M2QV3p<w^#l#H13K#CaF4pJx
z9zP^&mNe6rBoqh#bHarhOA4NYlnDZCmiUUl8O9~O^GadE6~|**IW%dhl}}GwYJg^U
zD)1HXx>C6p$C<d>i(Py;HG-<ltDf^oeQQKL*?*{GLeaOYA(h`8yPjN#JZq$L+%<DF
z8r5uNvV_{8H`7dlk)jgB!_c8y@EW2jjV|P2xwZvC@Hr8-(%nB-+Ko={k4T73t^v0E
zc47VE8o6d|iJ4;08&7?X8;EEOddX4ipz*`Wx(z$%1vsS2<wi+aJzLv;MX3U6kk(sJ
z+JA<vEOFXaK7;#F6^maxu~CmwG>6yLmU`@>CeuL$`&x@~+1GHCz_q5u<YHmVF{PJc
z4J+P`R&4I1#yU^kU|WJfB#&FvF|tBA_suAtCqHjXGy-j#eU&FT#QGl5J;3$3pxCzb
zHf56P1u(!#)c)P&<)$3A`|FFW*<G%SynpG^^S-FcdVhaOzt0KNWxKDc%YS?Mmd$6R
zereCTZr2HTfwwfy1OACOL*WP614YevgL?=0g&HM0)NPOoo@T{Ju<GS`mkk7L06w)(
z%S=Mbd+!RC_at*ZBGT7~iy%_@b{)q72Moj)cd|A+j7~W~j-{g{66=`kZq=4(LVweU
z>`M-srfaofW7F4423Cn|H24~pAc843jMfGQ<2HemsA;k@)T+tSKN)4b=MWD?jt7Q-
z_=4RLsNg*L;81&G9{0{t0j0Haa<di^Q8Cd7W&wo5SSm!fWX-6INGPo$j3t3hiD=DR
zfWT>G-vv_i%Ebxy3(1_3_vM(b1%H*{q{CYLf~xoOEe+P?JVEh>{~BNYsNXy1dgl!S
zwh+8CSl2>nxHeelCP8s6fxAM`{V}yPOHIsjEv7JMqn3Jl#LipBEfV8I7#8G+w|Xs<
zmcf;Zlj0xPRi!6~K}|%Y1~DAFD8L97cBr3|`wwh$(uqUgppSdclW)jvaeqiJA3$A4
z{~>}3-;RzomW!c4RJy8~8gIjfllP{p9@)){L}3Q261KLyH~X>(w)dk)WCFk%x_GDz
zJL6nQO^IDaX}y%%bc*=Bl}9EYH)(PAj{H=;UR#?yq?hU;)D5%uTlOHr4MzrB!ASp%
zkA)C3LykA-Z59#N#z`>hV1GDeO3srSEF!+V*-Ws}WemGRaV%*IpWJ2)MikSTT9704
z6Sj*J1ByAu(+Y{w18o?_uf9#Qf+mekkYnve=99D=au=sN8Fn)s>{+qubkUna0r;{+
zV!u&u={(1!@(D|H18)ydh09g(5H8V2Xw`=Hx`+z~We%57&CFpw*nb{)R@?+M<F-B%
zoZ)nQILL&17FBlVrK<{QQNX1H*{z3+8*Q<B6RKGF?gx}l*xtI~{{J+V!G;De*f0|>
z{2+!yDb4|lZ_rict{fD5Fa)H8Z+wL=u@B>~J^2%2Fv*b;);$rDr}Kneh^lY|U4%Lw
z9^)&`a8qeGZ{UT$T7P^=x~cffzSw)mo!Hw?72eSVISpdoQrA2gTqWv7tVwh}KCti+
zjt~$Kc-tNHjM*HG?gV2pd08Id`6!+Qcs(lmqRrJ%vI>N_8AiDn#<>^9QFHfLTjH*^
zW6=JTyIoSdQsHJ5x24GE`r)Ly7Art5G*&lUQbFzQ=5}X&d4Iq9wdfj?2;!&eAfZtu
z6A*}FuU$hPhsdFm1e<7-Jwth#Ve<~1W9W=xn{&L{R>aNSGGoAv-H$ynh2G5V9qvLy
z-Na1^qhVAVKNnJX;&s#I6h!NCZJ8sMy*OzpLhkTbCx(9R2~4ArIResXlzO}rTbLMA
z0=7`}I;}0%&3~BA66402XHRS!E1xT-jUzEfESoSc%kj2pv1?3KQg*-i<>!d*#HSTk
zs0C?$4hXRzQ#(T|NQ9P<3KE4il!B~0_(CX1v{=^)q6~_f?4|cf$rz!7*G}L?5}e+5
zFr5+dbMtrl@prQ2ZdAdT`MncYC#;6FL#37I2g4-@B!7yWbj1MDHoCIj7<D9_SsXW7
zirv<~jueZxFy*SHQzQMN?giJLqPbh6a+|p&n>G$y%cngW-bHEYYzNc`Nut5fQ;FQ$
z->HEb0xrq#ZQA-EMcF~GNy_Sb>GYcEwKd|EoIDv49R$WuSYremMNs5*tJcjd>Qw9&
z)dhE3^?!;PR*Cv0!3GlJQEJvK@frPxp6mqU^QC$g$2-TI-rxr#s96|IiQ06Dg|=ij
za0M?PnDt56t(Yb2<9l(fgK$jKT9eIPi$_;x5-1C;9lwxukq*|%0Xj>VZi745ILzTN
zNu$yg1*b*=8++_w@*PrGzr`<tug4GrUie)ICV!qTy^H4YdSTl#H;Ku5OM@+I(F~cx
zkzM8)^%e1Qnu$;6H&`%DwmC11FlJ85hH+;gDwM2_i25Nf8R&?GVc^kuCYbO?$<E+K
z9iv>NHWpa@+8~1i2=n!<@T|^*-C0Mh(nUXEzT<xH@8{DNTNXV_<0AT&!@#D~lRZM5
zgMatl3qthek2ypjA48}QiTR{hko{1a$3G<5wz-4*u%t-ZYxD$7DrDoQ7^t~!Prh2P
z;z0)RC`rSmC3GghdO@}YD^Rk#K{G)j)dk)q%E;cn@tj=WqZ#l1!EefT+yP*W@6Y%w
zas558ec$Jk^AvEJTSl;-rBdQS>JgiqEq`WAXlsE{p*Y4Xa)rURvh+plu+llYjW<Gv
zC$CEu&K09$v;$%YzA4eL#g&_iZRNPBEI~#Lskvy_YS2n!k2=CAECUle1@?}*1<{mP
zEDwkIS>dFMGb$5Xz&m+$Mdv%?+R8L#x~APA0HmYkWx5HPc7p&T^nw>>34~Lii+@tt
zY+}2{$Tc{PWQh^5B>ndzMV^-?OEI>DuhCSQqNx&GY<cJgesL)_0r54L&3bH=tvw~9
z>(3M%+pQ&j38NJTnnHVTb9G(&5y<Gd@56^;z39Wo7<R))khri85+f_j5MDM)J|mz8
z)i=dMs!`!)ZGB1N5U_^tKDB1TR(}qWsU|7Yr8Fi8^|~OTu9G!^g~J)3!&**PgbsT!
z4W4dTPz_E#-YsWVEG3MF8^ga~iN09K9HoM_fv8H9_)jOs7r8=nw0dkhshfTeqni?G
zBq1MX8ezgx{oF|hM3Ux??s`rQe&UqN<t}bYV!TISb@%2Lb<>Ry4A5<O7k^ZCPZ>e8
zcE@Jd2rb5XDM|Ty6@3d;kZG5&Sn0g6%LOT>WV@<i)HIWNEOIG%llMKT(%7r9Y@Cso
zVvS&eufrN~hE0>f5};FAaE2*;umXpT*=XXy-#1`Am8LkVE0K8#e!+$}pWm!`BABw`
z|ADFgMnywqq?sT}9e4k-Gk?ihQ(eZqJn{5ure5HC0OoBJS!>?4Uu3O*ZQDrRjQHQp
z25c-v7c?YSj9M9$ZRc?~wK7kOf%!e(apS%+=s|Bv4+e<m$&aYH+!jewXT{Xu1pn*b
zl3melihk62<lLg)P^a2y0QMJ~=+xYk?eu12%Rb*-Eb$dx_Hyd=gMaOD!SzF^L+gi7
z&#51V;5}|C(Vj5@^B<?4qp)Gju4AGe1XfatWT{P2*qF62>Uwyz9Mbg~evrEi-m^sp
zrRW$%M=9`%LsBV;Ur5UCr<9Ini&xHwdn5ZKF?k7Y6Akfw#&*9D!Z9S*S@|=_<F2V`
z#tiWm#$`a?Cz2$o#D7?PL-zM5wjr07iHrqfvL(l=i`EKHjQr`2qi86!f2l3yLxkZ_
zgl>|gmUTH|P~D^hzS{{6VAy}Rthe9^3|}9uawg4_H9{Uk6945ZH5Cr59J6g&qh>KQ
zCt~@^1H%y6I<qf(EWfuiYRf(&*T^&=B)F6>>2^Qlus0)|N`GzP%E>h$<}<S_>T!QU
zs4OJ7H(Dv=j_4t>0NGZhV@lp`gjb=Our2~Io}pzGEWg16;l2EvX;pZ=?B2<fAjGAe
z+-%@F)FRSQcK<BRh2HF9^zNQ`x69bqXRIF!!?>&w+}!Sx^W+CS>)=?4s19m0btO0H
zkP5^;NMS%=L4T?OqO&Lo*46cqW|9C19y8#*7IxvpLPx?g*rL<nT<NjxM)3+1z_a9o
z7M}t2fsgKFjPYzkl0wjD$uZQ+xu}<8Z`_Yju{2n#tUMand|YapI|R5hjL2MYmtr^>
z+Z{N>2kQ+Qa$tCU0MdK7g7@wN?<&&SD<6b*<X;^*&3_R~!{X=QgbWrVdj=#YDftv9
zJwT?oTHkJ)-jEojyIq%!cE*h5hCA6Q{`eq1r1TkCfFs-G?2uuhT-#uxxh_X7S5Tmr
zva`-OgCuT9*{mU`2pX&VWY`vck$nB1-z3a0^1^9Uq)2XyqDsVes+~miWK*HIT2K<w
z4_I2@tx2*Tbp#eE2CE_Dbkmr`?;Oss3~RezirwBRT}q*bd8Y4Ph#^02n6rlpGap!F
z1;Ab~L>T*PRD_XpgJ=>$u>dW{tXWXMnB+Q><|&XA%3+IAk=_Ju>=FK;F@a~t)cxPP
zlZq;10XUQHDmEWcxkmHG$v+A*#_lpQ?BlVl11lmbSXzL|STCQR_F0odD_jA$lb|cG
zfA;iw<PWcji*<IWG+v_5+c$6E`_&h}e<^>X&(#-iU%&b6)tlE}ynge=+qW;j`0VAY
z*ROy7>a*nKp)w?Y_HbWjl6>}S`!Jw&qm|D0{$KQS35LhZzhC6AfbQ_H08OH}AK3Qx
z{vAEq(Y+JhcH3YLxqpd9iOYT8T~_5aBxo&{1n2VNchAnxgV9uv4vb1bA&T^YpjA-v
zb--LNnLz)?>yz;;Du1u{WtHEQ!y&S~Ahw+4>OMOM#N~ug-RFxVW(#L<Nx1dC%=>M*
z9+s(cI(DKmUoO>(IAp#QB$T^ta-_U3*v=OQrTu)@1i}gTMN`I>K_V>%<v3fg0TQ@F
zjW_2Qe(@o4F<50-M?_0bK^Si7Ok&?5wC1gc1+^D}xnS2JRDb{Ve=q;f@5thNDeP`r
zROju!-<~gr+aC;A(s0hf7St~zWCb@Pcf>3YTsOB(wciyJ1cKc!Y(1lFmYU<$4!j&L
zL2R-zUo5BPwYsKRT)I*U3wJxdGFu*BWS#EU(eG)if<4&xs6|haiw2IgnFAqDUL1rb
zz~;c2@JE-$z<(CmCrGn9{o}J>EMoR%`4l*GfSV5|gg76I$!mdJq48xV$~_4%7YQP6
z=q5FX{>Ck%D>h|6bPp778XQMMi-x6u@@0UO*0~54g1RJC^7o6Pz6~F^8l`J$pq#D;
z{EOfH{i13%;nfSq{SaXALxuAf;m9%B2K0U@XxL|oZGYu%L^vQ_rLj#t2=i(ds6ZW!
zTGN^=T+Cf0$9<i){k9qUV{o%ZEKT>2G;6Vyl*686^6xOb{k0sD-M$}S3llbxz@y<T
zN&BS4ep`F+(nNoyaIJTXILi+Hyep~-KTcrN6P{j}3PUFQOP-&|!kOeh1}BblMJ%|b
zegPTc27h6&WEn7;Q=+oX5P|^KW~P|~979{Kx}GP;V{}+~pMUw&cVGYT)1SZp`R70V
z_|+xx6>7R;);9a(nB0wd0b}hkZl}k1e7X4Y$FINp_WQqmb$o`s3BUj5FUbi&o+c3Q
zseohld2wMV6;2loQ!Ftk)*nwNHWXvYM59#8Cw~=7Dito2S|(B?sedX(dY=48U6nTl
z_}C|7DT+>hMsE5Pojz}hKB*hNi;NMDh13Nl$|J;(K+2&(f>QY|em6^eM}PkQZ+}{S
z`<EXtVWz_iFgQIZPbf5$oHlGv?26IJT|IJoNb!9@j~}~~zfH2|<qikTe(b_NZnAWo
zr+=d<T5Qc4>O}&}4E9on7gdbLxbu`F2e8_Bm(TZs@zv&dfb1U#KOLG~$rgHFepxql
z@zqyG$|ZY(3;$3J*fJ*^EP+EcIOp(tIB`8vah7f9V6a_ggaxD}mnAr=^`&<7dznHn
z2})3rdO8zTJ$<ZBhD`?%M;2H{3YSgT`hQ(yO-B7y=2_@8JHte?Xb9#(>{$$3wGT0~
z)@-Ym8Gd2omOYWBY+Njb#Z6rd_y86!4SF%dS6wm*kk5=J4nxnnO6$6)relgxNAKA3
zKoN&Kl4`RVtMze^dKW>6qwGxp6M`J)Z-x{x;Djv@3)Hl&CtJR_ZDYdh@5Iv$lz;5+
z?Jm00tDgUAf-`J^R@wgjqAl~NO+pVG92Q1+{W5sxSye(1sU@4!CE1gXZtnDWh_12p
z-R+D%q>mUzwCUOkDzLO?7cov`HyY4p8qR3&5*vS0P+*HyXmnvf<8wR!^;@3}c=|kj
zo<2{Xr_a;p>GSk?`aFG}K2M*g&nMI8>GSk?`aFG}K2M*g&(r7W^YnT8Jbj)%|5~5_
M2TtiAe*lmH09%NWKL7v#

delta 12167
zcmV;2FL=<rW4U90ABzY80000000ZrP>vQBblBd5)e+5JB2ul-sbgSFry>5>uy!J%Q
z#N5~p+q++O?rJEKRmBmDq)C?4a!2pqen`9l;z_b(&7LaUt`eE~1CV$n5{X3C)I(a<
zMR!@QKRM9nCHnmS%^UcB^~L8e<!^ZN`ufewPhP!w{l({h*VnIKe~##0y?*`ri%*i5
zhsu!r+4n=*CCMkhwhu#5rB*uM`+w2Tix<h4{eHJgyN9oS-WEyI7WGBn?7OT;(zdP2
zEFH?GPBPX`lA_+A@5?W*7~Apji@?vZoErM$=uhv9Y(EqddRZsKR(_B-JM`lcvtCKO
z$(L=~rMskmPItv0P6*Y>SECfZ#V?Yys+#*EPlhHLy0q>~D3l5G3ZtUm$7MYf-8#*R
z(|_>Xth#+Yl)GYu(!)5Po&V$bXj9ayuJ~nNc8K=)=xBIor4n$S;oR`BKoVFD?;Kpa
zcHLu&&(4mIkFusKvR%IFi?qwOtDCYu{q)t@@e#{^(5g)bly7)yPtNpaKp<F3rgzDw
zuimc9b+cNRRgv_?fD-B69Yc;5tb3Z=xDBuuq?W^*!ckOHII=YbErG773IqI)=rIRR
zv#jWQA1WYaX?x{uZs<Fzr9pejs<iKu{AS;y3aj(guHT48WNXi)F+skPPp=bz?=ASG
zt$g}_%JllJmMSEAh(QA7;mM8=(9>e-j1L6PZl0wzrgV1ivw0o!$0E(KeA}*pR-B+2
z5{bWAk9*`oT`{1yScHwTy29Cu?H*XlEgCLK89l@1T#^2St5K3)Ro)~y%4Rk+U0L)I
zjrTBur0oo4D@2fYX$Pc2kcPp4)4WCHOej8o`nhV0Zr3A5m`Zw<Fr~(geBoK;sfil*
z(Z>|DWz67wOAHsPxN+6~=7Pq91C$VFXOg(BZS)9(lh@{<gJV5{%=>NH6;Da(I78ub
z?}%a<BKNB72WZ{a5t~67ABI$17(!Lw&O%wT`k8u+mkLj%88FQighkdc;myIk^qJ9r
zC{#eltDpuFjpl7E5s0%I&fn5H-4suB<k;cNJ>{{3=5W^NK{0;Q@x#&#Kr~OQ6+n&_
zZUhv6Ml%Q({Yda%WAzQzR()G!<+?<YA`*plXED-Uu@rLBKY@Sd!uNm*?c82#Ti70|
z#iL*Aa`UuCK9Z+!AyRr_J-prDpyphE3`HN?9b7{ZOUCrf(V<3}F+6f*AdG+6R`GNe
zFKn7P(DEgq+I<U{(3$L@3!zaBKB?LZt~s^022{>?f{Ilz><G(N$Wt=CNJG`+T5%{2
zk0sKlX3>(ys!-9!4^<AiA9RHI2Cd-0`hD|HB<~)!9#W|)P%27wJOImmIc$@E6cO$R
zB;ldV@J5QXt$>t0pi3n!u<gn_NCzk%u|hRunu`_W!hjDO#JDKU8tb7%D4@D#SV}QT
z5#ANvrLrVNcCbci-4ryrJSIK(|4GucApf-b!^zO?ZAAo9E!mr*tT#c)n!5;_$AdSG
zjUB|b!z*=yPp{Fx*XZAyW$jFVKm6s}Co;cct4dquak^2ruPp-(g6bpex){j#aPi%X
zzUb~2af?`JFWj<y^w1B*E*q-oU25&!zAguC-X+*MU1qX`NNtrs-W62?HfJQM616At
zhH=sQq^=97PW%2ohb#~>!+wgCg}2z<fj0@hqvGMBIZ2o)gZ#<3A934%5%=G;&XfDD
zG}#q)#STqbzkP4MM>5(?+QD^tAt2C%U^CgzlBU~uleTS9=RgP3;S*brkj&xs8L#+C
z%m>wcb%7^|)_&CyupJ&^wWUPEw~9B3bo$u$sCy3&cqU5FN0YB6-n_VL2fVQXv>+k)
zHZ)~M_%_=Ti9&Nm$xms2&tvJrhqP(Yiiw7!+R28Z9%5t+pK(eKS!0GMc?)F-($7~k
zmmvNC`OCVMt>ruHmD;PS*_a;73WxS;+w3GHlhMw*A*K=B-tEQ-=IM~~wB(jXdoop@
znBSL0$pMn{<b=PwM0_V_lX3DUyPXcwBkt8GNAPqC8d|i;I2T!eRiZ{T9f_1}ft*Z|
z4Z*nCmsNgS&L~BbO{*KN41F+$(s&upEo!_M3K&L1oo$0wVz|@U@NkD@IMw@1$q4KF
zt^(0zl(RrS95y3TnRX@0_PmUY>LnV%&^{+(TvTY5=!X%M4My5hvsG_+o)!hO*Y`|e
zOC6EJ1g_t0t!M>*Bf6BUXgEo7Vh~-Io6DlUTNZcQ^h3WqBsStKirN)@Q{7#H92Np5
zb=4!a^`?1WFd@81z_N7G*J;~t8zdWHGE_WkiN5>q(0Kk@4#{rcgYgL~!08R-IPDYk
zyzCRCbLQ|@S|@v?p?Bc@hyJ`TstP|&K+%Gymox*X?7<&@u231SP#La7vR7quDgL@-
z`9$TvynA)o+!bAwKCJsIUVy9DSL^<qLh~Ff1N}yZzHhqQ1(5-6Mn!A2%&T+BwgXm;
zMFFWK4uN@5?$S-MZ21{9`lk-(i$Px>1oVKixE8{o{o;i82R74OAq6VC`0}UkzW(8-
zKY#!8&wu)V@vAH1QqpuMER9|r^6+RwM(fKjfBgEpZ@>TBS0`w2Y`Wz8Z~l^;0^}L)
zf@m$cYx3f9!Lsqpxe6uvw^}r*L{fopdDP;N(ntgBs5CE<|ER0-mKYeuLKGwQIif%#
zuNb-Wrs$Kp85lf95ap66Q9jGOKtnf6@|&hB5^2PL>K7EOBr`q;F4`)k1nP7s@0OaB
zN9Z?0cet$ox)!tZcTIhfJx-OZ(aik__41JK4+c(if0G|70XUSq`Bl=LO7yTzyW!yx
zDyT<GEw|b(nO0^`ypdQTlT0jRz(gAf>7HO?!46PneL`KP5v4=3E1AIob@MK7cB?es
zl{LwK8XU{9tsq(636juj7wuy9rSf!%#$XyPM^-~8SF^V}k2T5QEJ!oQU!2T!1ZnD;
zc{_0PIJ73T)Y{kO`=lSbBHdvdWikBbTRtQ=U>S#8Pd=v}Qca#Mbu}lGw$&}0qhZkD
zrz>p9xON!{=Ue7(mna857TI@{8s1Mod?WII&_CtY*Ji;j5NN@+kG?{^G<bzz-nSqC
zmK+g4LQ@@@`J2AX6{y>zyd*UH*k=Nd>?KM#9SZEwrN+s)E4!xNMeUv)X!{rPIoCDA
z>Sf0&%<aoD-Zsl_EiX34=b7&9t{Y{7d;-{+_76#msx3pUuiVsWMLKHo@m-vE21*Qn
zPwsBVdAEO~3qf*XwD$!MKlMw}_(A*u0Hl_Ho9(=C{!I`&Ext4|s2)5nZm9wJU3Hk#
z4I&$R+_+L<2^=3W=fG9lRAu&nI|%b5qK-pI4Xp=uP~}W|@9{JGY-z`^Rk|OxG~UC=
zI}E>kVsSBWeq+MsU<PHdk%~Ms9FBy4G<rPmgqOLZ=0+?z(6qp$5L_Lzf|N)I2T;X{
zoS&{ngi9Z<l#hEsTkX+69IPq@smMBJ=)3q1W2jA`GBH0SB!Zh}U*|pUFyMK;%veU8
z$2t6r=sqHgGu##p1Q2M8Y9H50UAHSS<}TvBnAQ)5Wa%_Q#DkPrG{<!hZG$9#Ky+WQ
zc`q4yYvJfvBD+%qF1d6@LPuPIMM|VLq-+t#2sOHk0Ar7NfSWO=F>r>I9qqLP$#@`F
z%S#xN@f4y!(qD5VHxxf4WJH3ujx3E&Qb_9N$U#Ft3SkkudXzvDI)CZNmFfU*({|0g
zvh%3K${xE?9Zx4V1CR^FyjFLAE#^7e<l)F3WDKPy**JddX&cHO5@ie<B0O=$FwG*z
z(Rv!14|Y3=SpxPr)8r=Y%S@e9S#TI8=dhWy?TU5z-XPZ>@C%$A)Sf`I%N2Ei7W~C5
zaWv6`6(cdq7h+A8H>y&t^1H%kx-1zcKFQIS#6cuoc-5W5FSL+cb*!3yG3%$V%yvVb
zGX;d!8!$<)Fsk~B2?jkog-2)nQNO?W=L!u;**2{=czW95b*n}O*fyHuqgybFSF~l5
zyx|7UK;-wZqK4MPnRgYnvXkIG%_^&q)|u8BXXg~yao<D&ifPlqnBS%MZ~_Fisv<{&
ze}BtBuyP5bV2#$&<&bTE*$ZKcsB!MW%CPG<^!4L*uiva&O+?0O3_CUv*Jr2p)r0m?
zdq?ES+Pf0$(235mf<5PA;0<)7osbn47Y)%b&Spk8HAgT=SStUM8<bJ3Pp4UtVXT7@
zl-QD#_Hne!dQgYJ`j6Oi_Sin$dq!2Z1c621HM4564P$an8jW~=L-HZ%iYmP+s&&`w
z*l)CS+odhoudU%D$jM;7J<5NgJmVEX1id4~gr7@0$nR%hho1tujB?}$s8Hi<)x(@L
zm78ixVYtONj*XvVnNy|@xIjppACp~!+B}#D%#=7K+$2%!!L+E|knep>zCYS{r?f!W
z5#=HO*kVj8-UrBkIT=0p-s#6>&%35X<3?q~r^J%BeAL(qjs?a23i9Hx9VyERZMRbd
zVn;Y-y)B@y%I3oYo6i4ok@>;V12wjQEe1w8ob#VEHWgF|@%K`p091Td3p|zo|6<~^
zqB~>abNK{E!q?l+sUZ@+gu2xJ1%-UV8yBq5p?eon_cHr`2^`#4Xj&K4Ybn7W8vZ90
zdM-J5qxh7Eo$~Lqu58JEwezI(&p22Rw#D<L6weYsm~(QPol=L7T7`-BG3ni80!Mj#
z$I02jV)(!t!KPT$B~DuZbWL`~{>Hipwy!e_<8OUG&j0ieubs=GI8++W`=4HYetrGw
z_oMrtK7ajxeE-v9e2A+H>UjCSDo%N8I8UxGuV22re2IFtHp-LPlsLE~UDFKBZR~V-
z{37|bKsX(~TdGG7@X(bPeMZA{v@}3R0nsi{hLZbjf%G1E%*|4)^)OFA?2lJf$<N>X
zkhD!V@HieV9Ty2Y6lU1haF$Y(md`h7{cxVF)2c6j&TLuwTHU(sAzd^~<DJ#Kz%EF4
zO|{<@WTAz|Z#0@oehLw}0^28n>@B&XnId_jM^3f8?Wlce(>41xIi>zeXLPOz$OT)4
zV*sCYLMjZTl@;xlOsOP8kx~KnwM{6|nJKdFp&e#qhXBYK3fZ&p?uML>D9(=Y^jejv
z@mi*TguJ2qdSG&L?tQD|Yz@S{cMJ)f+n~;jC1xcxy~DOw7eP&waqD{=`^!ZjsT($b
z3+iy9=UDO*%^zwxZln15af~`bQ<LGSeYwfDRX#ae*C=1AZ%9%%{l3gsYW{NI-{<8p
zspNH&4n10fc16-v<qo0NTgW<meUzHkuBmx{+mUVzT#-|d&|7d#oGPSe?q-%~#C|~u
z>anLrxz3CA=|2kGbyvHL*aom+SC*KmL#fET0$<`8Ps6R2!abJV;>W#7-p`<0$|j>T
zH6h_{0{`nWiolrk!GSn)se=M}_RdIZ8blN?LDECh0!m7gb~&~w{((XU($Y~q{d1~+
zyk#tga7u(N6VcUA4S~e<BJ!OAwSdwFg0zG&u#FMPQ7RRVg=b=C#qg+z9|9k0#HTv{
z7?&1IL(aIn{J8jI-Z3ii{8llU&ptt{m=XI_=Q5#<GD!XW^@u*F8q*j{I(jpj^57A#
znO&<RDy&XqFkz3d$zdmsP7T~<d~#cVi>X!N<~nXw<~D9%9i!?lnkx9%Vbq$2PC8CX
za=BMiQBHd>uXz6O)QB*KXA$pIY!NVz1iu>|PRA@1Y@{4DYIZ+J?}!uJz>;Bqeq<7o
z%n=4aLp`8%$4L748EAW50V)mreX6ryzbwaK8E}Ox(&&xz+zT2c6=tP;P6FqDXnIO6
z64>@6)w?Y>Ta+qxDl^W63nyHu38Qr3(a@n4JW7BBYBnLqZO@~%saPeT;Vi8ZvPMR)
zJZeZ^RO`1{+NL*URSpl()V9rio!pjaUAjiUz;@RcLzySL+q%gUXb<>k3jTFd);x+W
ze$b`&aM$h{LBiy|f;boWVrGMX?rF*jTCA|+a35%7NBTEC?j*ME0uh;_^4}<1NHat&
zdI)4x%>^MW>l_wmVYIN7$oD{l!0}!%;|OGtw%taXZE*<F7JUrBuHWGEP3Sv@4dURk
z>KCzagE+T>a~s8pviJ*Qh2Jr}rsJG66Y|3t$RTT&g4*XJsAvo^NL(j>H&|!t_dP_}
zjaU<snL{oaY%}0dB)kt$uK?6Lo2*1-3GL0ez;mTAmmiIf<zm%}2HdKwZ^7(<1T%m-
zFf)4$@s?h7urKc5@ZeIgsN(Z7-Dr61?Q~pM{<szctq#vu8}w&aW-BzEnG|7?z!~R*
z&NGD%oJ6Pa;ogDzRaazxcf{oiOv8a0oy>@H8pFiJ8Oy{C*AaYuHaJofW;cz)m6VAI
zLRG^WB5grMcjQYlgc=UXxfqR}ZZ`VynO~&58y}t>TOHgM1Rpz`Edd^DQoJo5m^Olb
zvVLxNQ+w1ravq}>n%M~r)(pEQ_bar4$&4HZr?<LsEFEUjF}X&6E`m6%1>0f0F^yv2
z4Uvu*KFz+%9A+C0qJ@|_?>C%W+iqBbhgMOMvJ<FU*s_xu5+GJPQ{0EirME+B#>4QU
zGf2sE^dpb(J)`U!J)iUH-2*tSN7_Km@z5g>EpE8MV<(1*aT2D+HPw+aB*Vt|Gqe<d
zsD$$WXW!J9=;eujw<sS>Nf_;iAICdOlUto)h_=3%(F!9Im^jl%rZTPVhbFQ_Wq7Y&
zU!p=n6PYcp@Y0M<F&rqR@mY=oB{WUDj!7tZh}1Z-u~HfvogNq7ETZ{zeAr@AQO9HW
zj53PzHr&QKxp#W5W1rWu!oVlCrZDh>0Z$x1JmBGNg7HLust0l1L1b(}wZayX|By+D
zSiz5w%JspL5vrKDSmdB7N%w*rJRKY^_=TVn2`cxH9b%R0yX1KCU=j#CZF~&`pEkY*
zf=|?K1JS1qvOe(OL6-AOSc92vHHyr<W%)R(m3NNYb!WBmAmB-wa3K1OmKcCOy(PN9
zRbQdFMnZ9aO^t+$0-B5JuXUI-A}r&hTQ{|Sbk7Gv>PLb48aN>9k3Uj>CAyWSx-HpD
zB^;VCH#nHXp34BSpzITiLMu)M!($iQu^f}2E(W+9g@%H$GwE>*`iDLnDpxX$;~sAn
z1=AzJ_Sv?`gOI~=!rW&YOB5Z$n&yo0SVQl)n9PBHcw8J%i}>(fn!(*Ft99-w5M|=d
z-lAH_o8DWUtaQXJU1s$&P0H)k9Bybo3(KLjnb7jV#mQg@0KBPT_W=;t&a=1{!G~uJ
z^GJsr>4F7p6mU$}pN-F9i6ajLju82hB)fjIe3=*q_0KwH$K|oN-i^__Pu?5mr2V$2
zs!(EosB&?lz_-l}Y$zurGNkUJZDYXs31gY<2ch^SFy3-Km2*z2nnS9Kcb1F7b{N{2
z#28=J>~?KcykFrVAP_)t--wd0ku$=(WuDW>RCk(?#HgBu2VXjCl4GAPCW$8#CkXr;
zVmeX=ZHVnTjWsM;y89o&K|>Iv&Y?(>!oG)psGd7;l?nzY!S=(;O@s2_QV1V(cipl|
z!pAiIWvArCUK>)LP)YS_t@$!>ziR5LfhdI7(ac#!8bV%g9sM@Vn|l`{aYW})JRPK%
z5{UM$oKUK!4M1`ZSD1(ySm@3^J~#%Bf?jn+iGxUFvg<camR;FrQe(#c?d7kjMI~i_
zY=TQjpTrYEifw@wSy|yMriq`enbznDf=LmOZ+Or$k2%B1xA&lL`T7LbxmYjq<mW{)
zX7N>8tbZ0!(&XKuV=^}6EKZH1w)<i~lysez7wdFi4a7wG-YGbljkHQ<A`d-w|D#6G
z6}gSm)yXIa*6Yf(KLvwYo^?&l0+(Wcjm@;6avhfW%#7RjTM>BKo+S%+*Y4aq7iWZq
zNEVuW5M_SjBl9F`$?h5rVNKPCG$ji{*%Ea;s5RQ-YI7Kfb*E905!*tMw%{~RPM9eq
zq??IH)*k0s3b}w3x51<;`vLpHNzvB~5^GR~??^b?a7R}QmOV-)*^Lmp6KsVMh-2NW
zB`|GYnAvGGB{b|+?~`N~Faaf#l@~34c)#xSV><H>Ay6G*Ayj;zDBpDAJdyc494J!Z
zhv5vzls-6)p(Gi*k}jmyR3kUv;R!zFX5t?^WkhYY%SYSk`cYBm0xh*0VgSA?TQvLE
z>n6m`{L8*Tqbpt~=#h$SOtg%v9qL?gd2BcbkIWmz5p2`O6GeC$hc~h#deW4CLmA{+
z$4f$Ht;YZ{{K_ICOdjJE1n_zFZa23_(H}9Bu=X$qz%BCIqC!2~yS6;ei#widy$5rM
z@mvgS1Qd7jGTLPsmnf0^!41r5fJfxGMWK1!)mJ&)K9sP!!<x*{HNNbk_J(unC##yK
z4F`?L0c02{texLl#$;Re5MBp=DSKfyEV`zj%N1tA8nFf2r$(II%OjqZ`)~vq=?G(B
zQgoOFmSEx<7KjkOsB~<*no>{&;jy_1JDtzcCEN78R<R<KHcCFd8q3YwCUyD{qavDn
zdg_bnEhIN;tlkq-Py`1yTrO<jj5J(Io9x{G_CPk*fYM^MV!KCWsBV0Jw6t0|wcpez
z+za@&QJ_0QJM7;3=$POUrd#lsnpxb!s9ERO*Pt<HDXuSf-j6}Y97@SDvbsf&JVr1a
z@P?R<aSP&cZk(nz!PgBd{uc=X62b^kt--qhwBt?boT?cMrlwXpXQ9~sd9a;=Gmusr
zb9#@la&;FT_#FcT8)*}NB1xa*jhrD~0#-)Pa4LoPl7<e#jl)!?PTgB($4s6M$msd1
zlU8GdZJI76@g~JUqcterg`mE-LsB+K?Z+42C$uL+;GA1_3j?;%!JDQXNaR2gM3Y;x
z?n>15@kLK-5;#Z<QRs<Jt{S!1DMKYErY`^Hlg1V>dLKy>dF>p3r;fNH;iqG2gr5>?
zSwRvJ>p)yG-zw1O)>7jWAlT4Aw_|BkLtC}?>Fy@gDn2XY>Jrn3w-ii1q3$tXVCCZq
z2rGxrm{S@=>XlZYlwze5A(b#`Sf$`9y|Y0DjU$2MN94E>K3@2GzrWW9^>&|hZM{|7
zTp*F|aM)#b{e>=negQ2)G~;UUIBj!FBSja#TvtuS@mn0xovemiu>v`54Vh8|N}ENM
z4wE;dj*+-XLH->lbsvUD@>cdB>07xiH6UmVbs&1|8VNLFei$(ZFRUqjz{*i&2wOao
zF@vy#87D$$NyUU^oZs<zk2#zx%<%>%Tqoji(qgPYCIRbz_hkDRM%Q7R8T`S%`Ef_J
zX{o8%PTSBHEgrDbXZ#R@o^OMjg1LZ(>zmCiYuP`Csjj-|L1qA3s^DNNZQZ!bI4rx^
zX^VY-a5eb-5g9qVxi(;FY1=(-h2a7HcJEwRF!1V|x}o5OcvZUdLOF`QhY;yuEF>~4
zTjzTzi77#UxRHS!!qxGP4COkSU|ujW?ND8nwbRN#u7fh=A+P&g+W!((bSuglO{w>&
z^X9=gmb!-Rg?zH7jQN&7Dlj5jaXD75Uo@u^+C7^R;~D=m!)>;BlG1@qgk)44Q(8*8
z=Q}J;zokGq;mG#;Is+#$)R5Ta+vDdn>b){PN|(fcN~GkOdE-r{>)>RWX?xn~ScY>Z
zhyPbHX{|OEy#Jk5cNvv{_#O%Wr4I%VCUz&MZ-ps=%NI=2-Ac}H&coPikvp|Wa!_y5
z_-Mj}t2(h!4QIm~n$B91K`jK!f=JU>idm6>U=2o<BJudtoRYDNn@Qt4dd&C(3ue@#
z-}AeFFOTpNI?VBt(E8jRF;TDq*+jmg_ZkIdg%SHrE|`U#%Z*}UhF^sXcV8Fl3w)0s
zk~K@3X-g7{gZ~BLLX9N_&q2xr0X9o~#or9$lHPfxu;Gg1F|8b$wA9L{r!6%=vpW^|
z3V2<q+>7H(-0j6KKAajsRpwRC`J}!zqMmGj)G?vx+trZDZ;oA0E<~O+(mC#$IUbE_
zwlY~lZP1%(Cc#Ki3F2Ys&@FfkQI$p)@~~Xnf*|;u2wUmypKI+#r+3FB#3t7OTYkH+
zesPUlv$n)cvFDAaKF1A2GzPuosCCfz;bh&09rOYmQsr`^q^zE;ZNH*a0X0bLEhue&
z!&a6!Z7ZL_{iuq?ubtSaM=6@aYimnAc2Se*pn`p^MY-&2I7;AJ(_(V5u;rN2OR<I(
zZ$~ROcT!`Wr*5z<K_HUHE$SFqp`80>6fcsWw<Q{Zw#~lE6C7fFkLVuY`dm<KTY8%^
zN%ayK;3R7Q_UdX=4%_|BW!CJj)<xcbbm>K3RAs$?e?`A92-8)&ud1tmd-;1dpON~d
zJ?o}jC*TF%(l`(JC*BN&A7l>{HRBEL9po2kl<ZKqK`MBf6(hl_m*-tJ5U>IG%swqM
z2`TTrD_Gu>%=w5&Umq@lNafpg90wdQ5MSKM+Uzho<p4RBj*>{MW3u~ITcQbnO(U`|
zIcS=$)rO5tUn?0{C9=`rYgmE^rra=E8yJk+1X7}=$<9!#CQJWhl<}TJJQO(|7y{x8
zc1NIs^W=j=?TvZdJ4*$W*2>AvT1Z62L?f655DsIh5Z#hBqcS3)w2Cm61U4n2HE#g|
zr<HvdNYN`7C)_V2b4K2mW4ac9RECodYw-)J-pRK#SeNqz#T))>eD$M#@0{zMHwf55
z@Xlae3#H-OV4a%;#kB<P3PJbB)Y2?9G0U}>!kmv<>e(?nZyC2pj1ys4kR#sewNP3H
zS1L}5e_&UYo*V`>5s@0iaO|Q0BUsp>eopQ`u+2#)4t;|@?!8F9A-BbUA-#M6bshbO
z2r7I#I@VY&hXPUQs%mPy4I570o346fH!l)}8LUd!+Valq%Ocp`jUJH+0Bh*tp)%}@
zb0sw;b`_=dQfkvF;&)aanS9)&#oasdQ}udnZSs&_s)tZF%-(O=g9tYq8Ege3{WCrm
zLd*;~-k`TxL|hvu!Kj0O;gl&kPinA;`0{2m!A6%c><-1Tq%C}Mn=u$sOlN9Aj?_=s
zE=~+6<`_>aBuWpoVHm&qHq8o}G&VtwwHujF(r(CIobF`U&3Le9#j4XqZwdwA%MywG
zM!lu;9GA)`EYS_TJwO#MSH(lPL?5A58`|q4E*O+KTt+oBhxuTCd*E4d6VQy?`b=<!
z)A8XT6Yg15*`1fJDx^gLml9-m9x`sU#qLe0V&S_VP(ERM>z4cf(^v)@8oXe`OuX=e
z7!IX42Q0opSCzYRQ0&1FkP^P}6}rSejKB8ePl&-JM@m@tL`a^_6Lul0!Vz>4>UemJ
zuQbC=rQy7R7yfF0@g?b|;xGGR?;UqyZ$DLdM-${Uh<Qt0^JH+Hs28y&(fRnm!bdnl
zKtSMachECtb2PdWjLGC>d4T7mcoN|CsOXC}S3}7v5aMPS<zg7;UKmHs-D7QuyV{OH
z`%~_AN$pC7n^oMFBA@Grlj>Tm0J+du-Ec_-wYS^5o%Q8^`_->S*O){QKUD__jVhUd
zKpcDR8uB<q4xJ>}M5F8(%F_&+cjz2LXB69<<JGnzZtj*D18(eo?1?G#W^V6r7aHm&
zZb}#pquThnkirwMn=YpyT9<3f9I@=hNlOuOhsQcG^m9*O8jZ{mkVd1_<E7Zb#F!GW
zg`(GKZLw~D#&nh#H`Y9RV%u2xTrq7Ni8*4~gmGDpw@r&(W2%y}`^7ImM|3AXt++xh
zNb_?*hy|J28CpRiw1iZUD6F9rWaYsZLP4U%x>gWnP}F2Ey-!NU2pzn30xy!_^uB}X
zjF6w3zt@kylP!0n3dYRuowzz-HKZLXtwcW<E<qrFQRJj629UPVmG#D`Bk9cIxY1JV
zw*GajSiFTPS1p|y=@)e`xb_sy-5QnK%q`ipao}1$?a}ZqN=s)uphid%4Thdd<lg>H
z4b%{DNq%qB)(0ud4th;eR^Lmf*G#Xi5wGOr$&lzEFowb!BiJZ{BClJuZe~%ZVz;O+
zxZA3KSIn?V)GrA(kQk3rvu26U=s)yiCm5eE)w4L>Ip*{RKNvyH!e~m=rb{feCA)zu
zc=^DrPr`1+ELk7liEAB%W17~QZ0=e-x-yeMS!nI}Gg%kuV67aWvxMn3xO0ue91fE-
zDqT@<Y9z3+#~vo%A%*o@{37^z3^Cw^--Td*;_1@+XdbT@wk>m$n5?%n*s>PQkU1RL
zWu8%A5ih5i_;h}Q1=D1k^TG&Y=A>*GcLt(D$?AxxAM%ocj#wB59-U``34fIA3|`bR
z%0+5pfz_`KGB|)RU(X89>O9z;b;K%N^b_Vg?)UzFF>SGB(X%uzqHj42Y&t#JBg8p>
zc;~$!L|^`xLj>|Mg!+(}Pl^TE52bnhLy~Qqd$<oviln_pPtc@7HhzkMn(OxDs|70_
zWB`wnG+bIjX9BDjWLvNTCA(WR6C_ey;9a7O?Cl%R$@M*&@!mi9P1%k+0F3ed8J{Jt
zzX!JO`+Rbq0#0+w2==p7N<2tCVw1Cf#f%AUEift+$9P4qFxXa>zK9)GI!CwhM(FV5
zb;-iHVswmlKn%e*B^tK4a#OLb95<CE$cP~|7Y$ntT50T2M;L`=U}C4h-cq+9ni7lU
z;V?fdoOE$UWnv3>C$FyPd}mx+nWjwFv>OC~bhNxoH$l^G5MYE}@Y#6+;S}h9qEt4U
z*sd{h4NfCjVgxKn|NTgj=cUO~j4k17G*zZ(sstBX9=d^FT#8LVe9dLE9$RH=Ps!-|
zGX=+XYl&aNXoZ2M(B9izUDtjDGJ5X&@S#{Q`tUJ^-S814F06yZ$O<!rmyMFo2&h5z
zP4SRwRJd7NUy?Wktl_&)t(mZYl|y8zNy>C7jR``%E=Z{BWKCe<a0ckGmeUoX!yZh7
zryCYjgOiVU%b68R38Uf0@Gn@RFBURKsbFm&suCssvx)IVuF)K=9-B_;rr*QprbHS^
z$j6yRn6OkochUioq`9NJo>POLIOTG=i<^=d?-5wty}3o*bRz@<bQ|7(1(n@XM$oL?
zvDr03i?LoxQodeA-$E5++9fPjI&bW9L5eBau4))H&7>ZSTuR>LeNU=1_G&B}XXK?=
zBbeaputuC=(`2v&=u{S*VM-sYz+q!Hnt1T{Em%*bDURw&WL|<_u;I<;H*1~<rmXmX
zV5+}S(NGy_CWunU-M{RAOmfy#moYC-JiVH!&+t6}^EQgCHSgLlvR1#gZ6t3-{O@K1
zHkP6b8j>qUt&GaH^EjMZnWx3T{EqLqabFqqpf{xl1H_BuN7P*IilnKtVrp=L|MhRl
zuIM&JKk7VkZqaY3Q|&YW`-@F<YVOH)db6=*pYJY~_=+xjIraK~!S=Y|`XSVz^+TxV
z)DJ`O9ygU}&zXSvk2B9v*f3_-F;Nc!D=9^?)TStG%vu<AJv>?t>3R)6$Xy2S*dl{c
zbc~{-6nMoUsg%SoBxUzgN=LKBD`&*Lk$sYwyacz2hWI{XyI%<57?SI({2AnN*VHs)
zhIk9(GNA8MNs?55Vl2KP`+F4Ikju+N#)2`~l4I3HYlSC9{&dGtG!)vu)Ryug!f+@;
zH%U^<x*Rd6ZqfnY?Suv}?7v&qTkr&iua8zaljg}9A&()6|MHcZ3I|q>**2|FvlyCF
zv3%u$VTf#<*_S<*-`N?pWuK92WEv0>T*{YpyB~7cn-NZbrM7V8<eCuknOPR~xIZOS
z782YWtrT)c^blEqY^%~SC2u#vt58i?7l9bh(6S1a-{67pPJYg`D!g8H@8n4k;?hoT
zHgFwk5osv9f0pJ#Z+0<ycTc?AW$f!S){li@T-FF~?{>*W@&lfAaI8dB2Q`|ylG}7h
z1!5nhFd(phAXNd;S(F6p>iSqSNdN?o8SqXEyKriuBjFir(dlrm^w@Tzcm)dJdGbMv
z&w%>CM|U#Dc(x%)A?Wku1nT8N)XRxC?#HND8mv`T9t~_hE;Y>^0^Au!WG=W%F`SI;
z4jkfx^#%<&FuXnh={;P*d;5WR73u7i4?;Wgua2C5=7^<X@pEuO28)qB1Co=Je2SAE
zAX8ke@3u{ENQ~0mt;<F`W5#mBo$M5Ud=MW}`iv~Vk?nGJ$gohZZ7|W?l%tj_D9}sU
zS!bL<5;vr5)(}(#jn#cJY>U1~zW&c|66P0q=`<=*B)3ITC1N|(P9l1;sZd-kC<*BY
zEG_U#R#}fa0*e%b)ev&JX-wjG4rf?~wcRhpZts*XrBK5>(|4bVAwO=Ivxf>ZA6R4s
zz+Ny!82cMkgpqTDXc9uP04>L?Sx~>2<R+8nDUcM)VT)3c-UM#!5&obtfoI3m{olEh
ziz;IQIg{@yHXm`hM)St$KMFF&?lLm$<FTv*D<UdbT7bz|FQ1<Fd6PsdTmiq6p)0U|
z^89(^53h;Kb#|yUUZT(M-@JkES6_VoQvODt>o0!)`pqY=-n{<e^Xu!^uRlk0uU@}?
z^YWAA<)JbpfA(-+W|DmJYx^*ub)%Ke_x@k>a|MRStG{37uz>FHumDY>ct5c1?fqMN
zw4-|~y6v{X8gl;<jS^S;zPqZ*8_-%Jt_aT6<?oIzE`rfij}DAVKp~3sfuL1T@^!#m
zFPT99$D5P%EGmC*_GOjdmct>kydbum<?4NQ0f@^9p?aS$j+iZ+!6o6=`!esh<$74A
z%IVmN%6zp{E8>v(Qjk#Yw#kw5zF<3F7?k$&T@wf=+!sw5TLy`=7?k5|!3Id+4mI9f
zVEDy{$i-llVI2`IIR#<3r89|rhtQh09v0MI1m=QWhfsh0*Z;lxKffc3@1?N2ZBbpc
z`+j?|9BzLwU`fNd09#PMjF1)FjNB2kJaFCIHPwDsOb`fmzp(X;vRP`5S3B@>xCF7u
z%6ze$mN)8}W^w6CDJ<OW_{wZ~e35m!Uq`>EtqS&F-=h{iMJ^gR(q;~XJb7^tngE*v
zXTl#}6$5`;WS=6<?(C08!C1uX&GIR5=m0k#P6%;67L(TkxkBU1OqBN|z+5DVxS^ZW
z9Qqr#jIP*}{m?y7ylHS84J{g$0?L;GQd;LCSP1HhRLS2ji~25n;A)hvsey939`G-J
z_xH=H*@Raw823Yf!4DPAUxXvaWE;@?rJ!M-CANQ+yAk1lbd|<7^&rgaS)c-SG-^$2
zvT!kXk(~5(+V<OK=ug1S8nHCpL(;6pR#FaolF7fr@b=eoNOt>vfGteeL;{b7^Caz)
z68mlK!AleUmBO{&E#fRY`18J~D*QNsO;31wX(|kv?5}u!A`54d{}`M&&K0rXmih%`
zh#P-|!IEXbXikaBHbV#kSeuz<4sZ-@x$1h6oQ%<7<$dwxPv3q0!%u(y{^y_n^y61o
z#8;^4PFUOQlM`|`<|T}^C%B!S;PK`1%OAh~?%VJG_SMNb_9p!Po4+Kd0C|=`yr%+=
z+2_Tjp;S0sG)%F?pjdxAo7hl{B@>NOEuVi>EU8quP->Y-k)-~q6zN6sA9YpU7T{x_
zjHM_#`8m1iQ*`>gDf*;t_%1R=I1y48lqio7Ljoy>1_?^#yZqfO@g4v9`@j8Z_3dAN
zyn>kyFTmjRpgf__P;%O^J+UiBCwKkG=^@4U0X=@~QvNo{UX(i=F#E9!`?$%{ah`vU
zrf9J>Yp53qEHl_k8D3N|8spAWjvT;h<6S=A2gX;M;{mdNApCS_b|qWrefeeG)Wug{
z87Y_S2`>CYHDJq}aIgdp)!>}N@8QJtNX1#Up@YG8nGqI{mRy$LsMc57(eGsny(B0>
zMe6BHRQ2?+IvF+{L>yUQ87W*gVe5Z)ku@3hSD9y_)9efr&7vWg2eD@{Y}G!*%v!Up
zT4wl#ja&9ama=iN6c#siG2jDOyfo;=3}1E0BtSkhnm7zS>ng45qMD8=MjgFl%L7Fm
z?ntW5W~|o7LF!!uA&#;)0Za&ToWB`T#DEjFKrB$xww`SH;<k+mv%eEhH&B1Fzqh;S
zPOp0Ys|n7q1zKhM_sh1-qc#aWaBx@{;q}YlU1U`WL8O*!PFG}4I=Z>j;~~1n(sy?=
z`j9?i7}2I{E2zNIo?XN^k=<%Qn`t<s!AorXO+kSzR-w^_0gcb`0Mu`NHsJa5{CWO7
zf1W?jpXbl>=lS#edHy_qo<AqgpXbl>=lS#edHy_qo<Gl@=g;%!`SbjF{`_lw{vXG{
J-*Ett0RZZuxx)Ye

diff --git a/dist b/dist
index 535c690..9c0e36e 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an8_7
+an8
diff --git a/download b/download
index 6540b29..a8e353f 100644
--- a/download
+++ b/download
@@ -1,2 +1,2 @@
-5ffa675067c5ae91f2a48a2b98258208  selinux-policy-8a7c84e.tar.gz
-229bead97433cafbe2e8699597fdb683  selinux-policy-contrib-3fdedc8.tar.gz
+a95b9cdd9d4cf5c9605e6e54569621d0  selinux-policy-426c028.tar.gz
+052be1dd5d2a549215ec6537ba03c163  selinux-policy-contrib-c6da44c.tar.gz
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c4f8d9a..0ee5c6b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,12 +1,11 @@
-%define anolis_release .0.1
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
-%global commit0 8a7c84e9d530d1ef4bea7895c18095254ed0cb2b
+%global commit0 426c028e3d055a6ae74f8bf7cc92107f3e43a5ea
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
-%global commit1 3fdedc8e457a69925e40d245785d132185c27fb3
+%global commit1 c6da44cc670eb76341a756f7d338e60cfa7cd8ac
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 
 %define distro redhat
@@ -30,7 +29,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 108%{anolis_release}%{?dist}.2
+Release: 117%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -459,7 +458,7 @@ echo "
 #     enforcing - SELinux security policy is enforced.
 #     permissive - SELinux prints warnings instead of enforcing.
 #     disabled - No SELinux policy is loaded.
-SELINUX=disabled
+SELINUX=enforcing
 # SELINUXTYPE= can take one of these three values:
 #     targeted - Targeted processes are protected,
 #     minimum - Modification of targeted policy. Only selected processes are protected. 
@@ -718,62 +717,182 @@ exit 0
 %endif
 
 %changelog
-* Thu Apr 20 2023 Weitao Zhou <zhouwt@linux.alibaba.com> - 3.14.3-108.0.1.2
-- Disable selinux by default
+* Thu Feb 16 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117
+- Fix opencryptoki file names in /dev/shm
+Resolves: rhbz#2028637
+- Allow system_cronjob_t transition to rpm_script_t
+Resolves: rhbz#2154242
+- Revert "Allow system_cronjob_t domtrans to rpm_script_t"
+Resolves: rhbz#2154242
+- Allow httpd work with tokens in /dev/shm
+Resolves: rhbz#2028637
+- Allow keepalived to set resource limits
+Resolves: rhbz#2168638
+- Allow insights-client manage fsadm pid files
 
-* Tue Feb 21 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108.2
-- Add domain_unix_read_all_semaphores() interface
-Resolves: rhbz#2170510
-- Add interfaces in domain, files, and unconfined modules
-Resolves: rhbz#2170510
+* Thu Feb 09 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-116
+- Allow sysadm_t run initrc_t script and sysadm_r role access
+Resolves: rhbz#2039662
 - Allow insights-client manage fsadm pid files
-Resolves: rhbz#2170510
+Resolves: rhbz#2166802
+- Add journalctl the sys_resource capability
+Resolves: rhbz#2136189
+
+* Thu Jan 26 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-115
+- Fix syntax problem in redis.te
+Resolves: rhbz#2112228
+- Allow unconfined user filetransition for sudo log files
+Resolves: rhbz#2164047
+- Allow winbind-rpcd make a TCP connection to the ldap port
+Resolves: rhbz#2152642
+- Allow winbind-rpcd manage samba_share_t files and dirs
+Resolves: rhbz#2152642
 - Allow insights-client work with su and lpstat
-Resolves: rhbz#2170510
+Resolves: rhbz#2134125
 - Allow insights-client read nvme devices
-Resolves: rhbz#2170510
+Resolves: rhbz#2143878
 - Allow insights-client tcp connect to all ports
-Resolves: rhbz#2170510
+Resolves: rhbz#2143878
+- Allow redis-sentinel execute a notification script
+Resolves: rhbz#2112228
+
+* Thu Jan 12 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-114
+- Add interfaces in domain, files, and unconfined modules
+Resolves: rhbz#2141311
+- Allow sysadm_t read/write ipmi devices
+Resolves: rhbz#2148561
+- Allow sudodomain use sudo.log as a logfile
+Resolves: rhbz#2143762
 - Add insights additional capabilities
-Resolves: rhbz#2170510
+Resolves: rhbz#2158779
 - Allow insights client work with gluster and pcp
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
+- Allow prosody manage its runtime socket files
+Resolves: rhbz#2157902
+- Allow system mail service read inherited certmonger runtime files
+Resolves: rhbz#2143337
+- Add lpr_roles  to system_r roles
+Resolves: rhbz#2151111
+
+* Thu Dec 15 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-113
+- Allow systemd-socket-proxyd get attributes of cgroup filesystems
+Resolves: rhbz#2088441
+- Allow systemd-socket-proxyd get filesystems attributes
+Resolves: rhbz#2088441
+- Allow sysadm read ipmi devices
+Resolves: rhbz#2148561
+- Allow system mail service read inherited certmonger runtime files
+Resolves: rhbz#2143337
+- Add lpr_roles  to system_r roles
+Resolves: rhbz#2151111
 - Allow insights-client tcp connect to various ports
-Resolves: rhbz#2170510
+Resolves: rhbz#2151111
 - Allow insights-client work with pcp and manage user config files
-Resolves: rhbz#2170510
+Resolves: rhbz#2151111
 - Allow insights-client dbus chat with various services
-Resolves: rhbz#2170510
+Resolves: rhbz#2152867
 - Allow insights-client dbus chat with abrt
-Resolves: rhbz#2170510
+Resolves: rhbz#2152867
+- Allow redis get user names
+Resolves: rhbz#2112228
+- Add winbind-rpcd to samba_enable_home_dirs boolean
+Resolves: rhbz#2143696
+
+* Wed Nov 30 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-112
+- Allow ipsec_t only read tpm devices
+Resolves: rhbz#2147380
+- Allow ipsec_t read/write tpm devices
+Resolves: rhbz#2147380
+- Label udf tools with fsadm_exec_t
+Resolves: rhbz#1972230
+- Allow the spamd_update_t domain get generic filesystem attributes
+Resolves: rhbz#2144501
+- Allow cdcc mmap dcc-client-map files
+Resolves: rhbz#2144505
 - Allow insights client communicate with cupsd, mysqld, openvswitch, redis
-Resolves: rhbz#2170510
+Resolves: rhbz#2143878
 - Allow insights client read raw memory devices
-Resolves: rhbz#2170510
+Resolves: rhbz#2143878
+- Allow winbind-rpcd get attributes of device and pty filesystems
+Resolves: rhbz#2107106
+- Allow postfix/smtpd read kerberos key table
+Resolves: rhbz#1983308
+
+* Fri Nov 11 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-111
+- Add domain_unix_read_all_semaphores() interface
+Resolves: rhbz#2141311
+- Allow iptables list cgroup directories
+Resolves: rhbz#2134820
+- Allow systemd-hostnamed dbus chat with init scripts
+Resolves: rhbz#2111632
+- Allow systemd to read symlinks in /var/lib
+Resolves: rhbz#2118784
 - Allow insights-client domain transition on semanage execution
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
 - Allow insights-client create gluster log dir with a transition
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
 - Allow insights-client manage generic locks
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
 - Allow insights-client unix_read all domain semaphores
-Resolves: rhbz#2170510
+Resolves: rhbz#2141311
+- Allow winbind-rpcd use the terminal multiplexor
+Resolves: rhbz#2107106
+- Allow mrtg send mails
+Resolves: rhbz#2103675
+- Allow sssd dbus chat with system cronjobs
+Resolves: rhbz#2132922
+- Allow postfix/smtp and postfix/virtual read kerberos key table
+Resolves: rhbz#1983308
+
+* Thu Oct 20 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-110
+- Add the systemd_connectto_socket_proxyd_unix_sockets() interface
+Resolves: rhbz#208441
+- Add the dev_map_vhost() interface
+Resolves: rhbz#2122920
+- Allow init remount all file_type filesystems
+Resolves: rhbz#2122239
+- added policy for systemd-socket-proxyd
+Resolves: rhbz#2088441
+- Allow virt_domain map vhost devices
+Resolves: rhbz#2122920
+- Allow virt domains to access xserver devices
+Resolves: rhbz#2122920
+- Allow rotatelogs read httpd_log_t symlinks
+Resolves: rhbz#2030633
+- Allow vlock search the contents of the /dev/pts directory
+Resolves: rhbz#2122838
+- Allow system cronjobs dbus chat with setroubleshoot
+Resolves: rhbz#2125008
+- Allow ptp4l_t name_bind ptp_event_port_t
+Resolves: rhbz#2130168
+- Allow pcp_domain execute its private memfd: objects
+Resolves: rhbz#2090711
+- Allow samba-dcerpcd use NSCD services over a unix stream socket
+Resolves: rhbz#2121709
+- Allow insights-client manage samba var dirs
+Resolves: rhbz#2132230
 
-* Fri Nov 04 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108.1
+* Wed Oct 12 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-109
 - Add the files_map_read_etc_files() interface
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Allow insights-client manage samba var dirs
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Allow insights-client send null signal to rpm and system cronjob
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Update rhcd policy for executing additional commands 4
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Allow insights-client connect to postgresql with a unix socket
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Allow insights-client domtrans on unix_chkpwd execution
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
 - Add file context entries for insights-client and rhc
-Resolves: rhbz#2136762
+Resolves: rhbz#2132230
+- Allow snmpd_t domain to trace processes in user namespace
+Resolves: rhbz#2121084
+- Allow sbd the sys_ptrace capability
+Resolves: rhbz#2124552
+- Allow pulseaudio create gnome content (~/.config)
+Resolves: rhbz#2124387
 
 * Thu Sep 08 2022 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-108
 - Allow unconfined_service_t insights client content filetrans
-- 
Gitee


From 2d4bc880bf0c4621b76bbe009125792458e2a7eb Mon Sep 17 00:00:00 2001
From: songmingliang <songmingliang@uniontech.com>
Date: Tue, 17 May 2022 22:23:03 +0800
Subject: [PATCH 2/2] spec: disable selinux by default

---
 selinux-policy.spec | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 0ee5c6b..a17cef0 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -1,3 +1,4 @@
+%define anolis_release .0.1
 # github repo with selinux-policy base sources
 %global git0 https://github.com/fedora-selinux/selinux-policy
 %global commit0 426c028e3d055a6ae74f8bf7cc92107f3e43a5ea
@@ -29,7 +30,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.3
-Release: 117%{?dist}
+Release: 117%{anolis_release}%{?dist}
 License: GPLv2+
 Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
@@ -458,7 +459,7 @@ echo "
 #     enforcing - SELinux security policy is enforced.
 #     permissive - SELinux prints warnings instead of enforcing.
 #     disabled - No SELinux policy is loaded.
-SELINUX=enforcing
+SELINUX=disabled
 # SELINUXTYPE= can take one of these three values:
 #     targeted - Targeted processes are protected,
 #     minimum - Modification of targeted policy. Only selected processes are protected. 
@@ -717,6 +718,9 @@ exit 0
 %endif
 
 %changelog
+* Tue May 30 2023 Weitao Zhou <zhouwt@linux.alibaba.com> - 3.14.3-117.0.1
+- Disable selinux by default
+
 * Thu Feb 16 2023 Zdenek Pytela <zpytela@redhat.com> - 3.14.3-117
 - Fix opencryptoki file names in /dev/shm
 Resolves: rhbz#2028637
-- 
Gitee

